Secret government reports into the feasibility of
theID cards programmepublished today,
raised far reachingconcerns about the costs, complexity, security and
technologyof the project.
The project received a "red" light from government reviewers in
June 2003. Seven months later the traffic light status changed to
amber.
The Office of Government Commerce (OGC)
released the reviews today, under the Freedom of Information
Act, after it led a
four-year battle to keep them secret.
The first review warned that the government had failed to
identify explicitly the programme's most important risks. It warned
that "the sheer scale of the programme could lead to
difficulties".
The cost of the scheme may not be justified by the benefits, and
government departments were "not quite as enthusiastic about the
programme" as was hoped. The scheme could do "less good than hoped,
with perceived benefits seemingly not on a scale to justify the
costs and some erosion of public support for the scheme," it
said.
The reviewers warned there was "no means of resolving issues and
project creep", and they raised questions about whether there would
be enough people with the right skills to man the project.
There is "no evidence that the skills and capabilities for the
programme are readily available, nor have arrangements been made so
far to secure them", the report said.
Inadequate card security could lead to stealing and
counterfeiting. The police told reviewers that failing to make ID
cards compulsory would "substantially remove the administrative
savings and some of the other advantages that ID cards would
offer".
This is the first time the OGC has released any gateway reviews,
which are independent assessments of risky projects and programmes
at various stages in their lifecycle.
The thoroughness of the two released reports is likely to lend
authority and credibility to gateway reviews in general. Many of
the concerns raised by the gateway reviewers in the reports have
since been addressed by the Identity and Passport Service.
But some of the concerns of the reviewers remain relevant today,
such as the risks posed by breaches in security, and the
uncertainties over the costs and complexities of the programme for
government departments participating in the scheme.
There were also uncertainties about the reliability of the
biometric technologies for ID cards. Computer Weekly has learned
that even today, more than four years after the reviews, the
Identity and Passport Service is still aware of uncertainties over
biometrics technologies to be used in ID cards.
The first of the two released Gateway reviews gave the scheme a
"red" light. It said that the review team "did not consider that
the studies of costs and risks that have been completed are
sufficiently robust to support any firm conclusions as to the
outturn costs or delivery timetable".
This reviews were carried out before the draft Identity Cards
Bill was published.
The first concluded, "We have little doubt that the [ID Cards]
programme is do-able. The more difficult issues are how to achieve
certainty of success on a predicted timescale and value for money,
while minimising risks".
The second review, carried out in January 2004, gave the scheme
an "amber" light, which it said "reflects our concerns with the
potential for problems in the future"
It is unclear whether the concerns of reviewers have since been
assuaged because none of the gateway reports written since January
2004 has been published.
For a summary of ID cards gateway reviews, see the
IT Projects
blog
For the key findings of the 'secret' ID cards Gateway reviews
FOI release, see Tony Collins' blog.