The home secretary David Blunkett reiterated his support for a universal electronic identity card last week, as the government's six-month public consultation on the scheme draws to a close.
If it is given the go-ahead, the project, at a cost of at least £1.3bn, will be one of the most ambitious undertaken in the public sector in the UK, presenting enormous challenges in IT project management and systems integration.
The government's proposals, contained in a 150-page discussion document, have raised a host of questions about the right of individuals to privacy and anonymity, and genuine concerns about the compatibility of the scheme with human rights and data protection laws.
But there are also fundamental practical questions that need to be addressed, not least whether the scheme will actually work and, if it does, whether the benefits it offers justify its high price.
The Home Office is presenting ID cards primarily as a better way for the public to access government and private sector services.
The department claims the cards, dubbed entitlement cards, will make it easier for UK residents to apply for benefits, medical treatment, and other government services.
The cards, it claims, will also play an important role in combating illegal immigration, allowing employers to tell at a glance whether the person they are hiring is entitled to work in the UK.
In addition, they could help to reduce crimes such as money laundering, people trafficking and, most significantly, reduce identity theft, which costs an estimated £1.3bn a year.
In order to achieve this, the government proposes creating a huge central database, containing information about 67 million people, indexed according to a new national identity number. Government departments will have access to the database via computerised gateways.
The database will hold a range of personal details, the most notable being biometric data belonging to the card-holder. The same data will also be stored on the ID card, providing a highly reliable mechanism for verifying identity. Government officials are considering three alternative technologies - fingerprinting, iris recognition and facial recognition. Each has its own merits, though iris recognition is regarded as the favourite.
The cards themselves will replace existing driving licences and passports. A special version of the card will be available for people who do not drive, and for people who do not wish to travel abroad. The card will store the same personal information as the central database, including the biometric signatures.
The Home Office is considering both basic plastic cards, which would store biometric information on a two dimensional barcode, and smartcards containing an in-built computer chip.
The government estimates the total costs of the project at between £1.3bn for a plain plastic card and £1.6bn for a simple smartcard. A more sophisticated smart card, capable of storing a wider range of information, would push the total cost up to an estimated £3.1bn.
But this may be a gross underestimate, claims Dr Perri 6, director of the policy programme at the Institute for Applied Health and Social Policy, in a study for the information commissioner. The projections, he said, are "very significantly underestimated" given the sheer scale of the project and the likelihood of cost overruns. They fail to take into account the costs of providing a network of biometric readers, and the full costs of making the system compliant with data protection legislation.
"Once all the cost pressures are taken into account, it must be considered doubtful that the scheme will prove to be worthwhile," he said.
Even if the government can establish a credible business case, it will still face an uphill struggle to manage the project, particularly when it has so many objectives. A working group commissioned by the British Computer Society is urging the Home Office to simplify the scheme, or risk it failing.
David Rippon, professor of IT infrastructure management at Buckinghamshire Chilterns University College, said the government should focus on a single objective, such as reducing identity fraud, otherwise the scheme might lose its way in a maze of conflicting demands.
He said one approach would be for the government to set up separate project teams for each objective. The teams could work on their particular applications in tandem, but each would operate independently with its own project leader.
Rippon warned against using a single central database to support all the proposed applications. "This would be a high-cost solution leading to many systems accessing one database, creating both a single point of failure and the potential for processing bottlenecks, resulting in unpredictable and lengthy response times."
Making the system compliant with the Data Protection Act will be another challenge. In his analysis of the government's proposals, Perri 6 concludes that the scheme, as currently envisaged, is at odds with some of the key principles of the Data Protection Act.
The information commissioner Richard Thomas is concerned about what he calls "function creep" - the fear that once cards are introduced, the information they store may be gradually increased.
Blunkett gave reassurances last week that any addition to the scope of information stored on identity cards would require additional primary legislation. But this is unlikely to provide comfort to those worried about the impact of the cards on civil liberties.
How the cards will verify identity
There will be five levels of authentication:
Simple visual check - compare the photo on the card to the person producing the card
Telephone authentication service - this is to check that the card has been issued to the person of the name, address and date of birth claimed. It would not protect against stolen cards
Code check - the authentication service would ask the card holder for a digit in a secret Pin, or a word in a pass-phrase, to verify identity. This would protect against use of stolen cards
Offline biometric check - compare a biometric scan of the card-holder against biometric data held on the card
Online biometric check - compare a biometric scan of the card-holder with the biometric record on the central database and the card. This will guard against fraud of biometric data.
Providing better public services
- People will only have to make one change-of-address notification when moving house
- The ID database could be used to verify the identity of people asking for services
- The private sector could use ID cards to provide services, such as loyalty cards
Reducing ID fraud
- The card would need to be used by the private sector, where most cases of ID fraud occur
- ID cards themselves, however, could become a target for fraud
- Employers could demand production of cards to check that staff are entitled to work in the UK
Proof of age
- Young people could use cards to prove their age
- Cards may cut levels of identity fraud, money laundering, organised crime, and people trafficking
- ID cards would make it easier to keep the electoral register up to date
Emergency medical information
- People could opt to have medical information stored on their card for use in an emergency.
Source: Home Office