“Regardless of whether you renew your passport, apply for a driver’s license or register the birth of a child who want citizens, that the services want the services to be easily accessible and easy to use,” trumpet the cabinet office when it confirmed to create a single digital registration for all state services.
Michael Gove, the minister who monitors the project at the start in 2021, said at this time: “All publicly accessible services of the central government should hike and legacy systems are switched off.”
As the system is known, a login is now alive and used by 3m people. The ministers also want banks to take over to secure loans and mortgages and demonstrated a smartphone app that is based on a login -called GOV.UK Wallet -that can use pubs and night clubs to check IDS.
But this week the Telegraph showed that the personal data of the citizens may have been endangered by failure of cyber security. The developers received at the highest level, without the necessary safety review and a high number of defects that were reported according to an examination of 2023.
In addition, the project management of the project in the digital service (GDS) of the project was not aware that parts of the system were developed in Romania, a country known as cyber crime hotspot.
The government insists that the allegations are historical and security systems that have been standard since then. Officials reject the proposal that the public data is uncertain.
However, the allegations of poor cyber security practices during the decisive construction phase have expressed concerns.
“The government’s answer does not deny that there has been” concerns “in the past and can rely on the fact that everything is now okay. But what can be embedded in the system?” Asks Baroness Neville-Jones, a former Minister of the Interior Ministry.
The safety of the system is of crucial importance.
A login is designed in such a way that it is a critical gear in a much larger machine to open up access to other state services – from taxes to services. It also processes personal information that ranges from passports to biometric information. Possible defects in the system could be susceptible to fraud or worse.
“This project belongs to the National Infrastructure category,” says Baroness Neville-Jones. A login “is effectively an identity card” with regard to government services.
The crucial role of a login makes it a magnet for foreign intelligence services, blackmail and identity thieves.
To get a -login identity, send your name, date of birth, the mobile phone number, addresses in the past three years and a driver’s license or a passport. GDS can also apply for a selfie video for “liveliness and similarity”. The biometric agreement is then carried out by a registration of iProov, a British company, for the service.
All of this can be shared with other state services “in which the user accesses this service”.
This personal data is just as valuable for an identity thief as security must be strict to minimize the risk that criminal false identities create.
There is no indication that the system has been compromised. However, the allegations made by the Telegraph have led to an examination to assure the public that a login corresponds to the expected highest security standards.
Lord Lucas, who is together with the Baronin Neville-Jones in the House of Lords Science and Technology Committee, finds that a lot of effort and money are used in the public systems of the British sector in overseas.
“The developers of such a decisive system should have kept an eye on this,” he says. “Who can trust that it will check enough depth to assure us that there are no compromises – and would it be cheaper to rebuild from scratch?”
At the CESQ, the predecessor of the National Cyber Security Center, developed Alarme King, which developed technical security standards, the fact that the work was outsourced to other countries, which means that the system can be accessed from a distance.
“Basically, it is horizon again,” says King and refers to the Fujitsu computer system, which was the focus of the Post office scandal.
Hundreds of subpost masters were wrongly convicted of false claims for theft, fraud and false accounting, which they had stolen from the post office.
The claims come from the horizon computer system created by Fujitsu. Programmers who work on the live horizon post office system could change the functioning of the subpostmasters.
Managers contested that this could happen. However, when this was refuted, the law enforcement, which has now been lifted, was fatal.
Nowadays, distance access is the standard, whereby the business of and like a critical system is very important.
A government spokesman rejected the horizon comparison. They said: “GDS follows the best practices of security with a number of layered security controls.
“GDS corresponds to the NCSC Cyber Assessment framework, has a robust device management directive [and] GDS -managed devices are monitored by a security team from the central cabinet office in order to recognize malicious activities. “
However, a whistleblower who spoke to the Telegraph claimed that standards were not always up to date.
A high -ranking civil servant who was assigned to the project to assess risks said that the security concerns were already marked in 2022. After discovering problems, he reported his concerns about the management, but he became aside and the employees in his team were assigned to other roles.
But he didn’t leave it there. He took a big step and officially referred to his rights in the context of the law on public interests, which to exchange their concerns with a state -owned rights of employees with a close selection of recipients, including the responsible minister, without fear of reprisals. He only came to the media, he told the Telegraph as “a last throw of the cubes”.
The cyber security problems are the latest hurdle in the lengthy attempts by the government to introduce an ID system.
Labor has tried to introduce universal identification since the turn of the century, and the Tony Blair Institute for Global Change, founded by the former Prime Minister, once again called for the introduction of a digital identity to combat fraud and “improvement in tax collection”.
A plastic ID card scheme that was created by Labor in the early 2000 was “expensive, sick and unlikely that he was favored by the public,” Baroness Neville-Jones told Parliament in 2010 when she canceled the project.
Sir Tony Blair’s attempts to introduce a national ID when Prime Minister was made with protests – Scott Barbour/Getty Images Europe
A new idea was formed to be a lack of trust. Instead of the state that builds a monolithic database, citizens are encouraged to act like consumers by selecting identity services from a marketplace of private dentity providers – all acting as intermediate traders.
This was the basis of governor, the successor to ID cards, announced in 2014. It was monitored by the then relatively new GDS.
Five years later, however, the national examination office recommended that it should be canceled due to the low introduction of public, government departments and partners of the private sector. The Law Commission came to the conclusion that Verify did not even check the identity of a user. Over £ 230 were spent.
As Verify was scrapped in 2021, it was announced that a login would be successful – and the order of the same department, GDS, was forgiven, and they failed with Verify.
So far, registration has cost taxpayers over 307 million GBP since 2022, with hundreds of contractors involved. It is intended to replace the registration services that are used today today, including the Government Gateway of the HMRC.
“Users have no choice than using them,” said an insider.
A government spokesman previously told the Telegraph: “These concerns are dated and refer to the technology in its infancy, which has continued considerably in recent years.
“As the public rightly expects, the protection of the security of state services and data and the privacy of the users is to keep up with the changing cyber threat landscape.
“We correspond to the British data protection and data protection laws – including the British GDPR and the Data Protection Act 2018 – the advice of the National Cyber Security Center and operate three defense processes.
“This ensures that the data is protected, fraud is deterred and recognized and the threats are monitored and reacted to it.”
by 
