By Will Sturgeon, 28 April 2004 10:50
NEWS The company behind the biometric technology being used by the UK passport office says biometric IDs will happen - and they will happen with the blessing of the majority of UK citizens.
NEC technology is being used by the UK government in the roll-out of biometric IDs and, having already been involved in similar schemes worldwide, the company is confident that the UK implementation will be a success despite vocal opposition from "a noisy minority".
Carl Gohringer, head of product development for NEC security solutions, said biometric passports are far better than anything we have now and have nowhere near the same exposure to fraudulent use or forgery.
However, he accepted there is a negligible risk attached - as with anything. "Of course there is no such thing as a fool-proof technology," he said. "But why wait for a fool-proof technology which will never happen, if in the meantime you are continuing to use an inadequate system."
Gohringer said the fact that passports can currently be acquired with no face-to-face interaction between the applicant and the passport office, and require a verification method as simplistic as a photograph signed by a friend, highlights the inefficiency of the current system.
The roll-out won't be without problems, according to Gohringer, but he anticipates that the problems will owe far more to the complicated logistics of getting everybody signed up than to the issue of end-user opposition.
"People need to realise this is not going to harm them -- if anything it is going to be beneficial to them," he said.
However, Gohringer believes that those opposed to the systems are actually a very vocal minority, making enough noise to get themselves noticed.
He cited recent research – supported by that conducted by silicon.com – which shows strong support for biometric identification.
And it's not just the passport office that will be making good use of biometrics.
"The NHS is very keen on this," said Gohringer, citing an example whereby biometrics would be an ideal way to stop people previously been struck off by another health authority getting jobs in the health sector.
While they may be able to forge documents and change their name, a central ID database means their biometrics will always betray who they really are – regardless of who they say they are.
A number of scandals in recent years have undermined the credibility of current vetting procedures for public-sector workers and Gohringer believes that biometrics is the additional layer of authentication required.
Comments
There are 33 comments. Join the discussion
1. Stephan Jones
One thing I don't understand is why I need a biometric card when I have a biometric me. I can see the benefit of a national database containing unique biological characteristics, but surely at some point this will need to be verified against the person holding it. In which case why not skip the card, and verify the database against the person?
2. B. Citrine
Mr Gohringer would say that. He wouldn't want to jepardise this nice little earner would he?
3. anonymous
It is nice to see a biometric professional like Mr. Gohringer quoted on Silicon.com. I think it would be a good idea to set up a list of "vocal opposition minority" questions for Mr. Gohringer to answer. This Q&A session could be posted on your site to debunk all of the ill conceived objections to biometric technology. It would also be nice to have representatives from both Identix and Iridian[UK Passport Trials] to explain the enrollment process for fingerprint,facial and iris scans, respectively. They could address the secure enrollment process and capture methods. I think this would go a long way in silencing the "vocal minority" that continues to spout half-truths and promotes misconceptions about biometric technology.
4. Hid Sugiura
Ha, that Stephan Jones is right on the button. I never thought about that.
Why have weird cards on you when YOU can be ID'd instead?
If anyone has seen Minority Report, that's how it would/should/will/might work.
5. anonymous
Hardly a comment devoid of self interest! It is just possible that the "vociferous minority" have thought about the long term consequences of this somewhat more than others and, having understood that, are strongly motivated.
The government have still not explained HOW this will solve any of the problems it is supposed to address, let alone whether that is the best way to spend £3bn (and likely to be a lot more by the time it was complete, given government track record on such things!)
6. jeff
Will not make us more secure - It will just help them herd the sheep a with a little more control while the wolves find a way through as always. - Waste of money and time
7. Michael Fischer
Biometric id: May be Hazardous to our health
I doubt the popularity of universal ID will survive long, and the use of biometric references will contribute to this decline.
There are two possibilities when using biometric references for ID purposes: that these will be forged (either at the database level or through 'fooling' the sensor), or the appropriation of the appropriate biometric reference for verification (e.g. removal of eye, kidnapping of owner of eye).
The first is basically the status quo. The second if only possible if you have biometric references. Once people begin to grasp this, and that they are putting themselves at greater risk than that from which they are allegedly being protected.
There are a lot of better ways to protect the holder of an ID than biometric measures. There are no ways to protect the people who must accept IDs, and biometrics doesn't change this, although it could give the illusion of certainty where no exists.
And all this is aside from the failure of the 10 billion pound computer system needed to support the ID cards if this debacle is attempted.
8. T J Gowan
One would hope that the ID card database would be linked to the Electoral Register, making personation and "Vote Early, vote Often" a thing of the past.
9. Malcolm Ripley
I agree with Stephan Jones and it has always amazed me even before ID cards that we have bank cards with our signature on them. The transaction is then checked against the bank which OK's it......so why not download the signature from the bank at the till and have a blank bank card ! DUH !
An ID card should have no biometric data on it. The card should simply have your NI number and all the bometric data is read from the central computer. The card should be a smartcard that records every transaction or card check and is thus you own record of "harrassment" by the authorities. You could even introduce legislation that compensates people who have been harrassed. Anyone doing the harrassing won't know about the level of harrassment until AFTER it is has been recorded :-)
10. Karen Challinor
... This will happen with the blessing of the majority of uk citizens ...
The majority of UK citizens have not been allowed to debate this issue, all we have had are bland reassurances that it will achieve it's stated aims. We have not been allowed access to information to allow us to make an informed decision. The populace seems split into the 'for' camp who are immediately labelled right wing by the 'against' camp who are cast the left wing mould by the 'for's. While these two argue and bluster and achieve nothing, the government quietly carries on with it's plans, ignoring the wishes of it's populace for an informed debate yet again.
11. anonymous
Given the lack of detailed information from the Government plus the awful track record of rolling out IT projects in the public sector, the vocal minority might just be the correct minority. Those of us opposed to the Iraq debacle were a 'minority' as well.
12. Graham Coles
They will not work. As Schneier put it:
"It won't work. It won't make us more secure."
As for a central database betraying peoples true identity this is rubbish. Databases always contain a certain amount of incorrect information and can also be updated.
Insert false information into the system (security of readily accessible centralized databases is always an issue) and the whole system is useless. And this is what we keep being told is going to fight terrorism - what a joke.
And yes, the cards will be forged as well (or produced with false information to start with).
It may happen because the Government doesn't listen.
As for it being popular, what do you expect a company that is going to get paid a huge sum of taxpayer's money for implementing it going to say!
13. Ken Hall
If you can find me one independent, neutral, person that will be happy to have the card that the Governemnt is planning to introduce I will be amazed.
The feedback I have recieved from my website www.stopidcards.org has been overwhelmingly against.
(Ed note. Ken, is it not quite likely that only people against ID cards would visit a site called www.stopidcards.org - I'm not sure that's the best barometer of public opinion. It would be like Amazon.com claiming 100% of people were in favour of shopping online, based on a survey of shoppers using its site.)
The site has only been up 1 full day and already, with over 1000 hits, 100% are against what the government are planning in an ID card that will have to be presented whenever you make any transaction. That transaction will be recorded and a profile will be created on a Government database.
Even without the transaction monitoring and a free of cost card, users register an astounding 83% disaproval rating.
14. Mike Barnes
I don't believe that ID cards would protect citizens from terrorist attacks. The Oklahoma bombing in April 1995 was carried out by Timothy McVeigh, an American citizen and Gulf War veteran. How would ID cards protect us against home-grown terrorists like Timothy McVeigh?
15. Iain MacKay
Perhaps we're just not aware of how the government will address privacy concerns. For example, if an identification transaction can happen purely offline: "yes this card and embedded data belongs to this person" without time/place/nature of transaction being logged centrally on each occasion, many concerns would be addressed. Similarly if we could be somehow assured that the card wouldn't accumulate transaction information in its memory, to be uploaded at the occasional opportunity, that would be good. If the card had its own private challenge/response procedure data, so that merely possessing all the data exposed by the card wouldn't permit you to spoof an authentication terminal, that would be good. If criminals weren't allowed to subvert any of the processes or corrupt any of the people along the chain of trust, that would be OK. If all the system software were at least nominally open source, so that software loopholes might be identified, that would be good. In fact, if the system is open and fully disclosed, we would all feel more comfortable. I suspect though that this will not happen, because "it is obviously necessary to conceal details for our protection" or "the algorithms are proprietary". 1984 rules OK.
16. anonymous
less power to goverment and bureaucrats (wrong persons at the right places, same as the one named in the article)
and who has the money (ORGANIZED crime) will do business the same way
biometrics could do more wrong than right
and remeber to fight for your rights
17. anonymous
Id cards - what are the gains ?
1) With passport, licences & bank cards we already carry ID. When was the last time authorities failed to identify someone they had already targetted as a threat. No gain there.
2)Every new "impenetrable" car/intruder alarm and firewall turns out to have exploitable vulnerabilities -given time any national ID system will be breached.
3)Biometrics are only useful in a closed "willing" population (eg the Military, banks, hospitals etc) where any error can be be verified by the mark one human eyeball.
4)Carrying more ID will not change commmitted felons/terrorists minds nor stop them as proven in ID carrying countries subjected to attack.
5) The only gains are for those of us trying to, once more, sell technology for technologies sake.
The key question for society is what to do with identified felons/ terrorists ? Swift harsh justice is politically unpalatable - but it certainly worked at school !
18. RA Marshall
BandAids for terrorists?
If I fail biometric identification at the airport because I cut my finger doing DIY (forcing me to wear a sticking plaster) how will I prove my ID? Perhaps I will I have to show the photograph on my ID card to some official and say "Look, it's me!"?
Clearly that is so much more secure than the current system where I show my passport and...
Oh.
You don't suppose this biometric ID card circus could turn out to be an overpriced, high-tech White Elephant...? No, surely not, because government has such a good record on such things. Don't they...?
19. anonymous
What about "tourists"?
If we are all to have id. cards that will supposedly confirm who we are. (for what reason I am not sure anyway) how will the authorities treat visitors to this country (genuine or otherwise).. Maybe the terrorist flag is being waved when the real intension is to control migration? Most people I have talked to dont care whether we have id cards or not but dont want to have to pay for them!
20. Bob Rendahl
I would add to Iain MacKay's comments an idea on how to keep the verification off-line as much as possible.
Card has:
- identifiers, including possibly iris scan or fingerprint of choice
- card ID number
Holder has:
- matching identifiers, including iris scan and correct fingerprint if necessary
Government database has only:
- card ID number
- to whom that card number was issued, with just barely enough information (birthday) to distinguish those with like names.
Information here should be minimized, and practically useless to anyone who cracks into the database.
21. Brooke
I am certainly not one bit suprised that there is an initiative for this. This is exactly what will condition society to depend on technology and microchips for the activities of daily living, such as buying and selling without the use of money. This will lead to a devastating downfall, as predicted in the book of Revelations.
22. Rob Young
ID cards will have the same effect on 'security' as prohibition did for drinking - put it into the hands of organised crime.
23. Joe
"I am certainly not one bit suprised that there is an initiative for this. This is exactly what will condition society to depend on technology and microchips for the activities of daily living, such as buying and selling without the use of money. This will lead to a devastating downfall, as predicted in the book of Revelations."
Ever see the movie, Fahrenheit 451?
LOL I can imagine most of the population forgetting how to run the lower levels of society, and then one disaster=no more low level workers. This is possible, but very unlikely.
Then again, no one thought the potato famine would happen in Ireland.
<Goes to write a Do-it-yourself book on how to run a 19th century society back upto 21st> hehe
24. anonymous
This "negligible risk" will be well documented in their published and open risk analysis will it then? I'll be curious to read it.
25. anonymous
This "negligible risk" will be well documented in their published and open risk analysis will it then? I'll be curious to read it.
26. anonymous
Pay us for every check done !
We have to pay up to check what credit agencies say about us.
If we got a credit of, say £2, from the interrogator, every time we were checked up on, this might discourage mindless usage of ID checkup.
The credits could be made direct to the biometric smart card and would then be spendable like Mondex or Proton in any Chip and PIN machine.
On second thoughts, maybe it should be a fiver ...
27. anonymous
Another referendum, anyone ?!
Preceded, of course, by a full disclosure of how the security of the UK will be bolstered, and how many false matches and unmatched duplicates will be allowed through the system ...
28. anonymous
Dear Steve
We have been doing that for years, using security people, and it didn't work. Why else would we need computers to replace them?
29. Steve watkins
It will happen, it won't work, it won't be popular and it IS EVIL.
30. David Parsons
Okay....So we get a biometric I.D card
What is the betting that we will still be charged extra money for a Passport?
Do you get it....I don't think you do ;)
31. ITSecurityGuy
I think it is wrong to portray anyone who opposes this biometric view as the enemy. Just because someone has an opinion that is not the same as yours doesn't mean they are wrong nor should they be ignored. Not everyone has the same level of understanding of biometrics and saying the majority agrees with its use is a mistatement if the majority are only told that biometrics will help and will be more accurate and less error prone, but not how those ends will be achieved. If I tell you I have a car that will stop aggressive driving and reduce pollution, but not say how it works, it can get people excited about it but if no one asks questions about it, it serves them right when I finally sell my soap box derby suv for $40,000.
32. Bob Robinson
As usual the negatives are vociferous and the positives a quiet and perhaps fatalistic. I am positively in favour of compulsary ID cards. I am not in favour of half baked systems that are inevetably to consume huge amounts of money only to fail.
I believe what is needed is a simple ID system that any authorised body can access to authenticate the person present is who they purport to be.
I evisage a system that the biometric data is collected from each person from perhaps four different sources, photograph, iris, fingerprint and facial geometry for example. This data is stored in a central database against a name, address and ID number. The ID card only holds the ID number, the users PIN and the web address of the ID database.
The body requiring proof of identity would be authorised to access the database and with the authority of the user entering thir PIN to retrieve one of two of the forms of biometric data one being the photograph the other chosen at random by the database engine. They would then request the card holder to present themself to the appropriate scanner.
If the ID was positive then the name and address would be returned to the requesting body.
All requests for new cards would have to be matched to existing database to check for duplication or positive match in the case of replacement card request.
33. Howard Whitehead
The proposed id system will not combat terrorism (see new york, madrid examples) or fraud (it is more likely that people exaggerate their circumstances rather than their identity). The technology, biometric or other wise, will not be fool-proof and the Goverment (or nominated agency) are not able to manage an IT system this large. The £3 billion implementation costs (optimistic at best - see recent NHS IT problems) could be spent in much better ways. The system will also encourage the worrying creep of institutional, terror fuelled racism with our society.
The card represents a reversal of our most basic right as citizens - that we are innocent until proven guilty, and must be stopped.