Calls for government ID to help fight phishers and spammers
The identity assurance system used to access some online government services could be expanded to help people check other individuals' identities online, a leading computer security analyst has told UKAuthority.com.
A Commons Science and Technology Committee report on malware and cyber crime published last week noted that "The government 'digital by default' policy will increasingly require those in receipt of government benefits and services to access these online. We are concerned that this policy may increase the number of users without the means to afford the best equipment or antivirus software online or the level of knowledge to understand what is necessary to remain secure.
"We accept that the government's digital identity assurance scheme... is designed to provide security in accessing those services. However, we also have concerns that the scheme will be of greater use in protecting the government against welfare fraud than the individual user against crime."
Professor Peter Sommer, a computer forensics specialist at the Open University who gave evidence to the committee, said the government's digital identity scheme is currently designed so citizens can register, and be authenticated to enter an online government gateway to pay taxes or access other benefits. But the system "could have a much broader benefit if you had it also for citizen to citizen ID - people could use their government credentials to talk to each other, it would give greater assurance when people contract with each other."
Currently most online transactions between people and businesses, such as email, are hard to verify or trust, Sommer said. Expansion of the government's authentication scheme "was a theme in government 10-15 years ago, but for one reason or another hasn't been picked up. "There may now be greater demand," he said.
The committee's report says the most urgent need is for better sources of trusted basic advice for citizens on computer security. While it notes the government already sponsors the "Get Safe Online" website, it said the resource needed substantial investment and improvement. "Get Safe Online needs a much higher profile among UK computer users and the government is central in that awareness raising, through integrating the site with relevant official organisations and governmental bodies."
Sommer said that ultimately, consumer advice is the key. "It is important to help people help themselves. We have laws against burglary and we have a police force but the first line of defence is lock your house when you leave it. But that sort of advice translated into a computer domain is hard for people to get hold of. For most forms of conventional security such as for your house or car, there's lots of guidance available, and the things people were talking about 10-15 years ago tend to be relevant now. The problem is the computer environment keeps on changing."
Much of the computer security advice that does exist comes from "people who want to sell you things", and lacks credibility, he said, agreeing that Get Safe Online is "very underfunded". If citizen information services are improved, there is likely to be a whole new realm for them: the Commons report also notes that smartphones are now becoming vulnerable to viruses and malware. The brave new world of mobile services is opening up new opportunities for criminals too.