Comment Articles

Are ID cards a game of blind man's bluff?

Rupert Goodwins ZDNet.co.uk

Published: 13 Nov 2003 11:10 GMT

So now we know. Over the next ten years, the government plans to issue everyone living in the UK with a compulsory ID card containing biometric data and other personal details. Look forward to long queues in your local post office as everyone lines up to get their irises photographed, their fingerprints taken and possibly their DNA swabbed, then look forward to a world where you and the sixty million other members of the UK National Database are faced with an infinite number of bureaucrats demanding "Let's see your card" before deigning to speak to you.

What is the thinking behind this? David Blunkett, minister in charge of state-sanctioned nastiness for British citizens, has said that the system will prevent crime. It will be impossible, he said, to fake a card, and the whole system will be utterly reliable. Costs will be reasonable. And there are no civil liberty issues.

Let's look at the technical side of things first. Forget that the track record of government IT projects is execrable -- it's hard to find projects that come in on time, on budget and to spec, and all too easy to find cases like the Libra magistrates system. Ten years after the government decided to introduce a common system to courts across the country the project is late, more than twice over-budget and not working properly. The winning contractor, Fujitsu ICL, put in a bid that was too low to do the job and threatened to pull out unless it was bought off with more money and much laxer conditions. It got both, but not to much avail. But as I said, forget that -- and forget that this project would be much, much larger.

Forget too that no biometric project on this scale has ever been undertaken, and no current technology comes close to the sort of reliability needed. Ignore the number of trials that have failed -- even the Chinese gave up. Don't worry about the way other EU identity documents will be acceptable to the system, regardless of the fact that they have few of the security features we're promised. Assume that for the first time in history, nobody involved in creating the cards and maintaining the database will be open to bribes or other naughtiness. And believe that a system with unprecedented networks of card readers and access points can be made truly secure.

Imagine for a moment that the system can be created and made to work according to Blunkett's promise, and you have a card that absolutely, positively says who you are. Nobody else has your name connected to their biometrics -- the system is infallible, remember. As a result, the entire country has moved over to a way of life where that card is an essential part of any transaction -- be it with your bank, the police, the local council or even the sofa shop.