U.K. biometric ID card faces questions

March 30th, 2006 in Technology /

The introduction of biometric national identification cards to the United Kingdom now seems like an inevitability. Yet doubts have been raised by a committee in the House of Commons itself about whether existing technology is actually able to handle the ID card scheme, due to be implemented in 2008.

Although the scheme will be overseen by a new independent watchdog, the very architecture of the system itself has been questioned by security experts. Prior to last week, the last consultation on ID cards and potential fraud had been held back in July 2002. But technology moves fast. During the course of the hearings at the House of Commons, The Register Web site reported that the Science and Technology Committee raised its own concerns that those running the ID card scheme weren't sure enough about the tools that they wanted to make the system run and would be led too easily by what industry could provide. No large-scale trial of the technology to be used in the plan has taken place yet either, and the Home Office team couldn't say whether there would be any changes to the technology in the coming seven years. The chair of the committee, Phil Willis MP, said that the committee had been told by the U.S. Department of Homeland Security that the technology wasn't yet mature enough to warrant an ID card procurement.

Directors of the U.K. National Identity Register, whose launch will be tied in to that of the ID card scheme, tried to assuage some of the concerns saying it wasn't that they didn't know what they wanted from the technology, but that they weren't sure how to implement it.

Other countries with ID cards have also faced the problems of creating secure, government-based systems to house the masses of data held. In 1998 the Argentinean government faced a revolt over its proposed plans to allow its upgraded Documento Nacional de Identidad to be manufactured by a consortium led by Siemens Nixdorf. Protestors were upset by the possibility that a private corporation could control the issuing of national identity. Yet the major concern of the House of Commons commission was that, because the government wasn't able to use proven existing technologies, the project would effectively be led by the private sector.

The United Kingdom isn't the first in Europe to introduce ID cards -- France, Germany and Italy all have their own versions, although they vary in how voluntary they are. The proposed U.K. system is however likely to be the most comprehensive, and some say invasive, in the bloc. And therein lies the worry -- each ID card is proposed to hold up to 49 pieces of personal identifying data including national insurance number, passport number, all driving license details and, controversially, biometric data on a microchip. Biometric data is a way of verifying someone's identity based on a body part or their behavior. The best-known biometrics are signatures that are commonly used on driving licenses and passports, and fingerprints. Since 1994 advances in iris-recognition algorithms have meant that iris scans have also becoming a popular biometric method. The uniqueness of iris and retina scans, which differ between identical twins, have made them a popular choice for the U.K. government, which has been keen to use them in the proposed ID cards.

Use of biometric data is meant to go some way to allaying fears about the shrinking technology gaps between governments and organized crimes, where even the most secure cards can be available as blanks shortly after their introduction. This, say the anti-ID card campaigners, is missing the point. There are no disputes over the near-impossibility of replicating iris-scan data -- the real concerns surround the question of how to manage this mass of incredibly sensitive data.

Those security concerns increased further last week with the statement from Andy Burnham, MP, that the less-secure system of PIN numbers could also be used in the cards. This proposal was thought to be a concession to the high costs of biometric readers, which anti-ID card campaigners say would bankrupt the project. The BBC reported that this was, however, according to the shadow home secretary David Davis, a tacit admission that the government was "having grave difficulties in making the biometrics work." Davis said that they had "gone from what they represented as a "gold standard" to a makeshift substitute."

The Identity Cards bill currently exists in a no man's land within the British Parliament, flipping between the peers in the House of Lords and the MPs in the House of Commons. Ministers are threatening to send the bill back to the Lords until the deadlock is broken and the legislation forced through using the Parliament Bill. The BBC reported Home Secretary Charles Clarke as saying, "This is the fourth time that the issue has come back to us from the Lords, and it really should be the last."

Copyright 2006 by United Press International

"U.K. biometric ID card faces questions." March 30th, 2006. http://phys.org/news62943442.html