Feeds

ID scheme will be a costly, dangerous failure, says LSE report

Misses targets, multiple cost overshoots likely

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A report published today by the London School of Economics' Department of Information Systems concludes that the proposals set out in UK Government's ID Cards Bill are "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence." The report accepts that a secure ID system could create "significant, though limited" benefits, that many of the objectives of the scheme could be achieved better by other means, and says the cost is likely to spiral to several times the current headline figure.

The LSE study involved more than 100 academics, and is claimed to be the most comprehensive analysis yet of the scheme. It views the technology being proposed as largely untested and unreliable, and says that despite the intended all-encompassing nature of the scheme, it misses key opportunities to establish a secure, trusted and cost-effective identity system. Identity theft could be better dealt with "by giving individuals greater control over the disclosure of their own personal information", while terrorism could be more effectively managed "through strengthened border patrols and increased presence at borders, or allocating adequate resources for conventional police intelligence work."

Cost of the current scheme could escalate in several areas. There could be "substantially higher implementation and operational costs than has been estimated" (this is traditional with UK Government IT projects anyway), while the registration costs for the individual may be higher than expected, and complexities associated with the registration process "may result in registration alone costing more than the projected overall cost of the identity system". The cost to business, downplayed even pitched as a "saving" for business in the Bill impact report, is also likely to be high. Card readers will be more expensive than claimed, and "private sector costs relating to the verification of individuals may account for a sum equal to or greater than the headline cost figure suggested by the government."

Even a UK Government IT project would surely be almost supernaturally unfortunate if it fell victim to all of these overruns, but there's enough there for 'think of a number and keep doubling it' to seem a fair summary.

Aside from the major issues of cost and ineffectiveness, the planned scheme is also legally dubious, clashing with data protection law and and likely to be in breach of the the European Convention on Human Rights and EU freedom of movement principles.

The risk of failure, says the report, is so great that "the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals", and it could make us more, rather than less, insecure: "The proposed system unnecessarily introduces, at a national level, a new tier of technological and organisational infrastructure that will carry associated risks of failure. A fully integrated national system of this complexity and importance will be technologically precarious and could itself become a target for attacks by terrorists or others."

In considering more viable alternatives the report gives particular attention to France's e-government strategic plan, which is intended to be more citizen-driven, and to focus on the provision of user-friendly and accessible solutions within a climate of trust. The proposed French system, which is currently in consultation, envisages multiple forms of identification, emphasises simplicity and proportionality, and is intended to use a federated identification system which allows the individual to use a single identifier to access each service without the Government databases or the federator itself being able to make the links.

The report itself favours this kind of approach, and points out that it is "illegal' not 'sensible' to create a single internal passport just because there is an international imperative to introduce biometrics into border-control systems. It is technologically unremarkable to design an international travel and immigration biometric system, which links to other sector-specific identity systems only to an extent which is foreseeable, explicitly legislated, enforceable, and compliant with European Convention rights." Which, one could note might apply to the activities of Europe's Justice and Home Affairs as well as to those of the UK Home Office. The full report is available here.

Meanwhile the Bill, which is being considered by the House of Lords today, is coming under fire from other quarters. The Association for Payment Clearing Services (Apacs) says that costs could soar above estimates, while The Times reports that the ID Bill will be one of those to fall prior to the election (although the SOCA Bill seems likely to get through if the religious hatred clause is axed. One "member of the Government" indicated to The Times that New Labour saw the killing of the ID Bill as a trap for the Tory opposition. "They assume we want to get all of these Bills. I would sooner go on the doorstep and say, 'If you want ID cards vote for me.'"

Once the election campaign kicks off The Register will be pleased to hear of sightings of major Labour figures saying this, or similar, on the doorstep. We may compile a rogue's gallery. ®

Related stories:

ID scheme to die in pre-election cull?
How Blair high tech 'security' pledge will fix the wrong problem
Tory group report attacks ID scheme as a con trick

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.