Feeds

'RFID the lot of them!' UK ID card to use ICAO reader standard

Hello, the National Tagging Register...

  • alert
  • submit to reddit

High performance access to file storage

The Government last week confirmed that the UK's planned ID card is intended to operate as a 'passport lite' that could be used for travel within the European Union, and signalled that Home Office thinking may be moving towards the use of a PIN as a common mechanism for verification. The card's operation as a passport, said Under Secretary of State Andy Burnham, dictates that it will need to use ICAO standard RFID contactless reader technology, while use of chip and PIN would allow it to be compatible with banking and retail systems.

That means, he said, that it could function both as a contact and contactless card. PIN would also provide some measure of protection for internet transactions, but on its own, no more than that of a credit card. Nor is it immediately obvious what kind of transaction an ID card holder might want or need to conduct via the national chip and PIN infrastructure. There are however possible advantages for the Government in using the commercial chip and PIN network, not least of these being that audit trails would be far more extensive, providing a far more detailed picture of the user's movements.

The Government's view that the passport lite aspect of the card requires that it have a contactless capability however has interesting ramifications.

ID cards are already used for identification at border crossings in Europe, and the UK Presidency called for common standards on ID cards within Europe just days after taking office. The UK's call for common standards to "ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States" is however some distance from receiving proposals for, and deciding on, those standards.

Nor is it clear that contactless ID card readers to ICAO standards will be accepted across the whole EU, that Member States have the intention of using such readers, or whether it is even feasible to use them on a Europe-wide basis. Statewatch reports (while also challenging the legality of the EU's ID card moves) that governments have been sent a questionnaire asking what checks and equipment they intend to install at borders, and whether they intend to carry out one-to-one or one-to-many checks.

The primary purpose of these readers, if they're installed at all, will be to check passports, and if appropriate common standards for ID cards are agreed then it may make sense for member states which use contactless readers to check passports to also use them for checking ID cards. This isn't quite what one might understand from Burnham's claim that current plans to use ID cards for European travel mean that "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless in order to be considered a valid travel document."

As the European Union can (and does) decide what can be used as a "valid travel document" within its own borders, and is the body responsible for doing the considering here, one wonders what ICAO has to do with the matter. Designating national ID cards as travel documents could of course be part of a cunning plan to get around the legal difficulties Statewatch puts forward.

At the moment, however, the UK has decided on an interface standard for its own ID card scheme based on the assumption that there will be a standard EU ID card, that this will be a standard passport lite, and that it will conform to an international contactless passport standard that is readable globally. Having decided on this standard, it will then make obvious sense for the UK to use ICAO-standard contactless technology for readers within the UK as well.

The security implications of this have been well trampled in respect of passport use, but if - as the Government hopes - ID cards are used widely within the UK, the potential for security breaches will obviously be greatly increased. As indeed will other opportunities. Wouldn't it be handy if, say, the local housing office knew exactly who you were the moment you walked through the door, and had your file on screen ready by the time you reached the counter? No? Perhaps not...

High performance access to file storage

Next page: Costings update

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.