Article - Issue 19, May/June 2004
ID cards: Public interest… or public nuisance?
A report of a meeting at the Royal Academy of Engineering was held on Thursday, 5 February 2004 to discuss the issues and implications of ID cards in the UK. Various key speakers express their opinions of this contentious issue.
‘The UK is one of only five countries in the world that do not have a national identity card. Even the US has a de facto ID card – the driving licence.’ – Dr John Forrest FREng, Chairman.
Stephen Harrison, Head of Policy, Identity Cards Programme, Home Office
Stephen Harrison spoke of the Government’s proposals for a family of identity cards, linked to a central system. Work started in September 2001 in the aftermath of the 9/11 attacks in response to questions to the Home Secretary. A White Paper, ‘Identity cards – the next steps,’ was published in November 2003, announcing a two-stage approach to building a base for a national ID card scheme, which will become compulsory at a date yet to be decided. The first cards are to be issued in 2007/8 to those aged 16 and over and it is proposed that about 80 per cent of the economically active population would be involved within five years.
The Government sees many advantages to the scheme in countering terrorism, controlling immigration, reducing identity fraud (currently estimated to be at a level of at least £1.3 billion a year) and improving access to public services. ‘It’s not a silver bullet for tackling terrorist organisations,’ said Mr Harrison, ‘but it will hinder related activities like money laundering.’
Current costing indicates that the new biometric cards will carry a one-off cost of £73, compared with £42 for a ten-year adult passport at present. The information will be limited to passport-type core personal data on a chip with a photo and no tax or medical records will be incorporated. However, more stringent background checks will operate with more crosschecking of applicants’ information between public and possibly private databases.
The Home Office will run a pilot scheme with at least 10,000 participants to assess the biometric options, which may involve fingerprints, iris scans or a combination of both. Fingerprints are a tried and tested system with links to existing databases but they do have criminal connotations and can require expert interpretation. Iris scans have not been trialled on a large scale but may prove more useful. Government will have to make a business case for the system – at present, there is no budget for providing appropriate readers to collect and check biometric information.
The impending draft legislation, to be followed by three months’ consultation, aims to create a National Identity Register with improved checks on applications for passports and driving licences, including biometric data. There would be a voluntary plain card at first for UK nationals but a mandatory biometric document for non-UK nationals in residence here for longer than three months. It would not be compulsory to carry the identity card. The Government is awaiting the deliberation of the Home Affairs Select Committee and also the outcome of the Office of Government Commerce Gateway Review, which is looking at issues of people and capacity to run the scheme.
Ram Bannerjee, Managing Director, ActivCard
‘You can get a California driving licence for [US]$100, so I am going to debunk a few myths about citizen ID.’
Ram Bannerjee emphasised that smart cards themselves do not increase security; improved intelligence comes from tracking the people who use them, so the use of the card is critical and one needs to bind the individual with the card. A smart card is not a digital passport, but it is a computer and can revolutionise business in the evolving world of e-commerce. The latest technology is not essential, since card systems get old very quickly. The application will outlive the technology so it is critical to consider the platform carefully so it can be maintained and updated. The cost of the card is not such an important factor as often imagined since 80 per cent of the cost will be in issuing and managing the cards.
Identity verification should be separated from applications on the card so there can be easy upgrades. Cards should be contact-free. Contact-based cards do not work for high volume use. Moreover, the database and administrator system is central to the effective working of smart card systems.
ActivCard developed the US Department of Defense ID card, in use by several million US service personnel. It uses an Open Platform to support applications in a Java card virtual environment. A card manager controls support of the platform, then you load applications, creating ’silos‘ of information that different departments can manage with their own ’keys‘. Space was left for new applications and some ’silos‘ are managed locally for individual departments.
The card issuing process was seen to be very important. The US DOD chose to do this on the spot through distributed issuing via laptops. The central database is on the West Coast and certification centre is on the East Coast, with communication done through a secure channel and processes completed in less than ten minutes.
Matt Robshaw, Reader in Information Security, Royal Holloway, University of London
‘Smart cards are old technology and we’re less sure about the use of biometrics.’
Matt Robshaw commented that we are used to the concept of memory cards as bank cards and SIM cards. The trade-offs are well understood, but the chip could just as well be embedded in a ring or key fob. Smart cards are quite limited devices and the security level should be appropriate to the application – we should ask whether the card is safe enough (or fast enough) for the task in hand. Deploying smart cards is not trivial and there is always the question of who will carry the cost. Using an existing or accepted mechanism would be easiest, such as building on the existing banking infrastructure or GSM phones, which have an integrated card reader.
Biometrics might be described as a unique identifying physical characteristic and include fingerprints, iris scans, hand geometry and a hand-written signature. Storing a template of biometric information requires considerable infrastructure. Establishing initial identity when people enrol is critical and the integrity of the biometric must be preserved throughout by a combination of physical and cryptographic security.
The Biometric Product Testing final report was published in March 2001. None of the devices managed to get both <1 per cent false acceptance rate (FAR) and <1 per cent false rejection rate (FRR). Iris scans had very low FAR but still >1 per cent FRR. Thus, 1 in 100 correct attempts will not be accepted as valid.
Fingerprint products seem to give 5–11 per cent FRR and 0.1–1.0 per cent FAR. At least 1 in 20 correct attempts will not be accepted as valid. Up to 1 in 100 false attempts will be accepted. Fingerprints are not ideal – they need interpretation by experts. They are prone to a high false rejection rate and are open to abuse – Matsumoto made fake fingers out of household chemicals and moulded fingerprints onto them.
‘We have been seduced by biological uniqueness, but can the technology live up to it?’
Simon Davies, Director, Privacy International, London School of Economics
‘I’m going to put a spanner in the works – there are big issues here at a societal level.’
Simon Davies commented that a Department of Work and Pensions briefing on a longitudinal study indicated that they want to data-match with the Inland Revenue. This seemed to him to breach the provisions of the Data Protection Act. They have since offered real consultation, which is not the case with the situation on ID cards.
The Home Secretary has thrown out a series of generic proposals. There is a primary driver and lots of secondary ones, often quite sensible, like avoiding duplication. Yet, every government likes to have a ‘Big Idea’ and this one appears to be nation-building. Bob Hawke wanted an identity card for Australians, who initially gave the idea 90 per cent support, but then the Government showed its hand too quickly and campaigners investigated what the card was for. Support quickly became opposition at 90 per cent against and the Australia card was dead.
Many people will be unwilling to offer biometrics. A critical mass of 10 per cent dissenters and 3 per cent outlayers is enough to disable the system. It has also been shown that biometrics can in many cases be spoofed easily.
Simon Davies stressed that the Government must introduce the draft legislation before the process moves to the Committee Stage and concluded by voicing the strongest concern about the increase of central control of information.