Fraud attempt

Once you are on that is it, you are on. And if someone gets on as you before you as you then the problem can be sorted straight away.

And the encryption can be broken but your average fraudster does not have a super computer at his disposal for a couple of years to break one person's card.

No system it perfect but I can assure you the only thing the police can do now it catalogue the crimes and move on because of the volumes involved, something has to be done.

People are always trying to pick out exceptional cases to judge the whole system and that is unfare. It's a bit like trying to get the car banned because of a few crashes.

ANyway, it's not a ID card thread and we have all been here before and no opinion is going to change. I though I would present my case from someone who worked in the fraud squad.

Fair enough - but shouldn't the banks be sorting this out rather than the government?

Should be pass on the passport and immigration system onto the airlines and ferry companies?

Eh? I thought we were debating credit card fraud? - Since the banks have the problem, couldn't they do more to deal with it, rather than invloving everyone in the UK in a system of government person licensing?

I haven't made my mind up either way yet but having been the victim of ID theft that no form of ID would have stopped because a bank employee emptied my account.

Nobody from the police to the bank involved was interested, money was refunded, new accounts and cards. Who got hurt?

I think the OP proves that it is not just the bank's problem, guy is probably going to have a right nightmare sorting this out and he will always have the threat of it happening again, once they get you they keep going.

Anyway, that me out.

Fair enough - and thanks for debating the issue - it is always hard to get a pro-ID dude to talk about the mechanics of how it will all work - I appreciate it even though I don't believe it can or should work.

Okay, my tuppence worth

I believe the card will be used in two ways. The first the card itself will simply be used as a form of identification. The second way would correlate the information stored on the card with that on the backend database. I could see it working as so:

Bank - Simply present the card as a form of ID. Better than a driving licence and letter which are far easier to get. In future I believe it is proposed to have smart card readers set up at banks and similar institutions.

DVLA - Present the card which then gets inserted into a reader which then confirms biometric data on the card with the database and the identity in front of you. No ID card = no licence.

Not everyone has a passport, some people have more than 1. The passport does not have the backend database.

ID cards will be harder to forge than driving licences and older passports. The strength is in the correlation of information with the backend. You can fake a card, inserting data into the backend is far more intricate (not claiming it won't be done)

For those sudden crypto experts here who seem to think the encryption on the card will be a cinch to hack then give me some of what you're drinking. Quantum computing isn't here yet. For those who think the card has already been hacked, no it hasn't. In the article in question which describes a potential hack, read the comments. As they say, the data was read off of a card; manipulated on a laptop and then written back to the card. However, the attacker used a self generated certificate to sign the amended data which would have failed any integrity check when connected to an approved smart card reader.

Let's face it, ID cards are already here and for those who think the Tories will drop this, it was a Tory proposal under John Major that started the ball rolling. Tony Blair said the following whilst in opposition:

Labour changed their tune when they got into power as will Cameron. ID cards are not being driven by the politicians. Trust me on this.

They're not perfect, but they're far better than what we have.

Quantum computing may not be here, but it's trivial for a criminal organisation to take advantage of a botnet. Distributing complex problems amongs a few million compromised machines means you, too, can have the kind of computing capacity that once only GCHQ or the NSA could dream of.

(And I'm not a "sudden crypto expert" - in the past I've worked in the field on products used by banks and governments around the world, including both the UK and US governments.)