By Andy McCue, 27 May 2005 15:35
NEWS UK IT chiefs have rounded on the government's reintroduction of the national Identity Card Bill this week, slamming it as a project growing out of control that will end up being a "fee-fest" for suppliers.
The government claims the biometric technology is robust enough despite Home Office trials showing significant levels of failure in the registration and verification of iris, fingerprint and facial recognition trials involving 10,000 citizens last year.
We asked silicon.com's CIO Jury user panel of leading UK IT chiefs to put aside any civil liberties and privacy issues and judge the technological aspects of the government's plans.
The result was an overwhelming panning for the ID card scheme with 10 of the 12 CIOs saying they had concerns about the robustness of the technology to be used on that scale and the ability of the government to execute the scheme successfully.
Victor Kemeney, IT director at William Hill, said: "This will be an over-complex, over-budget project delivered late that will not be adopted as it fails to consider commercial requirements - a single piece of plastic as a bank card replacement, passport replacement, driving licence replacement."
The failure rates of the biometric technology and the practical implications of that are of particular concern to Phil Young, head of IT operations at Amtrak Express Parcels.
"I am personally concerned at the fallout from technology not working, for example needing to do something important and finding that you are not correctly identified, leading to all sorts of questions and hold-ups," he said.
John Odell, group IT director at the BBA Group, described it as a "20-year fee-fest" for many IT suppliers while Chris Broad, head of information systems and technology at the UK Atomic Energy Association (UKAEA) raised concerns about the scope of the ID card scheme growing out of control.
"This project is growing arms and legs, the cost is not stable - it looks like a failure," he said.
Gavin Whatrup, IT director at Delaney Lund Knox Warren & Partners, said the signs - right from the technology to the politicians - do not bode well for the ID card scheme if it gets passed. "The figures I've seen on the success rates of this tripartite approach to biometrics are not encouraging. More worrying though is the ability of this project to survive the political process. Unless both these issues are resolved I see little chance of it delivering what is promised," he said.
But not all were against ID cards. Richard Steel, head of ICT at the London Borough of Newham, said: "The technology solution is inherently far more secure than the present system, which will remain the fall-back in case of registration difficulties. We badly need a national standard to link to other citizen-centric systems developments, including citizen identification and authentication, and the national ID card may as well be it."
Luke Mellors, IT director, The Dorchester Hotel, said he agreed with the concept of ID cards and the benefits of reduced identity fraud and security if implemented properly. But he expressed concerns over the UK government's ability to do that.
"The implementation and effectiveness including flexibility and security of the solution and the technology behind it has to be well planned and well executed and this is where I have a fundamental concern. Technology fails only when the design, planning and implementation fails, so if this is a PR exercise from the government then it will be disaster," he said.
You can see silicon.com's full coverage of the government's national ID card plans here.
Today's CIO Jury wasÂ…
Chris Broad, head of information systems and technology, UKAEA
James Findlay, head of ICT, Maritime & Coastguard Agency
Victor Kemeney, IT director, William Hill
Peter Maddigan, associate director, IT systems, Budget Insurance
Luke Mellors, IT director, The Dorchester Hotel
Colin Moore, head of information services, Department for Education and Skills
John Odell, group IT director, BBA Group
Andy Pepper, director of business information systems, Tetley
Peter Ryder, head of ICT, Preston City Council
Richard Steel, head of ICT, London Borough of Newham
Gavin Whatrup, IT director, Delaney Lund Knox Warren & Partners
Phil Young, head of IT operations, Amtrak Express Parcels
If you are a CIO, IT director or equivalent at a large or small company in the private or public sector and want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com
Comments
There are 12 comments. Join the discussion
1. Ken Hall
The more this 'scheme' is looked into by serious, knowledgable, neutral people, the more it falls apart.
It will NOT deliver the benefits promised, but will deliver delays, hold-ups, mistakes, opportunities for criminals and terrorists and the risk of totalitarian fascism.
It is doomed to failure. The sooner more people realise this so we as a nation can find a liberty protecting solution to fraud, proper ID protection and criminality the better.
A massive back end database that tracks the innacurate biometric profile of every citizen is not the answer.
2. Simon
I just cannot see how the system will work. Just think how many times you might use the card, and multiply that by the number of people. Lets day it gets used just once a month, then that's 12x60m, or 720,000,000 uses a year.
Now look at the reliability. According to http://management.silicon.com/government/0,39024677,39130714,00.htm the verification rates were :
Facial 69%, Iris 96%, Fingerprint 81%
That's a pretty frightening failure rate considering that this is the verification of a successful encoding - ie at the same time before any conditions have changed !
So lets see, 4% of 720m is nearly 2.9 million failures/year. Using facial biometric, that rises to something like 220 million failures/year !
Does that matter ? Well two things will happen :
1) People will be denied their 'rights' because they aren't who their card says they are.
2) There will be fallback to 'old fashioned' methods of verification - so what does that do to the claim that the ID card will stop fraud ? All a potential fraudster has to do is create a 'faulty' ID card which will of course fail to verify his identity. So organisations will have to fall back to the old methods, but since the person wouldn't be expecting to be required to provide further ID, he will not have 'to hand' on his person the documents required. There will be great pressure to go ahead with whatever the transaction is, and so there will actually be less security - not more.
So that's just one aspect of the cards that will make fraud etc easier. Without considering all the other methods (such as compromising the system).
3. anonymous
Government IT schemes to date have not been very successful. Whilst I agree we need some form of ID system I cannot see this one working. The technology is flawed, what standards are there for it, have they been ratified the list of questions goes on and on. Drop it before it becomes yet another failed but expensive government iniative.
4. Mr.Y.K.Raja
To combat fraud why don't we correct faults show by fraudsters in our current systems? For example
1. Banks should supply ID keys (same as memory keys, with complex codes which will change after every transaction to activate ATMS. This will make skimming cards and picking PIN numbers meaningless.
2. Banks should supply us pocketsize books containing 64 ID stickers and costing under £3. To personalise aignatures wl we have to do is to apply ID sticker and counter sign. Fraudsters can misuse our names and signatures but not our photos on ID stickers.If we use ID keys to activate photo printers to print ID stickers at point of transaction than we don't need to carry ID stickers.
5. Patrick Archibald
These 'commercial considerations' may appeal to CIO's but this is an identity card. My personal finances are not part of my identity and there is no way in hell I am giving that information to some government department. I am all in favour of identity cards for their stated purposes, but when a single government department becomes a repository for the smallest details of our lives, then opur liberty really is at threat.
6. Alfred Reading
The database is the worst part. Information leaks from the Police National Computer in spite of the fact that it is only accessed by vetted and trained personnel. What will it be like when all our data is held on one database which must be accessed by all and sundry untrained people trying to verify your identity? As one who has seen and used government specified systems I believe the criminals will think they are in heaven.
7. James Button
We still do not know HOW the ID cards will actually reduce risk.
The government have not provided any realisticly practical processes by which the issuing of ID cards will remove, or even effectively reduce the possibilities of 'terrorist' activities being successful.
Until they have defined practical processes for the use, and checking of the cards they should not even consider the practicalities of creating, and issuing such cards.
We don't really need a law for the issuing of the cards, we need laws to allow the cards to become a 'safe', 'secure', 'efficient', and 'effective' facility, then it can, should, and will become part of the general commercial, working and social life.
(Like credit cards, and driving licences in the USA)
Untill the government has sorted that lot out, perhaps it should consider extending the usage of the cards it issues to government department employees, and show that they can manage the administration of them better than the CSA manages it's responsibilities.
8. anonymous
And Silcon supports ID cards, see leader 26 May http://management.silicon.com/government/0,39024677,39130756,00.htm
At least Silicons CIO jury know what they're talking about.
(Ed note. You greatly over simplify the argument in that leader. ID cards appear largely inevitable now, so we've moved the discussion beyond simple 'yes' or 'no' debates. We want the implementation done well if it has to happen.)
9. anonymous
Do any Silicon readers support ID cards?
Are we representative of the UK population as a whole or just better informed, thanks in part to Silicon?
A poll of Silicon readers, for and against ID cards would be interesting.
10. anonymous
The greatest problem with this scheme is the growing proliferation of data about each person in the country. A centralised database of personal records would not only reduce duplication but also make the data more accurate and allow people to change details in a single step.
This could be done as part of the ID card scheme but its best done as a single project as it could be far bigger now thanks to new projects creeping up everywhere.
11. David
Can anyone remind me why we need these I.D cards... I seem to have forgotten.
From what I can remember it's going to be a money pit for us all to pay in to and won't solve identity fraud or terrorism but will be a club for many to be hit over the head with.
If you have nothing to hide it does not mean you will not fall foul of the scheme in the long run.
In addition the other side will always find a way in and fraud and corruption will always be with us.
12. Angus Cleaver
We are told by the Government
(a) it will reduce terrorism and
(b) cards will not be required by visitors who are here for less than 3 months.
Terrorists are advised to only make a short stay and they will defeat one of the principal reasons being put forward for this multi billion pound waste of time and money.