A digital ID meant to unify access across government instead exposed a blueprint for bureaucratic negligence, highlighting the dangers of the push towards digital ID.
DIDI RANKOVIC
UK’s digital ID scheme, GOV.UK One Login, allegedly contains a host of serious vulnerabilities affecting security and data protection, that are “built in” and present in the system since its launch.
These claims come from a whistleblower, a security expert who worked for the Government Digital Service (GDS, a part of the Department for Science, Innovation and Technology). The most grave consequences stemming from the flaws – that the whistleblower first pointed out through proper channels in 2022, only to be ignored – would include data breaches.
Another threat from more than half a million system vulnerabilities that they said were identified is identity theft. At this time, some three million people in the UK use the system to access 50 government services.
The security expert, whose identity has not been revealed in reports about the brewing scandal, asserted that thousands of vulnerabilities identified were rated as either critical or high.
The whistleblower’s account of the events suggests the authorities went for a slapdash approach to setting up the digital ID infrastructure, not only from the technical but also from the policy point of view.
“Basic” governance and risk management were not in place, according to the source, while the £330 ($436.70) million in funding arrived thanks to the business case that featured “misleading claims” regarding the quality of the scheme’s security.
And when the decision was made to outsource development to Romania, it came without GDS CEO’s approval, and without consultation with the National Cyber Security Center (NCSC).
It gets worse from here: the chief information security officer for GDS later carried out an investigation that reportedly confirmed the problems – only for the agency to decide not to mention this, when responding to a letter an MP sent to the Cabinet Office, asking about One Login’s security problems.
That MP appears to be the one the whistleblower previously contacted with their information, after waiting 18 months for the problems to be addressed by GDS.
But GDS did take some action – against the whistleblower.
Even though the MP was informed in line with the Public Interest Disclosure Act that should have protected the security expert, he faced disciplinary action.
At this time, the Department for Science, Innovation and Technology continues to claim that One Login is “secure.”
This article (Digital ID Dangers: Whistleblower Alleges Massive Security Failures in UK’s GOV.UK One Login Digital ID System) was created and published by Reclaim the Net and is republished here under “Fair Use” with attribution to the author Didi Rankovic
Featured image picssr.com
••••
The Liberty Beacon Project is now expanding at a near exponential rate, and for this we are grateful and excited! But we must also be practical. For 7 years we have not asked for any donations, and have built this project with our own funds as we grew. We are now experiencing ever increasing growing pains due to the large number of websites and projects we represent. So we have just installed donation buttons on our websites and ask that you consider this when you visit them. Nothing is too small. We thank you for all your support and your considerations … (TLB)
••••
Comment Policy: As a privately owned web site, we reserve the right to remove comments that contain spam, advertising, vulgarity, threats of violence, racism, or personal/abusive attacks on other users. This also applies to trolling, the use of more than one alias, or just intentional mischief. Enforcement of this policy is at the discretion of this websites administrators. Repeat offenders may be blocked or permanently banned without prior warning.
••••
Disclaimer: TLB websites contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to our readers under the provisions of “fair use” in an effort to advance a better understanding of political, health, economic and social issues. The material on this site is distributed without profit to those who have expressed a prior interest in receiving it for research and educational purposes. If you wish to use copyrighted material for purposes other than “fair use” you must request permission from the copyright owner.
••••
Disclaimer: The information and opinions shared are for informational purposes only including, but not limited to, text, graphics, images and other material are not intended as medical advice or instruction. Nothing mentioned is intended to be a substitute for professional medical advice, diagnosis or treatment.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of The Liberty Beacon Project.
Leave a Reply