Mission impossible? Blunkett's big biometric ID adventure

Why it can't, won't work

  • alert
  • submit to reddit

Boost IT visibility and business value

Today UK home secretary David Blunkett rolled out his plans for national ID cards. They will cost "£35" over a ten year period for individuals, but will be free for "all those who do not want or need a driving licence or passport" (which means they're already compulsory for these two groups), and the add-on cost, based on the assumption that passport and driving licence will go biometric anyway, will only be £4. Blunkett claimed support of 80 per cent of the public for this £4 bargain, which will nevertheless look remarkably like an extra £35 on passports and driving licences.

In his statement to parliament he also seemed to suggest that costs might be offset by "benefits in the commercial world". Which could be both a worry and a script for disaster, depending on what he means.

But earlier Blunkett put his personal ID card stake in the ground. Biometric identifiers on ID "will make identity theft and multiple identity impossible, not nearly impossible, impossible." That one's tougher to stand up than you think, David, and we're going to hold you to it.

Blunkett was speaking to BBC Radio 4's Today programme, where we believe he has a camp bed, prior to making the statement to parliament on his ID card rollout plans. After what have been described as "brutal" meetings on the subject, Blunkett has secured cabinet approval in principle for a compulsory national ID card, but the final green light for this is contingent on a number of criteria being fulfilled (more details of these here).

Blunkett's championship of biometric identifiers has become increasingly evident as discussion of ID cards has proceeded ('progressed' would we feel be the entirely wrong word), and this morning he has nailed his colours to the biometric mast even more emphatically. Which is appropriate, because successful implementation of biometric identifiers would prove his case, while on the other hand that very successful implementation is going to be hardest of the criteria to fulfill, by a long chalk. Will it be impossible? Read on, then you decide. Note also that Blunkett and the government (and indeed many other governments) are proceeding on the assumption that biometrics are going to be introduced for passport and driving licence anyway, so even if a national ID card scheme were abandoned forever, now, the challenges, and the costs of meeting those challenges, would still exist.

And when the government's deciding a few years down the line, remember what he said: "not nearly impossible, impossible." 'Good enough', 'near enough' will not do.

The first rollouts of biometrics for the general UK population will be in passports, then in driving licences. These are currently the two most reliable pieces of government-issued identity in the UK, but in both cases genuine documents exist which support false identities. It appears that it's even still possible to use the birth certificate loophole exposed by author Frederick Forsyth in the Day of the Jackal in 1972, and fake driving licences are readily available.

These 'relatively reliable' documents are currently used to provide proof of identity in order to obtain one another; a driving licence helps you get a passport, a passport helps you get a driving licence, and once you've got both you're pretty nearly real. National insurance number? No, there's a very good reason why the Home Office is not mooting the use of the current generation of national insurance number as a reliable basis for a unique ID system. The point here is false identities on real documents are already in the system, and that for Blunkett to achieve his "impossible" goal these will have to be shaken out. If the next generation renewal turns out to be simply adding bearer's biometrics onto an existing ID, then it will merely strengthen existing false IDs.

So far so easy, we're only talking about the UK, where the problems may be difficult, but not insuperable. We'll move out into the European Union as a whole now, and consider how you tackle multiple ID while we're about it. States within the EU need to be able to issue ID documents that use documents from other EU states, and the records of other EU states, for their verification. So Blunkett's confidence in the integrity of UK-issued documents can only be as high as his confidence in the reliability of the least reliable documents from any other EU state. No name-calling necessary here, obviously it varies, obviously the speed of implementation of relevant EU rules and directives varies, and obviously newer entrants to the EU will be less likely initially to be in the top ten.

Overcoming difficulties of this sort is again not impossible, but quite clearly high levels of standardisation in documentation and the integrity of issuing authorities throughout the EU will be necessary to achieve "impossible." And, when you consider multiple identity, high levels of data sharing.

How do you use biometric identifiers to make the issuing of multiple identity documents impossible? The biometric database, of course, which is why Blunkett is so keen on getting this set up. But you can only check that the individual in front of you is not in fact several other individuals as well if you do a look-up. At which point you arrive at an upward scale of hardness. For UK issued documents you can compare what you have locally (two pieces, mind, document and actual person have to match) with what you have on file. Determining that you do have something on file means the document is genuinely issued, determining that you (and the rest of Europe) don't have several different IDs with the same biometrics means you don't have multiple IDs present, at least at this level.

Obvious questions dealing with how you do the matching and how reliable the matching can be arise. Obviously you don't do it all every time a document is presented, but the system does require that it's all done sufficiently frequently to catch frauds. Against what would effectively have to be the giant database of the biometric identifiers of everybody in Europe, with each single identifier absolutely verified, no mistakes or frauds in issue. And with all of this shared by every authority in Europe.

The word "impossible" does start to spring to one's lips at this juncture, but not quite in the sense that Blunkett meant it.

Do we need to move out into the rest of the world? Probably not. For the sake of argument we might as well presume that the US is capable of setting up systems that are just as effective as Europe's, and will participate in the biometrics data-sharing arrangements (N.B, 'for the sake of argument' is not the same as 'lay odds on'). And the rest of the world? How confident can you be that documents from anywhere in the world have not been issued fraudulently? How effectively can you match what purports to be a genuine document with a record which may (or may not) be held anywhere else in the world? How effectively can you ring-fence issuing authorities you don't have confidence in? How do you set the boundaries?

How, indeed, do you achieve "not nearly impossible, impossible"? Mission impossible? Note also that all of these difficulties exist before you even consider whether or not it will be possible to forge the new class of ID document. Will this too be impossible? ®

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.