This week the all-party Commons Home Affairs Committee announced an inquiry into the government's proposals for a biometric identity card and a biometric element in driving licences and passports. The MPs want to examine the government's draft bill - and in particular 'the practical issues involved in the ID database and biometric identifiers' and 'the security and integrity of the proposed system.'
The committee has called for written evidence by 5 January and for initial suggestions about questions to put to a pre-hearing with Home Office officials to explore the issues by the end of this week.
In the final part of the series, we look at some of the key questions still remaining.
Are we rushing into the scheme because of external political priorities?
Officially, this has been strongly denied, but experts contacted by Computing - many with have high level contact with the government - believe demands that all travellers to the US must have a biometric ID in their passports by 2004 have been, at least, a strong influence.
The legislation, a direct result of the attack on the World Trade Centre is enshrined in two US bills, the Enhanced Border Security Act and the Visa Reform Entry Act, has coincidentally arrived at the same moment that the technology necessary to implement the cards is reaching something approaching maturity.
The government seems to have grasped the opportunity with both hands seeing undreamed of opportunities in the technology to solve terrorism, crime, benefit fraud and illegal immigration and develop UK Plc.
Moves in the European Union to develop Europe-wide driving licences, health cards and a possible Euro-wide ID card mean that rapid deployment of the technology could give those UK businesses involved in the development of the scheme a massive technological advantage over competitors.
Already the UK Government is exerting pressure behind the scene on both the Belgian and French governments to convince them to drop the schemes already developed in favour of the the as yet undefined UK solution.
Is biometric technology really yet up to the task of a national ID card?
Maybe. The technology is reaching maturity, but only just.
CESG, the arm of GCHQ advises the Government on technology, is so unsure of biometrics it has not issued the long awaited Memorandum 28, which is meant to recommend a biometric for internal Government use.
The advice from CESG is that no biometric technology is mature enough and suggests waiting for three years to see what happens.
A recent Government's Security Enforcement Notice on biometrics suggested that none are yet sufficiently robust enough for internal government use concluding that no commercial products should be used because they were not considered secure enough.
Such hesitancy over biometrics is backed up by Marek Rejman-Green of BT Exact and Tony Mansfield of the National Physical Laboratory, the two individuals chosen by the Government to advise it on the feasibility of the technology for ID cards.
'We advised the Government that it was just about feasible but that there were a lot of ifs,' said Rejman-Green, who also sits on the European Biometrics Forum.
How confident should we be about a central database?
The Mansfield Rejman-Green study concluded that £500m alone would be necessary just for the creation of a biometric database.
According to Rejman-Green, the favoured biometric option would involve holding two fingerprints on each ID card, which could be matched on a simple fingerprint reader. Access to the central database would only being necessary for the purpose of issuing the biometric ID cards.
But another so far unmentioned issue would be the office space and security implications necessary for enrolment onto any new database.
The potential costs are huge, requiring the Government to set up and secure its own office space. The implications for Post Offices are also huge, if they are to be secure centres for issuing Ids.
Will biometric options be politically or financially acceptable?
Iris scanning may be the preferred option but the costs are high. On current prices charges could range between £3-£12 per person just for the scan.
That leaves the government with the more tried and tested option of fingerprints - politically a more difficult option, according to Richard Boothroyd, a principal consultant for Fujitso Services' Information Security Practice.
'Research suggests that the public at large are more resistant to fingerprints because of associations with crime,' said Boothroyd.
There are also question marks about the security of fingerprints.
'If the Government don't get the security side of this right then they could bring down the whole system. That should be the chief Government concern. If there is any suggestion that the database is flawed or accessible in any way the Government would have a huge credibility problem on their hands,' said Boothroyd.
Quelle: Computing, 03.12.2003
