The government has had no choice but to deny accusations that Gov.uk, its ID assurance service, has numerous security issues and has the potential to pry on citizens.
Research paper ‘Toward Mending Two Nation-Scale Brokered Identification Systems’ proposes that the service is full of serious security and privacy issues, and that a key flaw found in its architecture could result in a mass surveillance operation.
The main issue is found in the hub, which serves as a ‘middle man’ for various government departments and identifies citizens and providers.
The report’s authors said that Verify is failing to adhere with guidelines designed to protect privacy, and may in fact be a danger to user privacy.
The report stated:
“Notably, the hub can link interactions of the same user across different service providers and has visibility over private identifiable information of citizens. In case of malicious compromise it is also able to undetectably impersonate users.”
The report also said that if the hub is compromised, it can impersonate users in order to access their accounts, along with any associated personal data, at a service provider.
IT security is an issue that can’t be ignored in the modern technological environment, and certainly when it is at government level. However, UK firms too need to wake up to the fact that they are vulnerable and have an obligation to protect their data. Opening up information security jobs to trained professionals would be a great start in achieving just that.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.