UK faces massive ID card challenges

ID cards are used by many countries around the world but the UK is about to embark on one of the most ambitious schemes yet with a biometric card for all its citizens that aims to tackle terrorism, illegal immigration and other crimes. Andy McCue looks at technical, logistical and cultural issues that will face the government and the IT industry

Compulsory identity cards containing biometric information such as an iris or fingerprint scan are set to become a part of everyday life for UK citizens over the next 10 years, with the Home Secretary David Blunkett finally unveiling a draft ID card Bill in the Queen's Speech last week.

ID cards were introduced in the UK during WW2 but were abolished in 1952 after a High-Court judge ruled in favour of 54-year-old dry cleaner Clarence Willcocks who had refused to produce his ID card when stopped in his car by police.

But Blunkett argues that the introduction of electronic ID cards in Britain will help counter the threat of terrorism, tackle illegal immigration as well as identity theft, fraud and other crimes. The government cites widespread support among the population for the card, but civil liberties groups say the figures have been fudged.

Ignoring the obvious outcry from the usual civil liberties lobby about the privacy of citizens being infringed there are legitimate concerns, raised by other members of the cabinet and the wider IT industry, about the cost of the project, the government's appalling track record on big IT projects, security, the aims and the reliability of biometric technology on this scale.

Supporters of the ID card scheme point to those in other countries, such as Belgium, which have issued electronic cards to citizens. But Bart Vansevenant, director of security strategy at security firm Ubizen, which worked on the Belgian card, said drawing such comparisons is dangerous.

"The goal of introducing electronic ID cards in Belgium is very different from the reasons put forward by the UK government," he said. "Belgium had a compulsory ID card scheme for many decades and just wanted to replace an existing scheme with a more secure card as well as extending the use towards e-government enabled applications."

Vansevenant said adding an expensive biometric element to the card will not stop international terrorists who would likely enter the UK on a foreign passport anyway.

"You will not solve terrorism or immigration by introducing biometrics to a card. Why put biometrics on an ID card? It costs you a hell of a lot of money and there is the equipment, and support and administration problems," he said.

Richard Barrington, head of government affairs and public policy at Sun Microsystems, said a biometric card is not the answer for catching terrorists resident in the UK either.

"It will make no difference to terrorism whatsoever. We knew who the 9/11 terrorists were we just didn't expect them to do what they did," he said.

It is currently proposed that the ID card will not need to be carried at all times but Blunkett's draft Bill includes powers for the government to make it compulsory. Barrington argued that the government needs to be more realistic about this.

"If it isn't compulsory to carry it then good people will and the bad people won't. There has to be a reality – people have to carry them but people will only carry it if there is a value in it."

The other area of concern is over the technology itself including the integrity and security of the card issuing process and the reliability of the cards and biometric authentication.

Andy Kellett, senior research analyst at the Butler Group, said the scale of the project throws up some serious questions about how reliable biometric technology is.

"So far the use of biometrics has been very limited. When it got used in high-volume environments it was found to have quite a high level of misreads. That is not good enough when it is your identity," he said.

Ubizen's Vansevenant questioned the need for a central database of all citizens' data, which would be a tempting target for hackers, and suggested there should just be a "blacklist" database of, say, criminals and other suspect people to check biometric scans against.

Barrington said privacy concerns could be eased by giving control of the database to a trusted third party such as data protection watchdog the Information Commission. This could protect against the misuse of your data by the different agencies such as "we're not going to operate on you until you pay your tax bill", he said.

And then there's the cost. The government itself has estimated the initial set-up cost at £180m, rising to some £3bn for a full roll-out. People will then be expected to pay around £35 for the privilege of carrying a card.

If public support is to be won over for the scheme and the fee, then the government needs to focus on what value it will give to citizens – such as cutting costs of services by being able to crack down on fraud losses, according to Barrington.

"Let's look at where the value of having one of these things lies," he said.

One opportunity it appears is being missed is introducing the cards as a way for people to interact securely online with the government for things such as submitting application forms and filing tax returns over the web.

Vansevenant said that as well as acting as a pure ID card, the Belgian version includes two digital certificates - one for authenticating to the government portal and services and one for digitally signing forms and things such as tax declarations online.

IT companies are obviously all keen to get a piece of what looks like being an extremely lucrative pie now that the government has given the scheme the go-ahead but vendors are warning that the scope and aims need to be much more well-defined and realistic to avoid a disaster for both the IT industry and the government.

"The last thing vendors need is another IT cock-up," said Barrington.

John Higgins, director general of IT industry trade body Intellect, said the government will face a wide range of technological challenges if its ID card aims are to be successful.

“The UK technology industry is wholly committed to working in partnership with government to ensure that these challenges are met, and that the system can be delivered according to the specification which is eventually proposed,” he said.

It remains to be seen whether Blunkett will heed these well-intentioned warnings but it seems certain that there is to be no going back now.