Wednesday, November 02, 2005

ID cards and the National Identity Register

This post opposes the introduction of ID cards in the UK, by challenging some of the arguments made in support of the scheme.

It is written partly in response to Neil Harding's website, in which he outlines the reasons behind his support for the proposals. (Other sections have been written elsewhere, and are repeated here for convenience).

Comments are very welcome - I would especially appreciate it if anyone could point out any inaccuracies, and similarly if anyone could provide further information or references in support of any points made.

Neil Harding raises many points of interest. I won't try to answer all of them here, but I'll quote a selection of those I thought most important, together with my attempt at a refutation where appropriate.


1) "The main difference as I see it, between supporters of ID cards and those against, is this. I basically believe that our government in the UK, have on balance; the best interests of their citizens at heart. Whereas a lot of opponents see government as evil and corrupt and something we shouldn't co-operate with... [B]asically I believe government represents public opinion and government is an extension of us. We should consider the government as on our side and participate with it as much as we can. This is the best way to improve government... It seems all the objections opponents have to ID cards are, in fact, objections to bad government."

I don't agree. I, for one, do not believe the government to be evil or corrupt. I do see it as being often (collectively) unwise and shortsighted, and sometimes as having little or no respect for the opinions of 'ordinary' people (e.g. the Iraq war: the vast majority of the population opposed Britain's involvement, and the government utterly ignored their objections), but I certainly don't mean to imply that its intentions are bad. It is therefore perfectly possible to argue that a proposed Bill is unnecessary and unwise, without this being an attack on the government as an institution.

2) "Even if the ID card scheme did prove to be a complete disaster and I'm pretty sure that won't be the case. The cost at £5.8 billion is about the same as 1 years spend on the Iraq War.

We have elections every 5 years and it could quite easily be scrapped in the opening voluntary 5 year stage of its introduction if people are not happy. It would not be a massive problem for a trillion pound a year economy to overcome."

Two points come to mind:

i) While that may be true, £5.8 billion is still an awful lot of money! If the purported benefits of the ID scheme are in dispute (which they clearly are), whereas the benefits of allocating this money to the NHS or to education, for example, clearly aren't, then why take the significant risk that this money will be wasted?

ii) Also, in practice, I'd suggest that it's pretty unlikely the scheme would be repealed after that amount of money had been spent on it, regardless of how much of a disaster it turned out to be. There seems to be a prevailing attitude (in business, as well as in government) that having spent the money in the first place, you might as well now make the best of it... so it is doubtful that any future government would hold their hands up, confess that nothing useful can be made of the apparatus in place, and simply dismantle it all (and of course accept the mass redundancies that would follow, when those people brought in to maintain the scheme were no longer needed). Upshot: if the scheme is indeed unsound and needs to be stopped, then it is quite possibly now or never.

3) "ID cards work in practise. Sweden has a compulsory NIR ["National Identity Register"] which brings many benefits. NO2ID oppose a compulsory NIR but cannot answer the question; if it works in Sweden, why not here?" Also: "Why do 21 out of 25 EU countries think its worth it?"

Yes - why do they? Sweden (along with many other countries with ID systems in place) has significant problems with unsolved crime and illegal immigration. Tax and social security fraud are as common in Sweden as elsewhere in the EU; besides which, identity theft is rising steadily in Sweden, just as it is elsewhere. ID cards and registers may perhaps change the nature of certain crimes, but they certainly don't seem to be preventing them.

Indeed one school of academic thought seems to suggest that they may *increase* crime, as career criminals adapt their strategies - see for example this page for one argument in point. Here's an extract:

"Dr Finch points out that identity cards depend on birth certificates, passports and driving licences, ‘all of which’, she says, ‘are easy to obtain in someone else’s name.’ With these pieces of information we will issue ID cards which we will regard as infallible.

‘But you can’t change a bunch of insecure pieces of information into one secure one,’ says Finch. ‘If you do, you run the risk – and it’s a risk the Home Office has acknowledged – that someone else will get in first and register as you. Once your identity has been registered, you cannot register in that same identity – in other words, as you.’"

The mere fact that a lot of other countries have ID schemes in place is insufficient to justify developing one in the UK. Nor is it particularly helpful to refer to the fact that citizens in those countries often have no complaints about the scheme in place: those schemes often began a long time ago under a variety of different circumstances, and evolved into their present form only when their populations were used to them. Sweden is an interesting case in point, since that is the country which Neil Harding refers to as an ID success story: Sweden's national registration system dates back to the 17th century, when it began as compulsary registration with the Church. The register was only secularised in 1991, by which time, of course, the system had become part of the country's cultural heritage. Here's a (perhaps unnecessarily melodramatic) example: it's worth noting that the Hitler Youth (for those children born in Nazi Germany) were for the most part perfectly content with the regime in place: it is human nature to believe that the system in which we have grown up is the right one.

The fact that ID schemes exist in, and are deemed acceptable to the populace of, those countries which have long used them is not, therefore, convincing evidence in support of introducing a new scheme in the UK.

4) "Even opponents of ID cards admit identity fraud cost (latest figure 2002) at least £150 million a year (they also admit this is likely to be an underestimate). The annual running costs of ID cards will be £85 million. So this alone, means ID cards pay for themselves..."

Harding quite rightly states that the £150 million/year figure of the cost of identity fraud is probably an underestimate. However, estimates of the startup and running costs of the ID scheme itself have also varied wildly, so overall we'll perhaps not be too far off if we work with the estimates Harding gives, so: identity fraud costs £150m per year; the ID scheme will cost £5.8 billion to set up, and then £85m per year.

So let's assume for the sake of argument that these figures are correct, at least in proportion to each other, and that the ID scheme will successfully end *all* ID theft (thus cutting the cost to the country, from £150 million per year, to 0).

In this case, the net profit year-by-year, will be £150m (the saved cost of identity fraud) minus £85m (the running cost of the ID scheme), which == £65m per year.

The estimated startup cost we're working with is £5.8 billion, so for this to mean that "ID cards pay for themselves", as Harding suggests, this cost must be absorbed by the savings made. So:

£5.8 billion / £65m == 89.2 (approx)

So in other words: the ID scheme, even using Harding's own estimates, will not pay for itself for nearly ninety years.

Does that seem like a sound investment?

5) On the 'voluntary' phase, and in response to the challenge that the scheme will not be voluntary for passport applicants: "Nobody has to have a passport, so it is a voluntary scheme. I know this is a bit of a cop out, but it is the same argument you use when you suggest it is voluntary to have credit cards or debit cards, bank accounts, use supermarket loyalty cards, the internet, the library etc. etc. [all of which require giving personal information]".

With respect, the right not to register for a passport is not really comparable with the right not to use credit cards, loyalty cards, etc, because there is no threat hanging over us that it will soon become compulsory to use these other voluntary services. Those people (like myself) who are opposed to the ID scheme to the extent that they would consider emigrating to avoid it face this obvious problem: you can't leave the country without a passport, and you already can't get a passport without registering for an ID card. So for those of us whose passports are due to expire soon, what option, in reality, are we being left with? We can't leave the country without registering for an ID card, and if we remain here then it is entirely possible that the compulsory phase will come into force in 2013 and will thus catch up with us anyway. So how is this actually voluntary?

6) In response to the challenge that future governments might be less liberal and could then abuse the information stored in the NIR: "If you are going to assume a Nazi invasion in the future, maybe we should get rid of all our govt's records about us, just in case. Its a bit of an exceptional thing to do. Lets make everyone's lives worse for an indefinite period just in case the worst case scenario ever happens."

Fair point - clearly it is not sensible to base all our decisions on the basis that an illiberal regime may one day, somehow, take power. On the other hand, it is certainly far from impossible that this could happen, so would it not be better to strike a balance? i.e. maximise efficiency as far as possible without developing a system which could one day be abused. In the words of security technologist Bruce Schneier, "It is poor civic hygiene to install technologies that could someday facilitate a police state".

On this point, then: If it is the government's honest view that the nation would benefit from a centralised, universal way of proving identity, age and address, and from having a card and central register which provides an easy method of proving these things, then perhaps fair enough, in principle. However, why is it necessary that the register also store an array of other sensitive information, and moreover an exhaustive list of every time, place and circumstance where the card is used? It is this information - and the profile which it will build up of the individual's lifestyle, preferences and habits - which could potentially be abused in the future. So why not simply have the "ID card" be exactly that: a way of proving ID, and nothing more?

At the very least, there could be an automatic system which expunged records of transactions from the register after a long enough time had elapsed that they are not likely to be needed any more (e.g. five years) - but if the proposal is that this information is to be stored indefinitely, then the obvious question is: why? What is this information actually useful for? If the answer is that, after a suitable period has elapsed, it is unlikely to be used for anything, then surely common sense and good "civic hygiene", as Schneier puts it, would dictate that this data should then be deleted, so as to protect it against the possibility of future abuse? If this modification were inserted, I might - I stress might - be a little less concerned.

In addition to the above suggestions made by Neil Harding, ID cards have also often been cited as providing possible solutions to a number of other problems, so it is worth considering some of these as well:

"The ID system will stop benefit fraud".
I believe the general consensus is that it won't. Quoting Mr. Lilley, in an extract from one of the Commons Debates: "Of the identified frauds and abuse in my Department only 5 per cent. involve abuse through misrepresentation of identity. The bulk of fraud and abuse is the misrepresentation of circumstances of people whose identity is not in doubt... [so the] gains which might come from a compulsory identity card would probably be very small."

In other words, 95% of benefit fraud as it stands currently would be untouched by the introduction of an ID scheme. The ID scheme itself, on the other hand, will cost so much to set up and maintain that it would, again, be decades before it paid for itself, and that's assuming that new forms of fraud don't come along in the meantime.

"The scheme will stop illegal immigration"
How can it? Obviously no one entering the country will have an ID card, and those intending (or claiming that they intend) to remain in the UK for three months or less will not be obliged to get one - so all a would-be illegal immigrant will have to do is to claim they're here on holiday, and then disappear into the woodwork, whereupon they'll undoubtedly find unscupulous employers willing to pay cash-in-hand for work, so the transactions never appear on any record.

"ID cards will help prevent terrorism"
NO2ID's own site answers this point well, here: "Despite evidence that the biggest threat of terrorism is home-grown, arguments that ID cards will ‘protect’ us from foreign-born terrorists continue to grow. This is simply not the case. Foreigners who are in the UK for three months or less will not have to carry one. Three months is plenty of time to arrive, plant a bomb and leave again. To those who are resident and will have to carry them, an ID card will deter them no less than, say, a bus pass."

Another point which has been raised against those objecting to the scheme is this:

"The ID scheme will not demand any more personal information than is already held by the electoral register, banks, phone companies, etc"
This simply isn't true. Quite apart from the biometric stuff and other personal information stored, the register will keep a log of every time you use the card to prove your identity, and so will end up with a very comprehensive list of your habits, preferences and lifestyle (far more comprehensive than is stored on any database at present). There are a number of problems with this: firstly, it's true that different government departments, businesses, banks etc do tend to know between them a great deal about individuals - but that's just it: they only have this relatively complete picture between them. No single organisation has the complete picture stored in one place, and this makes complete identity theft relatively hard. If the Register comes into being and ends up being hacked into (and you can't honestly think this won't happen, sooner or later), then identity thieves can get all of the information they need instantly, from one place.

Secondly, while the government of today may be perfectly honest in its intentions not to sell information to businesses, for example, this is no guarantee that future governments will feel the same way - but by that time it would be too late, as there would already be complete dossiers on file for every citizen. In other words, allowing this scheme to go ahead is to gamble that all future governments will be at least as trustworthy with our personal information as this one purports to be.

So in conclusion: I believe that the supporters of the ID card proposals have failed to make out their case. If the scheme were to become law, it would have an undeniably high cost, both financially and (arguably) in terms of the erosion of the right to privacy. For these costs to be justified, there must be very strong reasons in favour of implementing the scheme. Quite simply, it seems that there are no such reasons, and thus that the government cannot be justified in forcing these costs upon the public.

If you agree, after considering all the arguments on both sides (e.g. I'd advise looking at NO2ID's homepage, as well as the government's own pages, e.g. here, advocating the scheme), then please consider signing NO2ID's pledge refusing to comply with the scheme. Alternatively, if you oppose ID cards but don't feel able to refuse to register for one, you might like to consider this pledge instead. If you have the time, there has been a great deal of useful debate about the issue here, at the first refusal pledge (which was successful, with over 11,000 signatures).

If you don't agree with anything discussed here, please leave a comment and tell me why!

Nic Shakeshaft, 2nd November 2005


Blogger nemo said...

Hi Nic,

I like this post. It's concise well-written and pretty much echoes much of what I believe to be wrong-hesaded about the scheme in general. You're also not the only one to have thuoght about the emigration issue, it's one that vexes me too, and for the same reasons.

I would also add that from a libertarian point of view, the fact that both Ian Whatmore, the Government's CIO and the House of Lords have expressed concerns about the way that ID changes the relationship between me as a citzen and the government, should be some sort of pointer to HMG that something is seriously amiss at this point.

I work in the IT industry and academia and have an interest in this area. A good friend of mine, who works in the area of forensic computing has talked about this problem also in publications and also at conferences wqith law enforcement agancies. One of the points we have both raised is this:

If needing disparate pieces of ID to prove who you are is inconvenient, isn't this actually a good thing? The fact that proving your identity is not trivial makes it harder (though not impossible) for your identity to be stolen. Creating a single point of failure is just asking for trouble.

And when would you use your ID? The age-old point of any system only being as strong as its weakest link holds here. Think where most credit card fraud happens now; not at the major institutions, but in SMEs, who normally don't have the ability to do some of the checking that larger organsiations can. Is this also going to happen with ID, where they may have to rely on sight checks to verify? At that point, even a rough forgery may suffice.

And let's think about pragmatics.
The Belgian ID scheme was also talked about as an exemplar for ours. Belgium has roughly 12 million people, of whom around 10 million are over the age of 16 and eligible for a card. Scaling this up, we would have at least 46-48 million. If we assume that each user will have approx 1Mb of biometric data to be stored, this gives us a minimum storage requirement of over 40Tb of data. And this data has to be quickly able to accessed and changed if necessary. a central system won't really cut this, so it looks likely to have to be distributed. Once that happens we begin to have to think about the problems of integrity and synchronisation. Als onot trivial, and of how many differenet interfaces to the systems will be needed (for example for Police, NHS,courts,DSS,Contributions Agency, Customs and Revenue. And that's before we even talk about local government (some of which says it won't use them). Each of these will have different access needs and permissions. As I said, not a trivial problem and the governemnts recent (and not so recent) record in IT Implementation is not good. Think of the CSA, continual problems with tax systems, the abortive courts system, NHS systems...

Scary isn't it?

11/02/2005 10:01 am  
Anonymous A T Flynn said...

I'm sorry, I do not have a web-page yet.
To get back to the begining of the ID, argument you have to start in the 1990's. In 1998, this , or the government at that time,began to undo what John Majors government had started, it was the "Pathway Project.", It was intended to prevent the fraud in the DSS. The only trouble with that, is the fact that the DSS., is the architect of most of the fraud. There are quite a large number of claimants now receiving more than £1000 each week, but only because they are assisted by DSS., employees.
Enough of this. It only came up because I looked out my post record from the Post Office, and that goes back to at least 1998. That is when our Tone, decided to scrap the Pathway Project. Then in the year 2000, June, a PIU report published, Counter Revolution. Modernising the Post Office Network.Ithas been down hill alll the way since then.
Now let me see. I can't remember the Ladies name at the Cabinet Office, but she was from Washington DC, and she was really helpful.The person who was put in charge of this in the begining, that is, The Integrated Enquiry Service was another Lady, but this time at the Home Office.Her name was PRATIBA MEHTA. The Lady did have a male subordinate but I did not record his name.Oh yes, when I spoke to them, they both said they had no training or experience of technology whatsoever. That was September 2001.
Then came "Horizon", another attempt to bring some security to the DSS., Benefit paments. You would be better off getting Colin Baker to give you his account of the chaos all this caused the NFSP., tel. 01273 452324. It has been the same as this at all stages of this fiasco and it will not get any better no matter how long they keep pushing.
In your report, you remark that it has been said that the sheer size of the project and its complexity is what defeats its completetion and destroys any chance of success. I must say, I am inclined to believe that is the case. Regardless of the fact that, to impose this restriction on a free people is absolutely undemocratic and an imposition on the human rights of all Englishmen. After all, it was the English who established the rights of man, after God. Regards, A T F.

11/02/2005 11:40 am  
Blogger Nic Shakeshaft said...

Thank you both for your informative comments! Let's hope that, if enough people read about these issues and are convinced, we might be able to stop this scheme before it gets off the ground.

ds: I have come across other writers who have referred to the technological IT problems, but never in as much detail. If you have not already done so, would you consider publishing your concerns somewhere with a higher profile, so as to attract the most attention? Alternatively, if you think my original post here could be useful, too, then obviously please feel free to make links to it and refer people to your comment here.


11/02/2005 1:44 pm  
Blogger Neil Harding said...

Nic, nice post. Just a few points.

1. One of the main criticisms of an NIR is that the govt will abuse it. To believe that, you have to believe that the govt have evil or corrupt intentions. If you believe as I do, that on balance they have our interests at heart, then the NIR is not a problem in terms of govt abuse.

2. £5.8 billion is the estimate for the cost of the scheme over the first ten years. The govt estimate that the scheme will recoup its costs after 14 years and from then on be of benefit cost wise.

3. The UK has the highest ID theft in Europe precisely because it doesn't have an ID scheme.

Biometrics will ensure that the number of people on the register cannot be more than the number of people required to register. Compare this to the 85 million NI numbers and only 45 million adults in this country. This suggests huge potential savings.

Biometrics makes multiple identities almost impossible. Remember a false identity is of little or no use to a criminal, it is multiple identities they need. They won't be able to fake their biometric, no matter what name they give.

4. Remember that ID fraud is not the only benefit, there will be efficiency savings in govt as well as convenience benefits difficult to quantify.

5. Are you suggesting its easier to do without a bank account than a passport? I would suggest the opposite.

6. Why does a bank have an audit trail? Shouldn't it just keep a tally of how much money you have? Of course not, it keeps tabs on where and when you spend on your debit card and withdrawal money, because the audit trail is for security and ultimately your benefit. It helps you keep tabs on how and where you spend your money and makes it easier to challenge any mistakes. The same principle applies to the NIR.

7. No-one knows how much ID fraud and ID related benefit fraud goes on because of the nature of the problem. But experience tells us that this 5% you quote is just the tip of the iceberg.

8. Without ID, life will be more difficult for illegals and they will be more likely to be caught.

9. A third of terrorists make use of multiple identities.

10. Apart from biometric details, which are useless to hackers anyway, name something that will be on the NIR that isn't already on a database? The NIR will hold only a fraction of information that is already out there now.

11/02/2005 11:34 pm  
Anonymous Oliver said...

"Mr Blunkett claims that 35% of terrorists use false or multiple identities: which means, by my reckoning, that 65% of terrorists use their own identities. They do so because they are not known to the authorities as terrorists, a factor which can only increase. ID cards may be able to reduce the use of false and multiple identity among British citizens; but the vast majority of Islamic terrorists are not British citizens."
-- Andrew Gilligan, November 23rd 2004 (from an article in The Evening Standard entitled "Why I will never carry an ID card" -- and he's not the only one!)

11/05/2005 2:59 pm  
Anonymous Anonymous said...

I find it interesting that those against the introduction of the ID card and NIR are able to present cogent, well-reasoned and structured arguments while those advocating the things seem unable to do so for more than a few sentences without descending into rather childish ad hominem "yah boo" insults (such as the nonsense about Annabel and Tarquin on the blog to which this is a response). This wouldn't have anything to do with there not actually being a weight of cogent argument in favour, would it?

11/07/2005 3:00 pm  
Anonymous Edward Welbourne said...

Hi Nick,

A few details it may be worth your while to add:

3) Do other countries use ID cards in the ways the UK ID proponents have in mind ? If not, this argument is irrelevant.

I live in Norway, which has an identity card scheme of sorts; I took my card with me when opening my bank account, and did need it for that; but no-one since has asked for it ever.

My bank card has a 'photo of me on the back, and also records my person-number, so it functions as an ID card. All the same, it's seldom used as ID; and neither it nor the actual ID card is part of a huge and complex government database that cost giga-pounds to set up. So the proposed UK scheme sounds much more intrusive than what we have here (and more likely to screw up).

4) It is worth repeating something you said in the previous section: that the evidence from other countries, with ID cards, is that they don't have any impact on identity fraud; consequently the ID card scheme will not actually reduce the amount this problem costs - in fact, it'll increase the costs by 85 mega-quid.

But your pay-back time argument is sweet ;^)

5) You make an important point, but it's worth being clearer. If I refused to use credit cards, I'd have to carry around hard cash all the time: and I do really have that option. It might be inconvenient, but I would lose none of my freedom to do other things thereby. If I chose not to have a UK ID card, I shall be denied access to international travel and I really do not have that option in the modern globalized economy.

It is also worth noting that I have several choices of where to get my credit card. Consequently, if I have doubts about the competence or ethical goodness of one credit card company, I can shop around. If significantly many of the public value their privacy, credit card companies will be subject to a market pressure to respect it (or, at least, not violate it too flagrantly). With the UK ID card scheme I have no such choices.

I also have the liberty to have several credit cards. I could keep the one with a huge credit limit somewhere very safe and insist on a low credit limit on the one I take everywhere, for example – this would reduce my exposure to credit card fraud. I could use different credit cards for different sorts of transactions to limit the extent to which corporate database trawlers can discover more about me than I feel comfortable with. With a single ID card, I have no way to limit the scope of harm that may arise on loss of what (by taking it with me everywhere) I expose to the greatest risk of loss, nor have I any way of ensuring folk who have no business prying into my life also have no means to do so.

Your point about the emigration issue is good. I should add that, even if you manage to get out before you need a new passport, the scheme effectively insists that you take up some other nationality when your passport expires, since it may be a bit difficult to live where you've moved to without a passport for some nationality.

6) It should also be borne in mind that the nation doesn't have to be wholly taken over by the Nazis for abuse to happen. It suffices to have a few nasty folk in positions of trust within the system; or, indeed, someone penetrate its security and obtain unauthorised access.

To Nick's response:

1) see above. The government may be generally benign, but stray invdividuals involved in operating the infrastructure can still cause plenty of harm.

3) Establish the causal link ! The UK has no ID scheme, but there are plenty of other things that may be contributing to our higher ID theft. Post hoc is not necessarily procter hoc.

Consider an alternative hypothesis: the UK has the highest ID theft in Europe because it engages in far more credit card transations with the USA.

Also, by "highest ID theft" do you mean: total number of instances across the whole population; number of instances per capita; number of instances per credit card transaction; ... Public discourse would work so much better if folk would state their statistics clearly (and cite sources).

4) if you can't be specific or quantify alleged benefits, they're a poorer argument than the quite specific and well-documented succession of failed government IT projects which suggest that there will be huge losses of efficiency ...

5) No, he wasn't suggesting that it's easier to make do without a bank account. Ease or convenience wasn't the point: obstruction of a basic liberty was. Passports are a pre-requisite of crossing international borders: a bank account isn't a pre-requisite of buying goods. One only suffers inconvenience – and that directly proportionate to and consequent upon the choice – by giving up bank accounts, not a loss of basic liberty. Magna Carta promissed me the freedom to travel to other lands, but I am now forbidden to do so without a passport. It is dishonest to describe the ID card as "voluntary" when it's being made a prerequisite of exercising a basic freedom.

6) Does a bank keep its audit trail into perpetuity ?

7) No-one knows how much impact the ID card scheme will have on identity fraud; but experience shows that it'll be less than is anticipated by its proponents.

No-one knows how much it will cost to implement and run the ID card scheme, but experience leaves no credible doubt that the governments prior estimates fall be woefully short of the final tally.

No-one knows all the ways the system shall be abused, if implemented, but history teaches that expansion of state interference in public life leads to inefficiencies and loss of freedom.

8) In the presence of the ID system, life will also be more difficult for honest citizens, for legal immigrants and for refugees who opt to do without the ID card.

9) 100% of terrorists make use of documents which purport to establish their identity - ban passports, credit cards and ID cards now ! Oh, hang on, that flavour of statistical argument might be bogus, like outlawing cars because most terrorists use them.

Are there folk making use of multiple identities in ways that aren't criminal ? What proportion of the uses of multiple identity are harmless ? This is the statistic you need (i.e., if most uses of cars were as get-away vehicles for burglaries, restrictions on car use could thereby be justified; but even if all burglars use cars as get-away vehicles, such restrictions would be misguided otherwise).

10) Access to biometric details shall be useful to hackers - write access, most obviously. But read access can be abused too: finger-print scanners can be tricked by a fake, for which a nice high quality image of the target's finger-prints would be rather crucial.

Also, in a huge enough database, the hacker can search for who is a close enough match to their biometric to be safely impersonated. Verifying biometrics is imprecise: the tests will thus be configured to balance an acceptable false reject rate (which can be measured in the field, since the folk rejected then find some other way to prove the machine was wrong) against reasonable false accept rates (which can only be measured in the lab). So our hacker can hope to find someone matching him closely enough that the test kit has a fair chance of falsely accepting him.

More importantly, the mafia or terrorist organisation can do a birthday attack: the lone hacker has a respectable probability of finding no good enough match to himself but if he's got several people to check for, the probability that none of them is well-matched is significantly smaller (just as the probability that a class of 23 contains two students with the same birthday is one in two, though the probability that any two share their birthday is only one in 365 and a bit).

Asking to name something that isn't on some database somewhere already indicates that you've missed the point that was being made: with the NIR, it'll all be on one database, all in one place. A one-stop shop for government (no matter how sweet and benign) is also a one-stop shop for those who shall abuse the system.

[Note to site maintainer: use of <i> was producing curious "/* markers (double-quote, slash, star) in place of the text I tried to put in italics, at least in preview mode. Attempted example – yup that worked. Also, once your form has helpfully told me I can't use <q> markers, and I've changed them to quotes, it should remove the warning when I next preview !]

11/07/2005 9:25 pm  
Blogger Nic Shakeshaft said...

Many thanks to everyone for their very informative comments (and I'm very sorry for not replying within any reasonable period of time...).

I notice that Neil Harding, the author of the blog supporting ID cards to which this post was a reply, has changed his mind (not as a result of this post, I hasten to add!) and now opposes the ID scheme, at least until technology improves. I quote:

"I think the government are going to have to come to the same conclusion as me, sooner or later. I can't see how there can be anything other than a massive climbdown. Following from this, I also can't see how the new passports can be made to work properly either."

For the post in question, see his blog.

In my view, it is very big of him to admit to changing his mind when faced with evidence he couldn't ignore. So: one down, a few million left to go!

12/02/2005 1:33 am  
Anonymous Peter Usborne said...


Thanks for your post - I am currently completing my major in a Graphic Design degree. My unfortunate task is to brand, prmote and create awareness for the 2008 ID Scheme - so your comments have been of much use to me. In response to your views, i would ask you the following:

"Do you think there would be as much negative attitude towards this scheme if the government had made some sort of effort to re-assure the British public? For example, after appropriate advertising and branding - the 2012 Olympic 'Back the Bid' campaign succeeded in rallying over 90% of London's support. Could the same be (have been) done here?"

It is nice to see an informed and diplomatic approach to this subject for once - so thank you, you have been of much help.

1/05/2006 11:10 am  
Blogger Nic Shakeshaft said...

Peter Usborne: Many thanks for your comment! I'm delighted that you found this post helpful. Apologies for the delay in replying - I have been stranded without internet access for some time.

The only answer I can give is that it depends on what you mean by "re-assure". If the public's concerns are valid, and if (as I believe) there are no acceptable ways to overcome the problems foreseen, then clearly there can be no way for the government to give reassurance - the simple fact would be that people are *right* to be critical, and nothing the government could possibly say can change that.

However, experience shows that it *is* perfectly possible to *deceive* the public with enough targetted propaganda. In this way it is certainly possible for the government to give the *impression* that they are answering the concerns raised, without actually doing so.

I realise this isn't a very constructive response, but it's really the only one I can give!


1/07/2006 7:22 pm  
Anonymous BuzzGraphics said...

If you have an opinion about ID cards, or even if you don't - please register your vote online at . You can still make a difference!

1/31/2006 7:04 pm  
Anonymous endless_psych said...

i) While that may be true, £5.8 billion is still an awful lot of money! If the purported benefits of the ID scheme are in dispute (which they clearly are), whereas the benefits of allocating this money to the NHS or to education, for example, clearly aren't, then why take the significant risk that this money will be wasted?


OK 5.8 million on more hospital managers or school administrators. 5.8 million on goverment sponsored health initiatives that have no recognisable effects. Whatever you spend government money on people can view it as a waste of money.

Bank cards are pretty much compulsory* and with the advent of debit cards banks and other private financial institutions can build up very very detailed pictures of your financial activities. Where you shop, where you withdraw money, where you have been, where your going? Is that not more worrying than them holding information abouty your fingerprints and retinal pattern?

(*If you want to work and also if you want to claim benefits.)

However the majority of the financial arguements you propose are the reasons I would agree with to opposse the id cards.

2/14/2006 7:18 pm  
Blogger Nic Shakeshaft said...

endless_psych, thanks for your comment! I see that we agree on opposition of the scheme, albeit perhaps not for all of the same reasons, but I'll try to answer your points anyway, if only because I enjoy arguing. :)

1) Of course it is certainly possible to spend £5.8 billion on health or education and still for it to be wasted. However, if this sum were used for health or education and still wasted, this would be because it was ineptly spent, and not because the whole underlying concept was fatally flawed from the outset. What I meant to say here (and perhaps didn't express well) is that it is possible to spend this money on health or education and for it not to be a waste of money. To spend it on an ID card scheme which is not capable, even if it works perfectly, of achieving any of the intended aims, makes it certain to be wasted.

(It was billion, by the way, not million. Of course this figure is in dispute, with the government usually pitching their estimates far lower, and with others - e.g. the LSE report - far higher, but £5.8 billion was the figure used in the blog with which I was specifically arguing, and it seems a reasonable compromise between the two extremes).

2) (Re bank records). I agree, of course, that it is practically impossible to live in the modern world without a bank account, and that the information banks hold is (arguably) far more damaging than biometrics could be. However, there are several important ways to distinguish banks' records from the audit trail proposed for the NIR. Firstly, any citizen can choose, if they so desire, to have several bank accounts with different institutions, and to split their activities between these various accounts, such that no one institution has any complete record of their dealings (and indeed there are clearly defined legal regulations preventing institutions from pooling this information without the individual's consent). With the NIR, all of this information would be stored in one place, and would thus (for example) present a far more convenient and tempting target for abuse.

Secondly, I understand (correct me if I'm wrong here) that banks are not permitted to retain their records indefinitely, such that if an individual closes an account, the information will eventually expire and have to be deleted. There are no plans for the audit trail of the NIR to expire in this way - even when so many years have passed that there can be no legitimate reason (e.g. for security) to justify its retention.

2/15/2006 2:06 am  
Anonymous Tina Louise said...

Hi Nic,
I was just reading your intelligent responses on pledgebank regarding the ID cards and followed here. You are an excellent writer with a clear and concise style that coupled with your obvious knowledge - makes for a great read. You give my arguments against the ID card some strength. I knew I opposed them but had a hard time explaining the why - you provided it very well, thank you :)
Tina Louise

2/18/2006 10:24 pm  
Blogger Nic Shakeshaft said...

Hi Tina,

Many thanks for the compliments! I'm very glad you found this post useful.


2/19/2006 2:13 am  
Blogger Nic Shakeshaft said...

Update: the 'refuse' and 'resist' pledges are now closed. NO2ID have promised to offer more opportunities soon for people to register their support for the campaign, so if you want to help, please keep an eye on their website for forthcoming information.

5/07/2006 11:09 pm  

Post a Comment

<< Home