Select Committee on Home Affairs Written Evidence

2.  Memorandum submitted by the British Computer Society


  The British Computer Society (BCS) is the UK's Chartered Engineering Institution for Information Systems Engineering, with over 38,000 members worldwide. It represents the largest body of practitioners in Computer Science and Engineering in the UK, in what is one of the fastest growing sectors of the economy.

  The BCS welcomes the opportunity to submit evidence to the House of Commons home affairs Committee enquiry into Identity cards.

  The British Computer Society is primarily concerned with the integrity and application of the underlying technology, its operation and security and data retention issues. We have therefore restricted our response below to these technical aspects of the proposal. Other aspects are included within the submission made on behalf of the UK Computing Research Committee (UKCRC), in which BCS has a major representation.


1.  Project Scope

  1.1  The creation of a National Identity Register is suggested as stage 1 of the overall project. Building such a register will be a substantial undertaking in its own right. The consultation paper, "Entitlement Cards and Identity Fraud", issued in July 2002 also proposed a "central register" and identified that the central register would hold:

    —  A unique personal number

    —  Cross-references to other personal identifiers used in Government such as passport number, national insurance number and driver number

    —  A secret password or PIN

  1.2  It is unclear from the "Next Steps" paper what data the National Identity Register will contain. This is a critical area because data collection exercises are expensive. A comprehensive list of data to be held in the central registry should be agreed before any data collection exercise commences. If the purposes are established at the outset, then the processing of personal data will be in the spirit of the Data Protection Act 1998.

  1.3  The earlier consultation paper, "Entitlement Cards and Identity Fraud" also suggested that Entitlement/Identity cards would be used to support various other documents and/or processes and implied that this functionality would be provided within the costs identified in that paper. These other documents/processes were identified as:

    —  Passport card production

    —  Driving licence production

    —  Proof of Age

    —  Electoral Register

    —  New ways of voting

    —  Personal medical information

    —  Reduction of crime and reduction of some administration processes in the Police force

    —  Access by third parties to use the smart card chip to store and retrieve data

    —  Access by Customs and Excise and the Police to assist in cases of serious crimes

  1.4  In its response to that earlier consultation paper the British Computer Society identified this as a concern and recommended that the initial project should only be concerned with the production of Entitlement cards to ensure that costs were kept under control.

  1.5  The "Next Steps" paper implies that the National Identity Register will only be used for Identity Cards, Passports and Driver Licences. This is a welcome reduction in overall scope, which will help to make the project more manageable, but will still result in conflicting project objectives and the likelihood of severe cost overruns. For example the paper says:

    "Most people will join the scheme when they apply for or renew their driving licence or passport . . ."

  This gives rise to several questions that are not addressed:

    —  Will biometric recording devices be available in suitably secure sites within easy reach of anyone wanting to renew their driving licence or passport? Provision of a biometric recording capability on such a geographic basis will be a very high cost.

    —  Where will these devices be physically located? The premises will need to be secure and reflect the expected volume of applicants at each site.

    —  Will the systems and processes employed be identical whether a driving licence, a passport or a plain identity card is being issued?

    —  How will the personal information about each individual be checked?

    —  What procedures will be put in place to ensure that validation against existing data in the passports, driving licence and immigration records databases is managed in a timely and cost effective manner? This is likely to be an area of significant cost.

  There is no overall cost figure for the project given in the paper but there is an implication that the proposed increases in document costs will offset the overall cost. Without a published budget for the project then the ability for anyone to see if the programme has been successfully managed is obviously diminished.

2.  Integration with e-Government

  2.1  This is an area that was addressed in detail in the British Computer Society's response to the 2002 consultation. The "Next Steps" paper does not identify if or how the Identity card will support the E-Envoy's proposals for accessing e-Government services. This is an area of confusion that must be addressed if costs are to be managed successfully.

3.  Identity Fraud

  3.1  There is an underlying assumption in the "Next Steps" paper that linking an individual to a single Identity Card can reduce identity fraud. However, this is only possible if some characteristic of that individual is used as a unique identifier. The paper does not address the practicality of this and there are two distinct situations that must be understood and resolved.

  3.2  The first situation relates to naturally occurring duplicates of biometric information. Iris scans and fingerprint scans are not unique for each individual; within the UK resident population of 67.5 million there will be around 100 cases of naturally duplicate identifiers. Some mechanism for coping with these naturally occurring duplicates will have to be designed.

  3.3  The second situation is that a person applies fraudulently for two or more identity cards. To address this possibility a regular and frequent process of identifying any instances of duplicate biometric data in the National Identity Register is essential. In addition processes to ensure that the individuals concerned are prosecuted need to be seen by the public to be in place. The identification of duplicate biometric data is also the area of technology risk. The time taken to check databases of the size being contemplated for duplicate incidences of biometric data has to be evaluated. If these checks cannot be implemented then it is unlikely that the Identity Cards being proposed will have a long-term significant impact on the incidence of Identity Fraud.

  3.4  Additionally, there may be circumstances where a person requires more than one identity, and we are unclear how this will be catered for in the system.

4.  Identity Theft

  4.1  Within this paper the term identity fraud has been used to describe the situation where an individual attempts to obtain multiple identity documents based on his own biometric data. Identity theft is used to describe the situation where an individual steals someone else's Identity Card and then attempts to use that stolen identity.

  4.2  Whilst it is true that the use of biometrics makes identity theft less likely than if current technologies are used we believe that it still remains a possibility. In particular:

    —  The processes for dealing with the lost and stolen Identity Cards will need tight controls.

    —  The procedures must ensure that a citizen is not disenfranchised because of loss of the card.

    —  The citizen must be able to easily re-establish their identity if someone else has used it and left a trail of problems behind them.

    —  The citizen must be able to trust the integrity of the back-end National Register systems used to store identity data and/or to verify or confirm the identity of any card-holder.

5.  Future Uses

  5.1  We are unclear from the document "Identity Cards Next Steps" if it is proposed that any data other than identity data is to (or could) be stored on the card. If it is expected that other data and/or applications are to be stored then the rules to achieve the effective overall control of the issuance and management of the cards will require to be defined very clearly. As commented earlier there are cost implications with respect to data collection that should also be considered very carefully in this context.

6.  National Register data is incorrect or lost

  6.1  In these circumstances a citizen could become a non-person, neither able to get government services nor possibly access many financial or other services in the private sector. The citizen will require a simple, cost free, means to confirm periodically that the data held on the Register is present and correct. Provision to compensate citizens if records are lost from the Register should be made in any legislation. There must, however, be mechanisms in place to prevent or detect the creation of a false identity by this means—both the integrity of the National Register Data and the public perception that the data has integrity are critical factors in the success of this scheme.

January 2004

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2004
Prepared 30 July 2004