Feeds

Byrne explains the UK's wondrous, biometric, ID card future

Count them in, count them out, count them all about...

Top three mobile application threats

Immigration Minister Liam Byrne this week unveiled - to a certain amount of derision - his vision of the ID Card scheme as some sort of 21st Century equivalent of the 19th Century railway network or the 20th Century national electricity grid. It will be pervasive, and in 20 years time it will be a great British institution, "part of the fabric of British life."

More disturbingly, however, Byrne rattled off a series of areas where the scheme's pervasiveness seems most likely to be achieved at gunpoint and/or via deals stitched up with private sector stakeholders, and added happily (in an answer intended to deny allegations of function-creep) that "the more you look at identity technology, the more uses you see." So we should understand from this that Byrne's initial list of applications is by no means the end of the story.

The vision encompasses almost any existing application of biometric technology (but not, tellingly, the one currently ripping through Britain's schools like a dose of salts). In the US, said Byrne, 120,000 customers are already registered to pay at checkouts by fingerprint, work is progressing on "fingerprint technology locks that would make stolen phones and MP3 players instantly worthless" (The Register has already asked why ministers think this intensely stupid thing), nightclubs are using biometrics, and the Government has its own biometric scheme in operation in the shape of project IRIS, the iris recognition-based fast track for British airports.

Alongside these Byrne offered faster Criminal Records Bureau checks via ID cards, use of ID cards and/or the Identity & Passport Service's identity verification service for checking the employment status of foreign nationals, the prospect of ID cards being used for proof of age when shopping for alcohol, knives and solvents, the biometric visa programme, and ID-related projects with the Department of Work & Pensions and the Government Gateway to be unveiled next month.

Practically all of these examples are under way to some extent, via discussions with other departments, pilot schemes or existing systems that are being extended (e.g. IRIS and biometric visas). Which, given that the ID scheme does not yet have its 'network' in place, is pretty impressive for the equivalent of the railway network or the national grid.

And it's also worth noting that in the majority of the examples Byrne cites, the citizen will not have a great deal of choice. Employers who don't check ID ("just one document", as opposed to around 60 immigration status documents at present) will be fined, and potential employees who don't produce ID cards won't be employed. Teachers and other people subject to CRB checks will find it difficult to get work without ID cards, no ID, no beer or kitchen knives, no unemployment benefits and no access to Government online services. No health care? No doubt, but it being a hot potato, Byrne didn't list the NHS.

Other uses of biometrics in the private sector will also form an important part of the great British institution Byrne envisages for the year 2020, but they will be regulated in accordance with the Government's grand scheme of things. "If we persist with this public and private laissez-faire... the day will come when we have a mish-mash of unregulated, potentially unsafe systems, mushrooming in growth and size in a way that is just uneconomic."

So without Government intervention, in Byrne's view, there will be no safeguards for "your details" and "your fingerprints", people would be "wide open to identity theft" and unable to correct inaccuracies, systems would be uneconomic "because there would still be many cards and systems", and the world would be prone to "a new and isolating kind of digital division." In this last case Byrne argues that the costs of these unregulated and incompatible private sector systems would be such that the poor would be unable to afford to protect their identities - it will be "those that can't afford their own defences" who suffer.

"My party has always been suspicious of growth in unregulated and unaccountable power and the risk of new inequalities", says Byrne, proposing instead "a publicly accountable, national solution" that becomes in time "another part of our critical national infrastructure."

One might well look askance at the notion that a Government with such a grisly record in the implementation of critical national infrastructure, which is about to be run by a man whose current department perpetrated one of the more spectacular and expensive cases of web-based mass ID theft, is the most appropriate candidate to put your ID assets in one big pile and keep them safe for you. But that's essentially what Byrne is recommending here.

And a "publicly accountable" ID scheme? When did this happen? Accountability and close scrutiny of costs and security will be key to the success of the scheme, Byrne claims shamelessly. "I'm a great believer in the disinfectant of sunlight." An "annual report once a year is inadequate" (or, as we used to say, how they're supposed to come - but we just report this stuff). It is vital, he says, that parliament and "others" be "more dynamically involved."

It's not immediately obvious what Byrne has in mind as regards more involvement by parliament, but a major part of the "others" is likely to consist of private sector 'stakeholders', several of which are already involved in the parts of the ID octopus that Byrne has already outlined. Proof of age checks, for example, are being worked on in conjunction "with the retail industry" and recommendations are to go forward to "the Proof of Age Standard Scheme board, based on excellent engagement with industrial and individual business."

The way this kind of thing works, "dynamically", is that the Government explains what it is going to do, 'consults' groups of stakeholders in the shape of industry- and sector-specific interest groups, lobbies and trade associations about how they're going to co-operate in the implementation. Then the Government calls the outcome widespread support. The groups are effectively co-opted in order to expedite the rollout of whatever it is the Government intends to do anyway, and thus it will be with the implementation of the ID scheme. So how many stakeholders does it take to make a democracy? ®

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.