Identity card plan ignored fatal flaws

Ministers and civil servants swept fundamental problems with the ID card database blueprint under the carpet and approved a development plan that would prove so unfeasible it had to be torn up after government IT experts had worked on it for three years, Computer Weekly has learned.

Ministers and civil servants swept fundamental problems with the ID card database blueprint under the carpet and approved a development plan that would prove so unfeasible it had to be torn up after government IT experts had worked on it for three years, Computer Weekly has learned.

Documents on which ministers based their decision to go ahead with the flawed plan, obtained by Computer Weekly in a Freedom of Information request, said it contained "no showstoppers", even though there were numerous significant obstacles for which no solutions were found and which would prove to be insurmountable.

The documents show how, following intense pressure over the future of the ID scheme in 2006, the Home Office committed to a face-saving system design that sounded cheap and simple on the face of it, but turned out to be too complex and costly to carry out. Ministers committed publicly to the system design in the 2006 ID Scheme Strategic Action Plan before they knew it was deliverable. Favourable feasibility studies were then produced with an order that alternatives could not be considered.

The face-saving plan involved re-using the Department for Work and Pensions (DWP) Customer Information System (CIS) database as a core component of the ID card scheme. Feasibility reports produced by the DWP and Home Office approved the design despite failing to address obstacles that evolved into showstoppers, including inter-departmental disagreements over funding, inadequate resources and security flaws that could undermine public trust in the scheme.

These problems were raised repeatedly by the Independent Scheme Assurance Panel, the project's watchdog, but the Home Office did not admit they were showstoppers until the plan was ditched in January 2010, the date by which the Identity Cards Act required the system to be fully operational. The coalition government subsequently scrapped ID cards upon taking power in May.

An advisor to the scheme, who asked not to be named, told Computer Weekly the ID scheme database plan was presented as a fait accompli and political pressure required it to be carried out before it had been properly thought through.

A senior civil servant, who took part in approving the plan, said departments were reluctant to expend too much time and money exploring the feasibility of the project, if there was a possibility it still might be cancelled.

"It's quite normal to develop the idea so we believe it is likely to be practical. There was at that time a kind of balance where myself and the team felt we were on course to a practical way forward, but hadn't gone through all the detail," he said.

"We didn't want to incur the time and cost of going through the detail unless we knew that ministers were likely to give the go-ahead to proceed."

He admitted that ministers and civil servants knew their decision to proceed with the plan would be irreversible. But he said: "I can't recall there being any pressure to make a decision other than what was right on a cost/delivery basis."

Edgar Whitley, reader in information systems at the London School of Economics and an ID scheme expert, said after reading the reports that something as high-profile and challenging as the ID card scheme should have been properly assessed for its feasibility and not based on advice that may have involved "giving the minister what he wants to hear".

"How poor can their feasibility assessment have been if they didn't spot something that, three years down the line, turns out to be a showstopper? Or was it being driven by political pressures to have a lower cost and nominally lower risk alternative?" Edgar Whitley said.

"That either means they had to say that to get the political will to get it approved, or they didn't do their analysis very well. Both of those are very worrying."

Click here to read the full analysis of the flaws revealed by the ID card scheme papers >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close