First ID Cards Contracts Awarded

The Identity and Passport Service has announced the award of the first two contracts under the National Identity Scheme. CSC has been awarded the £385m contract for Application and Enrolment, whist IBM got the £265m contract to build the National Identity Register. These are the first in a series of components being procured under the framework agreement, which also includes EDS (HP), Fujitsu and Thales.

The more interesting bit of news was the quotes from James Hall, Chief Executive of IPS, although I don’t know yet know whether these were at a conference or in a one-to-one interview with the BBC. In the article he confirms the long-standing assertion that the primary form of binding between cardholder and card will be Chip and PIN. That’s no surprise, and in the majority of ID Card use scenarios will be the only cost-effective binding mechanism available, since biometric checking will not be practical.

What’s more confusing is his use scenario:

” One of the reasons for the format of the card is we have the opportunity to put it in to card readers and potentially use it in existing networks such as the ATM network.

“We are in discussions with the financial services industry and, if they come forward with a compelling view of the rationale for chip and pin for them, that’s definitely something we’ll take extremely seriously.

“If we conclude that chip and pin is a key part of making it useful, there’s no technical reason why we couldn’t do it.”

I’m lost at what’s being achieved here. So, to prove my identity, I put my ID Card in an ATM and enter a PIN to provide a relatively weak binding: but seeing as nearly every member of the economically active adult population has an ATM card, why would I want to do that? To what purpose?

There’s more sense in the idea of Chip and PIN in, say, a proof of age situation at a nightclub: the individual shows the card to the doorman to provide a visual inspection, then provides Chip and PIN to prove that the card is legitimate and that they are the holder. That I can see. I can also see that working when applying for a financial product rather than having to go through the mess of utilities bills that characterises current ‘know your customer’ procedures (but note that the current EMV network would only confirm the card and its binding, not my home address). Whether these justify the cost and civil liberties implications of an ID Card scheme is, of course, a different matter.

There are some really good reasons for having a population-scale authentication mechanism, but we need to have them enunciated much more clearly from IPS if they’re going to make a business case for expenditure. ATM machines for ID? I’m not convinced.

Join the conversation

5 comments

Send me notifications when other members comment.

Please create a username to comment.

"If we conclude that chip and pin is a key part of making it useful" Isn't this the sort of thing that should have been sorted out five years and fifty million quid ago?
Cancel
It may be that James Hall is looking for ATM compatibility just for the initial stages of binding the user to a card which has been distributed. (I.e. the RVE phase happens in person, then a card is sent to the user, a PIN mailer is send separately, and the user goes to an ATM to 'bind' the two). You're right - ATMs are not a compelling service delivery point for anything other than cash, and (so far, at least) that does not involve proof of identity... just proof of knowledge of a PIN ;^l
Cancel
"There's more sense in the idea of Chip and PIN in, say, a proof of age situation at a nightclub: the individual shows the card to the doorman to provide a visual inspection, then provides Chip and PIN to prove that the card is legitimate and that they are the holder" A few things for this scenario: Is the photo not going to be good enough for the level of security required to prevent a minor drinking? Clubs are going to invest in the infrastructure to read cards? If kids are going to borrow each others cards (the most likely cause of drink 'fraud') what's to stop them writing down a PIN? Your problem seems to be you are looking for genuine uses for the card to justify the expense - wrong direction friend. The additional functionality isn't in order to be useful it's to get more nuGov pals on the gravy train "There are some really good reasons for having a population-scale authentication mechanism" - not being funny but care to name a few? I've yet to hear one reason which stands up to even casual scrutiny
Cancel
I can imagine nobody I'd be less likely to trust with my PIN even now than a nightclub bouncer, even post-SIA. And if you want to link that to a national ID record? Madness. That's a really awful application example (takes too long per person, huge security issues, fails badly).
Cancel
My take is a public-choice-theoretical variant on Robin's: The biometrics and massive countrywide scanner won't be ready for yonks - if ever - especially since the IPS wants the latter, the really expensive bit, to come out of everyone else's budget. Hence the scheme is in desparate need of something technical-looking to reassure ministers and the more ID-enthusiastic punters that they are at least getting something for their possibly-more-like-£7-billion-and-counting. (There's already been some laundering of the budget through the FCO and the BIA, in relation to resident aliens; maintenance issues on the biographical record are blurred with the stupendous budget of the DWP; and biometric *enrollment* has gone off-balance-sheet altogether by being hypothetically farmed-out to one or more putatively willing retail chain.)
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close