David Davis and Project Stork

Project Stork

December 2007

Updated November 2008
Updated February 2009
Updated March 2009
Updated August 2009
Updated January 2010
Updated December 2010

HMRC lost two discs containing the personal details of 25 million people. That exposes 25 million people to the threat of fraud. Given which, the question arises whether the government should proceed with the ID cards scheme -- creating yet another database just increases the risk of losing data and could lead to more fraud.

On Monday 26 November 2007, David Davis asked Jacqui Smith in the Commons about something called Project Stork:

"The Home Office is currently prototyping a Europe-wide project called Project Stork. How are we going to prevent a repetition of the disaster of the last few weeks when sensitive personal data is held not by one government but by 27?"

The Home Secretary's only answer was to ask for more details. Here are some more details:

News item on EU's eGovernment website

Letter from James Hall in the Glasgow Herald, 29 November 2007*

Lisbon Declaration, made by EU Ministers, 19 September 2007

EU/UK: EU pilot to boost compatibility of eID kicks off in the UK, 15 October 2007

The ultimate goal of the STORK project is to implement an EU-wide interoperable system for the recognition and authentication of eIDs [electronic identities] that will enable businesses, citizens and government employees to use their national eIDs in any Member State. Once established, this would significantly facilitate migration between Member States, allowing easy access to a variety of eGovernment services including, for example, social security, medical prescriptions and pension payments. It could also ease cross-border student enrolment in colleges ...

The UK’s Identity and Passport Service (IPS) is leading the pilot project, in close co-operation with the Government Gateway, the UK’s centralised registration service. “It is about the eventual pan-European recognition of electronic IDs,” noted an IPS spokesperson.

Identity claim is false

Claims that there are plans to share information from the proposed National Identity Register with 26 other EU countries are unfounded.

The Project Stork referred to is a research project involving 14 countries looking at each other's technical standards for delivery of online government services, with a view to making it easier for citizens and businesses to access such "e-services" cross-border. In the UK, the work is being conducted by the Cabinet Office (the Government Gateway) and the Identity and Passport Service.

Project Stork is not about ID cards, has nothing to do with the National Identity Scheme or providing data from the National Identity Register. As with the passport database, the National Identity Register will only hold core identity information. It will not hold tax, benefit or other records or be an amalgam of existing government data.

Ministers recognise that ...

In order to meet the need to exchange information across borders, such as those arising from the obligations of the Services Directive, Member States shall intensify efforts to achieve cross-border interoperability, the importance of which has already been highlighted in the electronic Identity and eProcurement areas. The objective of achieving interoperability applies equally to the implementation of Article 8 of the Services Directive which will be facilitated by interoperable and mutually authenticated electronic identities and electronic documents.

* Substantially the same letter was published in the Daily Telegraph of 1 December 2007.

Clearly the EU believe that eGovernment involves sharing personal information between countries and that that information will be recorded on each country's electronic ID system. Project Stork is designed to make sure that these national systems are compatible.

So Mr Davis does seem to have identified an EU initiative which will cause our personal information to be shared between up to 27 EU countries. His question requires an answer.

James Hall is Chief Executive of the Identity and Passport Service and, as such, he is responsible for issuing us all with ID cards and for building the National Identity Register, the database which will record all our identities. It is natural, therefore, to assume that the eGovernment referred to above will be centred on his ID cards scheme and that all this personal information which is to be shared will come from the National Identity Register.

Natural, but apparently wrong. Mr Hall says that information will not be provided from the National Identity Register.

No doubt he is right. He's the boss. He should know. The information will not come from the National Identity Register. But then Mr Davis didn't say that it would. People should not come away from reading Mr Hall's letter thinking that personal information will not be shared across the EU. We know that that is the intention. The EU have told us so, in so many words: "In order to meet the need to exchange information across borders ..."

So Mr Hall hasn't answered Mr Davis's question. Perhaps the Home Secretary now will. How are we going to prevent a repetition of the disaster of the last few weeks when sensitive personal data is held not by one government but by 27?

We started a year ago with the loss of 25 million people's bank details. And now here we are again:

Mail on Sunday, Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park, Daniel Boffey, 2 November 2008

Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.

The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

The Department for Work and Pensions insisted that the system's

security has not been breached, but a computer expert told The Mail on Sunday that in the wrong hands the data on the memory stick could enable hackers to access personal details of the 12million people who have registered on the system, including their passwords ...

An expert who examined it for The Mail on Sunday said it contained confidential passwords, security software and the technical blueprint to the system known as the 'source code' ...

This week the Information Commissioner revealed that the number of data breaches - including lost laptops and memory sticks containing sensitive personal records - had risen to 277 since the loss of 25million child benefit records was disclosed nearly a year ago.

The tax website in question, the one whose source code was lost, the one with 12 million users the security of whose personal data may have been impugned, is the UK Government Gateway. That is the website used by both individuals and companies to submit all sorts of tax returns and which therefore stores all sorts of personal and corporate payments information. And that is the website which, according to James Hall, will be used to store the details of people who come to the UK from any of our 26 partners in the EU.

The Prime Minister acknowledged the significance of this latest debacle:

It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information.

When the Prime Minister confirms that no UK government system is secure, how confident will our EU partners be about using the Gateway to store their data? Will a Frenchman or a German or ... want his personal details to be stored on this leaky system?

The source code was lost. Confidential passwords were lost. And this is the system that we are asking 26 other countries to trust. The Identity & Passport Service will face some interesting questions when they attend the next meeting of Project Stork.

And if the EU Commission are forced to revisit the Lisbon Declaration because of the mess the UK have made, never mind James Hall, they may have a few choice words for the Prime Minister.

Project STORK has not gone away. According to a 16 January 2009 article on vnunet.com:

The Stork project to create a Europe-wide electronic identity network gathered pace today with the launch of five pilot deployments to test its readiness for full-scale implementation.

Stork was officially unveiled at the ISSE 2008 security event in Madrid last year.

Around 30 million national electronic ID cards are used by citizens throughout the European Union to access a variety of online public services, but one country's card cannot be used to benefit from the same services in another country.

The Stork project aims to address this with a three-year remit to enable cross-border recognition of national electronic ID systems ...

The following submission was made to the Project STORK website:

The compromised security of the UK Government Gateway

Category: Suggest
Date: Saturday, 17 January 2009
Sector: eID Community of Interest

Author: David Moss
Destination: STORK

STORK requires the national systems of several countries to be interoperable. The relevant system in the UK is the Government Gateway.

On 2 November 2008 the Mail on Sunday newspaper reported that a copy of the source code for the Government Gateway, together wil logon details, was found on a USB stick left in a pub car park in Cannock:

Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.

The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

It is suggested that our EU partners would be well advised to satisfy themselves that the Government Gateway is now secure before individuals, companies and government departments entrust their data to it. Our own Prime Minister doubts it:

It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information.

It will be remembered that a year before they lost the source code and logon details of the Government Gateway, they lost the details of 25 million child benefit claimants, including their bank details. Anyone entrusting their data to the UK end of STORK is taking a real risk.

A response was received from the STORK Dissemination Team on 26 January 2009:

Regarding the letter you have sent us on January 17, 2009, we would like to inform you that we have requested for a formal response from the UK Government. They have committed to respond and we will let you know when they have done so.

Nothing happened.

A message was sent to the STORK Dissemination Team on 9 March 2009:

It is now about six weeks since your email. Have Project STORK had a formal response from the UK government yet?

The following response was received on 11 March 2009:

The UK Government is working on it. We recognise the importance of a response and will get it to you as soon as possible. We apologize one more time for the late reply.

Nothing happened. A further message was sent to the STORK Dissemination Team on 5 August 2009:

It is now over six months since I pointed out the danger to any EU individuals, businesses and government personnel if they rely on the security of the UK Government Gateway. It is disappointing that no response has yet been received.

In the absence of any response, the only prudent inference is that it is unsafe for anyone to entrust their personal, business and financial details to the UK Government Gateway.

Without the Government Gateway, the UK does not have the wherewithal to meet its obligations under the Lisbon Declaration of 19 September 2007. That is unfortunate. But the problem will not just go away by ignoring the security breaches of the Government Gateway, the failure to meet the Lisbon obligations needs to be confronted openly, seriously and now.

The following response was received on 25 August 2009:

The Government Gateway enables secure authenticated access to UK government online services and it is accredited to process information up to UK Government Restricted. The infrastructure and application is continually monitored and has regular independent security tests. The Government Gateway is also compliant with the data protection act, UK policy and UK Government information assurance guidelines. Furthermore, all staff and suppliers have to adhere to a data projection policy when using mobile storage devices, for the delivery of the Government Gateway services.

The loss of the storage device (a USB stick) by a supplier responsible for the service delivery of the Government Gateway, did not compromise the Government Gateway or give open access to the Government Gateway application.

According to the Mail on Sunday:

Computer security expert Jacques Erasmus, from internet protection firm Prevx, said that the passwords and security software saved on the memory stick would provide access into a series of databases or payment systems. But he added that the greatest concern was the source code.

Mr Erasmus, who has previously worked with Government agencies, said that the blueprint to the Government Gateway was 'invaluable' for those who would want to harvest personal details or defraud the Government.

On the publication of an article in The Register magazine, the following exchange of emails took place:

From: David Moss
Sent: 03 September 2009 14:25
To: XXXXXXXXXX
Subject: Attn Jacques Erasmus – Cannock USB stick, Government gateway
Dear Mr Erasmus

I refer to the 2 November 2008 Mail on Sunday article, http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stick-secret-personal-data-12million-pub-car-park.html

For nine months or so I have been using this article in part to help my case against the UK government's National Identity Scheme and on 2 September 2009 I had an article published in The Register, http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/

Or rather abusing the MoS article as by some psychological trick I had avoided noting that the lost USB stick was encrypted or forgotten it but, one way or the other, the matter was wrongly settled in my mind that the USB stick was not encrypted.

That is my entirely problem, my embarrassment, etc ...

But the question arises, was the USB stick "properly" encrypted, would it have taken millions of times the age of the universe to decrypt, or could you really have decrypted it in a sensible length of time? Were the contents all encrypted or only some of them?

It would be appreciated if you would comment on these matters, either by email on on the comments page of the Register article, http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/comments/, or here http://forum.no2id.net/viewtopic.php?t=29301, and quite understood if you can't.

Yours sincerely
David Moss

From: Prevx Weblog
Sent: 03 September 2009 16:21
To: 'David Moss'
Subject: RE: Attn Jacques Erasmus -- Cannock USB stick, Government gateway

Hi David,

It's been awhile, but the memory stick was not encrypted at all (I did the investigation). No files on the stick were encrypted and all the data was easily visible, there was a password protected zip file, however the password was somewhere in a text file in another directory.

However, if it was encrypted with the high grade encryption, it would not be feasible to decrypt the data at all. It would simply take too long for modern day computing equipment.

Hope this helps.

Regards,

Jacques

Further developments are awaited.

(The question arises whether referring the UK to the EU like this is unpatriotic. In fact, it arises not just in this case but in the case of the whole six-year campaign against the Home Office's plans to introduce ID cards into the UK. And the answer is no. The campaign is patriotic. It is the Home Office who are being unpatriotic.)

20 December 2010 – take a look at the STORK website. Six pilots are being conducted to test the interoperability of EU identity management systems. Yes? And? That's the idea, isn't it? That's the point of STORK. Yes. But take another look. None of these pilots involve the UK. We're off the radar, no longer involved, not participating, dropped, excluded and banished. Good.

David Moss has spent six years campaigning against the Home Office's ID card scheme.