You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Commons Select Committees > Science and Technology > Science and Technology

UNCORRECTED TRANSCRIPT OF ORAL EVIDENCE To be published as HC 900-iii

House of COMMONS

MINUTES OF EVIDENCE

TAKEN BEFORE

SCIENCE AND TECHNOLOGY COMMITTEE

 

 

SCIENTIFIC ADVICE, RISK and EVIDENCE: HOW GOVERNMENT HANDLES THEM

 

 

Wednesday 22 March 2006

MS KATHERINE COURTNEY, DR HENRY BLOOMFIELD, MR NIGEL SEED and MR MAREK REJMAN-GREENE

Evidence heard in Public Questions 262 - 371

 

 

USE OF THE TRANSCRIPT

1.

This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.

 

2.

Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.

 

3.

Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.

 

4.

Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee.

 


Oral Evidence

Taken before the Science and Technology Committee

on Wednesday 22 March 2006

Members present

Mr Phil Willis, in the Chair

Adam Afriyie

Mr Jim Devine

Mr Robert Flello

Dr Brian Iddon

Margaret Moran

Bob Spink

Dr Desmond Turner

________________

Witnesses: Ms Katherine Courtney, Director, Dr Henry Bloomfield, Technical Lead, Identity Cards Programme, Mr Nigel Seed, Project Director, National Identity Register and Operating Technology, and Mr Marek Rejman-Greene, Head of Biometrics Centre of Expertise, Home Office, gave evidence.

Q262 Chairman: May I welcome our witnesses and members of the public to the first public session in terms of our case study on technology supporting identity cards within our broader inquiry of looking at scientific advice to Government. I emphasise that we are looking at the issues of process today rather than trying to decide or best guess which technology is best for the purpose for which the Government has identified this scheme. I start by asking Ms Courtney if you could introduce yourself and indeed the rest of your panel briefly to us.

Ms Courtney: I am Katherine Courtney. I am the Director of the Identity Cards Programme. As a brief introduction, I was appointed to this post in September 2003 as the Programme Director. My background is in the private sector, principally in the telecoms industry. I would like to introduce Dr Henry Bloomfield from my team. He joined the programme in October 2003 as one of the technical leads on the team. His background is really technical project management from the finance industry. Nigel Seed is our major project director, leading on the development of the National Identity Register and the technology infrastructure for the programme. He joined the programme quite recently, in November last year, from the MoD where he was project managing the AWAX Mission System mid-life enhancement update programme. Marek Rejman-Greene is the senior biometric adviser at the Biometrics Centre of the Home Office. Last year, the Home Office set up a centre of expertise under the leadership of the Chief Scientific Adviser, Paul Wiles. Marek joined us from BT in the summer of last year.

Q263 Chairman: Thank you. The technology that will be used by the scheme depends on its aims and uses. What do you understand those aims and uses to be?

Ms Courtney: The aims of the scheme I think are laid out quite clearly on the face of the legislation that we are taking through the parliamentary process at the moment. They are to combat illegal immigration and illegal working; to provide a secure and convenient form of verification of identity for individuals accessing services; to provide additional tools in the armoury for combating serious crime and countering terrorism; and to attempt to reduce the growing problem of identity fraud that we face in the economy today.

Q264 Chairman: Has that grown since the original concept by David Blunkett four years ago and is it likely to grow again?

Ms Courtney: I do not believe it has grown. If you look back to the original consultation at the time of what was called an entitlement card scheme, it did include similar aims and objectives. Obviously, we have since refined and clarified them to be more specific. In responding to feedback on the consultation and on the scrutiny of the draft legislation, we have, for instance, stated the aims of the statutory purposes quite clearly on the face of the Bill in order to attempt to make sure that we have the scope of the scheme quite clearly defined.

Q265 Chairman: In terms of managing this project, you are absolutely clear what it is aiming to do, what its purposes will be, and you will build the technology around that?

Ms Courtney: Yes, the technology is an enabler to achieving this objective.

Q266 Bob Spink: There is a perception in the House of Commons, and indeed in the public, that the emphasis has certainly changed if the parameters have not. Certainly the emphasise between them has changed dramatically over the last years and months. Is this your perception?

Ms Courtney: No, it is not my perception. I am not sure what the change of emphasis you are referring to is, so it is difficult for me to respond.

Q267 Bob Spink: It is moving away from "this will tackle terrorism" to "this will help us to tackle illegal immigration, benefit fraud and ID fraud".

Ms Courtney: I think the original consultation around the principles was triggered by a Cabinet study into identity fraud, and so one of the clear aims of the scheme has always been to tackle identity fraud. As the original consultation was, as I said, called an entitlement scheme, the focus there was also really about accessing services and making sure that people who did not have rights to free service were not abusing the system and defrauding the system. I do not see that the emphasis has changed.

Q268 Bob Spink: It must be that the public, we in the House of Commons and the media have got it wrong then? Thank you.

Ms Courtney: I never said that.

Q269 Chairman: Please feel free to bring in your colleagues when it is appropriate. We have received written evidence that the technological architecture of the scheme is very much dependent on the business case being made. Would you agree that they are interdependent on each other? Are the business requirements set?

Ms Courtney: The business objectives and the functional requirements of the scheme are set, but I should say that they are set in two regards: firstly, because we are building on a series of developments that are taking place incrementally through the Passport Service, Immigration Nationality Directorate, UKVisas, et cetera, and so we know that there are certain business processes and technological requirements that are givens in how we operate this scheme. They are also set because in order to undertake a business case evaluation, we have had to define a reference solution for ourselves, otherwise we would not be able to have any sort of cost assumptions built into the business case.

Q270 Chairman: Is all that being done in-house?

Ms Courtney: Not solely in-house, no; in terms of the reference solution, we have consulted quite widely with experts. We have also done quite a lot of market sounding and engagement through seminars and workshops and one-to-one dialogue with the industry to inform our thinking on that. I would like to stress that it is not about setting the technological architecture because we intend to take this, subject to parliamentary approval, to a competitive procurement process and intend, according to best practice, to focus on the outcomes we are trying to achieve and not dictate to the industry what the technical architecture should be.

Q271 Chairman: We will come back to the procurement process. Clearly there are many experts who say, and I do not just mean parliamentarians who always have a vested interest, that this is not a feasible project, it is not do-able. What evidence do you have which says that you can actually do it? Where is that evidence?

Ms Courtney: We have been looking at this for many years, actually several years before I joined the programme as a matter of fact. Before the policy decisions in principle were even taken, quite a lot of feasibility analysis went forward. In parallel with the consultation on the principles of the scheme, the Passport Service at that time also commissioned a feasibility study from the National Physical Laboratory into the proposed technologies, so there were feasibility studies done around in particular two of the key technologies: the biometric technologies and the smartcard technologies. Those studies came back showing that the technical risks to a programme like this were medium risks and were manageable and actually the important thing to focus on was of course the business risks and making sure that we are getting the business process right and all the other factors around how you identify a person and register their identity, and then confirm it.

Q272 Chairman: I find that answer, with the greatest respect, absolutely astounding. Two weeks ago, the Committee was in the United States talking to the Department of Homeland Security who said exactly the opposite to what you have said. They said that in terms of their starting to go out to procurement on their major project involving biometrics for ID cards, the technology was not there and that they were not in a position even to recommend to the administration that a procurement process should start, and yet you say that you have done the feasibility and you are confident that it can be done. What more do we know? They are paranoid about security in the States at the moment.

Ms Courtney: We do engage with the Department of Homeland Security. I cannot comment on what they may have told you in a meeting. We have done quite a lot of looking at programmes in other countries that are using biometric technologies quite successfully. From our own operational experience at the Home Office, as you will know, we have quite a successful asylum registration scheme which uses biometric technologies. We have been running very successful pilots on the e-Visa, the biometric visa programme. We have had good success with our project IRIS as well through the eBorders programme and the Passport Service has also experienced some very good success with the facial biometrics it has already implemented.

Q273 Chairman: We will return to that later because some members of the Committee are particularly interested in following up some of those technologies. Let us say that the Bill gets through Parliament and receives the Royal Assent fairly quickly, the programme is likely to enter the procurement process very soon. Have you set a statement of technology requirements for the procurement process?

Ms Courtney: We have and, if you would like to explore our plans in that area in more detail, I could ask Nigel Seed to talk to this.

Mr Seed: We have what we are calling level one requirements which describe not in very detailed terms what we want the programme to do. That will go out initially to all the companies that have expressed an interested. They will come back and tell us what their proposals are. We will then down-select to a smaller group that will receive the more detailed requirements, all of which, as Katherine says, will be in output based terms. We will not be specifying technologies. We will be telling them what the system has to do and then the leaders in the field that we already know are interested in the project will come back and propose ways of doing it. From there we will go forward and physically test their proposals to make sure that they are going to work and we are not buying a pig in a poke. We will put live people through the system, move the data about, and do the matching technologies before we go forward to contract.

Q274 Chairman: When you are talking about feasibility studies, that has nothing to do with actually seeing whether certain technologies or a mixture of technologies are feasible in terms of the project and its aims?

Ms Courtney: We have done feasibility studies into that. Perhaps it would be useful to expand a little bit on what the original NPL study focused on and also our future programmes in that area.

Dr Bloomfield: The NPL study, which was conducted during 2002 and reported in the early part of 2003, was initiated by a request to find out what the possibility was of using biometrics in the entitlement card scheme. That looked at the capabilities of various biometric technologies and came up with conclusions, for example with fingerprints, whether one should use pattern-based techniques or minutiae-based techniques; how many fingerprints should be used for a population the size of the UK, and so on. These recommendations were in the final version of the report, which was then published. Many of those recommendations have made their way through to our requirements to date.

Q275 Chairman: In terms of the feasibility study, it is stated on page 3 that the practicalities of deploying either IRIS or fingerprint recognition in such a scheme are far from straightforward. Your feasibility study said that it was not straightforward and it was not something which you had a handle on.

Dr Bloomfield: I think that is absolutely right. There are lessons that the deployment of these technologies is far from straightforward. Those are the kinds of things we wanted to learn from the feasibility study. It was that sort of conclusion from that feasibility study that led to the design of the later UKPS biometric enrolment trial, which specifically looked at the process and people issues, which are key to the successful deployment of biometrics.

Q276 Chairman: But, Henry, you are moving to this phase one procurement process and it is going to be therefore led by the industry. You do not know quite what you want or what the industry might come up with. You said that, Nigel.

Mr Seed: It is not a case of our not knowing what we want. We are not telling them how to implement what we want. It is slightly different. We are not the experts in the technology; they are. If we were to tell them to select a particular piece of kit, we could be making a bad choice.

Q277 Chairman: Will there be transparency about this process?

Ms Courtney: Yes.

Q278 Dr Iddon: I want to explore where you are getting your evidence on biometrics from. I notice that there have been set up two groups: one, the Biometrics Experts Group, which I understand is a Home Office-originated group with advisers external to the Department; and another the Biometrics Assurance Group, which I understand is run by the Chief Scientific Adviser, with academics and industrialists as part of it.

Ms Courtney: Yes.

Q279 Dr Iddon: I was wondering why we set up those two groups; which one was set up first; why we need two groups; and why they have not collided.

Ms Courtney: We not only have our own internal biometrics experts advising us but we also wanted to set up that wider community of biometric experts. We can talk a bit more about how that group operates, but we use the Biometrics Experts Group in reviewing our own plans, our own understanding, of what the technical risks are and how we can work with the technologies, and also to do that horizon scanning around what is likely to be developing over time. We then also felt, and I felt quite strongly as Programme Director, that we needed independent assurance of the advice that we were receiving. So we asked Sir David King if he would chair an independent panel of experts in the field who could review the advice that we were receiving and the decisions that we were taking and provide a quality assurance from an independent perspective about that advice and about the decisions that we were taking as a result. I am quite happy to speak in more detail about either of those groups but they serve two very different purposes.

Q280 Dr Iddon: There is no cross-contamination between the experts on one group and the experts on your group?

Ms Courtney: No, certainly obviously the experts who work in my team do have to present our materials to the assurance group, so that they are kept sighted on what we are doing and are able to provide the assurance function for us, but the Biometrics Assurance Group will be publishing a report of its reviews of the work that we are doing and that is really for Sir David King. It is not that we are in any way directing the assurance group.

Q281 Dr Iddon: Which of these groups started first?

Ms Courtney: We put our internal advisers together obviously over a period of time, but from the very beginning we had expert advisers working on advising us about the practicalities. The assurance group was convened for the first time last year, I believe, once we had got to the point where we had sufficient detail in our plans and assumptions that we could put it in front of the body and have it reviewed.

Q282 Dr Iddon: If I can get the roles correct and simplified, you have a group looking at biometrics and the Chief Scientific Adviser has another group that is looking at the evidence that you are presenting to the Government to make sure that that is sound evidence. Do I understand that correctly?

Ms Courtney: Yes.

Dr Bloomfield: The Biometrics Experts Group is very much a doing group (it is very much involved in the formation of our requirements and our testing strategies, and so on) whereas the assurance group is what it says; it does assurance on our biometric requirements. The intention is that it should also act as an assurance group for other biometric schemes throughout government.

Q283 Dr Iddon: They are both government groups, of course. Who decided to select the members of each group and on what basis?

Ms Courtney: Perhaps I could ask Marek to speak to that.

Mr Rejman-Greene: With regard to the Biometric Assurance Group, it was felt that because of the complexities, as we have referred to that, about technologies and the way in which the reports of the feasibility study work is so tentative, it needed to have external experts. The problem is in the biometrics field there are relatively small numbers of experts who are not committed to either programmes such as the ID cards or related programmes within the Home Office. A number of ways of looking at the membership of that assurance group were tried out, one of which was to look at the various aspects to do with the use of biometrics: is it the technology itself; the usability; the perceptions about it; the application of the technology? We tried to look and see if we could fit in the people who are independent and world-wide experts in each of those areas and select them and invite them to join the group. Obviously not everyone we invited joined that group. The Experts Group, on the other hand, is very much a group that helps internally the development of the programme, the development of the testing schedules and the procurement requirements. It is very much internally focused in supporting the ID cards Programme itself. The other point about the assurance group is that it does not just necessarily look at the ID Cards Programme; it will also look in the future at all the other related programmes using biometrics, such as the UK Visas Programme, programmes to do with immigration and eBorders.

Q284 Dr Iddon: Before these groups were set up, where were you obtaining your evidence from?

Mr Rejman-Greene: There was a continuous process of working with consultants, specialists and biometric experts. Perhaps you would like the names of the people in those programmes. There were: Professor Jim Wayman from San Jose State University, Tony Mansfield from the National Physical Laboratory, Philip Statham from CESG. Those people were continuously being involved in the discussions about the development of the programme and its feasibility.

Q285 Dr Iddon: My problem is, and you said it just a moment ago, that biometrics is such a small field that I cannot understand how these two groups can become so independent that the assurance group can correctly analyse, quantify and assure the other group that what is happening is correct.

Mr Rejman-Greene: The assurance group members are not involved in any way, shape or form with the programme itself.

Q286 Chairman: Again, I find that quite staggering because one member of your assurance group, Dr John Daugman, in fact has the world-wide rights to iris scanning. He is the guy that has all the patents. How can you possibly have him on an independent assurance group looking at iris technology when he owns it all?

Mr Rejman-Greene: I will respond to that. First of all, the key patent about the use of iris recognition is now open.

Q287 Chairman: Not quite yet.

Mr Rejman-Greene: It is very close to that. Therefore, alternative methods of using that approach have been developed and are being researched as we speak now and commercialised. He does not own it but a company in the United States that actually owns those patents.

Q288 Chairman: But he spends all his time actually rubbishing anyone who attacks iris technology.

Ms Courtney: I would like to add that the Chief Scientific Adviser at the Home Office was involved in identifying appropriate assurance group members and reviewing their CVs and their global status, and the members of the assurance group are all independent, very well respected academics, who fiercely guard their independence.

Q289 Chairman: And their commercial powers.

Ms Courtney: We have every confidence that the assurance group is able to provide the level of independent view in countering the experts' advice that we pay for, if you see what I mean.

Q290 Adam Afriyie: You did not directly answer the question as to who appointed the members of this panel.

Ms Courtney: I believe officially they are appointed by Sir David King as the Chairman of the panel.

Q291 Dr Turner: Ms Courtney, it is our understanding that what you are setting out to do is an extreme challenge, technologically speaking, and that the fused combination of the three biometrics in one system and a massive system database which is going to grow to about 50 million individuals is something that has never even been done. Why, at the start, have you chosen these particular three biometrics?

Ms Courtney: When we reviewed all the literature, the research, also the practical experience from programmes around the world, we looked at systems that did use more than one biometric, which is now increasing. Obviously you will know, for instance, that the International Civil Aviation Organization has begun with the facial biometric and is adding fingerprint biometric to that as part of its common standards. On residents permits, there is an EU Directive that we are seeking to comply with which also requires both facial biometric and fingerprint biometric, et cetera. We have looked at those. We have looked for the most mature biometric technologies, which happen to be the face, iris and fingerprints. We have looked at the ones also that provided the best operational performance on a value-for-money basis. The field is evolving all the time. I think one of the challenges has to be to design a system that is flexible enough possibly to accommodate advances in the technology later down the line.

Q292 Dr Turner: What evidence do you have that this combination will actually work, given even that your own 2003 feasibility report found that facial recognition was not a feasible proposition? You are going to put that in association with two other biometrics to compound the difficulties. Obviously, the machines for reading fingerprints, iris, et cetera, are quite different. It would be very difficult to make one portable machine to measure all three biometrics. What evidence do you have that it will actually work in practice, given that working means in practice that you are going to need something which has a very, very low error rate, otherwise the case that would occur at airports and so on is just unimaginable?

Ms Courtney: I think there is often a misunderstanding about the function of the biometrics as part of the system. The function for us of the multiple biometrics, and again we have always said that this is something that we have been in consultation with the industry about, needs to be tested during the procurement process in order to ensure that we have gathered the evidence base, that those biometrics will enhance the performance of the system. There has been a recommendation that we have been given that no single biometric is the solution. What we are looking for from the multiple biometrics is a system combined with the checking of people's biographical footprints, an interview as we are beginning now to introduce for the passport issuing process, and a number of other counter-fraud measures and, combined with all of those a system that allows us to attempt to avoid a duplicate registration of identities. The function of the multiple biometrics is part of the whole business process to try to make sure that there is a unique identity registered in the system for each person. The error rates on verification of that biometric are very different. In those cases what we are looking at is using the biometric in a one-to-one match - me against my details. For all of those biometrics actually the performance in a one-to-one match is fairly high. In different business applications, a different biometric might be more appropriate than others. You see, for instance, iris being used quite successfully where you have a high volume of people passing through a system, such as the expedited gate clearing at the airports. This is being used quite successfully in different countries. Fingerprints are also very successful in one-to-one matching and one-to-many matching applications as well. I think where people have a misconception is that the intent is to use all three of those biometrics in a confirmation of identity one-to-one check, and it is certainly not any of the assigned assumptions that we have ever made.

Q293 Dr Turner: In that case, why are you so insistent on having the three biometrics fused in one system if you say that on any one occasion you are only likely to use one of them? You have spoken about feasibility studies. Given this has not been ever achieved technically anyway, how have you been able to carry out a feasibility study to see whether the multi‑modal system will work in practice?

Ms Courtney: I will ask Dr Bloomfield to say what modelling has been done on that because certainly that has been assessed.

Q294 Chairman: Could you tell us who has done that because we cannot find any evidence of that?

Ms Courtney: I will ask Dr Bloomfield to speak to that. One of the key principles that I think we need to be clear about is that this scheme needs to be accessible to the whole resident population. The policy is that anybody who is residing here for longer than three months, over the age of 16, should be able to register with the scheme. There is no single biometric today that is universally applicable to everybody. You may have individuals, for instance, who have lost their hands and are unable to register fingerprint biometrics but would be able to register a face and irises. We were looking to create a scheme that was universally accessible for people, and that was one of the important reasons.

Dr Bloomfield: I think terms such as "multi-modal biometrics" and "fusion of biometrics" have a variety of meanings. At their most extreme, "multi-modal biometrics" would imply that you are in some way taking, for example, fingerprint and iris biometrics and they are both being put into some clever algorhythm, which comes up with a result. A very loose use of the term "multi-modal biometrics" would just mean that you are using both and that for those people who are, for one reason, unable to enrol fingerprints, you have an iris biometric as a fall-back. We are very much at that end of the spectrum in our thinking around multi-modal biometrics.

Q295 Dr Turner: You do not really need to use it in the way in which you have set out?

Dr Bloomfield: We are not intending that these biometrics should be used in a way where the biometric data from iris and fingerprints are in some way combined and used together in the same algorhythm. What we may do is use fingerprint and iris biometrics in conjunction so that if it turns out that your fingerprint matched against a few other people's fingerprints in the database, it is possible that an iris biometric may then be used to discriminate amongst those people.

Q296 Dr Turner: To simplify this, you are saying that if your fingerprint raises a doubt, then you turn to the iris and see whether you can resolve it that way, and then maybe go to the face if you are still stuck?

Dr Bloomfield: I am not saying that that is what we are going to do, but that is an example of how you might use biometrics in conjunction, a fairly simply method.

Ms Courtney: These are the sorts of solutions that the industry has been proposing.

Q297 Dr Turner: It sounds as if you are laying preparations for the up-front multi-modal fused system not to actually work as such?

Ms Courtney: We have never said "fused system", I should say. It has always been an intention to have a number of biometrics that we can use.

Dr Bloomfield: There are two key reasons for having multiple biometrics. One is for resolving doubts when one biometric matches; another is to ensure that as high a proportion of the population is able to enrol. If people who for one reason or another have missing or damaged fingers, we would like them also to be able to enrol with iris. If you include more biometrics, then you have more likelihood of people being able to enrol. A further reason is for standards compliance. That is a very good reason for including the face biometric. You rightly said that facial biometrics do not have the same resolving power as fingerprint or iris biometrics. They are very good on one-to-one matching but if you are matching a photograph of yourself against your previously enrolled facial biometric, the performance is quite good. They are also quite good on checking someone against a fairly small watch list, but not against a population size.

Q298 Adam Afriyie: You were showing some confidence in the match rates but the false non‑match rate for fingerprints is 1 in 100; the false match rate for facial recognition was 1 in 10; and the false non-match rate for iris was 1 in 100.

Ms Courtney: Are you quoting from our enrolment pilot?

Q299 Adam Afriyie: Yes, the false non-match rates from your own pilots.

Ms Courtney: I think it is important to reiterate that the enrolment trial was a trial of process and customer experience. It was not designed as a trial to look at performance of the technology per se. The NPL study recommended that we run such a pilot to look at all the business process issues around how you would register multiple biometrics for a representative sample of the population. We will be running, during the course of the procurement, again subject to parliamentary approval, operational testing of the technical systems to be able to evaluate what the actual live performance is.

Q300 Adam Afriyie: At the moment, it is speculative and you need to do further work before these numbers and statistics are clarified?

Ms Courtney: We have always said that we would do that testing as part of the procurement.

Q301 Adam Afriyie: We have had chip and pin, multi-modal biometrics (face/iris/fingerprints), testing systems, enrolment systems and verification checks. These are all to do with technology. What are the known limitations in the proposed scheme and how are you looking to address them?

Ms Courtney: Known limitations in respect of?

Q302 Adam Afriyie: In respect of the technologies that you are proposing at the moment or the route that you are taking, the plan that you have; there must be some known limitations with the technology and known limitations with the schemes with the tests that you had. What are they?

Ms Courtney: In terms of our delivery risks, which includes obviously any technical implementation risks but also it is quite importantly focused on how we organise the services, how we design the business processes, how we operate them in practice, I think Dr Bloomfield has spoken about the universality of some biometrics. We know that there are limitations. You cannot record someone's fingerprints if they do not have any fingers. That is a known limitation and one of the reasons behind our intention to use multiple biometrics to try to overcome that limitation. The biggest risk obviously in any business process is that you do not train your people appropriately. Because we are implementing this with the intention into an organisation based on the Passport Service, building from the good operational reference of the Passport Service in recent years, we have every confidence that we will be able to have the right training in place for people so that we can overcome that possible limitation.

Q303 Adam Afriyie: In your evidence you acknowledge that the field is fast-moving. Have you made any projections about how technology will change over the next several years during the testing and deployment of the project that you have? If so, what are those changes that you envisage? Have you planned to incorporate them into the scheme that you are putting forward at the moment?

Ms Courtney: I might ask Marek to speak a bit about how the biometrics field is moving forward and also Nigel afterwards to say a few words about how we are building that sort of flexibility into our requirements.

Mr Rejman-Greene: You made a good point there inasmuch as the results certainly of the feasibility study in 2002. The experience in the United States with the US visa programme which was based on technology is now quite a few years old. We know, for example in the United Arab Emirates, that there is now a programme using IRIS for nearly one million people. There is beginning to be not only an advance in the technology - the matching and the actual sensors that are picking up the fingerprints and the iris patterns in better and more inclusive ways and more and more people are being enrolled and some limitations are being countered - but the experience in terms of the larger programmes abroad is also bringing in knowledge. The future developments that we are foreseeing, certainly in terms of multimodal fusion which you mentioned, means that there is a lot of research work going on there. During the course of the deployment and early years of the programme, we would certainly ensure and ask the consortium that was winning the project to take advantage of that knowledge and home in on it.

Q304 Adam Afriyie: It certainly sounds as though the project you are proposing is that we are going to be the pioneers; we are going to be at the leading or cutting edge rather than adopting systems which are fully tried and tested in they way they are going to be used.

Mr Rejman-Greene: We are co-ordinating all those technologies, yes, but individually all those technologies are being used and being developed in single trials. I think the idea about actually working through technologies is perhaps the novel element in this area in order, as Katherine said, to ensure that the highest proportion of people are "enrollable" in the system.

Q305 Dr Turner: What about the security of the system? What steps will you be taking to guard against falsification of biometrics, and perhaps the most extreme case one could imagine is that al-Quaeda would become very sophisticated and hack into your database and plant completely false biometrics for a different individual. What steps are you taking to ensure the security of the system?

Ms Courtney: From the beginning when I joined this programme, I was intent on having the best security advice possible, and so we brought in not only the government security advisers but also other independent security advisers to work with us on this. Before we had a reference solution, when we were just thinking about the principles of the scheme and the policy decisions around that, we had security advisers alongside us looking at all the possible risks of the scheme. We have had that built into our design from the beginning. We asked a long time ago for this whole scheme to be certified as part of the critical national infrastructure. It does not exist yet, but already it is listed as part of our critical national infrastructure and so it is being accredited by the government's security advisers, security accreditors, from its earliest inception.

Q306 Dr Turner: What does accreditors actually mean?

Ms Courtney: If you would like a practical example of that ---

Q307 Dr Turner: Is it a kind of kite mark?

Ms Courtney: It is a bit more in depth than that. Perhaps I can ask Nigel to talk about the security accreditation.

Q308 Chairman: Can I ask you not to because we will come back to database security later. I know my colleagues are keen to do that. Before we move off this section, can I summarise where we are here? The Government has clear aims in terms of what it wants biometrics to do in this programme. You do not know, however, what the technology is because some of it may not even be there yet; it might evolve over the coming months, and so your specification in terms of level one procurement is crucial in terms of setting up parameters for what the technology, when it exists, will deliver. Am I right? Is that fair?

Ms Courtney: Yes.

Q309 Chairman: Could you either now or in writing tell us the accuracy levels that you want for each part of the biometrics? I understand not many people do not have hands. We are talking about accuracy levels for, say, somebody who is a builder and has a cut on his finger, or something of that nature. Do you have those figures now?

Ms Courtney: I would like to offer to write to you on that subject.

Q310 Chairman: If, during the process, you find that blips come into the system, are you prepared to say, "We are going to have to stop this and elongate the time in which we can deliver"? Is that part and parcel of your thinking?

Ms Courtney: Our plans have always been to take an incremental implementation to this in a step-by-step way, building on other developments and rolling out over a period of time, I think from the very first policy announcement when the Secretary was quite clear that there would be no big bang implementation of this scheme. That gives us lots of opportunity to test and ensure that we are getting things right. We are also taking the whole programme obviously through the Office of Government Commerce gateway process for every key component of the programme. We are also running our own internal health checks. We will not proceed to the next phase of any aspect of the programme without a clear health check that tells us that we are ready to proceed to the next stage.

Q311 Chairman: Is there evidence to show that this is the best way of developing this scheme? Is that evidence you have from elsewhere where systems have been rushed?

Ms Courtney: There is lots of evidence from the National Audit Office and the Office of Government Commerce and elsewhere. We have certainly learnt lessons from other programmes around the world.

Q312 Bob Spink: Could you tell us how many people eventually will be using this scheme or enrolled on the scheme in total, how many millions, and how many points of access to the scheme checking people there will be eventually - how many tens of thousands of those?

Ms Courtney: The expectation is that in terms of customers or individuals enrolled in the scheme, eventually that will reach about 60 million. We will, however, have to hold records in the scheme on people who have left the scheme.

Q313 Bob Spink: How many points of access to the scheme will here be?

Ms Courtney: I would like to clarify that we are not talking about access to the system. I think that word is often used and misconstrued. We are talking about designing a system here which allows people to present identity information and have it confirmed.

Q314 Bob Spink: We are finishing very shortly and we only have 30 minutes. Could you just address the question specifically and, if you need to add to it, perhaps you could write to us.

Ms Courtney: I cannot give you a number or the volume of verification transactions that we would expect to see on the system.

Q315 Bob Spink: At every airport and port of entry in the country, at police stations and at social benefit offices and so on, how many points will there be in the country in the whole system?

Ms Courtney: We do have assumptions around this. It would be better if I offered to write to the committee.

Q316 Bob Spink: Can you just give us a rule of thumb now?

Ms Courtney: I will not be able to do that.

Chairman: We are happy about your writing back to us on that.

Q317 Bob Spink: Clearly, you said that the success in matching was fairly high, in answer to Dr Turner. Could you also say for each of the systems - iris, fingerprint, face recognition - what "fairly high" actually means? Could you write back to us on that, too?

Ms Courtney: Yes, certainly.

Q318 Bob Spink: Things are changing. I have learnt something this morning. It is now not a fused biometric system; it is a pick any one from three system. Do you think that if that is the case, if it is just pick one from three and try to match it, this will limit the ID card system's ability to deal with immigration, crime, terrorism and ID fraud?

Dr Bloomfield: I would go back to the conclusions of the 2003 NPL feasibility study, which recommended that, in order to differentiate between all the individuals in a population of 50 million, enrolling four fingerprints would be sufficient or enrolling both irises would be sufficient. The conclusions of that report were that you could use either four fingerprints or two irises in order to discriminate amongst individuals in a 50 million population. I think the answer to your question would be no, that how do we choose to combine these biometrics would be sufficient to identify individuals from the population.

Q319 Bob Spink: In answering my colleague who asked for the limitations, you did not say what the limitation on iris recognition would be, for instance for women who were in menstruation where the rejection rate increases very dramatically, as I am sure you are understand, or on fingerprint recognition for people who are over 60, or bank clerks or teachers where fingerprints fail, as we saw with our Chairman who got two out of three failures since he was a teacher on a straight one-to-one fingerprint recognition in America a couple of weeks ago. Perhaps you will write to us about that as well. The whole policy of ID cards is predicated on an assumption that the technologies will work eventually: is that true?

Ms Courtney: The decision on the policy on ID cards was taken by the Government on the basis of quite a lot of analysis and the technology was only one aspect of that. Certainly the advice that we have received all along has been that the technology will be fit for the purpose to support the business objectives.

Q320 Bob Spink: So there is an assumption that the policymakers are taking that the technology will work? That is an assumption?

Ms Courtney: It is an assumption based on expert advice that was gathered at the time.

Q321 Bob Spink: Why have you not trialled the technology to find out whether it will work?

Ms Courtney: We have been trialling the technology.

Q322 Bob Spink: The 2005 trial was not a technology trial. There has been no large-scale trial on any scale at all that is comparable to what we are going to do of the biometrics. In fact, we do not even know what biometrics we are going to be used yet.

Ms Courtney: Trialling the system that suppliers will be proposing during the procurement phase of the scheme will take place during the procurement phase of the scheme. We cannot trial a system that we do not have yet, if you see what I mean. We have lots of experience from other operational systems: IDENT 1, NAFIS, other systems at the Home Office that operate on a very large scale quite successfully.

Q323 Bob Spink: When will you be trialling, how will you be trialling, and what is your budget for trialling?

Ms Courtney: I have to say that all of that is actually subject to us receiving the Royal Assent on the legislation.

Q324 Bob Spink: Let us then make an even bigger assumption than you are making on the technology. Let us assume that you will get, with the majority that the Labour Government has currently, Royal Assent. What is your budget for trialling?

Ms Courtney: We have not published our budget for trialling. It is part of the cost of the scheme. We will be putting information about the plans for trialling into the public domain once we are able to begin the procurement process, which we cannot begin prior to Royal Assent.

Q325 Bob Spink: Do Ministers know the cost of trialling? Have you given those costings to Ministers?

Ms Courtney: Ministers are aware of all of the costs of the scheme, yes. The costs of trialling are included in our business case.

Q326 Bob Spink: The scheme will be off and running by 2009. We are now in 2006, so we are looking at a couple of years. When will the trials start?

Ms Courtney: We have said all along that at a suitable time after Royal Assent we will begin procurement of this main technical component of the scheme, the National Identity Register and the biometric subsystems that support it. We have made the assumption that the process of procurement, including the trials, will take somewhere between 15 and 18 months in order to make sure that we are giving sufficient time to operate those trials as part of that procurement process.

Q327 Bob Spink: As a serious group of professionals you cannot sit here and look this Committee in the eye and tell us that you have not even started the trialing of the technology yet and yet the system will be up and running in two and a bit years' time. Surely you are not telling us that.

Ms Courtney: I was not saying that. I was saying that the procurement process, which included running trials of the specific solutions that the bidders would be proposing, we are expecting to run for somewhere between 15 and 18 months and it cannot begin until after we have had Royal Assent on the Bill and also passed gateway reviews and a number of internal health checks.

Q328 Bob Spink: Given all of these caveats, the massive IT infrastructure project and the need to trial the technology and the lack of technology and confidence in that at the moment, can you say what level of confidence you put in us having a system up and running and being used in two and a half years' time?

Ms Courtney: We have always said that the ready-for-service date for this system would be dependent on the solution that the industry proposes to us during the procurement process. I have a very high level of confidence that we will come to an agreement around the specification for that system with suppliers. The commercial terms there give us a high level of confidence it will be delivered when we have agreed they will deliver it. We have always said that we are working from planning assumptions until we are in that detailed dialogue with the industry.

Q329 Chairman: Would you agree that it is highly unusual to begin a procurement process before you have done the trials, yes or no? Can you think of any other major government project where you would begin the procurement process before you had done the trials?

Ms Courtney: I think it is quite important to point out ---

Q330 Chairman: Yes or no?

Ms Courtney: I think it is not that unusual.

Q331 Chairman: That is normal government practice. What worries me here is that you are going to be entirely in the hands of the private sector in terms of this technology. You said in your evidence to us that it was not necessary to embark on publicly funded science related to biometrics and Tony Mansfield wrote in March that all systems need improvement. We have got a Home Office Biometrics Centre of Expertise who commission no research in this place, it is left entirely to the market. Is that acceptable?

Ms Courtney: I would not say that we have not commissioned research. We have commissioned research. We have a piece of research that the Home Office is funding right now into fingerprint biometric performance. I think what is important to say is that what we will be trialling during the procurement is the specific technical solution that the bidders are proposing for this procurement. What has been trialled before and what we have experienced from other operational parts of the Home Office is how other biometric systems operate, and they operate quite successfully. So it is not that the technology has not been trialled, but the specific solution for this cannot be trialled until the bidders are given an opportunity to propose it to us.

Q332 Margaret Moran: Given the very high number of high profile and large IT project failures there are out there, as we know from our own Audit Office reports, what scientific advice have you received on the lessons to be learnt from those failures? There are some large-scale IT projects which have succeeded. What research have you commissioned on those?

Ms Courtney: I hesitate to use the word research because what we have done is we have actually gone out and reviewed programmes, both programmes that have succeeded and programmes that have experienced difficulties. The National Audit Office has also published reports into this, the Office of Government Commerce has as well and the CIO Council under the Chief Information Officer for the Government at the Cabinet Office has also done quite a lot of work in this area. With most IT projects that may have experienced difficulty in the past we find it is not really the technology that is the problem, it is the other issues around organisational change, business process design, training, development and preparing both the users of the system and the operators of the system for implementation. We have certainly learned all of those lessons from looking at previous experience. The Home Office has had some very big successes in recent years. The Passport Service runs a complex system that successfully manages some 60 million applications for passports every year. IDENT1 under the Police Information Technology Organisation has been lauded as one of the best practice procurements for a major IT system that the Government has ever seen. I think it is quite important to point out that we are learning lessons all the time.

Q333 Margaret Moran: None of that is scientific advice. We have had evidence from the UK Computing Research Committee to say that the Government has made no real attempt to base computing policy on scientific evidence. You have listed the lessons from those IT projects but none of that is based on any scientific basis. With all due respect, the Audit Commission work is not an analytical research piece of work in the sense that you could learn lessons and apply them thereafter.

Mr Seed: You mentioned the Computer Society. The British Computer Society put out quite a comprehensive report on the complexity of IT projects and I was reading it last night while I was swotting for this! They listed the ten most common causes of failure and me being the new boy in the project, I went through this and we have ticked the box and we have learnt from the Computer Society who are the experts in the field.

Q334 Margaret Moran: One of the things that they will have pointed out is the issue of scaleability. Given that this is the largest IT project of its kind, what research has been done on the scaleability of a project like this?

Mr Seed: We are doing that in a number of ways. We are doing it by comparison with similar systems. The FBI fingerprint database has something like 45 million records, so the numbers you can process are up there. The UAE has got in excess of a million records on iris. We know these large projects can work. We are in the process of commissioning a study from QinetiQ on data modelling to see just what the problems are with handling the volumes of data and moving it about and processing it.

Q335 Margaret Moran: What is the balance as between in-house scientific advice and industry advice?

Ms Courtney: We have our own internal advisers both from some of the more technical, deep science areas like biometric algorithms and also simply on technical operations, ie how you design a big system.

Q336 Margaret Moran: Could we have something in writing which lists who you seek the advice from and what the balance is as between internal and external industry advice?

Ms Courtney: We would be happy to write.

Q337 Margaret Moran: I understand two gateway reviews have been done so far. There have been complaints over the fact that commercial confidentiality has been used as a reason to prevent the learning from those gateway reviews becoming more public. We understand the issues around commercial confidentiality. Surely more information from gateway reviews, both past and into the future, could be put into the public domain so as to enable us all to have confidence or otherwise.

Ms Courtney: We have actually conducted more than two gateway reviews on this programme. We have conducted a number of gate zero reviews on the programme itself and also a gate one review on the business justification and we are now preparing for a gate two review on the readiness for procurement for the particular project around the technical systems. As you will know, the reports from gateway reviews are reports to the SRO of the programme, they are not intended to be put in the public domain. OGC is the channel through which lessons learned from other gateway reviews are fed into the other programmes that are going on around government. I do not think there is any risk of the lessons learned from reviews of our programmes being lost, but it is not through the process of placing gateway review reports into the public domain that that happens.

Q338 Margaret Moran: There have been arguments that you are not sharing sufficient information to enable industry or others to make this project work. Is the level of information that is being provided the norm in projects of this sort?

Ms Courtney: From the beginning of the consultation we have been consulting with industry about our plans. We have just concluded an in-depth market sounding exercise where we ran concept viability workshops sponsored by Intellect. We also had in-depth meetings with 60 or 70 individual suppliers. We have had in-depth meetings before that with specific suppliers in the smartcard biometric space in order to sit down with them and discuss our plans in some detail and seek their views on the feasibility, the practicalities and how best to go about engaging with the industry and procuring innovative solutions. I do not think that we have in any way run the risk of not being open enough with industry. I think we have applied best practice in this area.

Q339 Margaret Moran: We have been told it is often very unclear as to how that feedback makes its way into the specification, for example. Will you be making that transparent when you are publishing the strategy?

Ms Courtney: We will, yes. We have told the industry that we will be publishing our changed thinking as a result of the dialogue we have been having with them and making that publicly available to the industry and we will be doing that.

Chairman: From the Committee's point of view, we are wanting to see that there is an audit trail between the gathering of evidence - and that is why feasibility studies are important - and then, of course, a procurement process.

Q340 Mr Devine: I want to talk a bit about security and timescales and such like. In February this year a Dutch company claimed to have skimmed information off ID cards. I do not know if you are aware of that. Are reliability and security your highest priorities regarding the National Identity Register? What other factors are influencing your decisions about the Register? Is there any scenario in which security levels would be sacrificed either for political reasons or for timescale reasons?

Ms Courtney: I believe that the Dutch company, as reported in the media, was talking about an early prototype passport that had been used and not an ID card.

Q341 Mr Devine: It still got access.

Dr Bloomfield: The people who claim to have cracked this prototype Dutch passport did it under laboratory conditions. You need to sit next to a passport with a reader for some considerable time to read it and get into it, which may not happen in ordinary conditions. The other point is that they had already quite a lot of information about the data on the passport which allowed them a foothold to get in through the cryptography and they were also provided with a number of consecutively numbered passports, which further weakens the cryptography. There is a fairly odd set of circumstances that they had in their favour in order to get through this cryptography. Having said that, being able to attack a card or a passport will get you, in the case of our identity card proposals, access to data which is not at all valuable. All the data, apart from the encoded biometrics, would also be printed on the face of the card and you would not actually get very much out of it. Attacking the database is a very, very different challenge.

Ms Courtney: It is important to point out that the accreditation process focuses on the security and integrity and also on the availability of the system. We need to make sure that all of our plans are accreditable not just against hacking and other security risks but that what we are designing here is a system that does not fall over, that does not have a single point of failure and it does not have a single point of decision-making and that there are clear audit logs of how the system is being used so that we can apply appropriate safeguards and supervision.

Q342 Mr Devine: And all this can be done security wise within a timescale of two and a half years, can it?

Ms Courtney: I am confused about the timescale of two and a half years ---

Mr Devine: We are looking at 2009.

Q343 Bob Spink: That is the date of implementation.

Ms Courtney: I believe we have said that our timetable is indicative and that on current plans we are looking at 2008/09, but I have also mentioned that we are implementing a number of intermediate things that are happening this year, next year, in 2008, et cetera.

Q344 Mr Devine: You can write to us about that.

Ms Courtney: The actual date for 'turning on' the National Identity Register is very dependent on the suppliers' proposals as they come back to us through the procurement process. If you would like me to say something more about the security approach, perhaps I can ask Nigel to expand on the security requirements.

Mr Seed: Security is not going to be an add-on, it is being done now. We have not even gone out with our requirements. The security team is embedded within Marek's procurement team; they are fully engaged. They are on my back all the time, as they should be. The people who are going to do the accreditation are having meetings with our people on the times, looking at our requirements as they develop and then inputting to those requirements. The security of the data centre itself is down to even very basic things like making sure it is not on or near a floodplain. We are looking at all that sort of stuff, right the way from very basic level access and flooding and losing it that way right the way through to hacking.

Ms Courtney: It is the security around the people, the processes and the systems, not just the technology.

Q345 Mr Devine: There is a claim that basically if you have one database you are creating a 'honeypot' for criminals to hack into. How would you respond to that suggestion?

Ms Courtney: First of all, I think that is an assumption that there is one database. We have not predetermined the architecture of this system. Our security requirements include issues around making it difficult for people to hack in and access the system. We will have security accreditors throughout the lifetime of this scheme, not just in our planning phase. I think we are doing everything we can to ensure that the security considerations are taken very seriously indeed.

Q346 Mr Devine: You are not going to have one database, is that what you are saying?

Ms Courtney: People like to talk about the National Identity Register as a database. The National Identity Register will be a technical system that may involve a series of data storage solutions. I think it is important that people do not prejudge how the architecture of the system will be designed.

Q347 Chairman: I am now very confused as to what you are saying here. You will have a series of databases. Where is the evidence coming from as to whether you are going for one single database or a series of databases?

Ms Courtney: You are going to ask me questions about the technical design and I am not a technologist.

Q348 Chairman: Can any of your colleagues answer?

Ms Courtney: Our reference solution assumes one thing and then we are working with the market on options ---

Q349 Chairman: In terms of phase one procurement, will the market also decide how many databases you have?

Mr Seed: To an extent, yes. We are doing an out-based requirement, so we are saying this is what the system must do. How they do it is not defined. If industry comes back and says one single monolithic database is the best way and it meets all the requirements then there may be one database. Equally, they could come back and say the security is increased by having partial data here and partial data elsewhere. We have not defined it.

Q350 Chairman: Will industry not come back with a solution that is best for them?

Mr Seed: Possibly.

Q351 Chairman: I would if I was a commercial company.

Mr Seed: Of course you would. You have got to remember that this is an open competition. If somebody comes through with a cheaper solution, that is not necessarily what we are going to select. We are going to look for the best technical solution and the best value for money.

Dr Bloomfield: It is worth adding that it will also have to be a solution which meets the requirements of our security accreditors.

Q352 Mr Devine: Let us say Jim Devine's computer company gets the contract. I can set up a company in Scotland and send information to Scotland, Wales and London. I could outsource this contract to 100 different companies. Is that right?

Ms Courtney: We will obviously have a due diligence process ---

Q353 Mr Devine: Is that right?

Ms Courtney: Not necessarily. We will have a say in this procurement process, as any government client does, about how the consortium is formed and who is providing the solutions. While we do not have an intention to dictate how the market responds to the requirements, we have made it clear that we have to take a decision based on the proposals they put to us. If they propose a solution that includes using companies in a subcontractor relationship such as you describe that we cannot have confidence in, we will not be signing a contract with them.

Bob Spink: Could I ask you to confirm again, please, because I am incredulous about this, that all of this will be up and running in two and a half years? Can you confirm that none of this will be outsourced offshore UK?

Q354 Chairman: Can you answer the second part because I think you have answered the first part to be fair?

Ms Courtney: We have offered to write back with the procurement principles that apply to that.

Q355 Margaret Moran: Is it not inevitable that the market solution will be a single database simply because of the complexity of joining up a myriad of departmental databases which do not match? How are you going to be able to evaluate what comes forward to you in that respect as against the option of multiple databases which may not come forward at all from industry?

Ms Courtney: I do not believe there is a foregone conclusion about that. In our market soundings we have had suppliers who have been working for some time on their own reference solutions for this and they have a number of different approaches, all of which may be equally valid and which should be evaluated in the open competition.

Q356 Mr Devine: You mentioned earlier on that technology is changing. It has been suggested by colleagues in America that these cards are going to be out-of-date very quickly. I think KPMG's assertion is that the durability of the cards would be ten years. Have you made any assessment of that?

Ms Courtney: We did do that because that is one of the assumptions driving some of the costs in our business case model. We went out and did a survey of card manufacturers to look specifically at card lifecycles endurability and based on the evidence that they gave back to us we are confident in the ten year assumption.

Dr Bloomfield: And also from looking at other schemes. Hong Kong, for example, has a polycarbonate smartcard which is valid for ten years.

Q357 Chairman: Nigel, if you have multi-databases as part of your phase one procurement, and that is an option which is open to the tenderers of the process, who controls the data? Would it be the companies who win the contract or does the Government retain control of that data?

Mr Seed: It is a bit of both. The company will be running the database per se, but the data itself will be monitored by civil servants sitting alongside the contractor. We are intending to have a partnership agreement. There is no intention to hand this contract over and then walk away and leave it with a commercial outfit. There will be full-time civil servants in the data centre monitoring the data and the usage of the data.

Q358 Chairman: But a private company will be able to have access to all that data if they win the contract, will they not?

Mr Seed: By definition, in order to maintain the database, yes, they would have to be able to see the data on it.

Q359 Dr Iddon: As you know, this is a very excitable political issue and all the Members around this table get lots of correspondence on it. Apart from the libertarian arguments which we engage with, the second argument is about the costs and that is where I want to go now. Obviously the London School of Economics is in opposition to the Government on costs and they have quoted figures of £10.6 billion to £19.2 billion, which are the ten year costs and which include running costs. We can argue about those figures and they have been argued about and the Government has contradicted them. The hon Member for Leigh has quoted a figure of £584 million per year as the total cost but he will not reveal the estimates within that particular figure. Obviously those figures are way apart, there is no similarity between them. I just want to examine that big difference. How can you be certain about the costs when you have not even set a detailed specification yet?

Ms Courtney: We have had to produce a reference solution for ourselves in order to evaluate what the likely costs would be. We have done that work based on the feasibility analysis that we have done. The figure of £584 million ---

Q360 Chairman: That is not credible if you do not mind me saying so. I think I speak for all my colleagues when I say we find that the most incredible statement given the evidence you have given us today about the state of this project.

Ms Courtney: Our cost assumptions have been independently audited by KPMG and so we can have quite a high degree of confidence in them at this point in the development of the scheme. We have had Treasury scrutiny of our cost assumptions, we have had the Group Investment Board scrutinising our assumptions and we have had independent assurance who advise our programme board review all of our approach to this and the OGC has conducted a gateway one review of our business case, so we do have confidence in our cost modelling. The final costs of the detailed component of the scheme we cannot finalise. We will not know what they are until we have conducted, subject to parliamentary approval, an open procurement process, but we have been quite conservative in using all the Treasury Green Book guidance, using optimism and bias and building contingency assumptions in. We are quite confident in our cost estimates.

Q361 Dr Iddon: The £584 million figure is a hard figure.

Ms Courtney: Those would be the year-on-year running costs of the scheme and it includes the costs of running the Passport Service which are very well known because that is an existing operation. We are able to forecast the volumes of passports and the costs of issuing passports quite accurately. The National Audit Office has always given a clear green light to the Passport Service's accounts. The largest proportion of the £584 million is the costs that we feel quite confident we can accept.

Q362 Dr Iddon: We accept that and hope sincerely that you are right with those costs. What is wrong with the LSE costs? Have you examined those in detail?

Ms Courtney: We have examined them in detail and we have published some information on our website which is a response to the assumptions that were made. The costs modeling behind the LSE made a number of fundamental assumptions which were very different to our own proposition. They made assumptions that ignored the Passport Service as an existing operation and they made assumptions that people would be required to go through, for instance, a full registration process if they were to report their ID card lost or stolen, that sort of thing. So there were a number of factors in their cost assumptions that drove their cost assumptions up which simply are not realistic in view of what we are actually proposing.

Q363 Dr Iddon: We have not had a break down of this £584 million figure. As I said, the Minister will not reveal the estimates within that figure. Are you able to supply the Committee with a full break down of that £584 million figure so that we can examine it?

Ms Courtney: We have stated that about 70 per cent of that £584 million relates to the issuing of biometric passports and the rest is an incremental cost for issuing ID cards to a larger proportion of the population and includes the cost of producing the card itself. The vast majority of the costs are the process for registering an identity and issuing a passport.

Q364 Dr Iddon: When you eventually go to procurement are you expecting that figure to increase significantly?

Ms Courtney: As I said, we have built optimism, bias and contingency into our own cost assumptions so we are not expecting it to increase.

Q365 Dr Iddon: That is a pretty hard figure you are telling the Committee. As MPs we have a degree of scepticism about government procurement projects for IT. We have seen costs escalating phenomenally in some cases when Government has procured the technology. You can understand why MPs and the general public out there are very sceptical and perhaps will be sceptical about what you are saying this morning, although we accept you are saying it with great sincerity. If the project gets out of hand for some reason that you have not even foreseen yet, has the Government set a ceiling above which it will not go to take ID cards out for public use?

Ms Courtney: I believe that ministers have stated several times that they will not be taking a scheme out to the public that was unaffordable or set a fee for the public that was unacceptable. There are many decision points between now and actually introducing the scheme. As I said, there will be many opportunities to review that our cost assumptions are correct. You will know that the current legislation before Parliament has included an amendment that will have us put a report before Parliament of our costs on a six monthly basis, so there will be plenty of opportunity to review.

Q366 Margaret Moran: Some of us accept that the LSE assessments are risible, but I fear we may be having the same perception right now. Have you included in the figure that has just been quoted the costs of dealing with the interoperability or the lack of interoperability of different databases, assuming that one of the options will not be a single database but many?

Ms Courtney: I did not mean to imply that a solution might involve stringing a number of legacy databases together. That has never been part of this proposition. We have always said that our requirements are for a data repository that could be populated one record at a time.

Q367 Margaret Moran: So the costs include multiple databases.

Ms Courtney: The costs include a reference solution for checking people's identity information, which does include reviewing data sources from public and private sector sources. I think we have been quite clear about that. We have looked at the costs of being able to do that interface with other databases in that respect. The costs include processing application information, recording details, such as biometrics and personal identity information, name, address and the like, storing it securely and being able to verify that information back to an accredited user of the system. The costs include all of those inter-operability requirements.

Q368 Chairman: Katherine, you mentioned the KPMG report and I have it in front of me, which was produced on 7 November 2005, and it clearly states that the performance of the biometric matching drives a significant amount of cost and I think you would agree with that. It then goes on to say, "We recommend that the IDCP team should have further discussions with the USVISIT programme to gain detailed insight into the cost drivers for this area and the UAE to verify the cost and performance of the fingerprint and iris hardware matches respectively." They still had real questions about the cost assumption. Have you been to those places, both the UAE and the USVISIT, as KPMG recommended?

Ms Courtney: Since the KPMG report?

Q369 Chairman: Yes.

Ms Courtney: We have not been.

Mr Seed: I will be going on 9 April.

Q370 Adam Afriyie: There are huge risks. My background is in technology for 15 years. The Head of the e-Government Unit, the Information Commissioner, the industry and probably all of us here instinctively know there is a huge risk the technology will not work in the form in which it may want to be deployed in the next 18 months. Would you stake your mortgage on the fact that within 18 months of starting this scheme it will be up and running and it will work? As soon as you have got permission to do your technology roll-out, will it be fully up and ready for use within 18 months?

Ms Courtney: This is a long-term development scheme.

Q371 Adam Afriyie: I will take that as a no!

Ms Courtney: We have the biometric visas rolling out over the next year or two years, we have biometric residence permits rolling out and we have the biometric passports. We introduced the first electronic passport only this month, that was when the first one rolled off the production line. All of these things are testing the technologies that are the building blocks for this scheme. By the time we come to launch this scheme I am very confident that we will have sufficiently proved in an operational environment the components of the scheme.

Adam Afriyie: Within 18 months?

Chairman: May I thank Katherine, Nigel, Henry and Marek for what I think we would all agree has been a very interesting session this morning. We are genuinely interested in representing the House on this issue. Thank you for your contributions.