UK Compulsory National Identity Cards (ID Cards)

Biometrics

Update 25/5/2005:
The government has published the results of the passport office (UKPS) biometric trial. The trial shows conclusively that biometric technology is not yet ready for use on this wide a scale. Of the three biometrics used, even the best - iris scanning - had a 4% verification failure rate (9% in disabled people). Fingerprint recognition had a failure rate of 19% and facial recognition a failure rate of 31%.
Imagine if you had a one in twenty-five chance of being stopped from boarding a plane or refused medical treatment because your iris verification failed.
Imagine the queues at the airport - or even at Tescos.
You can download the full report at: === SORRY, LINK NO LONGER WORKS ===

Biometrics - fingerprints, iris scans, face recognition etc - will be a central element of the proposed compulsory National Identity Cards. Biometrics provide the final element of "three factor authentication": something you have (card), something you know (PIN) and something you are (biometrics).

Supporters of Identity Cards seem to have been enchanted by the technology. It's true that biometrics can be very useful on a small scale, for example in companies or high security areas to limit access to a resource to a small group of people. When it comes to a nationwide scheme there are serious issues.

It seems likely that the preferred biometric will be an iris scan, however the questions below apply equally to all forms of biometric identity:

How will the data be collected?
It seems unikely that the Government will put expensive iris scanning devices in every Post Office. Therefore the likelihood is that scanning will take place at hospitals. Millions of people will have to make an inconvenient visit to a possibly distant hospital and put a huge extra burden on an already over-stretched NHS. How long will the queues be?
How will the data be verified?
Biometrics only work when the biometric data is reliably linked to identity. In other words, when I go to have my iris scanned it will be necessary for me to prove who I am. How will I do this? What if I don't have a passport or driving licence? Biometrics are only useful if identity can be ensured when they are recorded. Yet if we already have a reliable way of proving identity, why do we need ID cards? There is a logical paradox here.
When will be the data be checked?
Having biometrics on an Identity Card is useless unless that data is checked. Sure, airports will have expensive scanners - what about other places? The Government plans for ID Cards to be used in place of credit cards. Will every supermarket till and every corner shop have an iris scanner? If not then the biometrics add no extra security at all.
As for preventing illegal working, does the government propose that every small business should fork out for an expensive iris scanner? Or will job applicants be routinely frogmarched to the local police station with all the extra drain on police resources that would entail?
Will the data be stored centrally?
If your biometric data is to be stored centrally then it will require a huge investment in technology to allow for the constant stream of real-time checking that will be required. What happens if the network goes down? We've all tried to get cash only to find the cashpoint network is down. If the ID network goes down then the country stops.
And what if the central database becomes corrupted (it will)? Losing your password is bad enough, if your biometric data becomes corrupt you're in real trouble - biometrics are the one password you can never revoke or change.
Will the data be stored on the card?
If biometric data is stored on the card, what is to prevent a criminal/terrorist from creating an ID Card with your name and their biometric data?
The answer usually given is PKI. The combination of identity and biometrics will be digitally signed. However this idea itself raises a number of issues:
- Where will the signing take place? Handling millions of cards centrally is impractical, therefore it will have to take place at local level. This means many more opportunities for the signing key to be compromised. Currently banks, financial institutions, etc have extremely tight procedures regarding use of their signing keys. Can these really be applied to every sub post office?
- And what exactly does happen if (when?) the signing key is compromised, be it through human error, technology failure or advances in CPU power? How will the government revoke and replace a key used in millions of pieces of plastic? And how will the country function whilst this is being done?
- What is to prevent a distributed brute force attack? Extremists could undoubtedly arrange for a large number of computers to work together over the net. It might take six months or even a year - and we'll never know when they've succeeded.

Until the proponents of Identity Cards can answer all those questions, there is a huge question mark hanging over the use of biometrics on such a large scale.

Only the technically naive can believe that it will be "impossible" to fake ID Cards. Difficult, yes, but organised criminals and terrorists have huge resources and great incentive.

In fact biometrics could be worse than useless. If people don't understand the technology and simply believe "It's biometric so it's secure" then the Cards could in fact introduce a false sense of security and allow a fake ID Card to pass unchallenged.

Latest:
A Computer Weekly article concludes that biometrics are 'not yet ready to secure corporate IT'. If they're not ready to secure corporate IT, what chance have they got of securing a whole country?

This detailed article from The Economist discusses biometrics and concludes that they will be ineffective: The emerging use of biometrics They conclude that biometrics today will not work but if/when the technology improves: "privacy, as it has existed in the public sphere, will in effect be wiped out".

UK ID Cards - Introduction

Contact Trevor Mendham