Feeds

ID scheme will be a costly, dangerous failure, says LSE report

Misses targets, multiple cost overshoots likely

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

A report published today by the London School of Economics' Department of Information Systems concludes that the proposals set out in UK Government's ID Cards Bill are "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence." The report accepts that a secure ID system could create "significant, though limited" benefits, that many of the objectives of the scheme could be achieved better by other means, and says the cost is likely to spiral to several times the current headline figure.

The LSE study involved more than 100 academics, and is claimed to be the most comprehensive analysis yet of the scheme. It views the technology being proposed as largely untested and unreliable, and says that despite the intended all-encompassing nature of the scheme, it misses key opportunities to establish a secure, trusted and cost-effective identity system. Identity theft could be better dealt with "by giving individuals greater control over the disclosure of their own personal information", while terrorism could be more effectively managed "through strengthened border patrols and increased presence at borders, or allocating adequate resources for conventional police intelligence work."

Cost of the current scheme could escalate in several areas. There could be "substantially higher implementation and operational costs than has been estimated" (this is traditional with UK Government IT projects anyway), while the registration costs for the individual may be higher than expected, and complexities associated with the registration process "may result in registration alone costing more than the projected overall cost of the identity system". The cost to business, downplayed even pitched as a "saving" for business in the Bill impact report, is also likely to be high. Card readers will be more expensive than claimed, and "private sector costs relating to the verification of individuals may account for a sum equal to or greater than the headline cost figure suggested by the government."

Even a UK Government IT project would surely be almost supernaturally unfortunate if it fell victim to all of these overruns, but there's enough there for 'think of a number and keep doubling it' to seem a fair summary.

Aside from the major issues of cost and ineffectiveness, the planned scheme is also legally dubious, clashing with data protection law and and likely to be in breach of the the European Convention on Human Rights and EU freedom of movement principles.

The risk of failure, says the report, is so great that "the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals", and it could make us more, rather than less, insecure: "The proposed system unnecessarily introduces, at a national level, a new tier of technological and organisational infrastructure that will carry associated risks of failure. A fully integrated national system of this complexity and importance will be technologically precarious and could itself become a target for attacks by terrorists or others."

In considering more viable alternatives the report gives particular attention to France's e-government strategic plan, which is intended to be more citizen-driven, and to focus on the provision of user-friendly and accessible solutions within a climate of trust. The proposed French system, which is currently in consultation, envisages multiple forms of identification, emphasises simplicity and proportionality, and is intended to use a federated identification system which allows the individual to use a single identifier to access each service without the Government databases or the federator itself being able to make the links.

The report itself favours this kind of approach, and points out that it is "illegal' not 'sensible' to create a single internal passport just because there is an international imperative to introduce biometrics into border-control systems. It is technologically unremarkable to design an international travel and immigration biometric system, which links to other sector-specific identity systems only to an extent which is foreseeable, explicitly legislated, enforceable, and compliant with European Convention rights." Which, one could note might apply to the activities of Europe's Justice and Home Affairs as well as to those of the UK Home Office. The full report is available here.

Meanwhile the Bill, which is being considered by the House of Lords today, is coming under fire from other quarters. The Association for Payment Clearing Services (Apacs) says that costs could soar above estimates, while The Times reports that the ID Bill will be one of those to fall prior to the election (although the SOCA Bill seems likely to get through if the religious hatred clause is axed. One "member of the Government" indicated to The Times that New Labour saw the killing of the ID Bill as a trap for the Tory opposition. "They assume we want to get all of these Bills. I would sooner go on the doorstep and say, 'If you want ID cards vote for me.'"

Once the election campaign kicks off The Register will be pleased to hear of sightings of major Labour figures saying this, or similar, on the doorstep. We may compile a rogue's gallery. ®

Related stories:

ID scheme to die in pre-election cull?
How Blair high tech 'security' pledge will fix the wrong problem
Tory group report attacks ID scheme as a con trick

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Bose says today IS F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.