Feeds

'RFID the lot of them!' UK ID card to use ICAO reader standard

Hello, the National Tagging Register...

  • alert
  • submit to reddit

Boost IT visibility and business value

The Government last week confirmed that the UK's planned ID card is intended to operate as a 'passport lite' that could be used for travel within the European Union, and signalled that Home Office thinking may be moving towards the use of a PIN as a common mechanism for verification. The card's operation as a passport, said Under Secretary of State Andy Burnham, dictates that it will need to use ICAO standard RFID contactless reader technology, while use of chip and PIN would allow it to be compatible with banking and retail systems.

That means, he said, that it could function both as a contact and contactless card. PIN would also provide some measure of protection for internet transactions, but on its own, no more than that of a credit card. Nor is it immediately obvious what kind of transaction an ID card holder might want or need to conduct via the national chip and PIN infrastructure. There are however possible advantages for the Government in using the commercial chip and PIN network, not least of these being that audit trails would be far more extensive, providing a far more detailed picture of the user's movements.

The Government's view that the passport lite aspect of the card requires that it have a contactless capability however has interesting ramifications.

ID cards are already used for identification at border crossings in Europe, and the UK Presidency called for common standards on ID cards within Europe just days after taking office. The UK's call for common standards to "ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States" is however some distance from receiving proposals for, and deciding on, those standards.

Nor is it clear that contactless ID card readers to ICAO standards will be accepted across the whole EU, that Member States have the intention of using such readers, or whether it is even feasible to use them on a Europe-wide basis. Statewatch reports (while also challenging the legality of the EU's ID card moves) that governments have been sent a questionnaire asking what checks and equipment they intend to install at borders, and whether they intend to carry out one-to-one or one-to-many checks.

The primary purpose of these readers, if they're installed at all, will be to check passports, and if appropriate common standards for ID cards are agreed then it may make sense for member states which use contactless readers to check passports to also use them for checking ID cards. This isn't quite what one might understand from Burnham's claim that current plans to use ID cards for European travel mean that "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless in order to be considered a valid travel document."

As the European Union can (and does) decide what can be used as a "valid travel document" within its own borders, and is the body responsible for doing the considering here, one wonders what ICAO has to do with the matter. Designating national ID cards as travel documents could of course be part of a cunning plan to get around the legal difficulties Statewatch puts forward.

At the moment, however, the UK has decided on an interface standard for its own ID card scheme based on the assumption that there will be a standard EU ID card, that this will be a standard passport lite, and that it will conform to an international contactless passport standard that is readable globally. Having decided on this standard, it will then make obvious sense for the UK to use ICAO-standard contactless technology for readers within the UK as well.

The security implications of this have been well trampled in respect of passport use, but if - as the Government hopes - ID cards are used widely within the UK, the potential for security breaches will obviously be greatly increased. As indeed will other opportunities. Wouldn't it be handy if, say, the local housing office knew exactly who you were the moment you walked through the door, and had your file on screen ready by the time you reached the counter? No? Perhaps not...

Build a business case: developing custom apps

Next page: Costings update

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Microsoft: We're making ONE TRUE WINDOWS to rule us all
Enterprise, Windows still power firm's shaky money-maker
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.