The government's plans to roll out biometric identity
cards by 2008 are, by its own admission, looking increasingly
shaky.
The £5.8bn project has been put on hold until at least the end
of the year, while home secretary John Reid completes a
wide-ranging review of the Home Office's priorities.
The review, revealed in Computer Weekly last week, follows the
release of e-mail exchanges between government officials, who
raised concerns that the project was in serious trouble and
unlikely to meet its 2008 deadline.
The Home Office is using the time between now and the autumn,
when the review will be complete, to reassess the ID card
scheme.
The ID card procurement programme, which was originally expected
to begin in the spring, has now been postponed until the end of the
year and may not take place until 2007.
The delays mean that it is now impractical for the government to
meet its deadline for rolling out the first ID cards in 2008, said
suppliers' trade association, Intellect.
"It is not feasible to start procurement at the end of 2006 and
to start ID cards in 2008. You have to have enough time for testing
and piloting to make sure that everything works," said Nick
Kalisperas, director of Intellect.
Nevertheless, the review has been welcomed by suppliers and
industry observers, many of whom see it as necessary to avoid
another government IT disaster.
"I think the timetable is less important than getting it right,"
said Pauline Neville-Jones, chairman of the Information Assurance
Advisory Council, a public/private sector think tank.
"It is trust in the integrity of government and confidence in
the efficiency and effectiveness of government that is at
stake."
Jerry Fishenden, national technology officer for Microsoft, said
that the delay could only be a good thing. "A project of this scale
has to be right. By comparison, IT projects in companies and
government departments are small fry when set alongside the scale
of this programme," he said.
Neil Fisher, vice-president of identity management at Unisys,
said, "I understand that they are doing more research into how to
drive down the risk of the programme. That actually means they will
have a better thought-out procurement strategy than they have
now."
Industry observers are hoping that the Home Office will use the
review to clarify exactly what it wants from the ID card programme
- a move that is essential if suppliers are to come forward with
sensible solutions.
"The government has not said what they are trying to do. Worse
than that, they have said seven or eight different things they are
trying to do. And each time they are challenged, they back off and
say they are trying to do something else," said Martyn Thomas of IT
industry think tank the UK Computing Research Committee.
"Delaying the project, given where they are now, is a very good
idea. The right thing to do is to state the problem they are tying
to solve in as much detail as they know, and to put forward the
reference architecture and analysis that leads them to believe that
the ID card architecture is the right way to solve it," he
said.
Robin Wilton, corporate architect for federated identity at Sun
Microsystems, agreed there were still a lot of questions to answer
before suppliers could put forward a valid ID card solution.
"We have drawn up a technical architecture to say this might be
what we would put in place. But there are still gaps in it. We need
to know more about the underlying rationale of the project," he
said.
The Home Office should use the breathing space afforded by the
review to integrate the ID cards programme more closely with the
rest of government, said Intellect.
Kalisperas said it made no sense for the Cabinet Office to be
developing a separate government-wide Identity Management Strategy
while the ID card procurement was going ahead.
He called on the government to be more open, and to begin
communicating with suppliers on exactly what it wants from the ID
card programme. He warned that it would be a mistake to push ahead
with a simplified ID card programme without proper consultation
with industry.
"You can only have a simplified card if there is a basis for
upgrading it in the future. It needs to be future-proof. It may be
that if you have a scaled-down version of the card not as many
suppliers will bid for it, or it will change the procurement."
ID card technology
National identity register
- Will hold records on the UK population
- Will record digital fingerprints, images and iris scans
- Will operate 24x7
- Response rate of 15 seconds
- Register will record an audit trail every time the ID card is
used
- Government will charge companies to verify identity of the
public
- Public will have no right to see who has been checking their
files, unless they appeal to the information commissioner
Biometric readers
- Fingerprint and iris scanners will be needed to verify ID
remotely
ID cards
- Home Office favours simple design that will feature a digital
photograph or picture plus two fingerprints
- Negotiations underway with banks to make cards compatible with
chip and Pin
The shifting shape of the ID card programme
The project that is likely to emerge from the Home Office review
will be simpler, less risky, and will be rolled out more slowly
than the IT industry has been led to believe.
One of the options on the table is to delay plans to roll out ID
cards across the whole of the UK population, and trial the cards by
issuing them to foreign residents initially.
The Home Office also aims to simplify the cards so that they
will contain only a limited amount of biometric data. This may be
restricted simply to a digital photograph, or a digital photograph
plus two biometric fingerprints.
Under this scenario, the cards will become less important than
the National Identity Register database as a means of verifying an
individual's identity.
The register will retain a record of iris scans, 10 fingerprints
and digital facial images of all the population, which can be used
to verify the identity of a member of the public, whether or not
they carry an ID card.
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats