The UK government is going for overkill with its scheme
for ID cards carrying biometric technology, says Bart
Vansevenant.
A leaked Home Office document has revealed plans to roll
out national ID cards in the UK. It proposes introducing the cards
gradually over a 13-year period at a cost of about
£3.1bn.
The cards, which have been criticised by privacy campaigners, are
coming under increasing scrutiny from both security and cost
perspectives owing to the government's intention to use biometric
data, such as fingerprint or iris scans. This information will be
held on a central database on to which the details of 50 million
people aged over 16 will have to be entered.
As a Belgian, I am used to carrying an ID card. In the next five
years I will have an e-ID as part of the Belpic project, which is
the first in Europe to deploy electronic identity cards on a large
scale. This scheme will allow me to enjoy the benefits of secure
e-government services by adding a digital certificate to my card at
a relatively minor cost.
So why am I sceptical regarding the UK's planned scheme? In a word:
biometrics. The UK government is too ambitious in its plans to use
biometric technology as a means of authenticating the identity of
UK citizens.
I can see no reason to use biometric information at this time. The
logistical and technical headache of collecting more than 50
million iris scans and entering them onto a central, secure
database must not be underestimated. And what of the cost?
Biometrics is notoriously complicated and expensive to
administer.
The fundamental reason not to include biometrics is that for the
purpose the cards should serve, it is unnecessary and a potential
liability to use the technology.
The point of an ID card is to prove that a person is who the card
says it is. Most authorities will accept a name, home address, date
of birth and, ultimately, signature to confirm your identity unless
you are closing your million-dollar bank account.
In thinking out its national ID card scheme, the UK government
should realise that biometrics are just one technique to
authenticate identity. In Belgium, the government chose a public
key infrastructure solution with digital signatures because
biometrics, on such a large scale (8 million people), is simply not
practical.
Despite choosing the simpler and cheaper option of public key
infrastructure, the Belgian government soon realised that it
required an outsourced solution. This puts into perspective the
enormity of the UK's planned biometric scheme.
I hope that the UK government carefully considers all its options
for authentication before choosing biometrics. By proposing a
"super card" before it is sure of what it will use the card for,
could wind up being a very expensive mistake.
With no recent history of ID cards, a two-step roll-out appears
most appropriate and cost effective for the UK. Cards initially
issued with digital certificates - but with the potential for
biometrics to be added at a later date - is the approach we are
taking in Belgium. This way biometrics can be added in limited
amounts, thus keeping the cost down and scaling the eventual
roll-out to a manageable level.
Such an approach would also benefit the political and moral
acceptance of the new scheme.
What's your view?
Do you think biometric
technology on ID cards is necessary?
Tell us in an e-mail >>Computerweekly.com reserves the right to edit and
publish answers on the website. Please state if your answer is not
for publication.
Bart Vansevenant is director of European
security strategies at Ubizen