ID card plans are too complex and too expensive, government is told

Government plans for a national ID card scheme, voted through in the House of Commons last week, are too complex and too...

Government plans for a national ID card scheme, voted through in the House of Commons last week, are too complex and too expensive, former government research organisation Qinetiq has warned.

Qinetiq, which advised the Home Office on the development of the ID card scheme, also raised questions about the reliability of the proposed biometric card-reader infrastructure.

Neil Fisher, director of security solutions at Qinetiq, urged the Home Office to simplify the design of the ID card proposals.

The focus should be on its core function as an ID card, rather than trying to fulfil a long wish list of objectives - from fighting terrorism and reducing illegal immigration to tackling fraud.

The government was making the scheme more risky and had almost doubled its cost from £3.1bn to £5.5bn by insisting on a system capable of matching fingerprints, iris or facial images against a remote central database, when this was not necessary to simply verify identities.

"The Home Office wants matching online because it wants to keep an eye on the bad guys and keep an audit trail. But that means talking over the internet to the central database. We are saying it is a step too far," Fisher said.

Keeping audit trails would vastly increase the complexity of the scheme, Fisher said. However, criminals and terrorists would simply avoid using ID cards, limiting the value of keeping trails.

More thought was needed about ways of verifying identities, Qinetiq said. Even if biometrics achieved 99.999% accuracy, on a database of 100 million people, this could lead to thousands of false matches.

Power outages, communications failures, fires or other disasters could also disrupt access to the central database, which would become a key part of the critical national infrastructure. But there has been little public discussion of business continuity, said Fisher.

CCTV could be matched to ID data >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.