Feeds

ID scheme will be a costly, dangerous failure, says LSE report

Misses targets, multiple cost overshoots likely

  • alert
  • submit to reddit

Build a business case: developing custom apps

A report published today by the London School of Economics' Department of Information Systems concludes that the proposals set out in UK Government's ID Cards Bill are "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence." The report accepts that a secure ID system could create "significant, though limited" benefits, that many of the objectives of the scheme could be achieved better by other means, and says the cost is likely to spiral to several times the current headline figure.

The LSE study involved more than 100 academics, and is claimed to be the most comprehensive analysis yet of the scheme. It views the technology being proposed as largely untested and unreliable, and says that despite the intended all-encompassing nature of the scheme, it misses key opportunities to establish a secure, trusted and cost-effective identity system. Identity theft could be better dealt with "by giving individuals greater control over the disclosure of their own personal information", while terrorism could be more effectively managed "through strengthened border patrols and increased presence at borders, or allocating adequate resources for conventional police intelligence work."

Cost of the current scheme could escalate in several areas. There could be "substantially higher implementation and operational costs than has been estimated" (this is traditional with UK Government IT projects anyway), while the registration costs for the individual may be higher than expected, and complexities associated with the registration process "may result in registration alone costing more than the projected overall cost of the identity system". The cost to business, downplayed even pitched as a "saving" for business in the Bill impact report, is also likely to be high. Card readers will be more expensive than claimed, and "private sector costs relating to the verification of individuals may account for a sum equal to or greater than the headline cost figure suggested by the government."

Even a UK Government IT project would surely be almost supernaturally unfortunate if it fell victim to all of these overruns, but there's enough there for 'think of a number and keep doubling it' to seem a fair summary.

Aside from the major issues of cost and ineffectiveness, the planned scheme is also legally dubious, clashing with data protection law and and likely to be in breach of the the European Convention on Human Rights and EU freedom of movement principles.

The risk of failure, says the report, is so great that "the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals", and it could make us more, rather than less, insecure: "The proposed system unnecessarily introduces, at a national level, a new tier of technological and organisational infrastructure that will carry associated risks of failure. A fully integrated national system of this complexity and importance will be technologically precarious and could itself become a target for attacks by terrorists or others."

In considering more viable alternatives the report gives particular attention to France's e-government strategic plan, which is intended to be more citizen-driven, and to focus on the provision of user-friendly and accessible solutions within a climate of trust. The proposed French system, which is currently in consultation, envisages multiple forms of identification, emphasises simplicity and proportionality, and is intended to use a federated identification system which allows the individual to use a single identifier to access each service without the Government databases or the federator itself being able to make the links.

The report itself favours this kind of approach, and points out that it is "illegal' not 'sensible' to create a single internal passport just because there is an international imperative to introduce biometrics into border-control systems. It is technologically unremarkable to design an international travel and immigration biometric system, which links to other sector-specific identity systems only to an extent which is foreseeable, explicitly legislated, enforceable, and compliant with European Convention rights." Which, one could note might apply to the activities of Europe's Justice and Home Affairs as well as to those of the UK Home Office. The full report is available here.

Meanwhile the Bill, which is being considered by the House of Lords today, is coming under fire from other quarters. The Association for Payment Clearing Services (Apacs) says that costs could soar above estimates, while The Times reports that the ID Bill will be one of those to fall prior to the election (although the SOCA Bill seems likely to get through if the religious hatred clause is axed. One "member of the Government" indicated to The Times that New Labour saw the killing of the ID Bill as a trap for the Tory opposition. "They assume we want to get all of these Bills. I would sooner go on the doorstep and say, 'If you want ID cards vote for me.'"

Once the election campaign kicks off The Register will be pleased to hear of sightings of major Labour figures saying this, or similar, on the doorstep. We may compile a rogue's gallery. ®

Related stories:

ID scheme to die in pre-election cull?
How Blair high tech 'security' pledge will fix the wrong problem
Tory group report attacks ID scheme as a con trick

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.