Microsoft warns ID cards pose massive security risk

Microsoft has warned the UK government's national ID card plans pose a huge security risk that could actually increase the likelihood of confidential personal information falling into the hands of hackers and criminals.

A top security and identity management expert at Microsoft said the current technology proposals are flawed and criticised other IT suppliers for failing to speak out publicly about their concerns for fear of damaging any future bids for a piece of the lucrative ID cards contract.

Jerry Fishenden, national technology officer at Microsoft UK, told silicon.com the current plans for a central national identity register could lead to "huge potential breaches" and leakage of personal information.

He said: "I have concerns with the current architecture and the way it looks at aggregating so much personal information and biometrics in a single place. There are better ways of doing this. Even the biometrics industry says it is better to have biometrics stored locally."

Fishenden said no systems are ever completely secure and warned that putting vast amounts of personal data and biometric information such as iris, fingerprint and facial scans in one central database would prove too tempting a target for hackers and other criminals.

Microsoft has expressed its concerns directly to the Home Office ID cards team but Fishenden said other suppliers are keeping quiet about their fears over the viability of the current proposals because they want a piece of what would be a multi-billion pound project.

"Every supplier I talk to privately expresses their concerns," he said. "They seem happy to express their reservations to each other. But I don't think we have been as vocal as we should have been on this debate."

Microsoft's comments come as MPs are due to vote on a third reading for the Identity Cards Bill and just a day after Home Office minister Tony McNulty admitted to problems with the proposed biometric technology recognising some people, such as those with brown eyes.

His statement followed a report in the Independent on Sunday warning that one in 1,000 people could be incorrectly identified by the biometric systems because of difficulties in identifying those such as manual labourers who wear down their fingerprints.

Source: Silicon.com
By Andy McCue
Published: 18 October 2005 16:00 GMT