Delay in ID cards scheme presents chance to avert disaster, say experts

Clearer understanding of goals is essential, warn suppliers

The government's plans to roll out biometric identity cards by 2008 are, by its own admission, looking increasingly shaky.

The £5.8bn project has been put on hold until at least the end of the year, while home secretary John Reid completes a wide-ranging review of the Home Office's priorities.

The review, revealed in Computer Weekly last week, follows the release of e-mail exchanges between government officials, who raised concerns that the project was in serious trouble and unlikely to meet its 2008 deadline.

The Home Office is using the time between now and the autumn, when the review will be complete, to reassess the ID card scheme.

The ID card procurement programme, which was originally expected to begin in the spring, has now been postponed until the end of the year and may not take place until 2007.

The delays mean that it is now impractical for the government to meet its deadline for rolling out the first ID cards in 2008, said suppliers' trade association, Intellect.

"It is not feasible to start procurement at the end of 2006 and to start ID cards in 2008. You have to have enough time for testing and piloting to make sure that everything works," said Nick Kalisperas, director of Intellect.

Nevertheless, the review has been welcomed by suppliers and industry observers, many of whom see it as necessary to avoid another government IT disaster.

"I think the timetable is less important than getting it right," said Pauline Neville-Jones, chairman of the Information Assurance Advisory Council, a public/private sector think tank.

"It is trust in the integrity of government and confidence in the efficiency and effectiveness of government that is at stake."

Jerry Fishenden, national technology officer for Microsoft, said that the delay could only be a good thing. "A project of this scale has to be right. By comparison, IT projects in companies and government departments are small fry when set alongside the scale of this programme," he said.

Neil Fisher, vice-president of identity management at Unisys, said, "I understand that they are doing more research into how to drive down the risk of the programme. That actually means they will have a better thought-out procurement strategy than they have now."

Industry observers are hoping that the Home Office will use the review to clarify exactly what it wants from the ID card programme - a move that is essential if suppliers are to come forward with sensible solutions.

"The government has not said what they are trying to do. Worse than that, they have said seven or eight different things they are trying to do. And each time they are challenged, they back off and say they are trying to do something else," said Martyn Thomas of IT industry think tank the UK Computing Research Committee.

"Delaying the project, given where they are now, is a very good idea. The right thing to do is to state the problem they are tying to solve in as much detail as they know, and to put forward the reference architecture and analysis that leads them to believe that the ID card architecture is the right way to solve it," he said.

Robin Wilton, corporate architect for federated identity at Sun Microsystems, agreed there were still a lot of questions to answer before suppliers could put forward a valid ID card solution.

"We have drawn up a technical architecture to say this might be what we would put in place. But there are still gaps in it. We need to know more about the underlying rationale of the project," he said.

The Home Office should use the breathing space afforded by the review to integrate the ID cards programme more closely with the rest of government, said Intellect.

Kalisperas said it made no sense for the Cabinet Office to be developing a separate government-wide Identity Management Strategy while the ID card procurement was going ahead.

He called on the government to be more open, and to begin communicating with suppliers on exactly what it wants from the ID card programme. He warned that it would be a mistake to push ahead with a simplified ID card programme without proper consultation with industry.

"You can only have a simplified card if there is a basis for upgrading it in the future. It needs to be future-proof. It may be that if you have a scaled-down version of the card not as many suppliers will bid for it, or it will change the procurement."

ID card technology

National identity register

  • Will hold records on the UK population
  • Will record digital fingerprints, images and iris scans
  • Will operate 24x7
  • Response rate of 15 seconds
  • Register will record an audit trail every time the ID card is used
  • Government will charge companies to verify identity of the public
  • Public will have no right to see who has been checking their files, unless they appeal to the information commissioner

Biometric readers

  • Fingerprint and iris scanners will be needed to verify ID remotely

ID cards

  • Home Office favours simple design that will feature a digital photograph or picture plus two fingerprints
  • Negotiations underway with banks to make cards compatible with chip and Pin

The shifting shape of the ID card programme

The project that is likely to emerge from the Home Office review will be simpler, less risky, and will be rolled out more slowly than the IT industry has been led to believe.

One of the options on the table is to delay plans to roll out ID cards across the whole of the UK population, and trial the cards by issuing them to foreign residents initially.

The Home Office also aims to simplify the cards so that they will contain only a limited amount of biometric data. This may be restricted simply to a digital photograph, or a digital photograph plus two biometric fingerprints.

Under this scenario, the cards will become less important than the National Identity Register database as a means of verifying an individual's identity.

The register will retain a record of iris scans, 10 fingerprints and digital facial images of all the population, which can be used to verify the identity of a member of the public, whether or not they carry an ID card.


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Read more on IT risk management