'Secret' ID Cards Gateway reviews FOI release - key findings

Below is my summary of two early Gateway Reviews on the ID Cards scheme which were released this week under the Freedom of Information Act.

The OGC considers the release of the reports an exception and has more than hinted that it will be unwilling to publish other reviews.

It says it will abide by a “working assumption” – in which the Ministry of Justice gives departments advice on how they can use exemptions in the Freedom of Information Act to justify a refusal to publish Gateway reviews.

Still, the OGC has saved the costs of a further appeal to the High Court by releasing the two initial “feasibility” Gateway 0 reports; and the reviews, the first one at least, shows how professional and thorough gateway reviews can be, given that they are done over only a few days.

The lesser concerns raised in the two released Gateway reviews on ID Cards were dealt with long ago. The bigger questions asked in the reviews about whether the scheme will ever be of real use, whether the security of the ID Cards database will be breached, whether the biometrics technologies are reliable enough, and whether the data will be accurate, and remain accurate, are still being asked today, and by government insiders.

The reviews also revealed that government departments which were to participate in the scheme were less enthusiastic than might have been hoped.

These are the paragraphs in the two Gateway reviews on ID Cards that I found the most interesting [the sub-headings in bold are mine]. 

Gateway Review Zero on ID Cards scheme – June 2003

Review gets “red” light

The Government has consulted on the scheme but has not yet announced its response to the consultation or its decision on whether the scheme should proceed. Not unexpectedly therefore few of the preconditions required for Gate 0 have been fulfilled and the current status of the Entitlement Cards scheme is confirmed as RED.

This outcome should not be viewed as a criticism of the conduct of the policy work or of the efforts of the small Entitlement Card team. In fact we concluded that [name deleted] and his team have done a remarkable job with limited resources in exploring many aspects of this complex scheme.

Costs and risks not robust enough

The review team did not consider that the studies of costs and risks that have been completed are sufficiently robust to support any firm conclusions as to the outturn costs or delivery timetable.

Urgent need for value for money analysis

There is an urgent requirement for considered analysis of the costs and benefits of the programme, and the various options within it, and of value for money. Although some work on costs and levels of charges has been undertaken, only limited attempts have been made so far to assess the time profile of costs or to quantify benefits from the programme. The expectation that ongoing costs of the programme can be covered by (monopoly) charges for passports and driver licences, thus making the programme self-financing, does not, of course, remove the need for a serious analysis of costs and benefits.

Permanent Senior Responsible owner should be appointed

A “permanent” senior responsible owner should preferably be appointed as soon as practicable at a senior level – [which the Government did by appointing James Hall, the head of the Identity and Passport Service, as SRO].

No evidence that there will be enough people with the right skills

There is no evidence that the skills and capabilities for this programme are readily available nor have arrangements been made so far to secure them. The Department is not yet well placed to manage the programme successfully.

ID Cards Scheme is do-able – but will it succeed?

We have little doubt that the Entitlement Cards programme [now the ID Cards Scheme] is do-able. The more difficult issues are how to achieve certainty of success on a predicted timescale and value for money, while minimising risks.

Does it have precisely-stated objectives [even today]?

Confirmation of the keenly focussed and precisely stated objectives, purposes and scope for the Programme that Home Office Ministers have already defined. It will be vital to confirm these with slight refinement if necessary and then to stick to them. [I don’t believe that the ID Cards scheme yet has keenly focussed and precisely stated objectives, purposes and scope, though the IPS could argue that there will be after contracts are awarded.]
More uncertainties – particularly over keeping data accurate

Within systems architecture, some vital issues will be … resolution with other Departments and Agencies of how the Entitlement Cards Programme [now the ID Cards Scheme] and other related programmes will fit together… processes for cleansing and maintenance of data. It seems evident that a single database will be required. Who should be responsible for (a) cleansing and (b) maintaining it? Should it be DVLA, Passport Office and a third unit (for non-drivers without passports)? Or should this responsibility be vested in a single joint unit formed from DVLA and Passport Agency? … The importance of the maintenance process can hardly be exaggerated.

A failure to identify explicitly main risks to success

The risk registers and assessments we have seen seem not to identify very explicitly some of the most important risks, such as:

• Governance failures (eg no coherent wider government programme for the whole area of establishing identity and maintaining a people register, robust governance structure, lack of clarity about responsibilities, no means of resolving issues, project creep)

• Inadequate support and commitment (we noted with some concern that the main potential beneficiaries of an Identity Cards scheme, such as police, DVLA, Passport Agency, IND, DWP, Inland Revenue and the financial sector, though generally supportive, were not quite as enthusiastic about the programme as might have been hoped.

• Programme scale. The sheer scale of the programme could lead to difficulties.

• Poor systems architecture. This could severely reduce benefits from the scheme and increase cost.

• Unexpected data problems. This is an ever present danger.

• Process failures.

• Biometrics. Opinion seems divided on how effective or dependable biometrics will be. There is little past experience, in the UK or elsewhere, to go on. Pilots will be especially important.

• Inadequate card security (stealing and counterfeiting). The police and IND saw the value of the Identity Cards as being severely reduced if there is not a high level of card security. There needs to be a safe assumption that person showing a card is who he claims to be.

• The scheme does less good than hoped, with perceived benefits seemingly not on a scale to justify the costs and some erosion of public support for the scheme. The Police felt that the absence of any obligation to carry or produce identity cards would substantially remove the administrative savings and some of the other advantages that Identity Cards would offer.

Advice to avoid making promises on timing and nature of scheme

If such an announcement is made, as presently proposed before the Recess, we would suggest that it should offer as few commitments as possible about the timing and nature of the programme. The aim should be to leave as much room as possible for manoeuvre.

2nd Gateway Review Zero on ID Cards scheme – January 2004

Some good news

With only a few exceptions the recommendations made by the earlier review have been fully implemented. In addition the new management team has compiled a generally convincing, although preliminary, strategic business case, improved stakeholder engagement, defined and implemented risk management and secured resources for the programme definition phase. In our view the Gate 0 preconditions have now been satisfied. The review team can consequently confirm that in our view the ID Cards programme is ready to proceed.

But many complex issues remain – project gets “amber” light

Although a robust management framework, resources and plans are now in place with potential for success, many complex issues remain to be addressed and a great deal of further work is required to establish a solution that is feasible, affordable and achievable with a high degree of certainty. We have identified many critical areas where intensive work will be needed before the next review. We have made a number of significant recommendations designed to improve the prospect for success and we assess the status of the ID Cards programme to be AMBER.

The potential for problems

This conclusion [an amber light] reflects our concerns with the potential for problems in the future and it must not be interpreted as comment on the quality and completeness of the work done to date or a qualification on our confirmation that the programme should proceed with the next phase of work. We also emphasise that the SRO and the management team are as conscious as we are of the scope and magnitude of the issues to be addressed.

Will ID Cards scheme make mistakes the NAO and OGC have warned about?

The Identity Cards programme has been assessed by the Department against the National Audit office/ Office of Government Commerce list of common causes of failure. We have examined this assessment and support its conclusions although recognising that some of the common causes on the NAO/OGC list relate to activities that will be undertaken during later stages of the programme.

Potential for success not in doubt – but that’s not the same as achieving it

The Identity Cards programme’s potential for success is not in doubt. As the SRO and Programme Director recognise, however, there is much work to be done before a robust business case can be established for a solution that meets the business need, is affordable and achievable, with appropriate options explored, and likely to achieve value for money, as required at Gate 1.

Many critical issues to be resolved which could affect costs and other schemes

We became conscious in the course of our discussions how many of the critical technical issues will need to be resolved and how great an impact some of these will have on costs, timing and other programmes. It will be essential to identify the preferred solutions to each of the main technical issues by the start of the procurement phase. Some examples are:

• Choice of identification number. Should this be the National Insurance number or a new set of numbers? There are arguments in favour of the NI number but Inland Revenue officials have concerns about the amount of matching work they might have to undertake in order to match ID numbers with the correct set of income tax and national insurance information.

• Biometrics. There is general agreement that there should be a second biometric as well as the photograph (or digital photograph). On the assumption that DNA would be too expensive, however, should it be fingerprints or irises (or both)? How scalable are the two technologies? And what are the cost implications? It was put to us that EU Directives and international passport standards might leave little option but to use fingerprints (which could also, unlike irises, be compared with existing stocks held by the police and others). The matter needs, however, to be firmly decided.

Can other government departments afford to join ID Cards scheme?

On funding the Department have made clear that they will assign priority to the delivery of the Identity Cards programme and finding the necessary funds with help from HM Treasury. There are some concerns about funding in the Partner Departments.



It’s unclear how many, if any, of the most serious weaknesses in the ID Cards scheme have been overcome. Neither the OGC nor the Identity and Passport Service has published any gateway reviews apart the two in question.

The most positive thing that can be said about ID Cards is that the senior responsible owner is James Hall who knows what he’s doing. But he’s not, as far as I know, a performer of miracles; and many more people believe in miracles than in ID Cards.


OGC finally publish gateway reviews – Spy blog

‘Secret’ reports raised concerns about feasibility of ID cards – Computer Weekly

Government publishes secret ID Card reviews – Computer Weekly

The 1st gateway review on ID Cards – June 2003

2nd gateway review  – January 2004

Government resists ID Cards scrutiny – The Register

There’s always mistales – Digital Identity Forum   


Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do we know for sure James Hall knows what he's doing? To say that you'd have to know what he *is* doing? But the IPS seems to be operating largely in secrecy - surrounded by a distracting haze of sunny propaganda. The external function of his role appears to be stonewalling and sticking to the script, as if he were a government minister.

Being a successful manager of a management consultancy firm is not necessarily the best preparation for what is a profoundly political and politically-conditioned role in public administration.

Mr Hall's immediately previous contact with public administration, running Accenture's part of the NHS NPfIT, doesn't seem to have turned out completely happily:



As you know governments repeat mistakes for many reasons. The systemic lack of independent oversight and challenge doesn't help. It'll be just as bad under the Tories if they get in.

James Hall has seen it all before and seems to understand the need to keep risks to a minimum.

That's not the approach on,say the NPfIT, where sometimes reckless decisions are taken in the name of Progress.

That said the risks inherent in the ID Cards scheme are huge - and if the scheme itself is overly ambitious and unachievable, and it may be, then risk mitigation becomes little more than damage limitation.

I share the concerns about secretiveness. But that's built into the system. Ministers don't want the opposition to know the real truth about their big IT projects. And they have a natural ally in their advisers who don't want anyone outside government to know either.

It's up to you and others, including the media, to try and offset the damage caused by unnecessary government secrecy.

That's why your organisation and others who campaign to put essential information into the public domain, are so important.


You are quite right,it is essential information about IT projects and changes are in the public domain.I tried to attend the NHS Information Centre for Health and Social cares board meeting on Thursday and requested the protocal for questions?needless to say I was prevented from attending and told I needed to give 7 days notice!!!I know the Chair and two of the directors from their previous roles in having worked as an unpaid volunteer for the last 13 years?I have tabled a question about comments in one of the papers which state"Secondary Users Service R3 R4 problematic,De scoping the content of R4 part in line Feb 09"JARGON that as a member of the public I didn't understand.I have asked them to explain how this effects patients needing access via Choose & Book and await a reply.NHS IC are trying to sell themselves as the HONEST BROKER with 50% share belonging to the DOH who have an option buy back of shares,yet members of the public are prevented from attending their meetings!! I have to wait until late May 09 for the next board meeting in public.