ID cards risk "massive identity fraud", says Microsoft

The UK government’s controversial ID card scheme is under attack from all sides. First there was a newspaper report in the Independent on Sunday (subscription now required) warning that as many as one in a thousand people could be misidentified due to technological shortcomings.

According to the government this is not a problem as the cards will be relying on three types of scans, facial, iris and fingerprints. However, as this enlightening article on The Register shows, using multiple biometrics does not necessarily guarantee more accurate results.

Adding to the government’s woes technology heavyweight Microsoft has waded in against the scheme. Not mincing his words, Microsoft’s UK National Technology Officer Jerry Fishenden warns that the current ID card proposals could trigger "massive identity fraud on a scale beyond anything we have seen before."

According to Fishenden, the government’s insistence on basing the scheme on a centralised database is deeply flawed. The government would do well to heed Fishenden’s advice when he says that no computer system is a 100% secure, and that "putting a comprehensive set of personal data in one place produces a honeypot effect”. This he says will prove a “highly attractive and richly rewarding target for criminals".

Fishenden goes on to say:, “There are better ways of doing this. Even the biometrics industry says it is better to have biometrics stored locally."

Despite the timing of Fishenden’s comments, just before acrucial Commons vote on ID cards, a three line whip saw the government head off a rebellion, although Tony Blair saw his majority slashed by more than half.

Fishenden says many other suppliers share his concerns in private. As the ID card bill now moves to the House of Lords, lets hope these vendors have the backbone to voice their concerns rather than worrying about jeopardising their slice of potentially lucrative contracts.