Technology needed to implement the scheme
When it comes to identity security biometrics technology seems to come top of the class. The Bill would allow for the recording of any biometric. However, no final decisions have yet been taken on which biometric or biometrics will be used. It is in the testing phase of the programme that these decisions should be made. [2]
Biometric technology is defined by three characteristics:
- The biometric identifier;
- The biometric system that processes the identifier; and
- The way social policy relates to the verification of the identifier.
Biometric authentication is defined as "automatic identification or identity verification of living individuals using physiological or behavioral characteristics".
Biometrics work to measure a unique feature or pattern found on the body in a non-invasive fashion, ruling out forensic based practices such as DNA testing. Biometrics rest on the ability of a computer sensor and computer algorithm, through probabilistic means to apprehend a unique individual pattern found on the body - a fingerprint, or image of an iris.
Once the biometric identifier is taken up by the biometric system the signal is translated into a "feature vector". The "feature vector" contains essential characteristics as to the uniqueness of the biometric pattern and is used to match against future patterns or identities that are checked against the systems. This "feature vector" however is not reversible and once it is extracted from the original biometric signal, that original biometric signal cannot be recreated from it (it is recommended by the scientific community is for managers of biometric systems to keep back-ups of all biometric templates in the case of damage to the database).
With these two things, the individual biometric and the "feature template" the biometric system is able to: "prove who you say you are" - by matching to template already in the system; and "prove you are not who you say you are not" by not producing a match within the database of previously included biometrics. Government or social policy can be applied to this by re-attributing personal information of the individual to a "feature template" within a database. This information alongside the "feature template" can be used in the cross-referencing of databases, as in the case of a security operation, in the management of social program, or in just plainly verifying identity. The social policy is completed each time an individual passes through an identity checkpoint, or an individuals identity turns up in the midst of a database search according to some rule or regulation.
How the Identity Card would work within this regime is a biometric - a fingerprint - would be placed on a microchip inside of the card to be used for proof of identity at the National Health Service, for instance. The card holder would then be asked to both swipe their card through a card-reader and place the same fingerprint that is in digital form on the card, onto a scanner. Instead of accessing the central Identity Register, the card holders identity would be matched in front of an NHS employee, by confirming that the biometric on the card matches the biometric, or fingerprint that is resting on the biometric reader.
Factors affecting the Scheme
Since the announcement of the scheme to introduce compulsory biometric ID cards in the U.K, there has been a high amount of opposition towards it. Ministers, Government Officials, Companies, Industry Watchdogs [10] and members of the public have voiced serious oppositions to the new legislation, and have put forward many reasons why the whole idea is and can be impractical, ineffective for the problems it is intended to tackle, and should be scrapped.
Some of factors that are affecting the scheme include:
Cost Issues
A report by the London School of Economics has concluded that the government’s expected cost of £5.5bn for the UK ID card programme could be doubled with the problems of biometric technology. [6]
The study, which drew on the expertise of technology specialists, showed how the government under-estimated the cost of biometric readers and the cost of registering the entire population. It also questioned government estimates for cost of securing the system against attacks and safe guarding personal data and stated that the operational and implementation costs would be much higher than the government has allowed for.
Other research has shown how the government was making the scheme more risky and had almost doubled its cost from £3.1bn to £5.5bn by insisting on a system capable of matching the biometric data against a remote central database, when this was not necessary to simply verify identities. [7]
Neil Fisher, director of security solutions at Qinetiq, urged the Home Office to simplify the design of the ID card proposals.
The focus should be on its core function as an ID card, rather than trying to fulfil a long wish list of objectives, from fighting terrorism and reducing illegal immigration to tackling fraud.
He said "The Home Office wants matching online because it wants to keep an eye on the bad guys and keep an audit trail. But that means talking over the internet to the central database. We are saying it is a step too far," .
He said keeping audit trails would vastly increase the complexity of the scheme but however, criminals and terrorists would simply avoid using ID cards, limiting the value of keeping trails.
There is the opinion that more thought is needed about ways of verifying identities. Even if biometrics achieved 99.999% accuracy, on a database of 100 million people, this could lead to thousands of false matches. Such multitude of errors could cost the government great amounts of money e.g. if an individual is mistakenly accused for a crime because of a mismatch by the system, the government would account for libel payments.
Privacy Issues
The new biometric ID cards scheme is intended to work alongside with a national database of all residents of the UK. The database is expected every individuals biometric data and some of their personal details. With the introduction of the scheme, the police will have new powers to check scene-of-crime fingerprints against the biometric records of the entire UK adult population under the government's national ID card scheme. [8]
The plan has raised questions about the accuracy of fingerprints and whether they are reliable enough to identify suspects in a database of 64 million people.
The proposals contained in the small print of the ID Cards Bill are an expansion of the scope of the ID card programme, introduced by the home secretary to fight organised crime, terrorism, fraud and illegal working.
The ID Cards Bill gives police investigating crimes access to the national ID card database if they are unable to find matches on the police's national fingerprint system, the Home Office confirmed.
The ID cards Bill stated that police retain fingerprints from crime scenes and it would be possible for the police to run checks of this information against the National Identity Register to identify possible suspects in unsolved cases. This would have broader applications than terrorism.
The idea of a National Identity Register has caused an outrage of public opposition, because it is felt that the information held on this database, could be an infringement of their privacy. The major concern has been who would have access to this database of information and what amount of each individuals personal information would they have access to. The scheme is expected to make government more efficient, because information can be stored, accessed and manipulated more easily, and databases can be linked. But although people want efficient government, they don't want lots of civil servants nosing around in the intimate details of their lives; nor do they necessarily want the taxman to know about their health. [12]
Reliability and Accuracy Issues
A study by the London School of Economics(LSE) warned that biometric technology is not a foolproof means of identifying people. All biometrics, including fingerprints and iris recognition, have been successfully spoofed by researchers using relatively simple techniques.
Regardless of its advancements from conventional ID card systems, the Biometric ID card scheme is still seen to have its flaws. It achieved 99.999% accuracy, on a database of 100 million people, which means that there is still space for error. This could lead to thousands of false matches when searches are made in the database.
Ross Anderson, professor of security engineering at Cambridge University, said that matching fingerprints to a database the size of the population would lead to a serious risk of false matches. [8]
Neil Fisher, director of security solutions at Qinetiq, said, "If you have a database of 64 million, the probability that you will get the right match every time is low."
The department said it already had experience of linking fingerprint databases from different suppliers, including linking the police national computer to finger-print databases of asylum seekers.
The current schemes used to monitor criminals and criminal records is often plagued with errors. Last year, the Criminal Records Bureau wrongly identified at least 193 job applicants as having criminal records. If databases talk to each other, such errors will be replicated through the system. A bigger database like a National Identity Register is more likely to have even more errors.[12]
Also in countries where the biometric technology is being used there has been an escalation in the types of crime which are being committed e.g. cutting fingers of for biometric data. [16]
Functionality Issues
The whole idea of introducing the ID card scheme is intended to monitor and prevent any terrorist activities in this country. But the idea of a terrorist actually having an ID card would not exactly stop them from carrying out their intension. An also ID cards will not be issued to a potential terrorist coming over to the U.K under the guise of a tourist. So the argument of the biometric cards assisting in combating terrorist activities is a little far fetched.
Also the Institute for the Management of Information Systems IMIS think biometric ID cards will do little to combat identity theft, fraud or terrorism,
IMIS argue that the government's real priority should be tightening identity checks before issuing passports and driving licences. They claim that biometric ID cards are unlikely to be any better at protecting against fraud, terrorism or reducing crime than the non-biometric cards used in other countries.
They feel the real problem is that current system of issuing passports and driving licences — which will form the basis of the ID card scheme — is open to abuse. The institute believes this raises questions about their value for establishing identity. [17]
Data Protection Issues
One of the many fears of the public in regards to the National Identity Register which would hold data of all residents in the U.K is that the information on individuals could fall into the wrong hands or may be accessed by the wrong individuals.
The database that holds all our details will be an irresistible honey pot for hackers and other criminals, not to mention any state or quasi-state organisation that feels it has a right to dip into our lives. There have even been incidences in the past where the Data Protection Act of 1998 has been breached by even officials in the police [13][14].
Usability Issues
The use of biometric technology could be seen as not catering for every member of society and somewhat discriminate. Hundreds of thousands of people face potentially serious problems in both the creation and use of a national ID card because the government's proposals fail to take account of common disabilities. Biometric technology, such as fingerprint and iris recognition, raises issues for people with various disabilities.
This also means the initiative risks falling into the trap of focusing on the technology rather than the user — a well-known cause of problems in some computing projects.
Research shows that between 2% and 5% of the population will not be able to have their fingerprints taken electronically because their fingers have become dry, or warn with age, manual labour or exposure to corrosive chemicals.
Research has also shown that iris recognition does not work for people with glaucoma or cataracts, blind people or diabetics with severely damaged eyes, potentially representing one million people in the UK. This means iris recognition units might need some form of audio device to help blind people line their eyes up to the unit properly. [15]
Trials have also shown that failure rates for facial biometric systems would mean that every tenth ID card user would not be recognised and would have to be subject to further tests.
Many people, especially those with cerebral palsy, have little control of their muscle movement and will find it very difficult to hold their head or finger still long enough for an iris or fingerprint recognition device. [11]
The positioning of recognition devices and card readers also needs careful thought to cater for people in wheelchairs or with other restrictions.
Such issues would have to be tackled when designing the scheme and this could even push up cost further to ensure they cater for the needs of every individual.
Conclusion
I feel that the scheme to introduce the new Biometric ID cards has both its good and bad points. The benefits of the scheme would help in giving the public more confidence that their identity is secure from things like identity theft and fraud. The scheme would also help the government to monitor individuals’ activities especially those who are thought to be linked with terrorist activities. This will help U.K citizens feel more secure from acts of terrorism because the government would be able to monitor who is coming in and going out of the country more easily.
On the other hand there are a whole list of negatives that could arise from the introduction of the new scheme. Members of the public are like to feel that their privacy is being invaded because the scheme could result to the U.K turning into a Big Brother state. Also there are concerns by the public of who would have access to delicate information which the government require to be in the database about them. Such fears have lead to great opposition by the public, the media and even industry watchdogs.
I feel that the idea of ID cards might be a good idea for the U.K as a method of increasing security but some of the plans which go with the scheme, like the use of a National Identity Database and the making the information on it accessible online, I disagree with. This is because the scheme could lead to mass information of different peoples identity being available to hackers and intruders.
Those who attack the ID plan do so for the right reasons, but they have chosen the wrong target. The real danger lies not in small plastic cards but in huge databases.
Appendix
SWOT Analysis
Strengths
- Increases security from fraud and terrorist
Weaknesses
Opportunities
- it can be used as a replacement for passports and all forms of ID
Threats
- it can still be hacked into and information on it be made vunerable
PEST Analysis
Political
Economical
- cost to implement are very high
- will cost the taxpayer a lot of money
Social
- racial discrimination towards muslims and Asians
Technological
- viruses can affect the database
- compatibility with the supplier database
MOST
Mission Statement
- the tackle identity fraud, and terrorism
- provide a registry of records of all individuals in the U.K
Objectives
- prevent crime and terrorism
- help locate crime suspect
- prevent fraud
Strategies
- using it as an the main identity recognition source in the U.K
Tactics
- allowing the police to use the database
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[11]
[10]
[12]
[13]
[14]
[15]
[16]
[17]
Relevant Sites
