Biometric ID cards 'dangerously flawed'

A leading security expert has thrown his weight behind the privacy groups and activists campaigning against the nationwide roll-out of biometric ID cards announced by UK Home Secretary David Blunkett.

Peter Dorrington, head of fraud at private software company SAS Institute, has warned the government may be getting ahead of itself when it announced plans to introduce the scheme by 2005. Dorrington believes such cards won't be reliable for at least another 10 years.

He said: "The state of play is currently that these biometric ID cards are not 100 per cent reliable in confirming identity. They cannot confirm against a national database, all they do is confirm against data which is held on the card."

Dorrington expressed concerns that such verification is not error free and also raised fears about the potential to duplicate cards and the allure of such a practice to organised crime.

"These are going to be incredibly attractive to organised crime groups," he said. "If you have one of these, and know that banks and governments are going to take them as a trusted form of identification, then the potential to commit fraud is massive. If a criminal can successfully obtain or generate a smart card with stolen or bogus data the world becomes their oyster.

"What this means is that the value of these cards on the black market will be many times greater than the current passport. Typically a passport will go for anywhere between £500 and £5,000 on the black market. These ID cards will go for considerably more than that."

Dorrington believes the 'all your eggs in one basket' approach being taken with single identity cards will also prove a great catalyst for fraud, citing the example of the social security number in the US. "In America they put so much trust in the social security number," he said. "And America now has the highest rate of identity theft and fraud."

While, in technology terms, processing biometric ID cards certainly represents a greater challenge for organised crime, Dorrington said: "If there is a big enough prize then organised crime will find a way."

And Dorrington suggests the authorities would be better off securing other technologies before releasing another which is, in his opinion, fundamentally flawed. He pointed to a 30 per cent annual increase in fraud as evidence that technology has done little to eliminate such crime. "You will never get rid of fraud. You may force it elsewhere or force the criminals to innovate but it will not disappear."

However, advocates of the ID scheme may argue that all technologies launch with flaws. Isn't there always a risk inherent in any innovation which is traded off against the benefits it can bring?

"This isn't some new telecoms technology which might come with a few teething problems," said Dorrington. "The one thing which defines you more than anything else is you identity. This is a person's life - everything is stored on that card. The impact upon the individual of any problems will be terrible.

"A bank can revoke your credit card or your PIN number but they can't revoke your thumb print or your iris," he added.

"We have to be absolutely 100 per cent convinced that it won't go wrong before we roll out this scheme."

What are your thoughts on these biometric ID cards? Email us as editorial@silicon.com and have your say.