The London School of Economics has issued its alternative model for a "trusted identity structure" that would meet the aims of the government's ID card bill.
The model, which is outlined in the LSE's Identity Project Report published on 27 June 2005, accepts that no system can be totally secure and allows for individual control of personal data. Along with the model, the LSE also presents a "median figure" of £14.5bn for the government's proposed scheme. Security is a major feature of the LSE's alternative proposal. The aim is to ensure that a "master identifier" does not become universally deployed. Academics behind the proposals are concerned that the government's scheme could actually pose a security risk.
Professor Ian Angell, convenor of the Department of Information Systems at the LSE, said that what is needed is a federated system that cannot be attacked from a single point. Effectively it would have several layers of protection like a "Norman castle", he said.
"The scheme as its stands actually contributes a greater security threat," he said. It would act as a "one stop shop for fraudsters" and could also jeopardise other IT systems using it as a source of identity.
The LSE's model would avoid this situation by avoiding a reliance on a large central registry and would allow individuals to securely back up data held on their card themselves.
It would rely on a network of trusted third parties (TTP) such as banks, police stations, court houses and solicitors to help authenticate individuals and to store data. These organisations would hold secure back-ups.
People would register for the scheme in a similar way to the current passport applications process. At the first stage, electronic kiosks in post offices, councils or job centres would be used to obtain application forms and verify identity against the National Insurance (NI) system. Personal interviews would be available as a failsafe if the NI number couldn't be used.
Once a card is issued the government would retain a temporary record of the application information. This data would also be on the card.
The applicant would then go to an authorised TTP which keeps a secure back-up of the data. At this stage all but "essential data", such as a unique code and card number, would be deleted from the government's systems.
Individuals would then be able to update their own data via the TTP at will.
Rather than the government's compulsory scheme, it asserts that identity disclosure should only be required in specific circumstances. "An obligation to disclose identity should not be imposed unless the disclosure is essential to a particular transaction duty or relationship."
In response the Home Office was scathing in its criticism. It said the LSE's proposal is "insecure" would "facilitate the creation of multiple and false identities" and had "little context in the real world".
"The LSE scheme puts the safety of your personal information at risk exposing it to less secure environments and many more less well-trained members of staff," said a Home Office spokesperson.
The spokesperson levelled a range of criticisms: that it would "not gain public trust", is "likely to be expensive", and "would offer few benefits to society due to its security weaknesses".
The spokesperson also claimed it would "facilitate security threats" and has not been costed.
"The Home Office proposal builds on existing infrastructure and processes at UKPS and facilitates a planned and gradual roll out. The LSE scheme suggests the need for a completely new system and would not have the same ability to manage the roll out effectively."
Quelle: KableNET, 27.06.2005
