Feeds

'RFID the lot of them!' UK ID card to use ICAO reader standard

Hello, the National Tagging Register...

  • alert
  • submit to reddit

Top three mobile application threats

The Government last week confirmed that the UK's planned ID card is intended to operate as a 'passport lite' that could be used for travel within the European Union, and signalled that Home Office thinking may be moving towards the use of a PIN as a common mechanism for verification. The card's operation as a passport, said Under Secretary of State Andy Burnham, dictates that it will need to use ICAO standard RFID contactless reader technology, while use of chip and PIN would allow it to be compatible with banking and retail systems.

That means, he said, that it could function both as a contact and contactless card. PIN would also provide some measure of protection for internet transactions, but on its own, no more than that of a credit card. Nor is it immediately obvious what kind of transaction an ID card holder might want or need to conduct via the national chip and PIN infrastructure. There are however possible advantages for the Government in using the commercial chip and PIN network, not least of these being that audit trails would be far more extensive, providing a far more detailed picture of the user's movements.

The Government's view that the passport lite aspect of the card requires that it have a contactless capability however has interesting ramifications.

ID cards are already used for identification at border crossings in Europe, and the UK Presidency called for common standards on ID cards within Europe just days after taking office. The UK's call for common standards to "ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States" is however some distance from receiving proposals for, and deciding on, those standards.

Nor is it clear that contactless ID card readers to ICAO standards will be accepted across the whole EU, that Member States have the intention of using such readers, or whether it is even feasible to use them on a Europe-wide basis. Statewatch reports (while also challenging the legality of the EU's ID card moves) that governments have been sent a questionnaire asking what checks and equipment they intend to install at borders, and whether they intend to carry out one-to-one or one-to-many checks.

The primary purpose of these readers, if they're installed at all, will be to check passports, and if appropriate common standards for ID cards are agreed then it may make sense for member states which use contactless readers to check passports to also use them for checking ID cards. This isn't quite what one might understand from Burnham's claim that current plans to use ID cards for European travel mean that "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless in order to be considered a valid travel document."

As the European Union can (and does) decide what can be used as a "valid travel document" within its own borders, and is the body responsible for doing the considering here, one wonders what ICAO has to do with the matter. Designating national ID cards as travel documents could of course be part of a cunning plan to get around the legal difficulties Statewatch puts forward.

At the moment, however, the UK has decided on an interface standard for its own ID card scheme based on the assumption that there will be a standard EU ID card, that this will be a standard passport lite, and that it will conform to an international contactless passport standard that is readable globally. Having decided on this standard, it will then make obvious sense for the UK to use ICAO-standard contactless technology for readers within the UK as well.

The security implications of this have been well trampled in respect of passport use, but if - as the Government hopes - ID cards are used widely within the UK, the potential for security breaches will obviously be greatly increased. As indeed will other opportunities. Wouldn't it be handy if, say, the local housing office knew exactly who you were the moment you walked through the door, and had your file on screen ready by the time you reached the counter? No? Perhaps not...

Build a business case: developing custom apps

Next page: Costings update

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.