Feeds

UK.gov needs fresh law to protect taxpayers' ID

Offloading data to private biz already racks up £10m bill

Top three mobile application threats

Exclusive The Cabinet Office's grand plan to farm out the handling of taxpayers' online identities to the private sector will almost certainly be subjected to primary legislation, The Register can reveal.

Earlier this week, Cabinet Office minister Francis Maude earmarked £10m for his department's ID assurance project.

That cash is expected to be spent between now and 2013, during the course of the current Coalition administration.

But safeguarding ID will need a new law to regulate its use.

"The current legal opinion is that legislation will be required in due course for the full instantiation of the identity assurance model and for purposes of clarity and transparency on how identity data may be used and disclosed," a Cabinet Office spokesman confirmed to El Reg.

"However, at this stage we do not believe legislation is required in the short term for initial instantiations of the model."

That means it is likely that the £10m allocated earlier this week for the project will have been spent before any act of Parliament is passed on ID assurance.

Arguably, that's a big slab of cash for a government IT scheme that could yet face fierce opposition from civil liberty campaigners and politicos.

As we previously reported, the Cabinet Office's ID assurance plans have been considered by some to be a creative way of building an identity database via third parties, thereby offloading the burden wholesale onto the private sector.

Meanwhile, the CO has yet to confirm which businesses it is talking to about the technology needed to power the ID scheme, which forms part of the government's "digital-by-default" agenda.

"The Identity Assurance team are aiming to release the details of companies that have been involved in the project soon, however it is not just banks who have been involved in this project so far," said the Cabinet Office spokesman, brushing aside our question about whether social networks such as Facebook would play any role in the plan.

Maude's department had hoped to fully implement the new ID scheme to help taxpayers access services online via a revamped website by August next year. With primary legislation looming, it is unlikely that the Cabinet Office will meet that deadline.

Privacy groups will undoubtedly be probing the Cabinet Office's plans to create, in Maude's words, "an environment in government where technology leaders in the identity space can flourish."

But there is one thing the Cabinet Office can be sure of: "there will be no ID database" held – at least, not within the walls of Whitehall. ®

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.