By Steve Ranger, 25 May 2005 19:45
NEWS The government says it has "no doubts" about the biometric technology underpinning its identity card plans.
Legislation to pave the way for the controversial ID cards has been reintroduced following the election and the first cards could be in production by the end of 2008.
Junior Home Office minister Andy Burnham told silicon.com: "I've no doubt about the technology because it's being used elsewhere around the world. This is the direction of travel for all countries - this technology is already there and it's well established."
He said that once the Identity Cards Bill has made it through parliament, procurement and testing of technology will begin. Annual running costs of the project are estimated at £584m, but Burnham said 70 per cent of the cost will be incurred anyway by the introduction of biometric passports.
The government claims ID cards will cut the risk of identity theft and ensure that the people using public services are entitled to do so. Card holders will have their iris pattern, fingerprint and facial image stored, and it will be possible to check the cards against a National Identity Register to provide a secure means of identity checking.
Officials said lessons have been learned from previous public sector IT failures and the tech industry has been involved from an early stage to give input to the government's plans.
"Yes, the government has got its fingers burned and there have been problems in the past but the government runs via strong and robust IT systems," Burnham said.
But he added: "We are not having a straight-jacket approach to this. We have some clear momentum and confidence we are going in the right direction. It's not about big bang."
Comments
There are 14 comments. Join the discussion
1. Ben Lim
In announcing the legislation the Home Office declared the following weaknesses of the ID Card.
Biometrics weaknesses.
“iris scans - only score a 96% success rate” – that means that in a population of 60 million 2.4 million people run the danger of being wrongly identified and be refused services or be jailed.
“facial verification - success rates were 69%” - that means that in a population of 60 million 18 million people run the danger of being wrongly identified and be refused services or be jailed.
“Fingerprint verification was successful in 81%” - that means that in a population of 60 million 12 million people run the danger of being wrongly identified and be refused services or be jailed.
False documents:
Furthermore, the government has admitted the threat of false documents of stolen IDs.
The Home Office will not be able to tell whether the documents like birth certificates or passports especially of immigrants will be stolen, false or fake. As everyone in computing know – ‘rubbish in rubbish out’. The result is the Home Office will issue the new biometrics ID cards incorporating stolen IDs and the biometrics of the applicant to the ID thieves or criminals or terrorists.
The government’s only defense against use of stolen or false or fake documents is the threat of a maximum ten-year jail sentence to carry false documents to discourage ID thieves from using stolen IDs and documents to apply for the new biometrics ID card.As if harden criminals and suicide bombers would be detered.
So instead of eliminating ID Theft, the government will be issuing the new biometrics ID cards incorporating stolen IDs.
Insiders
Nothing has been detailed as to how the Home Office is going to stop insiders from collaborating with organized crime and issue to the ID cards with stolen IDs to criminals and terrosits.
2. Steve Cowles
There is no way to eliminate fraud. All you can do is keep raising the bar.
I can only think of 3 ways to commit ID Fraud using the new ID Card system:
1. Hack the Scanner software/hardware.
2. Spoof the DNS for the National Identity Register, and return false positives (providing it's Internet based, landline tap otherwise).
3. Hack the National Identity Register directly.
In other words, the biometrics / central data combo raises the bar so that now ID Fraud is "Hacker only" territory. Unfortunately, the NIR makes an attractive Hacker target. Someone, somewhere will find a way in. It's inevitable.
Whether the technology is mature enough will set the bar for how good the hacker will need to be.
The NIR, however, is a superb idea. It's essential that there is a single Unique Identifier for all government systems to key data against for future data exchange.
If you take a minute and look at the eGIF Social Care Person schema, you'll see what I mean.
This schema holds 6 primary keys, to uniquely ID a person, all of which are optional. Totally unworkable, unless you can map those keys together. That's why the NIR will become a crucial part of the future of Government systems.
No system is unhackable. If my bank offered a choice between a thumbprint or a 4 digit pin for security, I know which I'd feel safer using at a queue in Tesco's.
3. Simon
The Government has no doubts about the technology ? That in itself is highly worrying since it seems that experts in the field say otherwise.
Recipe: Take one large dose of optimism, add selective hearing problems to reduce doubts, add three measures of spin, and a measure of blackmail*. Stir in large quantities of cash over a decade.
What will this recipe produce ?
* Blackmail ? Simple, want a passport and be allowed to travel - submit yourself to having this entirely optional identity card and pay extra for it as well.
Papieren Bitte ?
4. anonymous
If they need me to have an id card and them have a machine that reads it and tells them that I am who I've already told them I am, woundn't I need a machine to check that they are whom the say they are, sounds like goverment sponsored paranoia, spend the money on more police, education and invest in people.
5. Richard Davies
since when do the government learn from there mistakes!
If they are sure it will be a success, then why will they not provide IT professionals with an interest; technical information regarding how they propose to secure and integrate the system...if they were confident they would have nothing to hide.
legally you could hit key routers etc. with DOS attacks which could result in denial of public services for people.
I think that terrorists will be backing the government on this one as it will help them not hinder them; they could attack us with a DDOS attack and possibly stop the UK from providing key services.
6. Graham Coles
So they have no doubts about the technology because it's in use elsewhere. It doesn't matter that it doesn't work that well, as long as it's in use. Well worth 5.5 billion!
70% of the costs will be incurred by taxpayers too stupid to realise that their passports will be so much more expensive, so it's not that costly.
Identity theft using an ID card will be many times more serious than simple identity theft ('I'm sorry, we can't treat you at this hospital because your ID card has been rejected by the computer'). Still the government says it will make ID theft harder and you must believe them, after all, they've never lied to get an action passed in parliament before.
Apparently the database is going to be secure, so there's no chance of someone just changing your records. Most people know that claims like this are bogus, especially given how many people will need to be accessing it.
And after all that rubbish they suggest they have learned from past mistakes ... I believe they have--they've learned NOTHING!
7. Ed
...and don't forget that government IT projects are always de-scoped to the point of failing to do anything originally intended and cost at least twice the original estimate in both time and money.
I'm not particularly worried as I expect the whole thing to just be a replacement for the NI cards that aren't worth the plasic they're embossed on.
8. Christine Hogg
I originally supported the introduction of ID Cards but now the costs to produce and maintain the ID cards have gone all out of proportion. The money would be better directed towards our Armed Forces, the Police, HM Revenue & Customs and Border Controls. Fraud and blackmail will still take place to obtain ID cards so it will not defeat Social Security Benefit Faud or Terrorists. On a simple note, the irritation of not having a pocket or bag with me to carry the ID card and then assumingly when I am stopped and I am unable to produce the ID card, having then to produce the ID card at a local Police Station really adds yet another stress level to our already overburdened red tape environment.
9. Malcolm Ripley
I'll say it again. ID cards are inevitable. The longer we drag our feet whinging and whining the worse will be the system is eventually implemented. Work with it and iron out the problems from a citizens perspective. I would like my data to record every time anybody (including myself) accesses it. I should have full access to my data at all times. I can then keep hardcopies of the access record for my own protection. We can ensure this happens by signing up for scheme asap and hound them on these points (as part of making it work of course ;-) )
As for the "irritation" of having to carry your card at all times or face presentation at a police station......please wake up. If you drive a car then that situation already exists wrt your driving licence. I certainly don't rush around my house searching for my driving licence every time I get in my car and neither does anybody else. Or are you one of those people who looks guilty, behaves oddly and drives badly such that the police stop you every day !?
10. martyn
The success rates for recognition in the trial are so abysmal that anyone but these blinkered idiots would realise the technology simply ISN'T there.
As for learning from their mistakes this bunch should be the most knowledgeable government in history.
11. Roger Huffadine
These are the same bunch who - despite the overwhelming evidence to the contrary believed in the existence of WMD in Iraq.
Its hardly surprising that they believe that this crackpot scheme will reduce terror, crime and other social ills.
I am reliably informed that they also believe in the Easter Bunny, Santa and the Good Luck Fairy - just as well really 'cos they will need huge doses of good luck to get anything other than a huge bill for nothing much.
12. Andrew Robb
I can see some point in a National Identity Register. This should be controlled by the Judiciary for the protection of the individual and their identity/identities.
Banks and government agencies could tap into this register and to embed official biometric details in their own cards. Any such card could double as an identity card. Banks could largely fund the register through savings in fraud.
I do not see a requirement for people to carry ID cards as such. Either the police will carry cheap biometric readers and communication devices (e.g. camera phones) making the cards redundant or the cards will be worthless as they won't be verified.
13. Guy Herbert
Inevitable? Absolutely not. We can chose to remain free.
Made worse by resistance? Not true either. Cooperate with the technically and socialogically naive bureaucrats dream, and you not only allow the tools for a totalitarian nightmare, but you ensure that the trust in technology that might provide what we do need will be destroyed.
What do we need? Not fixed state- controlled "identities" but the infrastructure for a system of secure replaceable user-controlled personal credentials supported by the same intuitive, robust, system human society has always depended on: distributed trust.
14. Mike Oldman
Both Improvement and resistance are necessary.
Resistance because it is an idea ahead of the capability of delivering it at an acceptable cost and reliability; AND Improvement because we need safeguards and remedies against errors and identity theft.
Identity theft is enough of a nightmare scenario now, but imagine your records being hacked to put somebody else's biometric data there. They can then claim to be you, and you will have the devils own job of proving that you are you and not them.
There have to be back up systems, not connected to any network (ie paper, microfiche etc.)with secondary data which is not on any of the networks or on the card. However, even this is not protection against an inside job.