By Nick Heath, 7 November 2008 13:05
NEWS
Opponents of ID cards have renewed their attacks on the scheme, claiming security is being watered down even as the cost of the cards rises.
Cards will only be checked against biometric details on the National Identity Register (NIR) in a "minority of cases" according to Home Office documents, prompting accusations it has been relegated to a "flash and go" card.
The Home Office consultation documents said: "Most transactions involving the identity cards are likely to be visual checks of the card, or a local check of the information held on the card (e.g. using a scanner).
ID cards: Latest news
♦ First ID card trials announced for airport staff
♦ ID cards on driving licences - 'law can't stop us'
♦ 'ID card guinea pig' pilots ready to call in lawyers
♦ ID card 'will drown in a billion mismatches'
♦ Photos: A first glimpse of the ID card
♦ One million ID cards every year from 2009
"In only a minority of cases - requiring the highest standard of identity assurance - will it be necessary to check identity against information on the NIR."
Ian Angell, a professor at the London School of Economics (LSE) and one of the authors of a report into the scheme, said this undermines the government's claim the ID card system will offer a rock-solid way of verifying a person's identity by locking an ID to biometric details on a secure database.
And Phil Booth national co-ordinator for ID cards pressure group NO2ID said: "It makes the whole system a nonsense, the government is saying that ultimately the whole national identity scheme will come down to a 'flash and go' system.
"A system that is presumed secure which is in fact insecure, then that is worse than having no system at all."
LSE's Angell said: "If they do not check the database then fraud will go up as criminals will quickly figure this out and be able to make a copy of the card and change the photo.
"These shortcuts are going to turn it into a hugely expensive failure."
But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud: "The majority of instances where people use their identity cards will be day to day situations where the cards offer a convenient method of proving identity such as a young person proving their age to buy alcohol," he said.
"Whenever the highest level of identity assurance is vital to prevent fraudulent and criminal activity - such as high end financial transactions or at our borders - checks will always be made against the national identity register.
"The card itself will be protected against forgery by a number of security features. The Identity and Passport Service has issued more than 12 million ePassports to date and nobody has successfully cloned the chip," the spokesman said.
It has also been revealed the National Identity Register Number (Nirno) will now not appear on the card or its embedded chip. Director of Privacy International Simon Davies welcomed the removal of the Nirno, following concerns it could be cross referenced across multiple transactions - such as proof of age purchases or opening a bank account - to track a person's everyday activities.
"For five years we expressed concern about publishing the Nirno, it is amazing that it has taken all this time and £150m pounds for the government to decide to take this initiative," Davies said.
Yesterday the government began touting for high street businesses and other companies to install the equipment to take the 10 fingerprints, facial and signature scan that will be stored in the NIR. It named the Post Office as an example of possible contenders and said local authorities are also being considered as enrolment centres.
Critics say it will inflate the £30 it will cost for a card as the public also have to pay to have their fingerprints taken, with the Home Office estimating the scanners will generate between £120m and £280m per year for business.
Shadow home secretary Dominic Grieve said: "We already know that ID cards will do nothing to improve our security but may make it worse. Now we see that the already substantial cost to the tax payer is going to increase. This is particularly outrageous given the current economic crisis."
A cost projection for the scheme for British nationals also showed the cost of the scheme over the next 10 years has increased by £45m to £4.785bn from estimates in May 2008, with a warning that the costs were likely to change as contract negotiations were finalised.
In consultation, businesses expressed fears about the risks of leaving the enrolment to companies, saying they want to see it "delivered by accountable public servants, and particularly not by companies owned and controlled outside the UK".
These worries about whether government and the private sector could be trusted to handle and transfer scans of people's fingerprints, faces and signatures were echoed by the public, particularly in light of the recent spate of data breaches.
Home Office consultation documents revealed: "One of the key concerns raised regarding the market delivering biometric enrolment services is the security and integrity of the application process.
"This is also our key concern and we will not deliver these services through the market unless we think that security and integrity principles can be upheld.
"Where application and enrolment services are provided by an open market, we will set integrity and security standards which will be enforced consistently across the network of market providers."
Small businesses were also anxious about the cost of introducing the scheme and equipment to check identity on the cards, stressing the "need for particular support" from the government and citing difficulties with the introduction of Chip and PIN equipment.
A national identity scheme commissioner will also be appointed to work alongside the information commissioner to ensure data for the scheme is being properly stored, secured and collected by government and the private sector.
The government says it will continue talking to business about the commercial benefits of taking part in the enrolment and "improved identity assurance".
Comments
There are 8 comments. Join the discussion
1. Karen Challinor
"In only a minority of cases - requiring the highest standard of identity assurance - will it be necessary to check identity against information on the NIR."
and presumably this "minority of cases" will only apply to a very small percentage of the population
and further this small percentage is very likely to be known well in advance due to the requirement of the "highest standard of identity assurance" i.e. some highly secure location to which the general population is not allowed access
so why does everyone have to have one ?
why not just issue cards to that "minority of cases" that actually requires them rather than foisting this scheme on everyone ?
after all there are perfectly good and acceptable means of proving identity already available that don't require reference to the NIR
unless of course there is some other agenda and this is just a piece of spin
2. Karen Challinor
"The card itself will be protected against forgery by a number of security features. The Identity and Passport Service has issued more than 12 million ePassports to date and nobody has successfully cloned the chip," the spokesman said.
as far as they know
3. Drew stephenson
If the majority of cases only require a visual confirmation then why not save several billion pounds (it feels funny to write that without exaggerating) and just have a card with a photo on and get rid of the whole link to a national database and the capturing & storing of biometric data.
As Ms Challinor has already pointed out, the key people needing the key checks can have their own security cards (airport workers being a prime example) and all the stated requirements are met at a fraction of the cost; with considerably less risk of a significant loss of personal data.
I am now really struggling to see what the government is attempting to get out of this.
4. Richard Davies
Wow...we will have a massively expensive flop of a system so that children close to the drinking age can prove their age! Oh, and from last week...we'll all now be able to safely open bank accounts!
Wasn't this originally brought in to stop terrorists!?!?
I want to swear but I am taking deep breaths!
5. anonymous
Problems don't get fixed unless it is accepted that they may exist:
"The card itself will be protected against forgery by a number of security features. The Identity and Passport Service has issued more than 12 million ePassports to date and nobody has successfully cloned the chip," the spokesman said.
So - how do they know that?
6. Radical Meldrew
What is the card really for? If its only going to get a visual check in the majority of cases - why not use the existing passport? This is already in circulation and can be linked to the NIR whenever required so why have the card scheme on top? I have suspicions that there is an undisclosed purpose on the horizon, one which would currently be denied by any government official. All they have to do is extend the card's scope through one of their sneaky stealth bills a couple of years after the roll-out and they've got you!
7. A Suggestion
In answer to Radical Meldrew, the card will be there because it's possible (??) and "seems like a good idea" to a civil service that is floundering in the face of threats it is failing to control because it does not understand them. Almost nobody influential has gotten up and spoken about the real underlying reasons for the rise in "binge drinking", "vandalism", "terrorism", "social disruption" etc., so we go on locking horns ineffectually with the symptoms. Tracking everyone in case they decide to offend at some future time seems to such narrow thinkers a good place to start. They have not accepted that the real root causes include a loss of a sense of personal identity (no pun intended) - a direct outcome of "consumer society" that categorises people: merely "personalising" rather than treating them as real individuals. A recent paper by Abrahams (a PhD student at UCLA) - "What Terrorists Really Want - Terrorist Motives and Counterterrorism Strategy" (International Security, 32,4 2008) brings home this point very well - the author points out that the currently accepted model of terrorist motivation is incorrect on most counts (and is therefore of course likely to be fairly ineffective as a basis for strategic countermeasures) and goes on to suggest that on an individual basis (as in "radicalisation" for example) terrorists may be more likely seeking social cohesion and a sense of personal purpose that is lacking from their lives than actually attempting to drive political change in a rational manner. Tracking and monitoring everyone who is not likely to offend is probably cheaper and quicker to put in place, but much less effective supposing we really want to solve the problem.
8. CHosken
The psychology being wielded by government to "convince" the UK population that this scheme is safe and secure is quite horrifying. We have witnessed data loss after data loss by both public and private sectors, and STILL all we hear is "things will be safe, nothing can be cloned".
The real menace is the database. Scrap that and produce something less offensive to the public taste and they might swallow it. I won't but then I don't believe in having ID cards during what is supposedly Peace Time. And if they're compulsory then they ought to be free!