The United Kingdom Prime Minister announced today that the UK Government plans to issue every voter a unique identifier and web page, where they can access government services such as applying for schools, GP appointment booking, claim benefits, get a new passport, pay council taxes and register vehicles.
It sounds like a very progressive move toward e-government, and in general I am very much in favor of this type of initiative, for it can save billions of dollars in paperwork and lost productivity.
However, has the UK government really thought about the security issues that would surround such an initiative? Let’s face it, the Internet continues to get more dangerous every day. There are no standards for strong authentication, malware is rampant, phishing and spear-phishing continues to grow, websites are easily spoofed, DNS is not secure, and the cyber criminal underground continues to grow in size and sophistication.
If the real Facebook, who has over 100 million users, cannot secure itself, how are we to expect the UK Government to create a “secure Facebook” for government services? Even the world’s biggest banks are facing serious security threats from financial malware that infects the computers of users of corporate banking services. Surely the criminal underground will rapidly turn their attention to a UK Government services system. It seems like a “target rich environment” for scammers and identity thieves to prosper.