In my submission to the committee I will point out why I believe that the Government's proposals for a national identity card scheme and centralised database are ill conceived. The core of my arguments will centre on the technological aspects of such a system and the huge costs for meagre benefits, if any.

PROPOSED TECHNOLOGIES

  Computers and associated technologies should be seen as accessories, which in the modern world can assist in mundane and repetitive tasks. They should not be seen as a primary tool. The government's proposal for a hi-tech biometric national ID smart card and centralised database goes against this basic axiom.

  The technology proposed is in its infancy and has never been implemented on the proposed scale. Government IT projects are notoriously prone to problems and such a scheme would be a huge pay day for IT firms such as SchlumbergerSema, Applied Card Technologies, Sun Microsystems, Oracle, SodexhoPass UK, Northop Grumman and EDS. No doubt the government's enthusiasm for such a scheme is fuelled by vociferous lobbying by such firms.

  No electronic system will work 100% of the time, and no IT system can be 100% secure. Strong misgivings have been expressed by IT professionals such as Peter Dorrington, head of fraud solutions at data analysis specialist SAS —"If there is a central database it will present a new and undreamt of opportunity for crime. The larger the network, the more difficult it is to protect with the need for a matched level of investment to protect the infrastructure".[11]

  Concerns about a centralised database of the scale proposed are echoed by the security firm Ubizen, who worked on Belgium's ID card system. They question the value of biometrics, and suggest that a central database will be a tempting target for hackers and that there should at best only be the need for a "blacklist" database of criminals and suspects to check biometric scans against.[12]

  Any system that includes large-scale databases must be built upon accurate data. The adage "Rubbish In, Rubbish Out" is key. Previous government databases have been beset with data quality issues, in 1999 a Metropolitan Police internal audit found that "84% of punishments and convictions entered on criminal records did not tally with the real punishments and convictions on court records. Three-quarters of the errors were so serious, the Met might face demands for compensation from incorrectly listed people if the records were released."[13]

  Large systems such as the EU's Schengen Information System (SIS) "suffer from lack of common standards of data quality & ambiguous deletion of data provisions"(Justice Report 2001) with problems arising not just between EU countries but even government agencies within member states. The proposed centralised database would be far larger containing 50 million records. The data upon which the system would be built would be derived from current forms of ID. The home office says that "rigorous background checks" would be used to confirm the validity of the data, but has failed to explain what such checks would entail.

  Banks, seen by many as keen to adopt biometric ID systems expressed concerns at the Omnicard 2002 conference in Berlin, Christoph Thiel, a cryptography and technical security specialist with Germany's Sparkasse group of savings banks said—"Optimistically, we can't foresee (biometric chip-card technology) in the next 10 years. Basically we don't think it's suitable for the banking business".[14]

  The home secretary told the Today programme on Radio Four that biometric identifiers "will make identity theft and multiple identity impossible, not nearly impossible, impossible". Yet such statements are called into doubt by a feasibility study commissioned by the Passport Office in February 2003, which said, "Biometric methods do not offer a 100% certainty of authentication of individuals".

  The study also raised several concerns about the size of the proposed UK scheme, the reliability of existing systems and cost. It suggested that face recognition has long way to go, and that iris recognition is relatively new and few large-scale applications exist for comparison. It concluded that multiple biometrics would be more reliable but pointed out that, "the performance improvement is unlikely to be commensurate with the increased costs"[15].

  A study by the US National Institute of Standards and Technology also found that Biometric identifiers "always look stronger and easier in theory than they are in practice. Effective enrolment is difficult, and physical spoofing is a lot easier than we would like."[16]

  In short such technology is untested and will be extremely costly. The government's proposal relies too much on this technology, and such an IT project is sure to run over budget and be beset with problems. To illustrate this point I would like to draw the committee's attention to a few government IT projects over the last few years, further details of these and other such projects are available in Public Accounts Reports.

PREVIOUS GOVERNMENT IT PROJECTS

  Over the last six years government IT projects have wasted £1.5 billion as a result of cancellation or spending beyond budget. Below are just a few examples.

  The Passport Agency System where in Summer of 1999 processing times reached 50 days and "at no point during early 1999 did the Agency process sufficient output to catch up on the rising backlog" (Public Accounts First Report Jan 2000).

  Home Office's Immigration and Nationality Directorate Casework programme which suffered "backlogs of 76,000 asylum cases and 100,000 nationality cases" (Ibid).

  The Air Traffic Control System (Lockheed Martin), which took longer to plan and build than it will be in operation, with, costs more than tripling.

  The Social Security system installed by Andersen Consulting which had "over 1,500 unresolved system problems, many of which were crucial to full implementation" (Ibid.) and crashed soon after its introduction in 1999 leading to millions being paid out in compensation payments.

  The NHS Purchase of the Read Codes and the Management of the NHS Centre for Coding and Classification ran up costs of £32 million by March 1998 and "eight years after the Codes were purchased and three years after the clinical terms projects ended, Version 3 of the Codes was being tested and used in only 12 NHS hospital sites" (Ibid).

  The Crown Prosecution Service's case tracking computer system installed in just over half of CPS branches by 1997 before being scrapped "on the grounds that the technology was outdated" (Ibid).

  The Ministry of Defence's Project Trawlerman abandoned with "costs of £41 million, and acquired a replacement system in 1997 at a cost of £6 million" (Ibid).

  The Benefits Payment Card (Pathway/ICL) scrapped after 3 years and an estimated expenditure of £1 billion because the card technology employed was already outdated (National Audit Office Press Notice , The Cancellation of the Benefits Payment Card Project).

  Northern Ireland Vehicle System Replacement Project also abandoned and £3.7 million written off.

  Ministry of Agriculture Fisheries and Food Arable Area Payments Scheme where software which was rolled out in stages, causing the need of multiple application submissions "for local validation approximately four times on average and for central validation approximately 3.5 times on average" (Ibid). Once again costs of the system escalated.

  Magistrates' Courts Libra system which cost £134 million more than ICL (Fujitsu Services) originally bid and was described by the Public Accounts Committee as "one of the worst PFI deals that we have seen" (Public Account Forty-forth Report, November 2003). The government "chose ICL as the preferred bidder for the Libra project despite being aware of problems ICL was having at the time with another government IT project (the Benefits Payment Card project)" (Ibid.).

  The Criminal Records Bureau disclosure service run by Capita, which suffered backlogs and caused school closures. Capita received a £19 million Government bailout, the cost of standard checks will double from £12 to £24 and performance targets are to be cut. The CRB failed to meet its target of issuing 95% of standard disclosures within one week, issuing only 19.4%.

  The Inland Revenue Tax Credits System run by EDS which held up millions of claims and led to 375,000 emergency payments when it was launched in April 2003. It has now emerged that millions of others have been overpaid because of faulty calculations by tax office staff.

  And so on . . .

COSTS VS. BENEFITS

  The proposed scheme looks set to cost at least £3 billion, but this is likely to increase. In addition there will be billions more in private sector costs which UK citizens are also likely to pay indirectly through higher priced goods and services.

  The government claims widespread support, but this is based on the government's impossible claims of a universal panacea.

  Little evidence seems to exist that suggest ID cards in other Western European countries have contributed to reduction in crime, or illegal immigration. The home office seems to rely on anecdotal evidence, such as that of a lorry driver cited at the committee's meeting of 10 December 2003.

  Many of the home office's claims remain unproven. Investment of this kind should not be based on wishful thinking

  Many security experts suggest that replacing current forms of ID with a gold standard trusted ID card would actually reduce rather than increase security. What is more they suggest that a 50 million net of scrutiny will make it easier for criminals to slip through. Police say they rarely have problems identifying suspects, only in catching and convicting them. Increases in identity theft are largely due to the Internet where ID cards will not make a difference. The US state department annual "Patterns of Global Terrorism" report shows that terrorism is decreasing and is far below levels in the late 1980s. Asylum seekers already have the Application Registration Card (ARC). The UK ranks 12th in the EU in asylum applications received, compared to national population from 1992 to 2001. The UK ranks 11th in the EU in total refugee admissions compared to national population from 1992 to 2001.

  Even if the proposed IT systems could work and even if the scheme could be delivered to budget the benefits to UK citizens are small.

  Those who have most to gain from such a proposal are the suppliers of the equipment and software.

RECOMMENDATIONS

  The government's proposals are ill conceived, and would be a huge waste of money. Government spending should focus on improving current systems and checks.

  Current forms of ID already carry biometric information, in the form of photographs, details of height and eye colour. Better use could be made of these.

  If, as the home office claim, rigorous background checks are possible to validate current forms of ID then why not implement such checks with existing ID.

  Improve existing information systems like the Schengen Information System (SIS), which has targeted watch lists rather than blanket population data. Such systems are far from perfect at present.

  Basic biometric data as required for international travel to countries like the US should be implemented when necessary based upon agreed EU standards and after thorough scrutiny. Such systems should where possible be voluntary and should not include a governmental shared centralised database. Systems should be developed to meet agreed standards only rather than pioneer new untested technologies. Such systems could then be developed in partnership with other governments.

  I will close with a pertinent quote by Benjamin Franklin: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

January 2004

12   "UK faces massive ID card challenges" http://www.silicon.com/management/government/0,39024677,39117139,00.htm Back

13   "When Big Brother just can't cope" New Statesman 19 May 2003. Back

14   "Biometric Cards Debated"-http://www.pcworld.com/news/article/0,aid,80392,00.asp Back

15   Feasibility Study on Use of Biometrics in an Entitlement Scheme commissioned by the UK Passport Service February 2003. Back

16   "NIST identifies good and bad points of biometrics"-http://www.gcn.com/21-25/news/19773-1.html Back