16. Memorandum submitted by
GOVERNMENT PROPOSALS FOR IDENTITY CARD SCHEME
In my submission to the committee I will point
out why I believe that the Government's proposals for a national
identity card scheme and centralised database are ill conceived.
The core of my arguments will centre on the technological aspects
of such a system and the huge costs for meagre benefits, if any.
Computers and associated technologies should
be seen as accessories, which in the modern world can assist in
mundane and repetitive tasks. They should not be seen as a primary
tool. The government's proposal for a hi-tech biometric national
ID smart card and centralised database goes against this basic
The technology proposed is in its infancy and
has never been implemented on the proposed scale. Government IT
projects are notoriously prone to problems and such a scheme would
be a huge pay day for IT firms such as SchlumbergerSema, Applied
Card Technologies, Sun Microsystems, Oracle, SodexhoPass UK, Northop
Grumman and EDS. No doubt the government's enthusiasm for such
a scheme is fuelled by vociferous lobbying by such firms.
No electronic system will work 100% of the time,
and no IT system can be 100% secure. Strong misgivings have been
expressed by IT professionals such as Peter Dorrington, head of
fraud solutions at data analysis specialist SAS "If
there is a central database it will present a new and undreamt
of opportunity for crime. The larger the network, the more difficult
it is to protect with the need for a matched level of investment
to protect the infrastructure".
Concerns about a centralised database of the
scale proposed are echoed by the security firm Ubizen, who worked
on Belgium's ID card system. They question the value of biometrics,
and suggest that a central database will be a tempting target
for hackers and that there should at best only be the need for
a "blacklist" database of criminals and suspects to
check biometric scans against.
Any system that includes large-scale databases
must be built upon accurate data. The adage "Rubbish In,
Rubbish Out" is key. Previous government databases have been
beset with data quality issues, in 1999 a Metropolitan Police
internal audit found that "84% of punishments and convictions
entered on criminal records did not tally with the real punishments
and convictions on court records. Three-quarters of the errors
were so serious, the Met might face demands for compensation from
incorrectly listed people if the records were released."
Large systems such as the EU's Schengen Information
System (SIS) "suffer from lack of common standards of data
quality & ambiguous deletion of data provisions"(Justice
Report 2001) with problems arising not just between EU countries
but even government agencies within member states. The proposed
centralised database would be far larger containing 50 million
records. The data upon which the system would be built would be
derived from current forms of ID. The home office says that "rigorous
background checks" would be used to confirm the validity
of the data, but has failed to explain what such checks would
Banks, seen by many as keen to adopt biometric
ID systems expressed concerns at the Omnicard 2002 conference
in Berlin, Christoph Thiel, a cryptography and technical security
specialist with Germany's Sparkasse group of savings banks said"Optimistically,
we can't foresee (biometric chip-card technology) in the next
10 years. Basically we don't think it's suitable for the banking
The home secretary told the Today programme
on Radio Four that biometric identifiers "will make identity
theft and multiple identity impossible, not nearly impossible,
impossible". Yet such statements are called into doubt by
a feasibility study commissioned by the Passport Office in February
2003, which said, "Biometric methods do not offer a 100%
certainty of authentication of individuals".
The study also raised several concerns about
the size of the proposed UK scheme, the reliability of existing
systems and cost. It suggested that face recognition has long
way to go, and that iris recognition is relatively new and few
large-scale applications exist for comparison. It concluded that
multiple biometrics would be more reliable but pointed out that,
"the performance improvement is unlikely to be commensurate
with the increased costs".
A study by the US National Institute of Standards
and Technology also found that Biometric identifiers "always
look stronger and easier in theory than they are in practice.
Effective enrolment is difficult, and physical spoofing is a lot
easier than we would like."
In short such technology is untested and will
be extremely costly. The government's proposal relies too much
on this technology, and such an IT project is sure to run over
budget and be beset with problems. To illustrate this point I
would like to draw the committee's attention to a few government
IT projects over the last few years, further details of these
and other such projects are available in Public Accounts Reports.
Over the last six years government IT projects
have wasted £1.5 billion as a result of cancellation or spending
beyond budget. Below are just a few examples.
The Passport Agency System where in Summer of
1999 processing times reached 50 days and "at no point during
early 1999 did the Agency process sufficient output to catch up
on the rising backlog" (Public Accounts First Report Jan
Home Office's Immigration and Nationality Directorate
Casework programme which suffered "backlogs of 76,000 asylum
cases and 100,000 nationality cases" (Ibid).
The Air Traffic Control System (Lockheed Martin),
which took longer to plan and build than it will be in operation,
with, costs more than tripling.
The Social Security system installed by Andersen
Consulting which had "over 1,500 unresolved system problems,
many of which were crucial to full implementation" (Ibid.)
and crashed soon after its introduction in 1999 leading to millions
being paid out in compensation payments.
The NHS Purchase of the Read Codes and the Management
of the NHS Centre for Coding and Classification ran up costs of
£32 million by March 1998 and "eight years after the
Codes were purchased and three years after the clinical terms
projects ended, Version 3 of the Codes was being tested and used
in only 12 NHS hospital sites" (Ibid).
The Crown Prosecution Service's case tracking
computer system installed in just over half of CPS branches by
1997 before being scrapped "on the grounds that the technology
was outdated" (Ibid).
The Ministry of Defence's Project Trawlerman
abandoned with "costs of £41 million, and acquired a
replacement system in 1997 at a cost of £6 million"
The Benefits Payment Card (Pathway/ICL) scrapped
after 3 years and an estimated expenditure of £1 billion
because the card technology employed was already outdated (National
Audit Office Press Notice , The Cancellation of the Benefits Payment
Northern Ireland Vehicle System Replacement
Project also abandoned and £3.7 million written off.
Ministry of Agriculture Fisheries and Food Arable
Area Payments Scheme where software which was rolled out in stages,
causing the need of multiple application submissions "for
local validation approximately four times on average and for central
validation approximately 3.5 times on average" (Ibid). Once
again costs of the system escalated.
Magistrates' Courts Libra system which cost
£134 million more than ICL (Fujitsu Services) originally
bid and was described by the Public Accounts Committee as "one
of the worst PFI deals that we have seen" (Public Account
Forty-forth Report, November 2003). The government "chose
ICL as the preferred bidder for the Libra project despite being
aware of problems ICL was having at the time with another government
IT project (the Benefits Payment Card project)" (Ibid.).
The Criminal Records Bureau disclosure service
run by Capita, which suffered backlogs and caused school closures.
Capita received a £19 million Government bailout, the cost
of standard checks will double from £12 to £24 and performance
targets are to be cut. The CRB failed to meet its target of issuing
95% of standard disclosures within one week, issuing only 19.4%.
The Inland Revenue Tax Credits System run by
EDS which held up millions of claims and led to 375,000 emergency
payments when it was launched in April 2003. It has now emerged
that millions of others have been overpaid because of faulty calculations
by tax office staff.
And so on . . .
The proposed scheme looks set to cost at least
£3 billion, but this is likely to increase. In addition there
will be billions more in private sector costs which UK citizens
are also likely to pay indirectly through higher priced goods
The government claims widespread support, but
this is based on the government's impossible claims of a universal
Little evidence seems to exist that suggest
ID cards in other Western European countries have contributed
to reduction in crime, or illegal immigration. The home office
seems to rely on anecdotal evidence, such as that of a lorry driver
cited at the committee's meeting of 10 December 2003.
Many of the home office's claims remain unproven.
Investment of this kind should not be based on wishful thinking
Many security experts suggest that replacing
current forms of ID with a gold standard trusted ID card would
actually reduce rather than increase security. What is more they
suggest that a 50 million net of scrutiny will make it easier
for criminals to slip through. Police say they rarely have problems
identifying suspects, only in catching and convicting them. Increases
in identity theft are largely due to the Internet where ID cards
will not make a difference. The US state department annual "Patterns
of Global Terrorism" report shows that terrorism is decreasing
and is far below levels in the late 1980s. Asylum seekers already
have the Application Registration Card (ARC). The UK ranks 12th
in the EU in asylum applications received, compared to national
population from 1992 to 2001. The UK ranks 11th in the EU in total
refugee admissions compared to national population from 1992 to
Even if the proposed IT systems could work and
even if the scheme could be delivered to budget the benefits to
UK citizens are small.
Those who have most to gain from such a proposal
are the suppliers of the equipment and software.
The government's proposals are ill conceived,
and would be a huge waste of money. Government spending should
focus on improving current systems and checks.
Current forms of ID already carry biometric
information, in the form of photographs, details of height and
eye colour. Better use could be made of these.
If, as the home office claim, rigorous background
checks are possible to validate current forms of ID then why not
implement such checks with existing ID.
Improve existing information systems like the
Schengen Information System (SIS), which has targeted watch lists
rather than blanket population data. Such systems are far from
perfect at present.
Basic biometric data as required for international
travel to countries like the US should be implemented when necessary
based upon agreed EU standards and after thorough scrutiny. Such
systems should where possible be voluntary and should not include
a governmental shared centralised database. Systems should be
developed to meet agreed standards only rather than pioneer new
untested technologies. Such systems could then be developed in
partnership with other governments.
I will close with a pertinent quote by Benjamin
Franklin: "Those who would give up essential Liberty, to
purchase a little temporary Safety, deserve neither Liberty nor
11 "ID cards: can technology cope?" http://www.vnunet.com/Analysis/1150034
see also "Biometric ID cards `dangerously flawed'"
"UK faces massive ID card challenges" http://www.silicon.com/management/government/0,39024677,39117139,00.htm Back
"When Big Brother just can't cope" New Statesman 19
May 2003. Back
"Biometric Cards Debated"-http://www.pcworld.com/news/article/0,aid,80392,00.asp Back
Feasibility Study on Use of Biometrics in an Entitlement Scheme
commissioned by the UK Passport Service February 2003. Back
"NIST identifies good and bad points of biometrics"-http://www.gcn.com/21-25/news/19773-1.html Back