Customer Success Testimonial: Recovery is Everything

Just throw it all away?

LibDem spokesman Chris Huhne's stance is rather more radical, and has a certain appeal for security techies. He'd dump ID cards and the NIR, but he would not be storing biometric data (hence his question to Grayling). He points out that "the document would have the biometric data and it is an additional guarantee of veracity. Why is it necessary to go one step further and store it centrally?"

Huhne's argument here is that so long as one has confidence in the integrity of the document (passport) itself, one can have confidence in the biometric data on the chip. So comparing the bearer's biometric data with the data stored on the chip can be used to provide an accurate identification of the bearer. You don't need a central store or an online lookup, so you don't need to keep the biometric data. Online, or at all? It seems the LibDems are proposing to go for the 'not at all' option, which we think is one of those decisions civil servants would describe as 'courageous'.

But it's a perfectly rational approach, its main defect being that you've no ready mechanism for stopping the same person getting more than one passport, in different names. It assumes that no ID system is invulnerable, and that you're prepared to accept a trade-off between cost and fraud. Which is true - and a 'courageous' admission.

Huhne does however lose points on biometric identification: "During questions today, the Home Secretary was asked about the point of biometric data if they were not on the database, and on that issue we have an important point of difference with Chris Grayling. The answer is easy: biometrics enable the authorities to check that the holder of a passport — or, indeed, a card — is who they say they are. Biometric data such as fingerprints are much less easy to forge and equipment enables them to be checked; we do not need to put the data back on a database to make them useful. A central database is another logical step — a disproportionate one, in our view — in achieving higher security against identity fraud."

Now, how does this work under the proposed LibDem regime? Absent facial recognition software at the border that actually performs better than an attentive human and version one biometric passports are no better and no worse at identifying the bearer than picture ID - because that's what they are. So long as you have a mechanism at the border for determining with a reasonable degree of certainty that the chip hasn't been tampered with, then you can also be reasonably certain that the picture hasn't been tampered with. So if it's not the person pictured in the passport it's somebody who looks a bit like that person, right? This isn't quite the same thing as Huhne is saying (see tedious footnote**).

He is right, however, that fingerprints are much less easy to forge, and can be more readily checked by machine (theoretically - that is reportedly not the case if the machines are part of a Home Office trial). Fingerprint biometrics do tie the bearer to the document more securely than facial ones. But, erm, there's a slight problem here. Although Huhne here appears to be an enthusiast for fingerprints, and in some senses his 'we don't need to keep the data' pitch would be strengthened by their presence in passports, this isn't actually LibDem policy - or at least it wasn't in March, when a LibDem position paper said "The International Civil Aviation Organization (ICAO) only requires that passports are machine readable and contain a facial image. Liberal Democrats would... adhere to the ICAO standards."

Huhne's office actually sent us the policy paper, and we've asked them for clarification of what the policy is now. We'll update as and when they get back to us.

Overall, though, the picture is fairly positive. Both major opposition parties clearly are going to kill the NIR project in addition to dropping ID cards, and what they're saying makes it clear that they're going to have to rein-in IPS as well in order to deliver. IPS' quest to become the UK's standard identity services broker will, unless Labour gets back in, be over. Neither party seems yet to be fully on top of the technicalities of 'biometric' passports, but they both seem to be in the right ballpark, and with the right advice they'll surely get there. ®

** There is a widely - near-universally - held belief that the ICAO biometric passport standard is about identifying people. But it really would be a help if politicians could grasp the more subtle truth when they're considering ID systems. ICAO is about the document, and defending the integrity of the document. It does not issue passports, QED it has neither responsibility for or control over the identity of the person carrying the document, right?

So, the point of the 'biometric' in the passport is that it is one of a number of visible pieces of data in the passport book which are duplicated on the chip in the passport. Changing the visible data has always been and always will be achievable, but changing the data on the chip to match, without it being evident, is a lot harder (some of the reasons why here.) So in rev one, the 'biometric' in the chip is there mainly for document protection purposes, and for identification purposes it's no better and no worse than a picture. By adding fingerprints you do - assuming the widespread deployment of fast and accurate fingerprint readers - tie the document more securely to the individual, hence you have the makings of an ID system. But this isn't really a whole lot to do with ICAO, and it's not an ID system that came 'free' (as Labour would have it) with biometric passports. It's one you bolted onto biometric passports, and there's a whole bunch of other stuff you need to build out in order to make it much use. As a 20th Century ID system, that is. See here for why that's not a good idea.

Cloud based data management