Examination of Witnesses (Questions 400
- 413)
TUESDAY 24 FEBRUARY 2004
MR NICK
KALISPERAS, MR
GEOFF LLEWELLYN,
PROFESSOR ROSS
ANDERSON AND
PROFESSOR MARTYN
THOMAS
Q400 Bob Russell: But you are confident
at this end of the spectrum as opposed to Professor Thomas and
his view at the other end of the spectrum?
Mr Llewellyn: Yes.
Q401 Bob Russell: Finally, if I could
ask one and all if they would like to answer. How easy is it to
upgrade a system, including any cards, with new encryption methods
if the original security methods have been cracked and the knowledge
of how to do it is widespread? In other words, if the people out
there, the bad guys, know how to use the system, how can you put
that right?
Professor Anderson: Let me first
say that I do not believe many of the claims made for security
of cards and biometrics just now. There have been a number of
criminal cases where people have been sent away for fraudulent
Pay TV cards and there was even one case in America where one
Pay TV company sued another alleging that it had broken into the
other firm's cards, got the codes and keys and published them
on the net. There is much more information on this in my book
and I am happy to contribute a copy to the library.
Q402 Chairman: That is the second
reference.
Professor Anderson: This is an
ongoing question, whether we can make cards invulnerable to certain
analysis techniques, such as optical probing, differential power
analysis, and we do not know how to do it yet. That is why you
need some means of replacing cards. Sometimes you may have to
replace a large population of cards at little notice. It has been
the case that the banks have shipped millions of new ATM cards
to people. It has been the case that Pay TV operators have suddenly
had to produce millions of new cards and mail them out to all
of their subscribers. One would hope that if you are building
a system that people would be relying on for passports that you
would design something that would degrade a little more gracefully,
not relying too much on mechanisms that can just break suddenly,
like that.
Q403 Chairman: Could I end with one
question and you may well have answered already, but just to be
clear. Professor Thomas and Professor Anderson, to the extent
that you go along with doing this at all, you would say to the
Government we should limit very much the purposes of what an ID
card is there for and the database is there for, it is simply
a system for trying to identify people and, Intellect, you say
that the value of this card depends on large numbers of people
wanting to use it and enabling them to access a wide range of
services. Is there any way in the design or the engineering or
the presentation of the system that those different points of
view can be squared or is that a choice that the Government has
got to make in deciding what sort of system it wants?
Professor Thomas: I believe that
is the choice that the Government needs to make. I think that
it is highly unlikely that it will successfully implement an ID
card system within the timescale and budget that it currently
envisages. I think that its best chance of doing that is to restrict
what it is attempting to do and to reduce the complexity of what
it is attempting to do as greatly as possible, to make it as simple
as it possibly can because that will take some of the risk out.
Most importantly, whatever it is trying to achieve it needs to
define very clearly. I would plead that rather than letting a
contract to implement an ID card system, it lets a contract to
define very rigorous requirements for an ID card system and that
the investment in equipment and in building the software to implement
it is delayed until that requirement actually can be demonstrated
to be unambiguous, free of contradictions and complete.
Q404 Chairman: Intellect?
Mr Llewellyn: I think it is entirely
right that the specification of what is required must be clear.
I doubt very much that it is ever possible to have a complete
specification of what is required; once again I think that is
a counsel of perfection. I completely agree that it is important
for Government to know exactly what it wishes this system to do
when it is implemented. We have said we believe the systems in
place at the moment, principally driven out of OGC and its creation,
will be sufficient to ensure that the delivery of what it says
on the can is actually achieved.
Q405 Chairman: If the Government
were to take Professor Thomas' view, which I think is Professor
Anderson's, which is keep it simple and limited in order to make
it achievable, would you then say that the trouble with that is
the range of uses is now so limited that it really cannot achieve
the level of take-up that you talked about in your evidence of
it being multi-functional and very widespread in its public use?
Mr Llewellyn: I think it would
be possible to reconcile the views from the two opposite ends
of this table in terms of a range of capability that would achieve
the take-up while not being too ambitious in the short-term so
as to run the risk of tripping over oneself.
Mr Kalisperas: Unlike Professor
Thomas, who is clearly on the outside looking in, we have been
working with the Home Office for two years on this. They have
not rushed to judgment in any aspect of the work they have been
doing. In the work that they have been undertaking with our members
they have kept an open mind. They have a better understanding
of what the technology can do and what it can deliver and that
process is ongoing. If at any stage we believed that the Home
Office was going to produce a system which could not deliver the
benefits which it hopes to deliver, or which we believe technically
is not possible, then we would withdraw our support for the approach
the Home Office has taken. This is the first time in a long time
that a government department is working in partnership with the
industry to look at what is possible. This is a crucial project
for the IT industry and we are not willing to see it fail. Unlike
Professor Thomas, I do not think we are an industry of incompetents.
We are highly skilled, highly able people who have delivered some
of the most leading edge software that this country has seen.
Credit needs to be given to the Home Office for the approach that
they have taken.
Q406 David Winnick: Do not misunderstand
me, someone has to carry out the work, but when your group of
companies, the organisation you are representing, are directly
involved obviously they have a commercial interest in producing
that.
Mr Kalisperas: These are organisations
both large and small, multinational and domestic, who have delivered
a variety of different solutions, card solutions, both internationally
and at a very local level. These are organisations who have demonstrable
experience.
Q407 David Winnick: Of course.
Mr Kalisperas: But I would also
say that when it comes to public sector IT projects we are well
aware of the increased scrutiny that there is among the general
public and from Parliament and we are aware of the pressure that
there is.
Q408 David Winnick: If I can just
ask this question. If, sadly, the Home Secretary changes his mind
or there is a new Home Secretary, as the case may be, who decides
to reverse the decision the Cabinet has now taken, your companies
would be adversely affected, would they not? There would be less
work. You may get work elsewhere, again I do not wish to be misunderstood,
there is nothing wrong in wanting to get government contracts
and all the rest.
Mr Kalisperas: We have an interest
in making sure that the public sector IT projects are delivered
successfully, that is the bottom line. If the Government decides
that it does not want to see it with ID cards that is a decision
for them.
Q409 David Winnick: Yes, of course,
but it would affect the companies involved.
Mr Llewellyn: There is a point
here that
Q410 David Winnick: Can I just say
that I am in no way questioning the integrity of your group whatsoever.
Mr Kalisperas: Can I just point
out that if you look at the types of contracts that have been
agreed in the public sector recently and some of the comments
which have come out from organisations like BAE Systems, for example,
I see that companies by and large probably would not be working
in the public sector at the moment due to the extremely hard bargains
that are being driven by their public sector customers, they would
far rather be working in the private sector if they had the opportunity.
At the moment we are dealing with the public sector IT contract
and the customers are looking at trying to drive as much value
for money as possible out of those contracts.
Q411 David Winnick: No-one is forcing
companies to take Government contracts.
Mr Kalisperas: No.
David Winnick: That is a decision for
the companies to take.
Q412 Chairman: Mr Kalisperas, you
made the point that Professor Thomas is not involved in this process,
but the companies that you represent are. Would it be reasonable
for us to conclude before a firm decision is taken to go ahead
that all of what you have been discussing with the Home Office
about security of the cards, security of the systems, security
of people, should be put into the public domain so that people
like Professor Thomas and others who have an interest in these
matters can actually scrutinise this and make a comment as to
whether it is adequate, or would you be saying to us that we,
as Members of Parliament or the wider public, should simply rely
on the Home Office and Intellect and the companies you represent
to get it right?
Mr Kalisperas: I would refer you
back to Geoff's answer which focused on the balance between the
need for openness and the need for commercial sensitivity.
Q413 Chairman: So it may be you are
saying to us that we would have to proceed with the card without
a full public debate about whether the security measures and so
on would be adequate?
Mr Llewellyn: My personal view
is that the supremacy of Parliament would apply here and that
Parliament must be well informed about the issue at hand. To my
mind, above all it is not a technical issue, it is a constitutional
and political issue and, therefore, there must clearly be a proper
constitutional debate about the circumstances and use of any such
card, but it needs to be informed by an understanding of the technology,
it needs to be informed by an understanding of the balance of
risks which we have had expressed this afternoon, and the balance
of opportunities. One only has to think that money is forgeable,
money can be used for entirely immoral purposes, money can be
the root of all evil and yet we cannot imagine working in our
everyday lives without money. Similarly, I think the kind of transformation
that a secure electronic form of identity would offer could be
as positively transforming for all of our lives as is money, and
that is the kind of debate that needs to be had.
Professor Thomas: That is exactly
the argument for multiple cards. If you only had one bank note
you would really feel vulnerable, would you not?
Chairman: Thank you very much indeed,
gentlemen.
|