The government has defended security measures for its £5.6 billion ID cards scheme in the wake of the data loss crisis at HM Revenue and Customs.
HMRC admitted that records of 25 million people -- including bank details, addresses and other confidential information -- were on computer disks lost in transit to the National Audit Office. The loss -- Britain's biggest security breach -- was seized on by opponents of the ID card scheme. They said the government must think again about the ID card programme and its underlying national identity register in the light of the HMRC debacle.
The UK Identity and Passport Service acknowledged today that concerns over the safety of ID card data "have been raised" and were being taken seriously. "Security is absolutely crucial to the ID cards scheme and measures will have to be assessed by the government's security advisers before it can start operation," a spokesperson said.
He added that in addition to the Information Commissioner's Office -- which is set to be given extra powers following the HMRC fiasco -- the IPS would also be regulated by a separate identity scheme commissioner.
The two watchdogs would work together, he said, with the ICO focusing on Data Protection Act requirements and the identity scheme commissioner "making sure we're only doing what's set out in the ID Cards Act and that we are within the spirit of the act.
"If anything goes wrong, two sets of bricks will come down on us," he added.
The IPS emphasised that the national identity register (NIR) would be designed "afresh" to hold only core identity information and biometrics. "It will not hold tax, benefit or other financial records," the spokesperson said.
"It is planned to hold biometric information on a separate IT infrastructure from biographical data, such as names and address, where it is intended to reuse current Department of Work and Pensions IT infrastructure which already has the biographical data for most UK residents."
He added: "The NIR will have comprehensive audit and alert systems and a range of technical controls in place which allow any activity on the system to be audited and an alert raised if unauthorised access or actions are attempted."
Dual or multiple access controls would be put in place for key functions and the number of staff able to see a person's entire identity documentation or make changes to it would be limited, with these staff going through security vetting, the IPS said.
Requests for NIR information for would have to go through a number of intermediate systems and filters to ensure only authenticated and authorised requests could get through.
The Identity Cards Act also included a measures making it a criminal offence to attempt to compromise the NIR internally, the IPS spokesperson said.
Attempts to tamper physically or technically with the NIR could lead to a sentence of up to 10 years, while any unauthorised disclosure of information from the NIR by staff could bring a two-year jail term.