Select Committee on Home Affairs Minutes of Evidence


Examination of Witnesses (Questions 332 - 339)

TUESDAY 24 FEBRUARY 2004

MR NICK KALISPERAS, MR GEOFF LLEWELLYN, PROFESSOR ROSS ANDERSON AND PROFESSOR MARTYN THOMAS

  Q332  Chairman: Good afternoon. Thank you very much indeed for coming to the Committee this afternoon. As we have four witnesses today could you briefly introduce yourselves and the organisations you come from?

  Mr Llewellyn: Geoff Llewellyn, Member of the Intellect Working Party on ID Cards.

  Mr Kalisperas: Nick Kalisperas. I am the Senior Programme Manager at Intellect with responsibility for the ID card programme.

  Q333  Chairman: Perhaps you could say for the record what Intellect is.

  Mr Kalisperas: Intellect is the trade association representing IT, telecoms and electronics companies in the UK.

  Professor Thomas: I am Martyn Thomas, representing UKCRC, the UK Computing Research Committee, which is an expert panel of the Institution of Electrical Engineers and the British Computer Society dealing with matters that affect computing research.

  Professor Anderson: I am Ross Anderson. I chair the Foundation for Information Policy Research, which is Britain's leading internet policy think-tank. My day job is as Professor of Security Engineering at Cambridge University.

  Q334  Chairman: Thank you very much. With four witnesses we obviously want to get a full range of views. Can I start with possibly a very basic question but one that has now come up several times in our inquiry into identity cards, which is whether it is necessary for somebody to carry a card in order to have an identification system? For example, if there were, as is proposed, a central database carrying a certain amount of biometric information do you need a card or would it be possible to use that database simply by having sufficient biometric readers around the place to meet all the practical purposes?

  Professor Thomas: In principle it would work. In practice it would require a lot of hardware and a lot of calls on that central database, so it may not be practical but it is theoretically possible.

  Q335  Chairman: What is the difference in principle between a situation where somebody who carries a card, which is possibly not of any great use unless you have got some sort of fingerprinting apparatus to check that the data on the card is the same as the fingerprint the person has got or that the iris scan is the same as the one on the card, and checking the card against a local biometric reader and checking the person against a central database? What is the practical difference between the two, or is the assumption that the ID card will work in lots of circumstances where you are never going to want to check the biometric data?

  Professor Anderson: You could look, for example at   what happens with the airlines which are increasingly abolishing tickets. Within the controlled environment of an airport or airline system you can just as easily record the fact that Joe Bloggs, born on such-and-such, has got a ticket to fly to New York. Similarly, you could have this information available on line. Bear in mind that in the first phase of this we are talking about a digitised photograph rather than fingerprints or iris codes. You could have a system whereby you went and said, "I am John Denham, born on such-and-such a date", the Passport Office will type this in and your mug shot and Passport Office files will come up. The main objection to that would be first, what happens if the database is down; have you got a means of off-line checking, and secondly, there is the issue of reassurance. I certainly felt slightly nervous the first few times I went to get on a plane without a ticket.

  Mr Llewellyn: I could perhaps link the two questions you pose there: is a card necessary and what are the practicalities? There is a very strong argument that having a physical card is something that gives a tangibility to the whole process which is reassuring to citizens as a whole and it makes the whole process rather easier to understand. In terms of the value of a card at point of use, there is a kind of hierarchy of security issues that one would need to address. For example, if you were trying to get into Fort Knox you would want to have absolutely strong confirmation that you were who you said you were, whereas there are other lower sensitivity, lower value transactions where simply holding the card which contains your photograph would be quite sufficient to prove your identity for the purposes of that transaction. The idea of a card which has the photograph and the biometrics embedded on the chip gives you the flexibility to run a whole variety of different checks against the card or, for a very highly sensitive transaction, against a central database.

  Q336  Chairman: For the purposes for which the Government have said that a card would be used, which is at the core largely migration, immigration and citizenship issues and access to some public services like health but not to other public services like education, at which points in that hierarchy is it sufficient just to have a card? Where would you need to have the higher level of identity checking?

  Mr Llewellyn: I think one would need to take notice of that and have a fuller specification of the types of transaction, but notionally one could set out a hierarchy of transactions which were typically undertaken with a card and as part of the preparation for implementing a scheme of this sort there would be a convention which would be established, I would imagine, either in the legislation or in discussion which would say, "These are the types of transactions that are appropriate and these are the ones where a higher level of certification is necessary".

  Professor Thomas: There is a fundamental issue here which I think will come up a number of times, and that is that the Government has identified a number of application areas of the card but nothing that I have been able to find identifies why the ID card as proposed is a solution to any particular problems in those application areas. Until that is done most of the questions you ask in this area do not have an answer because you are not asking the right people. You need to be asking the Home Office.

  Professor Anderson: I must say I am slightly alarmed at the proposal that ID cards be foisted on the health service. I have had some experience in the past of dealing with medical information systems and there has been a debate in a number of countries about whether you should put things like emergency medical information onto either a medical insurance smart card or onto a national identity card. The experience from overseas, such as it is, suggests that this is a bad idea for safety reasons. Suppose, for example, you are diabetic. At the moment you might carry a bracelet with you, you might carry a special purpose card in your wallet so that if you pass out somewhere the ambulanceman has a hint. If that vanishes into a secure chip on a card that can only be read by authorised people and you pass out on an aeroplane over the Atlantic that is a different matter. One or two countries, like Germany, have gone down this route but a number of other countries have on mature reflection decided that it is not a good idea, and so I would be particularly anxious for the Government to think long and hard before calling the NHS into this particular project.

  Q337  Chairman: My understanding has been that it was more about establishing whether you are entitled to have any sort of NHS treatment as opposed to a card carrying medical records. The point that has been brought out is that you are saying to the Committee that we need sharper definition of exactly what the purposes are and the places in which identity is required for you to be able to tell us whether carrying a card or having your identity checked against a central register would be the appropriate response. Is that fair?

  Professor Thomas: Yes.

  Q338  Chairman: Can we move on to Professor Anderson? I think the IFPR said that you are sceptical about the advantages of a single card, preferring perhaps to have a range of different cards or identifiers specific to particular services that people might want to access. Is that right?

  Professor Anderson: That is right. The smart card industry has had over the last 15 years a number of projects to persuade people that a multi-function smart card might be a good thing. I have been involved peripherally in one or two of these, for example, trying to design a system that was simultaneously a banking card and a card for prepayment of electricity meters. The experience of these attempts and pilots was almost uniformly negative. Technically it is usually not a big deal to have a card with two applications on it but from the administrative point of view and the point of view of legal liability and issues such as whose logo is on the card, who is liable when something breaks, things are very much more difficult. If you are a banker the last thing you want to do is to be held liable for a power cut or for somebody being unable to get electricity if they suffer as a result. For these reasons the experience of industry is that everybody wants their own card, they want their own customer database and they want control of their own mechanisms to access that database.

  Q339  Mr Taylor: Mr Chairman, forgive me: I did not quite catch what Professor Anderson said about dual use, one of which I think you said was a banking card and the other was something to do with electricity supply, and I did not quite catch it.

  Professor Anderson: This was ten years ago when the Government of South Africa decided to electrify a couple of million homes and, as many of the poor people had no addresses, let alone credit ratings, it was necessary to bring in prepayment electricity meters. The question was whether existing banking smart cards could be used for the purpose, such as the smart cards which people use to share taxi rides. The answer was that technically it would be easy to do but the liability and branding and other business issues were simply a nightmare.


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2004
Prepared 30 July 2004