U-turn cuts risks of ID card scheme

Plans for population database and iris scans dropped, deadline pushed back, but security and confidentiality demands will be met, says Passport Service chief

The Home Office was quick to deny a u-turn when it published its new Strategic Action Plan just before Christmas.

But it is clear that the national identity cards project will now be radically different, and simpler, than originally envisaged. In the words of one industry commentator, “It is a u-turn of giant proportions.”

Out go plans for a purpose-built population database and proposals to record the iris patterns of 60 million people. And the timetable for the mass roll out of ID cards has been quietly moved from 2008 to 2010.

The result, said James Hall, who took over as chief executive of the Identity and Passport Service last autumn, is a project that is far less risky and yet will still meet demands for security and confidentiality. And it will run on existing government computer systems.

The long-standing objectives to reduce crime, terrorism and identity theft remain. But now government officials are talking much more about using ID cards as an ¬“index” to ensure that every Whitehall database is kept up-to-date.

The importance of this task to government was trumpeted by the prime minister Tony Blair last week when he highlighted the advantages to the citizen of government departments sharing records of individuals. “This is about data sharing in a sensible way so that the customer gets a better public service,” he said.

The rethink follows concerns raised behind the scenes by civil servants over the complexity of the scheme, and widespread scepticism among system suppliers.

Add to this pressure from the Treasury to rein in the costs of ID cards and tackle benefit fraud by improving the accuracy of government data, and the scene was set for a u-turn.

By last summer, the Home Office had ordered a “root and branch” review of the project. What has resulted – the National Identity Scheme, as the project has been rebranded – is much simpler and less risky, Hall told Computer Weekly.

“The key is to make sure we first reduce all the risks and challenges of timescale. And, secondly, we should to some extent swallow some of our own medicine and make sure we are using existing assets where we possibly can,” he said.

The new plan calls for the biometric and biographical details of the 60 million ID card-holders to be held on existing government databases, rather than the purpose-built National Identity Register originally planned.

Biometric fingerprints and photographs will, at least initially, be stored on Immigration Service computers. These will be linked to biographical details held on the Department for Work and Pensions’ national insurance number database, known as the Customer Information System.

Separating the data in this way will make it more secure, allowing biometric data to be held “discretely in a very secure way”, said Hall.

He stressed that there were no plans to use existing, often inaccurate, data on government systems, but to gather the ID cards data anew.

“We are re-using the technology and the operational capability, but we are not reusing the data. We will continue, as we enrol people into the scheme, to enrol the data afresh,” he said.

The second big change is that the government has greatly simplified its plans for storing biometric data. Iris prints, which have proved complicated and difficult to record, have been dropped from the scheme. Individuals will still have all 10 fingerprints taken but it is likely that only two fingerprints will be recorded on the ID card itself.

“We believe that, for what we want to launch in 2009, the two biometrics, the facial biometrics and the fingerprint, both of which we would want to capture anyway for passports in that same timeframe, are going to meet our requirements,” said Hall.

“We would undoubtedly procure the biometric storages in a sufficiently practical way so that if at some future stage we wanted to add iris scans or any other biometric, we could do so. The plans for if and when we would do it are not precise yet.”

So, despite the years of planning that have gone into the ID cards scheme, the details of the programme still need to be fleshed out. Some of the possible steps are dependent on feasibility studies, and there will need to be a new round of consultation with IT suppliers before the project is put out to tender in the spring.

The business case for ID cards has also been updated, and it will be subject to independent scrutiny through the Office of Government Commerce Gateway review process in the early part of this year.

“What we want to do is to take the architecture, which is alluded to in the document but not set out in any detail, and to flesh that out. This is work that is currently under way,” said Hall.

“But we still need to finalise exactly how we are going to procure the biometric storage. We would like to give the marketplace some flexibility to come back with what it believes is the best solution, subject to the architectural model we are considering.”

Hall said there were likely to be between five and 10 different procurements over the course of the project. These will begin in the spring with a contract for biomet¬ric matching and storing and a con¬-tract for the ID card application process.

The Treasury’s Crosby Review of identity management, commissioned last year, will also influence the final shape of the programme. Hall said it would provide valuable insight into the demand by businesses for identity checking services.

“In many ways, I see the Identity and Passport Service as an identity utility. And what Crosby is doing will start to help us get a sense of the size of demand, the capability within the private sector, and the characteristics we are going to have to meet to fulfil that demand,” he said.

Hall would not be drawn on whether the ID cards programme, as originally developed by the Home Office, would have met the tough targets expected for it.

“We never destruction-tested it. An alternative was emerging which was lower risk, probably lower cost, and I have not gone back and done a  full option analysis of the two alternatives. I think this is a sensible, lower risk way to go,” he said.

Government moves the ID goalposts

The government’s Identity and Passport Service has rebranded the ID cards programme as the “National Identity Scheme”.

The project is wider than the original ID cards programme, drawing in a range of biometric projects under a single banner. These include biometric visas, residence permits, and passports, and the Home Office’s Project Iris trial, which is designed to allow frequent fliers to fast-track security checks at airports.

The decision to widen the scope of the ID cards project to include previously separate but related projects, means that ministers can also claim that it remains on track, since some parts of the wider programme will go live in 2008. This is in line with the original ID cards programme schedule.

However, mass roll out of ID cards to the UK population will not happen until 2010 under the latest plans – some two years later than originally planned.

More information

Reid puts brake on ID cards

The troubled ID card project

Identity and Passport Service

The Crosby Review

Comment on this article: computer.weekly@rbi.co.uk

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close