... but can we trust firm that was hacked ‘by UK spies’?
THE EUROPEAN firm chosen to make Britain’s new passports was targeted in a ‘sophisticated’ hack linked to British spies.
Experts last night expressed security fears as ministers prepared to hand Britons’ personal data to Gemalto, which was subjected to web raids attributed to the US National Security Agency and GCHQ in 2010 and 2011.
According to documents leaked by Edward Snowden, the former NSA contractor, the cyber attack was aimed at stealing encryption keys that could unlock the security settings on millions of mobile phones to allow surveillance.
Gemalto is one of the world’s biggest makers of phone SIM cards and will likely be behind the manufacture of biometric smart chips for the new passports.
Home Office sources say that although the personal information pages of the new passports will be printed in the UK, Gemalto will still have access to and be responsible for storing Britons’ personal data. The firm is said to have demonstrated that it can meet all Government cyber security standards, which will be further tested if the contract is implemented.
But Professor Alan Woodward, cybersecurity expert at Surrey University, raised concerns.
‘It always troubles me when a commercial organisation is given information that’s Government-sourced,’ he said. ‘I think it’s better for the Government to hold on to it.
‘One hopes due diligence has been done and they have convinced themselves about Gemalto, bearing in mind the track record. The irony is that if it was GCHQ [behind the hack] then maybe they know how good their security is.’
In a statement after the hacking allegations, Gemalto insisted that only the ‘outer parts’ of its networks were penetrated, and that there was no data breach.
The firm yesterday refused to comment further due to the ongoing process regarding the contract to produce the new UK passport.