Select Committee on Home Affairs Minutes of Evidence


Examination of Witnesses (Questions 460 - 479)

TUESDAY 20 APRIL 2004

MR JOHN HARRISON, MR ANDY JEBSON, MR RICHARD HADDOCK AND MR NEIL FISHER

  Q460  Mr Clappison: How long has the whole Italian process taken? When did they decide to go for it.

  Mr Haddock: I would say it has taken about five years, but about two years of the actual trying to do it, whereas the Canadian case was less than a year, the US Government was a couple of years.

  Q461  Mr Clappison: I am going to come back to that in a moment. I would like to ask Mr Harrison first why he thinks that the OGC Gateway system is inadequate, and what he means by saying that it lacks any kind of sustainable business model and fails to address the real issue?

  Mr Harrison: I fear that I may have been a little bit misquoted. In fact, I should qualify that. The Gateway system as a means of ensuring high quality procurements by government is entirely sensible and straightforward. I may perhaps have been referring to the government gateway which is the authentication system run by the Office of the Envoy, which is a very different thing. That is essentially a means of allowing the Government to receive digital certificates in one central place and for the identity to be used by different government departments without having then to repeat the infrastructure. On that specific point, we would say that the effort to create a central point, a central intermediary, if you like, for authentication of the individual versus Central Government departments is pretty well done, but to suppose that that central point of authentication is going to work for the individual to local authorities to education to the health sector, etcetera, is perhaps so optimistic as to be naive. Could I perhaps make one further point? Federation, which is what I am talking about mainly, is a fairly new set of ideas which is sometimes rather difficult to explain. I do not know that I have done a particularly good job. Maybe if I illustrate. This is my wallet. I have in here probably 12 pieces of identity, 12 identity tokens, namely plastic cards. I have another one here which is my mobile phone which identifies me to my mobile phone network. All of them are to some extent high quality security tokens. What we are about to do with the Home Office mentality is to issue another the identity token to all 60 million people in the UK without any notion that they have certain elements in common and that if we get it right you can create a system, an infrastructure, that does a lot of the jobs of all of them at much lower cost whilst emphasising privacy.

  Q462  Mr Clappison: Could I ask each of you briefly, if I may, when within the Home Office's 10 years timescale do you think the Government needs to decide exactly what it wants the system to do and what sort of card it wants and how feasible it will then be to add applications at a later date?

  Mr Harrison: It is a design process like any other design process. You take, you should take, the big decisions about the infrastructure, the basic shape of the thing, very early on. You create the outline, and then, as time goes by, you can fill in the detail. What is very, very expensive and almost catastrophic is to go a number of years down the path and then change the overall outline.

  Mr Fisher: I agree with that. You have to get it right in macro terms from the very beginning and keep at it.

  Mr Jebson: I would entirely endorse that.

  Mr Haddock: I agree with that as well.

  Mr Clappison: That is very helpful. Thank you.

  Chairman: Let us see if Mr Singh has as much luck!

  Q463  Mr Singh: Mr Jebson, Cubic strongly supports the inclusion of a biometric element to any identity card. I think you suggest either fingerprints or iris scanning?

  Mr Jebson: I think what we have said in our written evidence is you can take either route. You can take the third one, being facial recognition, digital facial recognition, all three have strengths and weaknesses. You can make an argument that in some cases you may need more than one. For example, the fingerprint, which is quite a commonly known biometric, has to be taken into context of the fact that people might feel it is intrusive because there is a physical contact between the finger and the device that is authenticating it compared with iris scanning which is much less intrusive. It is really about the level of security you want, and I would incline towards the very highest level, which you may wish to consider more than one. Again fingerprints: fingerprints wear out. It is a rather silly thing to say, but somebody who is working in a building site, their fingerprints wear out. So if you have only got that option, you may find yourself having to re-validate, re-authenticate quite a large part of the population.

  Q464  Mr Singh: Presumably in choosing either one or the other or both cost is a factor?

  Mr Jebson: At the moment fingerprint technologies are probably a lower cost than iris scanning. That is not to say over the next two to three years that would not change.

  Mr Fisher: Iris scanning is quite expensive and reasonably intrusive; fingerprint is intrusive but it is mature technology; face does not have to be intrusive, it can be almost seen as transparent to the person being authenticated and matches some commercial processes very well indeed.

  Q465  Mr Singh: What would you recommend, Mr Fisher?

  Mr Fisher: Well, a bit like Cubic, I think you have to match what it is you are trying to do, the security environment you are in, the risks you are faced with and your own commercial process. So, for example if you are a government then you are trying to strongly authenticate people who are trying to get in; time may not be a factor. If you are an airport, then you are trying to get passengers through in a way where the security is matched to the risk environment and therefore you may have wish to have faster authentication process. The technologies are mature, so each individual may have a number of different biometrics. There is no technical reason why they should not have that.

  Q466  Mr Singh: Can I continue with you, Mr Haddock, because I think in your company there is something called an embedded hologram. Can you explain what that is?

  Mr Haddock: To touch briefly on your previous comment about biometrics, I think it is essential in any properly designed system that you have more than one biometric, for the reasons cited—certain sections of society cannot be enrolled in certain biometric programmes because of a disability or lack of the feature concerned—so I think you need to design a system with more than one to be inclusive of all your population, and it should not cost very much more incrementally. As I said, I watched the Italian Government capturing biometric data from their citizens. They took their photograph, they took their fingerprint, they had them sign a piece of paper and scanned that and they did it in less than five minutes. So the cost of operating the cameras to do this is almost nothing. The only cost associated is when you have to licence the algorithm to decode some of these proprietary biometrics—you pay a royalty per use—and that is something you need to look into for your own purposes, but the actual cost of capturing the images is essentially nil. So, that said, the embedded hologram is a unique characteristic of optical media, because we have a highly reflective surface, like a CD ROM, and we write data with a laser to encode the data files on the card, and, as I say, once they are written they cannot be erased; but we have an additional feature to change the laser data recording mode is writing in and take the same image files which you needed to get the photograph of the person and write that image file into the optical media surface (at the same time as the digital data is encoded) in such a way that you can actually see the person's face in the optical media layer. By comparing that image to the printed card image you get an additional security layer knowing that the media and the card body are linked together; and because that embedded hologram, as we call it, is part of the data surface it is a very secure feature of the card and one that the US Government and the Canadian Government, the Italian Government and the Saudi Government—they all use it as a core security element of their ID card programmes.

  Q467  Mr Singh: What biometric are the Italians using?

  Mr Haddock: Pardon me?

  Q468  Mr Singh: What biometric are the Italians using?

  Mr Haddock: The fingerprint, face—they have a full colour face image, although at this point they are not biometrically verifying it, they are displaying it on a computer screen and visually comparing at this point. The card is capable of storing the minutiae files, as they are called, which are generated by the mathematical algorithm which is necessary to do a computer-based match (which is what is on your sticker), and they have the fingerprint image which is in the optical memory of their card, and they have the written signature scanned and digitised on the optical memory also.

  Q469  Chairman: Mr Harrison, do you have any views?

  Mr Harrison: On the style of biometric?

  Q470  Chairman: Yes.

  Mr Harrison: Not really, biometrics is not our field. We simply presume and assume that there will be a secure key which may be enabled by a biometric, but for us it is just a black box.

  Q471  Chairman: On a different issue slightly, I do not know what is happening in Canada, or the US or Italy, but in the UK there is likely to be a huge debate, a civil liberties debate, about the introduction of identity cards. I do not know if that has happened elsewhere, but do you think, if we are adding biometrics, that will heighten the debate, will there be acceptance of biometrics, or will there be resistance?

  Mr Haddock: I can comment about Canada, because the Canadian Government believes they hold their own citizens' privacy at a very high level. That was a very stringently debated issue on their issuance of a card that was going to contain any personal biometric data. What is currently on the Canadian card is a facial photograph of the person, (which is actually in black and white because they laser-engrave the card), and it has a digitised signature of the person (where again it is a scan of the signature), and they have allocated a space in the secure partition of the optical memory for a fingerprint, but currently they are not putting the fingerprint in it because they are still considering the privacy implications. So in that case they built the flexibility to upgrade in the future into their system. I think you can see the flexibility offered by that choice.

  Mr Harrison: You can look back at the history of card technology used in society, particularly by the banks over the least ten or twenty years, and they started with paid cheques, they then produced bank cards, we now have bank card with holograms, we will soon be going for bank cards with chip and pin, and by and large most people did not object to that at all because they saw it to be to their benefit, and that I think is key. If you can find a way of making people realise that the identity card and the services that it can deliver are to their benefit, that they deliver things that they would not otherwise receive, then the biometric is simply a means to an end; but if the biometric is imposed on a card which does not deliver to the majority of the population something that they do not already have, then it may be more difficult.

  Q472  Chairman: So you believe that the card has to be more than just a simple identifier, it has to be an entitlement card of some kind?

  Mr Harrison: I think certainly entitlement is a benefit that can delivered by a card, but there are a lot of other services that can be delivered using a secure identifier into federated identity architecture. We talk about intelligent mail direction, we talk about lifelong medical records, we talk about cross-domain transactions such as the simple one of getting a parking permit which is a three-domain transaction: yourself, borough council, DVLA and proof of residence. At the moment that is very difficult because it is cross-domain. If you design the system right you can enable that kind of thing, which is definitely to the advantage of consumers without too much additional cost.

  Q473  Chairman: Mr Fisher.

  Mr Fisher: Entitlement, I understand, is a term the Home Office do not want to use. I would say it is more like a permission card. You are accessing permissions you already have. You are verifying it. You can have these permissions. So I would agree entirely with Mr Harrison that promoting the benefits of the card will immediately attract the positive attention of society. The consultation paper highlights the perceived negative aspects which are, if you like, law enforcement, the heavy hand of the law, big brother, which are all very necessary in this rather heightened security environment we live in now, but they should be overwhelmed really by the benefits to people in society. There will always also be a white noise of the population who in any circumstances will not wish to join. Well, they still have to be authenticated within this heightened security society, but it is just that they will have to join the queue over there and that will take them a bit longer and all the rest of it, but if that is what they want, that is what they can have and I think that has to be accommodated.

  Mr Harrison: Can I add one further point which is that in a sense, and people may laugh, but issuing an identity card is a relatively clean and simple thing to do. The thing which, in our view, takes a lot longer and is far more complicated is devising and developing the business applications that will depend on it. The Home Office rightly has a lot on its plate at the moment. It is focused with a very tight, close team doing this one thing, but at the moment there is very little communication with the rest of society about how the identity card is going to be able to be used more broadly and if we are going to deliver these positive benefits, that communication has to start at some point in the not too distant future.

  Mr Jebson: I was going to endorse what my colleagues have just said. I think there are two strands to this. One is to ensure that the message is communicated as to the benefits and I think parallel to that reassurance about data protection. I think if you have a good communications programme with the public, then the vast majority will accept it, will endorse it and welcome it. If I may say, from my own past experience of running a train-operating company, there will be a small portion of the public who will not want it and unfortunately no amount of good publicity can change that. The vast majority of people just want to be communicated with clearly, simply and to be reassured.

  Mr Haddock: The Italian Government approach to this is that the card really has two functions, one being as an e-government services card with an IC chip on it which is there for that purpose, and it has an optical stripe for secure identification. If you go to the Italian website or look at their promotional materials, their messages to their citizens are all about e-government services and all the benefits that they are going to get, that they can pay their taxes, they can get their records at City Hall, and there are all of these things that they can do with their chip which is part of the card. They do not really talk much about the fact that it is a secure national ID card, so they are building public support for it by talking about e-government services. It is really almost like two cards in one with the chip and the optical stripe doing two different things. The national security group wants the optical stripe for security, but it is not being sold on that, it is being sold on government services.

  Q474  Mr Prosser: I want to continue on this theme of public acceptability and effectively taking away barriers or even selling it to the public. First of all to Mr Jebson, you have stressed the importance of swift and easy issuing and swift and easy checking and we have heard some examples of how long it might take to issue the biometric card or the identifiers, but what is your view? How long should that take?

  Mr Jebson: To be honest with you, Mr Prosser, I would not dwell on how long it should take. I think what you have to look at is the acceptance by the citizen.

  Q475  Mr Prosser: How much do you think they will accept?

  Mr Jebson: If I use this analogy of when we are issuing Oyster cards, the passenger who is taking on an annual season ticket perhaps, which is very high value to them, is quite prepared to spend four to five minutes authenticating themselves and assuring themselves that they are properly registered to get that benefit. It will change as they use the card and for those of you who use the Underground on a regular basis, then four to five minutes is totally unacceptable and they expect a gateline to operate within a couple of milliseconds, so it is really about different situations requiring different periods of time. From personal experience of passports perhaps, if you are planning carefully, then I believe you can allow two to four weeks to get your passport. If you have forgotten to plan carefully, then you find yourself rushing up to Victoria, having made an appointment, and getting your passport turned around in four hours. I think it is need driven rather than it has to be that amount of time.

  Mr Haddock: I would like to put in a word for the UK Foreign Office which issues passports. They gave me a tour in Washington of their passport issuing centre which was amazingly efficient and without anyone paying any premiums, they were turning around passports in 24 hours as the normal course of business, so I think at least they should be applauded for that.

  Q476  Mr Prosser: Mr Jebson, you were having a discussion there with Mr Singh about a campaign of awareness, a campaign to encourage people. If you were designing that campaign, how would you design it, how would you approach it?

  Mr Jebson: I think I would like, in American terms, to take the Fifth Amendment on that one right now and suggest that we would be very happy to invite my colleagues from Transys to provide some written evidence on how, working with TfL, we have launched the Oyster card in this country.[2]


  Q477  Mr Prosser: I must get one of these Oyster cards. Coming back to the campaign, we have heard from some of you that the Italian experience was that it was a successful campaign. Can you draw on many other examples of good practice of a campaign and preparing the ground to get over some of the barriers which are in people's minds?

  Mr Haddock: The Canadian Government put out a PR campaign about their new permanent resident card and actually the card is a very beautifully designed card. They did a good job in designing it and it makes you want to own one, so there is some pride of ownership associated with it in the newspapers. It is called the Maple Leaf Card and it was splashed all over the press there. They actually won three international awards within three months of it being issued for both technical and aesthetic qualities. They then put out technology fliers on the benefits of it and got a high rate of acceptance. Of course they also had the advantage of having a pre-existing paper document which they could force to expire and oblige people, if they wanted to continue to have the privileges associated with that document, to upgrade to the new card. Since the UK has no national ID system in place now, you do not have that option.

  Q478  Mr Prosser: Mr Fisher, how much pride of ownership would there be in our card, do you think?

  Mr Fisher: Well, the point about it is that such an authentication device is going to become part of everyday life and, therefore, very quickly you will become conditioned to it. It is not necessarily a card, it could be a card, it does not really matter, but because it is going to be a necessity in the future, then as far as the campaign is concerned, there are going to be a number of people who, for example, and I take the Home Office guidelines here, need to renew their driving licence and they get the card at the same time, they need to renew their passport and they get the card at the same time, but I do not think that is part of the campaign. You need to bring in people who would not necessarily do those things and I think you can use a number of incentives. Dare I say, as a taxpayer, I see a tax incentive involved, but you could do so to get the thing moving and get it going.

  Q479  Mr Prosser: You emphasise quite strongly in your written evidence the importance of security of procedures and the openness of the system in order to encourage people.

  Mr Fisher: Correct.


2   Not printed. Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2004
Prepared 30 July 2004