Government overturns identity database policy

The Home Office has overturned its decision to create a large single computer for its controversial national identity register (NIR), opting to use existing databases instead. It had previously said that existing systems were flawed.

The NIR is the database that will sit behind the proposed Government identity cards. Ministers originally discounted the idea of using existing systems because they wanted a brand new system that did not duplicate the flaws of present systems. That decision has now been reversed.

"Doing something sensible is not necessarily a U-turn,” the Home Secretary John Reid told a press conference yesterday. “We have decided it is lower risk, more efficient and faster to take the infrastructure that already exists, although the data will be drawn from other sources.”

Creating a single database had proved highly controversial. Security experts warned that putting all that data in one single place was high risk, and the procurement process for a system was behind schedule by more than a year.

Anti-ID card group No2ID says that the move at least solves one of the problems it has highlighted. "No2ID has repeatedly warned the government that keeping data on a single system would be insecure and vulnerable to attack, and that the sheer size of the IT project meant that it would be virtually unworkable," said a No2ID statement. "The government has realised that we were right and has backtracked."

The information will be divided between three existing databases and mixed in with non-NIR information. The Department for Work and Pensions database will hold biographical information, biometric data, such as fingerprints or eye scans, will be held on the Home Office system and the Identity and Passport Service system will hold the remaining information.

The announcement of the separation of databases was made within the just-published Strategic Action Plan For The National Identity Scheme. That document seems to suggest that the Government has taken into account the opposition of many groups to a single database, and contradicts its previous assertions about security.

"[The] separation is important in guarding against malicious or fraudulent damage to the NIR, since it would require unauthorised and undetected changes to these separate systems and the corresponding card," said the document.

The Government said that the cost of the system is likely to remain unchanged at $5.4 billion over 10 years.