The sound of inevitability

The Register summarises identity theft among large organisations in March, big figures that those looking to implement nationwide identity schemes should probably take some note of. The HO FAQ addresses these in a couple of places:

What’s the benefit of having biometrics? "Use of biometrics will also make it much more difficult for a fraudster to obtain a second identity card as the biometrics can be checked against those already on the National Identity Register to see if they are already registered. It will also provide an additional means of associating an individual to a particular identity card, which greatly increases the security and robustness by supplementing more traditional methods such as photographs and signatures."

Won’t an identity card be attractive to fraudsters and organised criminals? "Yes just as current identity documents are. This is why we will have strengthened identity checking procedures, biometrics and improved physical security measures both for existing identity documents and for identity cards."

So the government line tends to amount to not much more than "biometrics, biometrics, biometrics". Quite why the HO thinks it can guard customers' -- sorry, citizens' identities more securely than a large company, I'm not sure - maybe if their track record in technical projects had some semblance of success, I might be inclined to believe them... There are surely more constructs needed to ensure the necessary security than mere hardware aren't there? How much attention to education regarding the system should there be, for instance? What penalties/responsibility should there be for being careless with your own data, say?

As the Reg article points out, "The vast majority of incidents can be traced to ... just plain stupidity among those who 'own' our personal data." Shouldn't the government be planning some contingency for what happens if (/when) details are stolen and usable on a wide scale, rather than just assume they're not going to be?