Feeds

KIlling ID cards and the NIR - the Tory and LibDem plans

This week the parties opened up on how they'll go about it

The Power of One Infographic

Just throw it all away?

LibDem spokesman Chris Huhne's stance is rather more radical, and has a certain appeal for security techies. He'd dump ID cards and the NIR, but he would not be storing biometric data (hence his question to Grayling). He points out that "the document would have the biometric data and it is an additional guarantee of veracity. Why is it necessary to go one step further and store it centrally?"

Huhne's argument here is that so long as one has confidence in the integrity of the document (passport) itself, one can have confidence in the biometric data on the chip. So comparing the bearer's biometric data with the data stored on the chip can be used to provide an accurate identification of the bearer. You don't need a central store or an online lookup, so you don't need to keep the biometric data. Online, or at all? It seems the LibDems are proposing to go for the 'not at all' option, which we think is one of those decisions civil servants would describe as 'courageous'.

But it's a perfectly rational approach, its main defect being that you've no ready mechanism for stopping the same person getting more than one passport, in different names. It assumes that no ID system is invulnerable, and that you're prepared to accept a trade-off between cost and fraud. Which is true - and a 'courageous' admission.

Huhne does however lose points on biometric identification: "During questions today, the Home Secretary was asked about the point of biometric data if they were not on the database, and on that issue we have an important point of difference with Chris Grayling. The answer is easy: biometrics enable the authorities to check that the holder of a passport — or, indeed, a card — is who they say they are. Biometric data such as fingerprints are much less easy to forge and equipment enables them to be checked; we do not need to put the data back on a database to make them useful. A central database is another logical step — a disproportionate one, in our view — in achieving higher security against identity fraud."

Now, how does this work under the proposed LibDem regime? Absent facial recognition software at the border that actually performs better than an attentive human and version one biometric passports are no better and no worse at identifying the bearer than picture ID - because that's what they are. So long as you have a mechanism at the border for determining with a reasonable degree of certainty that the chip hasn't been tampered with, then you can also be reasonably certain that the picture hasn't been tampered with. So if it's not the person pictured in the passport it's somebody who looks a bit like that person, right? This isn't quite the same thing as Huhne is saying (see tedious footnote**).

He is right, however, that fingerprints are much less easy to forge, and can be more readily checked by machine (theoretically - that is reportedly not the case if the machines are part of a Home Office trial). Fingerprint biometrics do tie the bearer to the document more securely than facial ones. But, erm, there's a slight problem here. Although Huhne here appears to be an enthusiast for fingerprints, and in some senses his 'we don't need to keep the data' pitch would be strengthened by their presence in passports, this isn't actually LibDem policy - or at least it wasn't in March, when a LibDem position paper said "The International Civil Aviation Organization (ICAO) only requires that passports are machine readable and contain a facial image. Liberal Democrats would... adhere to the ICAO standards."

Huhne's office actually sent us the policy paper, and we've asked them for clarification of what the policy is now. We'll update as and when they get back to us.

Overall, though, the picture is fairly positive. Both major opposition parties clearly are going to kill the NIR project in addition to dropping ID cards, and what they're saying makes it clear that they're going to have to rein-in IPS as well in order to deliver. IPS' quest to become the UK's standard identity services broker will, unless Labour gets back in, be over. Neither party seems yet to be fully on top of the technicalities of 'biometric' passports, but they both seem to be in the right ballpark, and with the right advice they'll surely get there. ®

** There is a widely - near-universally - held belief that the ICAO biometric passport standard is about identifying people. But it really would be a help if politicians could grasp the more subtle truth when they're considering ID systems. ICAO is about the document, and defending the integrity of the document. It does not issue passports, QED it has neither responsibility for or control over the identity of the person carrying the document, right?

So, the point of the 'biometric' in the passport is that it is one of a number of visible pieces of data in the passport book which are duplicated on the chip in the passport. Changing the visible data has always been and always will be achievable, but changing the data on the chip to match, without it being evident, is a lot harder (some of the reasons why here.) So in rev one, the 'biometric' in the chip is there mainly for document protection purposes, and for identification purposes it's no better and no worse than a picture. By adding fingerprints you do - assuming the widespread deployment of fast and accurate fingerprint readers - tie the document more securely to the individual, hence you have the makings of an ID system. But this isn't really a whole lot to do with ICAO, and it's not an ID system that came 'free' (as Labour would have it) with biometric passports. It's one you bolted onto biometric passports, and there's a whole bunch of other stuff you need to build out in order to make it much use. As a 20th Century ID system, that is. See here for why that's not a good idea.

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.