A UK electronic identity card is a real possibility, but some
analysts say the government has underestimated the costs and should
rein in its ambitions. Bill Goodwin reports
The home secretary David Blunkett reiterated his support for a
universal electronic identity card last week, as the government's
six-month public consultation on the scheme draws to a close.
If it is given the go-ahead, the project, at a cost of at least
£1.3bn, will be one of the most ambitious undertaken in the public
sector in the UK, presenting enormous challenges in IT project
management and systems integration.
The government's proposals, contained in a 150-page discussion
document, have raised a host of questions about the right of
individuals to privacy and anonymity, and genuine concerns about
the compatibility of the scheme with human rights and data
protection laws.
But there are also fundamental practical questions that need to be
addressed, not least whether the scheme will actually work and, if
it does, whether the benefits it offers justify its high price.
The Home Office is presenting ID cards primarily as a better way
for the public to access government and private sector services.
The department claims the cards, dubbed entitlement cards, will
make it easier for UK residents to apply for benefits, medical
treatment, and other government services.
The cards, it claims, will also play an important role in combating
illegal immigration, allowing employers to tell at a glance whether
the person they are hiring is entitled to work in the UK.
Identity theft
In addition, they could help to reduce
crimes such as money laundering, people trafficking and, most
significantly, reduce identity theft, which costs an estimated
£1.3bn a year.
In order to achieve this, the government proposes creating a huge
central database, containing information about 67 million people,
indexed according to a new national identity number. Government
departments will have access to the database via computerised
gateways.
The database will hold a range of personal details, the most
notable being biometric data belonging to the card-holder. The same
data will also be stored on the ID card, providing a highly
reliable mechanism for verifying identity. Government officials are
considering three alternative technologies - fingerprinting, iris
recognition and facial recognition. Each has its own merits, though
iris recognition is regarded as the favourite.
The cards themselves will replace existing driving licences and
passports. A special version of the card will be available for
people who do not drive, and for people who do not wish to travel
abroad. The card will store the same personal information as the
central database, including the biometric signatures.
The Home Office is considering both basic plastic cards, which
would store biometric information on a two dimensional barcode, and
smartcards containing an in-built computer chip.
The government estimates the total costs of the project at between
£1.3bn for a plain plastic card and £1.6bn for a simple smartcard.
A more sophisticated smart card, capable of storing a wider range
of information, would push the total cost up to an estimated
£3.1bn.
But this may be a gross underestimate, claims Dr Perri 6, director
of the policy programme at the Institute for Applied Health and
Social Policy, in a study for the information commissioner. The
projections, he said, are "very significantly underestimated" given
the sheer scale of the project and the likelihood of cost overruns.
They fail to take into account the costs of providing a network of
biometric readers, and the full costs of making the system
compliant with data protection legislation.
"Once all the cost pressures are taken into account, it must be
considered doubtful that the scheme will prove to be worthwhile,"
he said.
Even if the government can establish a credible business case, it
will still face an uphill struggle to manage the project,
particularly when it has so many objectives. A working group
commissioned by the British Computer Society is urging the Home
Office to simplify the scheme, or risk it failing.
Conflicting demands
David Rippon, professor of IT
infrastructure management at Buckinghamshire Chilterns University
College, said the government should focus on a single objective,
such as reducing identity fraud, otherwise the scheme might lose
its way in a maze of conflicting demands.
He said one approach would be for the government to set up separate
project teams for each objective. The teams could work on their
particular applications in tandem, but each would operate
independently with its own project leader.
Rippon warned against using a single central database to support
all the proposed applications. "This would be a high-cost solution
leading to many systems accessing one database, creating both a
single point of failure and the potential for processing
bottlenecks, resulting in unpredictable and lengthy response
times."
Making the system compliant with the Data Protection Act will be
another challenge. In his analysis of the government's proposals,
Perri 6 concludes that the scheme, as currently envisaged, is at
odds with some of the key principles of the Data Protection
Act.
The information commissioner Richard Thomas is concerned about what
he calls "function creep" - the fear that once cards are
introduced, the information they store may be gradually increased.
Blunkett gave reassurances last week that any addition to the scope
of information stored on identity cards would require additional
primary legislation. But this is unlikely to provide comfort to
those worried about the impact of the cards on civil liberties.
How the cards will verify identity
There will be five
levels of authentication:
Simple visual check - compare the photo on the card to the
person producing the card
Telephone authentication service - this is to check that the
card has been issued to the person of the name, address and date of
birth claimed. It would not protect against stolen cards
Code check - the authentication service would ask the card
holder for a digit in a secret Pin, or a word in a pass-phrase, to
verify identity. This would protect against use of stolen cards
Offline biometric check - compare a biometric scan of the
card-holder against biometric data held on the card
Online biometric check - compare a biometric scan of the
card-holder with the biometric record on the central database and
the card. This will guard against fraud of biometric data.
Source:Home Office
Proposed applications
Providing better
public services
- People will only have to make one change-of-address
notification when moving house
- The ID database could be used to verify the identity of people
asking for services
- The private sector could use ID cards to provide services, such
as loyalty cards
Reducing ID fraud
- The card would need to be used by the private sector, where
most cases of ID fraud occur
- ID cards themselves, however, could become a target for
fraud
Illegal Immigration
- Employers could demand production of cards to check that staff
are entitled to work in the UK
Proof of age
- Young people could use cards to prove their age
Reducing crime
- Cards may cut levels of identity fraud, money laundering,
organised crime, and people trafficking
Electoral registration
- ID cards would make it easier to keep the electoral register up
to date
Emergency medical information
- People could opt to have medical information stored on their
card for use in an emergency.
Source: Home Office