MPs slam lack of clarity in ID card scheme
- Posted:
- 16:18 30 Jul 2004
Home Affairs Select Committee criticises the government's plans to introduce national ID cards as poorly thought out and lacking clear objectives
Government plans to spend more than £3.1bn on a national
identity card system were condemned last week by a cross-party
group of MPs as lacking clarity and being poorly thought out.
The Home Affairs Select Committee raised serious questions about
the viability of the project, which will be among the most complex
ever undertaken by the government.
With a draft bill to enable the scheme already published and
biometric trials involving 10,000 members of the public taking
place at the Passport Agency, fundamental questions about the
business case for the project have yet to be answered.
The committee's report, published last week, warned that the
biometric technology which underpins the project is unproven,
difficult for the public to use and may be unreliable. Tests found
that as many as one in 100 biometric matches could be wrong.
Under current plans, the ID cards will be phased in from 2007 as a
replacement for passports and driving licences, in a scheme costing
£200m a year to run.
The cards will contain biometric chips, which will record the
card-holder's fingerprint or iris scan and digital photograph.
These will be linked to a central population database, which will
allow government agencies to check the holder's identity.
MPs on the select committee are worried that, despite the tight
timescale, many of the details of the design and use of ID cards
and the supporting infrastructure have yet to be agreed, increasing
the risk of failure.
"We are concerned by the lack of clarity in definition on key
elements of the scheme and its future operation, and by the lack of
openness in the procurement process," the committee said. "This is
not justified and it must be addressed if the scheme is to enjoy
public confidence."
Moving the goalposts
Part of the reason for the government's lack of clarity over the
project is that the project's objectives have shifted several times
since it was first mooted as a counter-terrorism measure in the
weeks following the World Trade Center attack in 2001.
Home secretary David Blunkett now acknowledges, in the face of
evidence that ID cards have not prevented terrorism overseas, that
ID cards will simply make a "contribution" to fighting terrorism
rather than stopping it altogether.
Gone too is the government's early plan to position ID cards as
"entitlement cards" that would open up a wide range of government
services to the public. This, said the committee, is a missed
opportunity to open up government to the public.
The primary focus of ID cards is now to crack down on illegal
immigration, health tourism, identity theft and organised crime,
but the government has so far failed to spell out clearly how ID
cards would help, and what the economic benefits would be.
Some of those who gave evidence to the committee have speculated
that the government's real purpose in the ID card project may not
be the introduction of ID cards per se, but the reform of central
government IT that will go with it.
The Home Office has long recognised the need to tighten up security
in the way its issues passports and driving licences and to create
an accurate, up-to-date database of passport and driving licence
holders. But it is easier to make the case to invest the billions
of pounds required if it forms part of a wider government ID card
programme designed to tackle crime and fraud.
The draft ID Card Bill, published in April, lends weight to this
idea. It focuses almost entirely on the creation of a secure
central population register. ID cards are hardly mentioned.
Misleading the public
Its purpose, said Chris Pounder data protection adviser at law firm
Masons, appears to be to create a mechanism for linking government
databases, rather than to verify identity. He accused the
government of misleading the public over its real intentions.
"The sense I get is that the government is piggy-backing a complete
data sharing agenda that has not been subject to open public
scrutiny. The data sharing agenda has been largely missing from the
two previous consultations and has only come to light in the bill,"
he told the committee.
The Local Government Association has also made it clear that it
sees no value in having biometric cards to verify an individual's
identity. But it is interested in a central population register
that would make it easier to share information with central
government.
Evidence of the tangible benefits a biometric identity card scheme
would deliver remains elusive despite weeks of hearings by the
select committee.
The Department of Work and Pensions estimates that ID cards could
help to reduce benefit fraud by up to £45m and provide a
further £8m in administrative savings.
The Home Office argues that ID cards would reduce ID fraud, which
costs the UK £1.3bn a year, and would also bite into the
£390m a year that is lost due to money laundering.
But little has been said publicly about the savings ID cards could
bring to the NHS by reducing health tourism, or how they could
reduce illegal immigration.
MPs on the committee have not rejected ID cards, but they have
called for the government to end the secrecy surrounding its
proposals and to submit the project to public scrutiny.
"This secrecy is all the more regrettable since the case for an
identity card system is founded on whether its benefits are
proportionate to the problems it seeks to address: a proper cost
benefit analysis is an indispensable element to this," the report
said.
Security fears: risk to personal data
The government could place the security of personal data at risk by creating a single multi-function identity card and a single population database, Martyn Thomas, representing IT industry think tank the UK Computing Research Committee, told MPs.
"By doing that you are making a very large range of services vulnerable to a single attack, either a deliberate attack, or a fault that arises as a consequence of misimplementation," he said.
Ross Anderson, professor of security engineering at Cambridge University, said there was a strong danger that ID cards would become a target for fraud during enrolment.
Although the biometric ID card system would raise the alarm if two people claimed the same identity, this provides no more security than the current system of issuing passports, he said.
Anderson said current iris scanning technology might not be able to detect people trying to defeat the system by using contact lenses. Fingerprint readers could also be fooled by false fingerprints, he said.
However, Katherine Courtney, director of the ID cards programme, told MPs, "We have no intention of launching a technology that is not fit for the purpose." She said the Home Office would do rigorous end-to-end testing to ensure that the system was robust and ready for launch.
Project management fears: risk of supplier-driven agenda
The ID card project is risky because the government has failed to make decisions about how ID cards will be used and operated, the Home Affairs Select Committee heard.
Martyn Thomas of the UK Computing Research Committee said the government was in danger of leaving political decisions about the operation of smartcards to suppliers - a move that could place the whole project at risk.
"I suspect there are conflicting requirements and those conflicts are being cloaked over there are hard political decisions to be taken and the assumption is made that somehow the supply industry will solve the problem. It has never worked in the past and it will not work this time," he said.
Ross Anderson, professor of security engineering at Cambridge University, said the government risked handing too much power to suppliers by placing the ID card database at the heart of government.
"You can hold ministers to ransom and say, 'Give us £200m to fix this.' If you have a large system, you have ministers over a bigger barrel." Bringing all government IT systems together through the proposed central register, rather than opting for a decentralised approach would add to the risk of the project, Anderson said.
"It becomes too risky to change the system once it becomes the critical infrastructure for a very large part of the public sector," he said. Thomas said it was highly unlikely that the government would successfully implement an ID card scheme within the timescale and budget it envisages.
But Nick Kalisperas, senior programme manager at IT suppliers' group Intellect, said the government had learned from the mistakes of the past and had been working closely with suppliers from the outset to develop the project. "If at any stage we believe that the Home Office is going to produce a system which could not deliver the benefits which it hopes, or which we believe technically is not possible, we would withdraw our support from the approach taken," he said.
