Feeds

'RFID the lot of them!' UK ID card to use ICAO reader standard

Hello, the National Tagging Register...

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The Government last week confirmed that the UK's planned ID card is intended to operate as a 'passport lite' that could be used for travel within the European Union, and signalled that Home Office thinking may be moving towards the use of a PIN as a common mechanism for verification. The card's operation as a passport, said Under Secretary of State Andy Burnham, dictates that it will need to use ICAO standard RFID contactless reader technology, while use of chip and PIN would allow it to be compatible with banking and retail systems.

That means, he said, that it could function both as a contact and contactless card. PIN would also provide some measure of protection for internet transactions, but on its own, no more than that of a credit card. Nor is it immediately obvious what kind of transaction an ID card holder might want or need to conduct via the national chip and PIN infrastructure. There are however possible advantages for the Government in using the commercial chip and PIN network, not least of these being that audit trails would be far more extensive, providing a far more detailed picture of the user's movements.

The Government's view that the passport lite aspect of the card requires that it have a contactless capability however has interesting ramifications.

ID cards are already used for identification at border crossings in Europe, and the UK Presidency called for common standards on ID cards within Europe just days after taking office. The UK's call for common standards to "ensure that data stored on Identity Cards is appropriately protected but can be read by other Member States" is however some distance from receiving proposals for, and deciding on, those standards.

Nor is it clear that contactless ID card readers to ICAO standards will be accepted across the whole EU, that Member States have the intention of using such readers, or whether it is even feasible to use them on a Europe-wide basis. Statewatch reports (while also challenging the legality of the EU's ID card moves) that governments have been sent a questionnaire asking what checks and equipment they intend to install at borders, and whether they intend to carry out one-to-one or one-to-many checks.

The primary purpose of these readers, if they're installed at all, will be to check passports, and if appropriate common standards for ID cards are agreed then it may make sense for member states which use contactless readers to check passports to also use them for checking ID cards. This isn't quite what one might understand from Burnham's claim that current plans to use ID cards for European travel mean that "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless in order to be considered a valid travel document."

As the European Union can (and does) decide what can be used as a "valid travel document" within its own borders, and is the body responsible for doing the considering here, one wonders what ICAO has to do with the matter. Designating national ID cards as travel documents could of course be part of a cunning plan to get around the legal difficulties Statewatch puts forward.

At the moment, however, the UK has decided on an interface standard for its own ID card scheme based on the assumption that there will be a standard EU ID card, that this will be a standard passport lite, and that it will conform to an international contactless passport standard that is readable globally. Having decided on this standard, it will then make obvious sense for the UK to use ICAO-standard contactless technology for readers within the UK as well.

The security implications of this have been well trampled in respect of passport use, but if - as the Government hopes - ID cards are used widely within the UK, the potential for security breaches will obviously be greatly increased. As indeed will other opportunities. Wouldn't it be handy if, say, the local housing office knew exactly who you were the moment you walked through the door, and had your file on screen ready by the time you reached the counter? No? Perhaps not...

Security for virtualized datacentres

Next page: Costings update

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.