Daily Archives: May 28, 2011

Watch out : the Coalition is laying the ground for a national identity system

The Coalition Government is creating the basis for a national identity system which could evolve into a full blown compulsory identity system including identity cards, although identity cards are not in themselves the main threat to liberty, that being the creation of a database with a great deal of personal information on it. http://www.telegraph.co.uk/technology/news/8526946/Coalition-builds-new-national-identity-system.html.

How is this potential replacement for Labour’s ID Card system being developed? It is ostensibly part of the Coalition’s cost cutting programme. Their ultimate aim is doubtless to restrict access to public services and benefits through websites. In pursuit of this end the Coalition proposes that people wishing to access public services should create a unique personal identifier, with either mutual organisations or private companies such as VISA providing “identity assurance” services. The individual would choose their identity assurance provider. Here is the Cabinet Office Minister Francis Maude explaining the Government’s position:

“The UK coalition government plans to introduce the identity assurance model in August 2012. If all goes well, the government plans to come up with a working prototype of the model in October this year.

“Online services have the potential to make life more convenient for service users as well as delivering cost savings. However, currently customers have to enter multiple log-in details and passwords to access different public services, sometimes on the same website,” said Maude, The Register reports.

“It acts as a deterrent to people switching to digital channels, hampers the vision of digital being the primary channel for accessing government information and transactions, and provides an opportunity for fraudster,” he added. Read more: http://www.itproportal.com/2011/05/20/uk-government-plans-id-assurance-marketplace/#ixzz1Nfqa4pWo

A pilot scheme is due to start in October 2011 and will include “the Department for Work and Pensions’ universal credits, NHS HealthSpace and HMRC’s one click programmes.”   (http://www.theregister.co.uk/2011/05/19/cabinet_office_id_assurance/)

The scheme has nothing like the ambition of Labour’s ID Card scheme, but it is easy to see how it could grow into a fully fledged identity scheme which would be every bit as intrusive as that proposed by the Labour Government. Personal details will be held on the databases run by the identity assurance suppliers and the universal identifier will allow state departments to readily link the data held on an individual by various government departments and databases. It is also likely that every child will have an identifier from birth because they need to access
services such as the NHS and education.

That would be the immediate authoritarian danger. Move the story along a year or two and we see it being made more and more difficult to gain access to public services without using a website. That will mean a universal identifier becomes ever more necessary. Eventually a future government will announce that as, say, 80% of te people eligible for public services have unique personal identifiers, in a ear or two everyone must have them if they wish to access public services. Once hat is done, not having a unique personal identifier will seem odd at best and suspicious at worst. A government will then make the case that it is essential for everyone to have a unique personal identifier so that terrorism, crime in general and immigration can be tackled. They will then make a unique personal identifier compulsory. At that point we are potentially at the scenario envisaged by the Labour Government; a universal database system contain vast amounts of personal data. All that would be lacking is a physical identity card.

The absence of a physical identity card would not in itself be a great check on an authoritarian government because identification by biometrics such as iris scans or fingerprints could be done by machines – it is not unreasonable to imagine technology advancing enough within the next few years to provide the police with biometric scanners linked to a central database which they can carry with them. But before we get to the stage where the holding of a unique personal identifier is compulsory, identity cards may have been issued because the government thinks (rightly) that a physical object will tie people to the idea more than a system held in cyberspace.

There is also the private and mutual sector dimension. A reliable means of identifying people would be very attractive to private companies and not-for-profit organisations (many of which are effectively sub-contracted state agencies). Once the identity assurance system is up and running, there will doubtless be lobbying for the unique personal identifier is extended to them. The likelihood is that the wish would be eventually granted. This in turn would increase the speed of the take up of the unique personal identifiers as it would become increasing difficult
to exist without one. It is also likely that once possession of a unique personal identifier became the norm, insurers who deal with insuring businesses dealing directly with the public will insist on such companies requiring a unique personal identifier before granting insurance. Alternatively they would up the premium for companies which refuse.

The other risk is that data is lost, stolen or sold illegally. That could have immense personal consequences. The greater the need for a unique personal identifier, the greater the opportunity for amassing information about individuals. Imagine a world in which most or all of these were linked: work record, health record, spending patterns, details of civil law actions, police record (which could simply be an arrest from which no trial or caution resulted) and tax details. Should you have a spouse and children, their records might well end up linked to yours.

The Coalition Government will make promises that none of these things will happen, but we all know how worthless such promises are. Nor can any Government bind its successor  because we have no superior constitutional law. All a future government would have to do is introduce new legislation to allow them to do whatever they want.

The time to protest about such possibilities is now, not when the system is up and running. Create the same stink about this as was made about Labour’s ID Card scheme. See  it off now because it will never be seen off once the basic system, is in place.  A national identity system whether officially compulsory by law or made irresistible by public and private administrative  demands becomes a licence to exist in the jurisdiction which insists upon its use.

Below is an article I wrote in 2004 about the proposed Labour system. Its message is still relevant to this new threat to personal freedom.


Published in the July 2004 issue of The Individual, the journal of the Society for Individual Freedom (www.individualist.org.uk)

The practical problems and implications of biometric identities

Robert Henderson

The libertarian and moral implications of ID cards have generated a great amount of newsprint, but much less attention has been given to what biometric based ID cards will mean  in practice or to their practicality. This is a serious deficiency because a biometric-based ID card will be an entirely different animal from any non-biometric-based ID  card.

If it is successful, such a system will give a government unprecedented control of the lives of the individual – the ID card would potentially be a licence to legally exist – and if flawed in operation, cause untold disruption and personal misery.

How effective are biometric data as identifiers?

Biometric identifiers are generally presented to the public as foolproof, Big Brother, sci-fi-style technology. The reality is that there is no biometric identifier which is anything like  foolproof, nor, as we all know to our daily cost, any computer system which does not regularly crash.

What would be the most likely biometric data to be used? Iris scanning, fingerprinting and facial parameter recognition are the frontrunners, either singly or in combination. Facial  parameters are far from foolproof, while fingerprinting, despite what is generally thought, is far from conclusive being decided on points of similarity rather than an absolute individual singularity. One suspects that iris print recognition has similar drawbacks, whatever the “experts” tell us.

Take the expert on biometric testing Professor John Daugman, who is based in Cambridge University. He developed the algorithm for iris recognition. In the Daily Telegraph (12 5 2004) he is reported as saying: “The key point is the relative complexity of the iris, compared to, say, the fingerprint,” explains Professor Daugman, who is based at Cambridge University. “The  iris is much more random and much more complex, so it Is much more likely to be truly unique.” Randomness is measured in degrees of freedom. The face has less than 20 degrees of  freedom. Fingerprints have 40 degrees of freedom, but the iris has 200 degrees of freedom. “If we wanted the face to be as complex as the iris, we would need to have five mouths and seven noses…”

Prof Daugman goes on to say that “The technology has never yet given a false match and we have made millions of comparisons so far,” then unblushingly admits there have been problem with eye lashes and eye malformations. I think we should translate his remark as “The technology has never given a false reading where we have been able to get a readable iris print.”

The Home Office Commons  select committee recently went to a demonstration of iris-scanning. The Daily Telegraph  (7 5 2004) reported: “Members of the Commons home affairs select committee  who tried out the technology yesterday were told that up to seven per cent of  scans could fail.”

I heard a member  of the committee, Liberal Democrat Bob Russell, on Radio 5 (6 May) telling of  his experiences. His iris test failed because his eyes watered profusely.  Russell also said that the test was as intrusive as a visit to the opticians with  lights being shone directly into the eye. He found the experience physically  unpleasant.

DNA analysis – which  would be more certain – is a theoretical possibility, but whether it would be  technically possible now or within the foreseeable future to have a system  which could analyse DNA samples quickly enough is dubious. The person checking an  identity would have to have a means of checking within minutes a DNA sample  taken from a suspect and then comparing that with the DNA record in the central database.

As things stand,   the most likely biometric identifiers on the card and database will be fingerprints  and facial profiling, the latter to act as a decider if the fingerprint test  does not produce a positive identification. The reason why facial profiling  will be probably be chosen in front of iris recognition is that the International  Civil Aviation Authority is pushing for it in machine-readable passports. The problems of  damage and biometric impersonation.

A fingerprint could  be damaged by scarring or a temporary injury. Ditto an iris print. As for  facial parameter recognition, how effective is that going to be as a person ages?  Doubtless the “experts” will claim that basic facial parameters – breadth  of forehead, distance between eyes and such forth – remain constant enough, but  as the system is far from foolproof to begin with – Prof Daugman puts it as the  least effective of the three biometrics being considered – can we honestly be  sure that ageing may not produce sufficient change through, say, muscle
relaxation or gum shrinkage, to distort the face sufficiently to cause a false  non-recognition result?

Biometric impersonation  could conceivably occur with people wearing contact lenses to give a false iris  print (the experts such as Prof Daugman swear blind this would not fool a scanner because it uses infra red which would show up a flat plate , i.e. the  contact lens, over the iris, but you know what experts are like) or having fingerprint  “masks” of someone else to wear on their fingers. Further down the line  surgical techniques, including genetic surgery, could be used to alter  someone’s biometric data.

There is also the  question of technological advance generally. We simply cannot envisage what  advances may be made which will breach what is now seen as a seemingly secure  system.

What of the  robustness of the Government’s computer system? Will it break down or even ever  get to a stage of development where it can go live? We all know what a mess  large government computer projects have been. Why should this, which is even  larger and more complicated than those now in existence, be anything other than  a mess.

Could biometric  cards be successfully forged?

Could biometric cards  ever be foolproof in even the narrow sense of being impossible to forge? Could  forgeries exist? If biometric data are to be stored on a central database which  can be immediately accessed it would be pointless to get a false card if the system  would pick up duplicated biometric data. However, someone, for example, a foreigner,  whose details have never been on the database, could get a card in a false name  using false initial documentation – the initial identification of the person can  only be done by good old fashioned methods such as passports and driving licences.  There is also, of course, the opportunity for bribery of those operating the system.

If the database programme does not have the facility to check new biometric data against that already  on the database, multiple applications for cards under different names could be made.

If there is not immediate  verification of the biometric data by reference to the database, forged cards  could be used because all the card would do is provide whatever data the forger  chooses to put on the card when the card is put into a reader. Moreover, if the  card is simply put into a reader and verified with the data held on the  database, all that tells you is that the card is in agreement with the  database. It does not tell you whether the person who holds the card is the  same person. Thus the identities of legitimate cardholders could be copied onto
forged cards. The only certain way of stopping this would be to read the data directly  from the cardholder and compare it with data held on the central database.

Another problem  would be the possibility of a card forger placing a programme on the card which  would surreptitiously override the application to the central database and  place data contained on the card in the reader in a form in which looked as  though it came from the central database, a trick akin to placing videos in  security systems to give the impression that a surveillance system is working  when it is not.

The initial  identification of those applying for cards

A basic problem of  false identification exists at the point where the person’s identity is to be  established before the identity card is to be issued. Forged documents will be  of the type which are now forged, i.e. without biometric data. Over the  generations this might become a smaller problem as children are registered at  birth, but for the foreseeable future it will be a major difficulty. The initial  registering of the 60 million people in Britain will also be a massive task. Even  if new passports and driving licences are going to require biometric data allowing  the database to be gradually built up over years, that will still leave  millions of people who neither drive nor have passports. The administrative problems of ensuring all those are issued with cards will be immense.

What  non-biometric data could be on the database

It would be  impractical to include data which will regularly change such as a person’s  address or workplace. Yet that is precisely the type of non-biometric data which  is most useful in identifying someone. And what will the police do if they pick  up a suspect but have to rely on the subject to give them an address?

The administrative problems in the field

These are  mind-boggling. Can one imagine the ordinary policeman or immigration officer comfortably  or efficiently using complicated machines to read the data either from the  cards or directly from the cardholder? Or how about every store or bank  requiring one? Think of your average bored teenager serving in a shop and then  let your mind boggle at the idea of them taking an iris print. One can all too easily imagine a situation where using the machine is simply not done because the operator cannot be bothered or does not understand the procedure. British passports  have been machine readable since 1988. How many are ever machine read? Very few. Equally demanding  would be the mammoth task of maintaining literally thousands (potentially tens of  thousands) of machine card readers around the country. The likelihood is that  many would break down and in such circumstances identity checks would simply be  made by a non-id card means.

The potential  practical ill effects of a biometric-based ID card

There are  potentially massive practical problems which could arise from such a card. What  happens if a person’s card is lost or the biometric data used as an identifier  is damaged, e.g. by scarring a fingerprint? How would they actually exist if  the card is necessary for daily living?

The failure rate  for recognition requests would not have to be large to make the security of the  card and its practical use as an identifier problematical. With a database of  60 million (the UK population) even a one tenth of one percent failure would  mean 60,000 potential failures, each of which could be repeated many times if  the card is needed for a wide range of activity which is the Government;s intention.  (A Home Office press release states “crucially, the cards will help people  live their lives more easily, giving them watertight proof of identity for use
in daily transactions and travel” – (http://www.homeoffice.gov.uk/n_story.asp?item_id=91). Imagine that you are one of the  unlucky ones whose biometrics do not identify you positively, being faced over  and over again with the need to prove who you are by other  means.

There is also the  strong possibility that false information will be put into the database. Governments  will not be able to resist the temptation of going beyond the mere  identification of someone. They will wish to store details of other things such as criminal records, health data and welfare take-up.

When an identity  card was introduced in 1939 it had three purposes: to aid the function of  rationing, help conscription and improve security and immigration. When a  Commons committee examined the experience of the ID in 1950 (when it was still  in force) the number of purposes had risen to 39.

One may be  certain that something similar will occur if a biometric card is introduced. Indeed,  the schedule 1 of the draft Bill currently doing the “consultation” rounds  has a long list of information to be included on the ID register. This includes  names, date and place of birth, photograph, fingerprint (and other biometric  information), residential status, nationality, entitlement to remain in Britain and the exact terms of the right to remain and a National Identity Registration  Number. It will also carry a record of any changes made to the Register.

The more  information the more uses to which the card will be put. The more powerful computer  technology becomes, the greater the ease and range of sharing information.

There is also the  possibility that simple error will result in non-biometric data being entered  which will make the identity of the person suspect, eg, the wrong middle name. At  best that would be extremely inconvenient for the individual. Or suppose your health  records have the wrong blood group inputted and you do not know. You have an  accident and are taken to hospital unconscious and the wrong blood is used for  a transfusion?

More generally, what  would happen if the government computer system crashed, either through its own  inherent weaknesses or from a malicious hackers attack? How would the world work if everything has become dependent upon the person’s state stored  identity? The quick answer is the world would not work.

There is also the  question of security. In principle a system could be set up whereby the machine  card readers (or readers of biometric data directly from the individual) could  have varying levels of access. All readers would identify you as the individual  corresponding to the biometric data, but additional information such as health  and credit data would be restricted to those with a legitimate reason to know them. For example, you  go to hospital and their reader will allow them to see what your health data is  but nothing more. You go to get credit from a store and the shop’s reader gives  them access only to your credit status.

Fine in  principle, but does anyone believe that any of the information on the card  would not rapidly become successfully “hacked” by anyone with the necessary  IT skills? There is no reason to believe so because every other “secure”  system to date has been hacked, even those with the highest security.

ID Cards are not  the problem, the database is

Identity cards as  such are a red herring. If the system is sophisticated enough to read from a  database and check it immediately against biometric data taken directly from a  suspect there would be no need for a card because the person would carry his  own identification all the time, i.e. his or her biometric data. It is the  database which is the problem.

The overt  purposes of the proposed card

What effects would an identity card have on welfare abuse, crime, illegal immigration and  security? If the card is voluntary or carrying it is optional, it will little  if any effect on the last three items, for any person stopped who does not have  a card will simply fail to appear with his or her card at a police station within  the seven days as proposed in the draft Bill. However, let us assume that the carrying the card becomes obligatory. What then?

In theory, welfare  benefits, including NHS treatment, housing and education could be better  controlled, but there is the small matter of 400 million odd citizens from  other EU countries to consider who have or shortly will have an absolute right  to benefits in the UK. To those can be added millions more from around the  world from countries such as Australia and Canada who have reciprocal welfare  arrangements with the UK? Will they have to apply for a UK card before they get  them?

Perhaps, but what of emergency health treatment? Would any government, when shove comes to push, have  the will to deny treatment to those without a card? Moreover, what of failed asylum seekers who are not deported because it is deemed that their native  countries are too dangerous to return the failed asylum seeker to? Will they be  denied treatment even where the illness or injury is serious but not immediately  life threatening, for example, if they are HIV-positive?

An ID card is no help in solving crime generally because the police can only arrest or investigate those people whom they have already identified. In theory a card might reduce fraud based on identity misrepresentation, but that assumes private companies will play ball with the Government’s  stated intention that cards will be used “in daily transactions and  travel”. As they all have their own cards and identification systems which are getting ever more sophisticated, it is extremely dubious that they will  willingly add another layer of expensive security to their own.

As for illegal immigration,  a government could make it impossible for a person to work legally in Britain  unless they have a card. However, to enforce that would require an immense  bureaucracy and a willingness to harass both employers and the general public severely. Employers would have to be regularly prosecuted and subject to stiff penalties  for employing illegal labour, while the general public would find that they were  essentially slaves requiring the permission of the state to gain employment. In  fact, if a card was made necessary for not only employment but welfare and  transactions such as opening a bank account or using a credit card, the  individual would effectively require the permission of the state to live. Ultimately,  the state could control people simply by discontinuing money in the form of  notes and coins and making people use cards for all purchases.

As an anti-terrorist  measure it would be pretty meaningless because any visitor to this country will  not have to have an identity card. As tens of millions of visits are made each year,  any terrorist could operate without ever being asked to prove his identity by  any means other than would now be employed. As for any home grown terrorist, they  will be able to get a valid  card and until identified as a terrorist, by which  time identity is established, they will be able to use it to move freely in the  UK. It is also true that once human beings become reliant on machine checks  they tend to treat them as holy writ and become much less generally observant and  suspicious.

What if the  proposed UK system proves inoperable?

The proposed UK  card will not begin to be implemented if at all until 2007 and, even by the  Government’s estimates, it will take many years to establish universal coverage of the UK population. But even if the card is never fully implemented by further legislation the government will have a database with the biometric details of most of the population in a few years through their inclusion on passports and driving licences. This will be shared by government departments and other public agencies. It will be subject to hacking and the corrupt release of
information by those working within the system. If such a system  is implemented I predict that all those who are pro-ID card will be converted  to the anti-card camp the first time they are stopped by the police and asked for it, or the first time their biometrics are checked and show a false negative, or the first time the database crashes and makes transactions  impossible because identity cannot be verified, or the first time that they  lose their card and find their lives in limbo.

Those who are  against ID cards on principle will need no urging to oppose them. But even  those who are in principle supportive of the idea of an ID card – and  regrettably polls consistently show 70-80% of Britons in favour – may still  rationally reject the idea of this card because of the sheer impracticality of the  proposed system and its palpable failure to meet the objectives which persuaded  them to become supporters.

%d bloggers like this: