When is hack-proof not hack-proof? When it’s an ID database

Posted on April 9, 2008 by

It’s been a while since we had anything on ID cards but for enthusiasts such as the estimable

[info]burkesworks 

and 

[info]perlmonger 

a little story via the always readable Jennie Law blog (the travails of a law librarian).  She links to a story from Ideal Government which points out that during the Home Affairs Select Committee hearings the relevant minister, Meg Hillier, said 

“The National Identity Register, essentially, will be a secure database; …hack-proof, not connected to the Internet…not be accessible online; any links with any other agency will be down encrypted links.”

but frantic notes from civil servants suggested this may not be what was meant.  ANyway, come the Hansard report she is reported to have said

“The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will be down encrypted links.”

clarifying that the National ID register will not be hack-proof but containing a contradiction between not being “accessible online” [whatever that means] and being linked to via encrypted links.   And why delete the words “Not connected to the internet”?

Well, allow The Register to raise the query

“Do we understand from this that Hillier’s officials think it unwise (which, of course, it is) to claim that the NIR is hack-proof? And are they keen to leave wiggle-room on Internet connectivity? A database that is “not accessible online” is not necessarily the same thing as a database that is not connected to the Internet, depending on what you might mean by “not accessible”.”

Presumably the data will be stored on a couple of old CDs and sent out in a suitably encrypted jiffy bag to anyone asking for it.

 

About these ads

About loveandgarbage

I watch the telly and read when not doing law stuff and plugging my decade and a half old unwatched Edinburgh fringe show.
This entry was posted in id cards, police state, Uncategorized. Bookmark the permalink.

One Response to When is hack-proof not hack-proof? When it’s an ID database

  1. perlmonger says:
    April 10, 2008 at 7:36 am

    Thanks for that; you’ve really upped my confidence levels in the government.
    It’s probably worth noting that, even if her initial blurt was an accurate description of the database being planned, an encrypted link is as secure as its private keys and passphrases and, even more to the point, as secure as the pwn3d lapdog at the far end of that link after the data has been decrypted.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s