ICT security orgs blast ID smartcard, biometrics

The Federal Government’s planned national ID smartcard has come into further criticism – this time from some of the country’s leading ICT security organisations.

The Federal Government’s planned national ID smartcard has come into further criticism – this time from some of the country’s leading ICT security organisations.

Speaking at a CRN/IT News roundtable on the current state of the security market, personalities from McAfee, Dimension Data, Secure Computing and Symantec have argued that the card is a step in the wrong direction.

Offering up some of the harshest criticism, Dimension Data national security practice manager Neil Campbell said the card would see the centralisation of power.

“As an ex-cop it was very frustrating that [the police] didn’t have one gigantic database so that I could pluck information out about someone. It would have been an enormous help to me, but it would also have created a monster,” he said. “The identity card is one step closer to creating a monster of a Police State and it’s too much power.”

Secure Computing A/NZ country manager Eric Krieger said the proposed card was a step closer to a creating a closed society.

“From a social engineering point of view I think it’s dangerous - we already have more controls on us than we need,” he said. “The American social security number is a weapon, and that’s what they’re talking about introducing here [in Australia, with the identity card].”

McAfee APAC marketing director Allan Bell argued that the ID card’s centralisation of data would likely see abuses occur.

“[Even without an ID card] the amount of public data that’s out there about yourself is scary,” he said. “It’s only because people don’t correlate all that data, or don’t have the ability to do so, that they’re not doing the analysis [on you].

“What happens if there’s identity theft of your smartcard, and then people say I know it was you, because it was your card, and you’re going to jail,” said Bell.

One of the key technologies underpinning the proposed smartcard – biometrics – also came into harsh criticism, being labeled as “intrusive and Orwellian in nature” by Dimension Data’s Campbell.

He said the security format was flawed and represented an application of "technology for technology’s sake."

“I can’t revoke my thumb without chopping it off and there are better ways of doing authentication than actually using somebody’s individual attributes that you can never be revoked – such as two-factor or three-factor authentication,” he said.

For Secure Computing’s Krieger, biometrics was little more than the “sexy” technology of the moment, driven by films such as The Matrix and Mission Impossible.

“Biometrics responds to an emotional need more than anything else,” he said. “The notion that you’ve got a finger or an iris and you’ll be identified is an emotional reaction, but it doesn’t answer any business risk issues.”

Citing the current use of e-passports in the US, Symantec director channel sales Pacific David Blackman, also argued that the technology was intrusive, with little benefit.

“When I go through customs in the USA I don’t feel happy about [face and fingerprint technologies being used] but I don’t have a choice,” he said. “The only reason I like e-passports at the moment is because the queues are shorter, but when everyone gets an e-passport, eventually everyone will be in the same queue.”