Saturday, 8 August 2009

Another fine government IT mess

ZDNet writes that the a researcher who claims to have cloned a UK identity card, see here, has had his offers to demonstrate the security breach turned down by the Home Office.

The Home Office, however, said it had asked the researcher (Adam Laurie) to provide the cloned card to it a "couple of weeks ago", but as he had not done so, the hacking claim was unsubstantiated.

As even Labour ministers have called the Home Office: "not fit for purpose," I think we tend to believe Mr Laurie.

Adam Laurie showed that removing the data group which alerts a scanner that the ID card has been tampered with means that no security issues are flagged up. He gives detailed information as to how the card was 'cloned' and changed. The Home Office just says this is impossible.

Added to this Computer Weekly has obtained Freedom of Information data which reveals that nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal acquaintances held on the core database of the government's National Identity Scheme.

They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the ID card programme.

Hence we have civil servants hacking the database and ID cards that can be cloned and altered. It's our private information, it's our lost identity and we are paying for it!

No comments: