2. Memorandum submitted by
the British Computer Society
The British Computer Society (BCS) is the UK's
Chartered Engineering Institution for Information Systems Engineering,
with over 38,000 members worldwide. It represents the largest
body of practitioners in Computer Science and Engineering in the
UK, in what is one of the fastest growing sectors of the economy.
The BCS welcomes the opportunity to submit evidence
to the House of Commons home affairs Committee enquiry into Identity
The British Computer Society is primarily concerned
with the integrity and application of the underlying technology,
its operation and security and data retention issues. We have
therefore restricted our response below to these technical aspects
of the proposal. Other aspects are included within the submission
made on behalf of the UK Computing Research Committee (UKCRC),
in which BCS has a major representation.
1. Project Scope
1.1 The creation of a National Identity
Register is suggested as stage 1 of the overall project. Building
such a register will be a substantial undertaking in its own right.
The consultation paper, "Entitlement Cards and Identity Fraud",
issued in July 2002 also proposed a "central register"
and identified that the central register would hold:
A unique personal number
Cross-references to other personal
identifiers used in Government such as passport number, national
insurance number and driver number
A secret password or PIN
1.2 It is unclear from the "Next Steps"
paper what data the National Identity Register will contain. This
is a critical area because data collection exercises are expensive.
A comprehensive list of data to be held in the central registry
should be agreed before any data collection exercise commences.
If the purposes are established at the outset, then the processing
of personal data will be in the spirit of the Data Protection
1.3 The earlier consultation paper, "Entitlement
Cards and Identity Fraud" also suggested that Entitlement/Identity
cards would be used to support various other documents and/or
processes and implied that this functionality would be provided
within the costs identified in that paper. These other documents/processes
were identified as:
Passport card production
Driving licence production
Personal medical information
Reduction of crime and reduction
of some administration processes in the Police force
Access by third parties to use the
smart card chip to store and retrieve data
Access by Customs and Excise and
the Police to assist in cases of serious crimes
1.4 In its response to that earlier consultation
paper the British Computer Society identified this as a concern
and recommended that the initial project should only be concerned
with the production of Entitlement cards to ensure that costs
were kept under control.
1.5 The "Next Steps" paper implies
that the National Identity Register will only be used for Identity
Cards, Passports and Driver Licences. This is a welcome reduction
in overall scope, which will help to make the project more manageable,
but will still result in conflicting project objectives and the
likelihood of severe cost overruns. For example the paper says:
"Most people will join the scheme when they
apply for or renew their driving licence or passport . . ."
This gives rise to several questions that are
Will biometric recording devices
be available in suitably secure sites within easy reach of anyone
wanting to renew their driving licence or passport? Provision
of a biometric recording capability on such a geographic basis
will be a very high cost.
Where will these devices be physically
located? The premises will need to be secure and reflect the expected
volume of applicants at each site.
Will the systems and processes employed
be identical whether a driving licence, a passport or a plain
identity card is being issued?
How will the personal information
about each individual be checked?
What procedures will be put in place
to ensure that validation against existing data in the passports,
driving licence and immigration records databases is managed in
a timely and cost effective manner? This is likely to be an area
of significant cost.
There is no overall cost figure for the project
given in the paper but there is an implication that the proposed
increases in document costs will offset the overall cost. Without
a published budget for the project then the ability for anyone
to see if the programme has been successfully managed is obviously
2. Integration with e-Government
2.1 This is an area that was addressed in
detail in the British Computer Society's response to the 2002
consultation. The "Next Steps" paper does not identify
if or how the Identity card will support the E-Envoy's proposals
for accessing e-Government services. This is an area of confusion
that must be addressed if costs are to be managed successfully.
3. Identity Fraud
3.1 There is an underlying assumption in
the "Next Steps" paper that linking an individual to
a single Identity Card can reduce identity fraud. However, this
is only possible if some characteristic of that individual is
used as a unique identifier. The paper does not address the practicality
of this and there are two distinct situations that must be understood
3.2 The first situation relates to naturally
occurring duplicates of biometric information. Iris scans and
fingerprint scans are not unique for each individual; within the
UK resident population of 67.5 million there will be around 100
cases of naturally duplicate identifiers. Some mechanism for coping
with these naturally occurring duplicates will have to be designed.
3.3 The second situation is that a person
applies fraudulently for two or more identity cards. To address
this possibility a regular and frequent process of identifying
any instances of duplicate biometric data in the National Identity
Register is essential. In addition processes to ensure that the
individuals concerned are prosecuted need to be seen by the public
to be in place. The identification of duplicate biometric data
is also the area of technology risk. The time taken to check databases
of the size being contemplated for duplicate incidences of biometric
data has to be evaluated. If these checks cannot be implemented
then it is unlikely that the Identity Cards being proposed will
have a long-term significant impact on the incidence of Identity
3.4 Additionally, there may be circumstances
where a person requires more than one identity, and we are unclear
how this will be catered for in the system.
4. Identity Theft
4.1 Within this paper the term identity
fraud has been used to describe the situation where an individual
attempts to obtain multiple identity documents based on his own
biometric data. Identity theft is used to describe the situation
where an individual steals someone else's Identity Card and then
attempts to use that stolen identity.
4.2 Whilst it is true that the use of biometrics
makes identity theft less likely than if current technologies
are used we believe that it still remains a possibility. In particular:
The processes for dealing with the
lost and stolen Identity Cards will need tight controls.
The procedures must ensure that a
citizen is not disenfranchised because of loss of the card.
The citizen must be able to easily
re-establish their identity if someone else has used it and left
a trail of problems behind them.
The citizen must be able to trust
the integrity of the back-end National Register systems used to
store identity data and/or to verify or confirm the identity of
5. Future Uses
5.1 We are unclear from the document "Identity
Cards Next Steps" if it is proposed that any data other than
identity data is to (or could) be stored on the card. If it is
expected that other data and/or applications are to be stored
then the rules to achieve the effective overall control of the
issuance and management of the cards will require to be defined
very clearly. As commented earlier there are cost implications
with respect to data collection that should also be considered
very carefully in this context.
6. National Register data is incorrect or
6.1 In these circumstances a citizen could
become a non-person, neither able to get government services nor
possibly access many financial or other services in the private
sector. The citizen will require a simple, cost free, means to
confirm periodically that the data held on the Register is present
and correct. Provision to compensate citizens if records are lost
from the Register should be made in any legislation. There must,
however, be mechanisms in place to prevent or detect the creation
of a false identity by this meansboth the integrity of
the National Register Data and the public perception that the
data has integrity are critical factors in the success of this