L'Ombre de l'Olivier

The Shadow of the Olive Tree

being the maunderings of an Englishman on the Côte d'Azur

14 August 2007 Blog Home : August 2007 : Permalink

ID Cards - Insecure in Practice

I've never really bought into the ID card rhetoric; it has always seemed to me that ID cards are a solution looking for a problem. However, despite that, I can see how under some circumstances a single reliable ID document would be of benefit in stopping various sorts of frauds and the like. Still, even if you think that the ID card is great in theory, before you advocate one in practice it may help to think about the difference between an abstract idea and a concrete piece of plastic embedded with various metals, semiconductors etc.

One problem with a having a single document as the standard for all identification is that this document, as I have noted before, becomes something that criminals will want to subvert. For exactly the same reason that DRM is doomed, ID cards  are highly unlikely to be secure. Why you ask?

Well its like this. The problem with DRM is that you have to give the viewers/listeners the equipment to decode the media they wish to experience. Hence, there are lots of readers and lots of samples and it is comparatively easy to prove that you have the decryption right on one example and then apply the same thing to others. The same applies to ID cards.

All ID cards have to have the same encryption, the same personal data, biometrics etc. etc. Its no good if one ID card has First name, date of birth and fingerprint and another one has last name, home address and photo. Likewise its not good if every ID card is encrypted using different keys and so all ID cards will have some shared keys (it may be that the ID card will also have a PIN but as the folks at Light Blue Touchpaper have pointed out PIN's aren't a very good barrier). Finally ID card readers are going to be common.

Put it all together and you have a situation where a criminal will not find it too hard to get ID cards and readers and see how to crack them. What they do next is unclear. It is possible that they will create forged ID cards using methods similar to this one for RFID passports. Or they may just figure that it is easier to get a crooked council worker to use the ID card (or its clone) to access the National Identity Registry (NIR) and either read details or modify them.

And we note that all this assumes that the NIR database and its access methods are built securely something that HMG seem unable to do for some reason as I noted earlier.

Put it all together and we have a system which is destined to be a disaster from day one.