The London Daily Mail published a long, interesting and disturbing story yesterday about the ease with which security experts were able to hack the supposedly "unforgeable" new UK ID card for foreign nationals and change  the data within the embedded microchip within minutes.

Given that the hacked ID card uses the same technology as is to be used in National ID cards for UK residents in the next few years, the implications are obvious.

The Daily Mail says that when the UK government was told of its findings, the government dismissed them, saying,

 "We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened."

"The identity card includes a number of design and security features that are extremely difficult to replicate."

"We remain confident that the identity card is one of the most secure of its kind, fully meeting rigorous international standards."

I guess the Daily Mail's results don't count as "evidence" in the government's eyes. This not surprising.

Back in 2005, the ex-head of the UK spy agency MI5 Dame Stella Rimington said that National ID cards were useless, unless they were completely unforgeable, but that was unlikely since:

"all our other documentation is quite easy to forge."

The government dismissed her criticism as well.

And as we noted here back in 2007, a number of UK computer science professors wrote an open letter to Mr. Andrew Dismore MP, the chair of the Joint Committee on Human Rights in the Commons calling into question the security and privacy of the planned UK ID cards. In the letter they wrote that,

"It is ... our strongest recommendation that further development of a National Identity Register or National Identity Scheme (including biometric visas and ePassports) should be suspended until such time that research and development work has established beyond reasonable doubt that these are capable of operating securely, effectively and economically on the scale envisaged."

Well, the professors' recommendation was (surprise, surprise) ignored.

If the Daily Mail allegations indeed stand up to outside scrutiny, I think the UK government is going to find it much harder to ignore the mounting "evidence" of a problem with its National ID card plan for too much longer.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less