Need your UK government ID card? Apply at WH Smiths

Pretty much everyone who knows me knows I want stronger authentication on the internet, but I'm set against physical identity cards, and centralised government databases. I've even opted out of the UK's National Health Service central database (partly because I don't trust the NHS to protect the data and keep it private and partly because the data flows through a private company). My concerns on UK identity cards are numerous; but no2id expresses them far better than I can. If by some miracle Labour make it through the next election in power I will be swapping my UK passport for an Irish one and avoiding the whole mess for as long as I can.

The government have been sneaking the cards in by the back door, first for foreign nationals and now for airline workers. One of the problems with rolling it out to the general populace is gathering the biometric data in the first place (and of course how you can revoke that data when you can't revoke your own fingerprints).

However that's solved now! Supermarkets will do it. The BBC reported today that the Identity and Passport Service were talking to "range of high street retailers and other organisations". Should we be worried? No, because the security of data would remain the "utmost priority".

Really? When the government can't stop losing data, and when private companies engaged to look after sensitive information and programs end up storing password databases and source code on USB keys that are then left in a pub are we supposed to trust the 17 year old at WH Smiths to do a good job as well?

(As an aside I did have a laugh at the Origin Atos loss at the weekend. The quotes from the rent-a-hacker the Mail on Sunday used were hilarious. "Expert" Jaques Erasmus said "I could decrypt those passwords to log in to the system and roam around the network." Really? I'm rather sure that the passwords were hashed and salted. If Mr Erasmus has a way to break salted hashes easily then he's wasted selling quotes to newspapers, as I'm sure numerous security services would pay through the nose for that algorithm. He's right in saying "it would just be a matter of time"; assuming the password is in a rainbow table and isn't salted. I've banged on about salting before; Jeff has a pretty picture of magical horsies and a good discussion of rainbow tables for your reading delight.)

Technorati Tags: ID Cards,no2id,UK Government

Thursday, November 06, 2008 11:26 AM

Your Reply.

Comment Form.

Fields denoted with a "*" are required.

*Your name:

*Subject:

You may also like to leave your email or website.

*Your message:

Please add 1 and 4 and type the answer here:

Enter the code shown above:

Jump Menu

So what are all these buttons for?

Personalize

Text Size

Layout

Navigation Position

idunno.org

now with extra subtext goodness

Need your UK government ID card? Apply at WH Smiths

Your Comments.

Your Reply.

Preview Your Comment.

Tag Cloud

Article Categories

Archives

Post Categories

Syndicate

Shiny Badge Things