Feeds

Clarke's ID card cost laundry starts to break surface

Hide the billions, levy transaction fees and voila! It only costs £30

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The ever-watchful Spyblog recently unearthed some signposts to true reader costs, flagging a piece of scheme cost laundering while it was about it. The RIA for the Immigration, Asylum and Nationality Bill puts the cost of the initial deployment of biometric passport and visa readers as £3-5,000 per reader plus the cost of a PC, plus £21,000 for the computer network cabling.

The latter is clearly a one-off cost per location, so it's an initial deployment hit the 47 main airports and ports will only have to bear once, but it's also a cost that is likely to be incurred at most of the other sites where an online verification capability is required. As much of this expenditure will be absorbed by other departments via their IT budgets, or incurred by major financial institutions and ID verification third parties, little if any of it will ever be accounted for under ID scheme costs. One might also speculate about the costs of whatever it is the new cabling at ports connects to, and who's paying for that - unhelpfully, the RIA seems not to mention this bit.

The actual costs incurred in association with the Immigration, Asylum and Nationality Bill will be shouldered by the Immigration and Nationality Directorate, and will ultimately be a lot higher than those specified in the RIA, which states:
"Currently there are 47 major ports of entry and an average of 20 desks per location. Due to the staged implementation of biometric identifiers in passports, ports will only have a relatively small percentage of arrivals with biometrically enabled passports. Initially, we may only provide one reader per port. However, as biometrically enabled passports become more common we will increase the numbers of readers per port accordingly. If every desk at every port were to have a reader, Border Control would have to deploy the biometric solution at 940 desks at airports, seaports and the Juxtaposed Control."

It's difficult to get your head around the logistics of the planned 'one per port' initial deployment. Initially the RIA anticipates there may be two readers per port, one handling biometric passports and one handling biometric visas. It is true that numbers for passports will initially be quite small, but once the major economies are starting to ship biometric passports, the number will be ramping fast as old passports expire. European travellers whose passports could be read biometrically will therefore be coming into the UK in fairly large volumes in fairly short order. Biometric visas are intended to be issued to all visitors requiring visas within the next couple of years, and they will therefore constitute a very large volume, very soon.

So what on earth do the loves propose to do with the one appropriate reader available? Clearly it will not be a case of scanning all of the people with biometric passports or visas (try this at Waterloo or when the morning flight from Frankfurt comes into Heathrow), and the machines will be used purely to deal with those 'randomly stopped' or who have aroused the suspicions of immigration staff.* This does not differ greatly from the system as it currently stands. Also note that the RIA appears ("one [reader] for biometrically enabled ID cards") to view visa and ID card readers as the same thing, and therefore to envisage reading ID cards at ports of entry. So perhaps UK citizens could, like other EU citizens, travel within the EU on an ID card, no passport required. The Register has floated this notion before, and soon we may be told.

More broadly, the LSE attempts to nail down major areas of Government cost underestimation in the Cost Projections (Chapter 17, page 241) of its report. Aside from areas we've covered here already, the cost of the National Identity Register and integration costs are likely to be the most substantial additions. The LSE points out that there are clear parallels between the proposed NIR and the NHS spine, but that the former (for obvious reasons, we are continuing to avoid, with a growing sense of futility, calling it "The Register") will involve "greater complexity and must embrace more rigorous security measures. It must also incorporate biometrics - something that we believe will be a technological challenge far greater than the Government has anticipated." The LSE group has therefore put the cost of the NIR at between two and four times the contract price of the NHS spine.

This is one of the most dramatic and potentially contentious variations between the LSE costing and the Government ones. The LSE's reasoning however seems sound; according what's written on the tin, it is more complex and challenging than the NHS spine. So, if this is not reflected in its claimed total tab for ID scheme, the Government needs to explain either why the cost is lower, or where in the Government's IT budgets it is reflected.

Oddly enough, although the LSE's minimum cost estimate is approximately double the Government's most recent estimates, given the existence of some kind of cost-laundering iceberg beneath the visible aspects of the Government estimate, the real numbers might not be that different. If, somewhere within the Government, someone is tallying up the total cost of the scheme and all its related components, then the big number would quite probably fall within the LSE range of £10.6-£19.2 billion).

Given how career-threatening such a tallying exercise might be, we very much doubt that anybody's doing it. But if you think about it, it's exactly what the Government should be doing, then putting the facts before the country and Parliament before embarking on such a scheme. As opposed to the current approach of "capping" card cost at "only" £30, and avoiding telling anybody, probably including themselves, what it will all really cost. ®

* Borderwatch We at The Register take an understandable interest in developments in what really happens at UK border checkpoints, the Eurostar London to Paris run being particularly fascinating, given the quantity of shouting about illegal immigrants on this route there was a few years back. Recently we observed at Paris that the UK checkpoint had started putting the machine readable section of the passport into a reader (well done chaps, even if it has taken you nigh-on 20 years to start), but that only the French post used a forgery detector.

At Waterloo incoming practically everyone on the train was waved through without a check, so we're clearly banking on nobody screwing up at the Paris end. In the other direction, no UK official at all even asked for a passport, but there was a nice new checkpoint checking them, again using a forgery detector. It was operated by... the French. No doubt they're telling us how many of our terrorists are leaving the country.

Public contributions There's more than one way for the general public to contribute to the cost of the ID scheme. You can shut up and pay your taxes, thus helping meet the cost of the scheme, and you can contribute to the cost of the scheme by making it higher. The LSE (hinting, perhaps, at the institution's glorious past) deems non-cooperation as a potential cost, and suggests that one "dedicated non-cooperator", working "strategically and systematically can, quite feasibly, exhaust 200 hours of administration time through the generation of queries, appeals, access requests, database modifications and general civil disobedience." At time of writing the No2ID pledge to refuse an ID card was closing fast on its target of 10,000 signatories, which could mean an awful lot of time-consuming civil disobedience. Click below to nudge it over the 10k, of you haven't signed up already.

Click here to sign the no2id pledge

Related links:

LSE ID card report
Biometrics won't deter passport fraudsters, chief admits
Soaring card cost headlines threaten UK ID scheme
UK to outsource biometric visa checks to Mumbai
Cost of ID Cards could triple, plan could breach DRA

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.