HMRC blunder calls ID cards into question

The identity card scheme and its national identity register has been called into question following the massive data breach by HM Revenue and Customs.

Yesterday, Chancellor Alistair Darling told parliament that two discs containing personal details of 25 million individuals had gone missing in the department's internal mail system.

Following his speech, members of the opposition suggested the government had shown it was too incompetent to handle the nationwide database required for the ID card scheme.

Conservative Shadow Chancellor George Osborne said: ""Today must mark the final blow for ambitions of this government to create a national ID card scheme. They simply cannot be trusted with people's information."

Osborne then called on the government to "get a grip and deliver a basic level of competence".

Liberal Democrat Leader and Shadow Chancellor Vince Cable said: "After this disaster how can the public possibly have confidence in the vast centralised databases needed for the compulsory ID card scheme."

Darling defended the ID card scheme: "The key thing about identity cards is the information is protected by personal biometric information...because we do not have that protection, information is more vulnerable than it should be."

A Home Office statement mirrored Darling's thoughts: "Biometrics such as fingerprints will link a person securely and reliably to his or her unique identity. It will therefore become much more difficult to misuse another person's identity - even if full details are known of his or her biographical information."

The Home Office stressed that the National Identity Register would not hold any tax, benefit or financial records, and that all biometric data would be held on a separate IT infrastructure from biographical data, such as name and address.

The statement added that the Identity Card Act would make tampering with the register or disclosing information from it a criminal offence, punishable by sentences of ten or two years respectively. The register will also feature an audit and alert system, as well as access controls and filters to manage information requests.

But, as Simon Perry, vice president of security strategy at CA noted, who will trust those precautions when it was so easy to get around HMRC procedures? "What degree of confidence do we have in procedures for the ID card database?" he asked. "It undermines confidence in the security of that scheme."

Phil Booth, the national coordinator of lobby group NO2ID, agreed: "This data disaster shows up the madness behind the government's ID schemes. People had no choice about giving up that information. It makes the government the biggest identity thief of all."

"It's bad enough that HMRC can't be trusted with basic financial details. But within five years the Home Office could be leaking or losing people's complete identity records," he added.

Booth called on the ID scheme to be halted immediately, and added: "But more than that - we all need to know what information the government holds about us now, how it is already being shared among departments, and what the dangers are. That will only happen if there is a full and independent audit of what personal information is currently collected and the ways it is used."