Every time that any group of independent experts with any real academic knowledge or practical business experience take a look at the Labour Government's disastrous ID Cards and centralised biometric database National Identity Register scheme, their conclusion is the same - yes, safeguarding people's individual identities from abuse by criminals etc. is important, but the Government's scheme will not do what they are claiming, and there is a significant risk that it will make things worse, at vast public expense.
The latest such group, who are Government appointed and funded, have had their report published, grudgingly and without any Government publicity:
Independent Scheme Assurance Panel Annual Report for 2007 (.pdf)
The Panel consists of:
John Clarke | John F Clarke is currently CIO for Nokia, having previously been Director of Group Technology & Architecture for Tesco. |
Brian Collins | Chief Scientific Adviser, Department for Transport. Chair of the Biometrics Assurance Group. Professor of Information Systems at Cranfield University. |
Alan Hughes | Alan Hughes is a non-Executive director of IPS. He was Chief Executive of First Direct Bank and in charge of Marketing for HSBC in the UK and Europe. He is currently a member of the Advisory Board of Leeds University Business School and a visiting lecturer at Warwick University. |
Malcolm Mitchell | Malcolm Mitchell has served as IT Director and Director of IT Technology Strategy for Vodafone and IT Director for Research and Development at Glaxo. He currently is IT Investment and Service Management Director at BAA. |
Peter Simpson | Peter Simpson is an independent marketing consultant, a member of the Institute of Direct Marketing Education Council and served as Commercial Director for First Direct Bank. |
Fergie Williams | Fergie Williams has been CIO of Travelex, HSBC Europe, and Merrill Lynch HSBC. |
These are people with real experience of technically sophisticated and large scale public facing IT projects. They are of an entirely different, much higher calibre, than the inexperienced civil servants, the hand waving management consultants and unproven technology salesmen and the political apparatchiki who seem to be the proponents of the current National Identity Scheme.
This Panel does appear to have read the Top Secret Business Case for the scheme, and have also been briefed on the latest Ultra Secret Office of Government Commerce Gateway Stage 0 Review report of the Identity Cards programme, which the Home Office and the Treasury have been wasting so much public money on legal fees to delay the publication of, thereby making a mockery of the Freedom of Information Act promise of "open government".
- 13 February: The meeting focussed on the usage and benefits of the Scheme and the Panel discussed the Business Case and the potential infrastructure of the Scheme.
- 5 March: The Panel reviewed the second version of the Business Case in detail, received an overview of the Gateway 0 process and discussed the issues they were likely to raise with reviewers.
The IASP's most striking recommendation, is one which implies that despite the years of footling about and the tens of millions of pounds spent on Consultants and Civil Servants working on the scheme, fundamental issues have still not been adequately planned for.
Why would the IASP have to bother making any recommendations about Integrity and citizen protection, at this late stage, unless the current plan is totally evil or entirely absent, in this regard ?
3.7 Integrity and citizen protection
The integrity of the Scheme and trust in it are essential, yet it will never be free of errors (for example, the biometric matching services will always return some matching errors). Public trust in the Scheme will be dependent on the protections within the Scheme from misuse of personal data, and the diligence with which mistakes are corrected. It will also depend on the public's understanding of these and the Scheme's limitations.
The Panel suggests confidence in the Programme would be fostered if the Programme made clearer its commitment to protect citizens' data, stated how it will ensure this data is protected, and set out what means of redress a citizen may have if mistakes over the updating, management or disclosure of their data are made.
Specifically:
• The tolerance to data errors for the whole Scheme and for the needs of its users must be defined.
• Integrity must be 'designed in' to the processes and organisations that are being built, as well as the technology.
• There must be robust, well-respected ways to detect and correct errors, with the priority to protect citizens and insulate them from cost and inconvenience of errors.Accuracy tolerance
Providing data integrity and proper data governance (see section 3.1 above) are dependent on one another. The Scheme must deserve the public's trust in its governance, storage and handling of personal, sensitive data, and must demonstrate and communicate why it deserves this trust.
The Scheme will be subject to data errors and errors in decisions made. It is important that the Scheme's levels of tolerance to the various probable kinds of error are defined. The Panel has not yet seen the work plan for the development and implementation of identity assurance and data management standards,policies and processes although we have been advised that this work is on schedule.
The principal external examination of the Programme's biometrics work in 2007 was done by the Biometrics Assurance Group. Their work will be covered in detail in their Annual Report2. Biometric technologies will gather momentum over the coming years and we can expect improvements in technology and a deeper understanding of the management and operation of biometric systems. To remain at the forefront of biometric matching accuracy, the solution used by the Scheme must be adaptable to both changing needs and changing technologies and should therefore adopt an aggressive technology refresh process.
Control by process, not individual or technology
Because of the Scheme's proposed use of biometrics and the relative novelty of this technology, this is a frequent target of scrutiny. However, identity verification is a process, and should not be dependent upon any one piece of data (biographic or biometric) alone. It is already difficult successfully to pretend to be someone who has a 'rich' biographical record - provided the verifying organisation does adequate checks. Care must be taken that confidentiality and integrity are supported by proper processes and policies and are not over-dependent on technology.
There are also areas of risks associated with the operation of the Scheme which the Panel suggests should receive more analysis. For example, based on the likelihood that the Scheme will aggregate a lot of valuable data, there is the risk that its trusted administrators will make improper use of this data. Again, correct design of the processes and procedures used by administrators are the preferred means of addressing this risk.
Redress
Public confidence in the Scheme will depend on knowing that, if a mistake is made, there will be swift and competent action to correct it. This needs to have protection of the citizen as its priority with the benefits of data accuracy to Government and commercial users being secondary. The importance of this in building confidence and engaging the public in the Scheme suggest that IPS should specify the framework for redress and correcting errors well in advance of the Scheme's launch.
Given the bureaucratic hell which the Government has created with all of its other inaccurate National Databases, e.g. tax, social security, criminal records, Automatic Number Plate Recognition and DNA profiles etc., it is the lack of humane, easy to use, effective, cheap, friendly mechanisms of redress for the inevitable errors and mistakes which is what really engenders fear, loathing and hatred of the National Identity Scheme and of the politicians and others who are trying to inflict it on the public.
Where are the prompt and fulsome public apologies for such mistake, made by senior officials and politicians ?
Where are the resignations with honour, of such officials and politicians when things go wrong ?
Where is the swift and generous financial compensation and free advice and counseling, for the innocent victims of such Government database "collateral damage" ?
Access to the the supposed Legal system and the Courts is not a fair, just or viable option for most people, as there is deliberately an inequality of arms. in terms of legal fees available to private individuals and the Government.
"...Integrity and citizen protection, at this late stage, unless the current plan is totally evil or entirely absent, in this regard ?"
I go for entirely absent, having followed all of this for a considerable time. But don't expect an ID card to be directly useful to the majority of us - in its current form, it isn't actually intended to be. Look for the other things sheltering under the same umbrella.
The Gateway 0 review was expected to be somewhat irrelevant by now (because of major changes to the programme), so one wonders why they they mentioned it...
Brian Collins is one of the few good things about DfT at the moment, but I wish that he was more visible. However, I do hear of some changes at DfT at the end of this month, and hope that they do some good.
Reasons why proposed ID cards should not be implemented at any cost.
Proposed ID cards will work great for large organisations (such as air-port etc.) where everyone concerned is on the database and every point of transaction has reading equipment.
Nationally it is virtually is impossible to satisfy both these conditions and hence it is obvious that these ID cards will fail.
How will these cards work where there is no reading equipment? This shows that rather than deterring these ID cards will divert identity fraud.
How would we stop fraudsters from using fakes of these cards as IDs where there is no reading equipment? How would these cards deter ATM fraud?
It would cost us fortunes in fines if we fail to correct any of our personal details.
To deter fraudsters from misusing our stolen personal and card details the government and banks have the option to exploit ID KEY system described on website www.xwave.co.uk Unless we make signature and PIN systems reliable as proposed, fraud crimes will just continue to grow. Government and banks should realise that their data protection and Chip and PIN systems are not deterring fraudsters.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.
@ dreamingspire - the original Gateway Stage 0 reviews and the "Unofficial pre-Stage 0 reviews, may well be out of date, but how do we, the public. know for sure, since they are being kept so secret ?
The OGC gateway Review process allows for the Stage Zero Reviews to be repeated several times during a project, and, presumably they need to do this again before to issuing Invitations to Tender etc,
The Government should really be at Gateway Review Stage Three by now, but clearly they are still not ready for that:
@ Roger - the "ID Key" scheme fails, just like the Government's ID Card scheme, to offer any protection for online web or mobile phone transactions.
It also suffers from the need for a vast infrastructure of physically secure and tamperproof kiosk terminals (just like the NIS, which does not budget for these in its cost guesstimates).
The stickers look relatively easy to forge, and there is no easy way for a retailer to verify them before handing over valuable goods to a fraudster or thief.
Retailers and banks are increasingly dropping Cheques a a form of payment, and Chip and PIN credit cards would seem to make the whole idea of the "ID Key" scheme redundant.
The Guardian has a discussion thread with comments by "policywatcher", who goes through the Independent Scheme Assurance Panel report in detail, translating it into "plain English", starting at comment number 61
[hat tip to Guy Herbert at Samizdata]