Many experts in biometrics have suggested that the aims for the ID card scheme outlined last week by Home Secretary David Blunkett have already raised doubts over whether the system can be delivered in the form proposed. Central to the plans are specific objectives: the prevention of terrorism; tackling ID fraud and serious organised crime; countering benefit fraud and illegal working.
It is a brief many experts claim is far too wide to guarantee meaningful success, especially as concerns linger about the government's ability to deliver large IT projects.
Part of the problem is the government's focus on using ID cards for restrictive purposes, rather than as positive devices to enable online public services, according to Nick Kalisperas, e-government programme manager at supplier trade body Intellect.
Kalisperas has been outlining the potential benefits ID cards could have for e-government, and how the availability of new technology could foster electronic retail activities.
Storing ID card information with the Sim card of a mobile phone, and taking advantage of so-called near field communications, a new technology being developed by Philips, would effectively turn a mobile into an electronic wallet.
Research already indicates that people are happy to use Pin codes on their mobile phones and relate to them as personal devices, and would not be resistant to a biometric identifier.
Smartcards represent another possible technology solution, explained Peter Cattaneo, director of Java Card Business at Sun Microsystems.
He claimed that much of what Blunkett wants to achieve could be done very easily on a 32Kb smartcard, with biometric ID, driving licence information and a health record only taking up about 7Kb of storage.
Belgian authorities have already gone ahead with an electronic ID scheme, but one based on the use of ID as an e-government enabler.
Bart Vansevenant, director of European security strategies for Ubizen, which runs the Belgian scheme, insisted that the aim was simply to develop access to government services electronically.
He believes that the UK proposals seem to be a response to US anti-terrorism measures - US authorities are introducing a requirement for visitors to have a biometric-enabled passport by October 2004 - and that the UK should follow the idea of ID cards for government-enabling.
"The amount of people you catch will not be worth the price of the infrastructure," said Vansevenant.
"The reasoning of the UK is all following 9/11. If you look at this from a distance and look at the goal, I'm afraid a lot of money will be wasted. The real cost will be much higher than any of the figures currently being suggested."
Some critics claim that there are still shortcomings with the biometric technology being considered. Fingerprints can be susceptible to occupational hazards, while anybody is vulnerable to cuts and scrapes on their fingers.
Face recognition systems often need the person to replicate the pose they originally struck for the photo. And iris scanning is expensive, and can be affected by medicines and illness.
Iris scans make a mistake once every five million readings; not a problem on a small-scale system, but given the likelihood that using ID cards to guarantee identity would be adopted by the business and retail sectors, those error rates would be overshot on a daily basis.
Similar error rates could be encountered in other fields.
Peter Dorrington, head of fraud solutions at data analysis specialist SAS, said that the ID card is certain to become universally requested by business.
He suggested that the real Achilles heel of the current thinking on ID cards is the creation of a central database and the use of information.
"If there is a central database it will present a new and undreamed-of opportunity for crime," he warned.
"The larger the network, the more difficult it is to protect with the need for a matched level of investment to protect the infrastructure."
Focus is the key, according to Dave Birch, of Consult Hyperion, a digital identity consultancy that advised on the Hong Kong ID card system which has the task of controlling population movements across the Chinese border.
"If this technology were used in the right way it could be very positive; it could actually be privacy-enhancing," he said.
In the Belgian ID card scheme, the aim is to foster contact with government services. In the UK, explained Birch, the most contact a citizen has with government is at the local level, with more than half of transactions involving booking leisure centre facilities.
People become suspicious when the government tries to extend and centralise that contact.
"If you put too much information in a central database then at some point someone is going to make the case that they should connect to it for some other purpose," said Birch.
Quelle: Vnunet, 24.11.2003
