'A national ID card for the UK is overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy.'

Roberto Tavano, biometrics specialist for Unisys (see company profiles). Quoted in the Guardian, 21/10/05.[3]

I have concerns with the current architecture and the way it looks at aggregating so much personal information and biometrics in a single place. There are better ways of doing this. Even the biometrics industry says it is better to have biometrics stored locally [...] Every supplier I talk to privately expresses their concerns.'

Jerry Fishenden, national technology officer, Microsoft UK. Quoted in silicon.com 18/10/05[4]

'The plan is working on the assumption that, by the time it is live, the technology will have come on in leaps and bounds. But that is not a reasonable basis from which to start.'

Graham Titterington, principal analyst at Ovum quoted in Computing online magazine 17/10/05[5]

'There's never been a biometric register of this size. It's unproven territory.'

John Elliott, ID card specialist at Consult Hyperion, quoted in the Guardian 26/5/05

The government's ID cards scheme essentially requires three broad areas of technology - the National identity Register (NIR) database, biometric scanning and the cards and card readers themselves. Each of these areas is subject to its own controversies. Hi-tech industry association Intellect claims, 'the technology being considered... is well-established and has been proven successful.'[1] But the same press release describes how, 'Intellect is looking forward to working with the Home Office in the coming months to demonstrate the hi-tech sector's ability to meet the technological challenges created by the Government's ID Cards proposals,' indicating that the group is anything but disinterested. Other organisations and experts are more sceptical. Online technology magazine silicon.com is fairly characteristic in supporting the principle but expressing and publicising serious doubts about the practical aspects of the scheme with its 'ID cards on trial' campaign for greater transparency. In particular, silicon.com notes the obvious conflicts of interest: '...the UK IT industry, almost to a man, has remained silent except to tell the government how wonderful its proposals are in anticipation of getting a slice of contracts that are going to total anywhere from £6bn to £19bn [...] One biometrics supplier emailed us to say what a dog's dinner he thought the whole thing was - and then asked us not to name him as his company is involved in the project and hopes to bid for some of the ID cards work once it is passed into law.'[2]

QinetiQ's views on ID card technology

One of the most vocal critics of the practical and technological elements of the ID cards scheme has been QinetiQ, formerly the Defence Evaluation and Research Agency (DERA). QinetiQ is fully supportive of the concept of ID cards, but has consistently expressed doubts over the specifics of the scheme.

'...biometric technology is not accurate enough to support [the government's claims], says Neil Fisher, director of security solutions at defence technology supplier QinetiQ.' From Computing online magazine 17/10/05[6]

In October, Dame Pauline Neville-Jones, former chair of QinetiQ, told silicon.com: 'The requirement for 100 percent accuracy is huge and I don't think we've ever seen a system which is 100 per cent accurate.'

‘We could get to a situation where we have something incredibly intrusive but also incredibly ineffective.'[7]

A lengthy submission by QinetiQ to the Home Affairs Select Committee in January 2004 raised issues not just over the technology planned for the ID cards scheme, but over the whole intent and particularly the issue of compulsion.[8]

The Passport Service Biometrics Enrolment Trial tested the process of registering 10,000 volunteers' biometric data in a mock-up of a possible ID cards/biometric passport enrolment scenario. The trial, carried out by consultants Atos Origin (see company profiles) using technology from Iridian, Identix and NEC, with MORI surveying participants' responses, attempted to collect volunteers' facial biometric, iris scans and fingerprints.

The trial encountered problems recruiting sufficient volunteers particularly among people with disabilities - the original target of registering 1,000 disabled participants had to be reduced to 750.

The trial was explicitly not designed as trial of the technology, but a test of the process of enrolment and public reactions. The biometric enrolment (i.e. capturing usable images) and verification (checking the registered images against a further scan) success rates were remarkably low, particularly for disabled participants. Only 61% of disabled participants and 90% of the sample chosen to represent the general population were able to enrol two iris scans; verification of facial scans was 48% for disabled participants and 69% for the representative sample; fingerprint verification was around 80% for both groups. 0.62% of disabled participants were unable to enrol a single biometric.[9]

This is the only major trial that has so far been carried out in relation to the ID cards scheme. It clearly neither gives the technology a green light nor fully tests all aspects of the scheme. As David Porter, head of security and risk at consultants Detica pointed out during the scheme:

‘ [...] at this stage they are only looking at how to scan and capture biometric information from volunteers onto a database. The scheme isn't looking at how effective the card is when used on a day-to-day basis. As such, we're only examining the tip of the iceberg.‘[10]

References
[1] - Intellect press release 30/7/04 www.intellectuk.org/press/pr/2004/pr_300704_id_cards.asp
[2] - silicon.com, 'ID card vote shames IT industry' 19/10/05 http://www.silicon.com/publicsector/0,3800010403,39153485,00.htm
[3] - The Guardian, 'Hi-tech Cassandras foresee trouble with ID cards' Mark Tran 21/10/05 http://business.guardian.co.uk/economicdispatch/story/0,,1597733,00.html
[4] - silicon.com, 'Microsoft warns ID cards pose massive security risk' Andy McCue 18/10/05 http://www.silicon.com/publicsector/0,3800010403,39153444,00.htm
[5] - Computing 'Biometric flaws mar start of ID card plan' Sarah Arnott 17/8/05 www.vnunet.com/computing/news/2141259/biometric-flaws-mar-start-id
[6] - ibid.
[7] - silicon.com 'Lack of "balls" in Whitehall will hinder ID cards' Will Sturgeon 18/10/05 http://www.silicon.com/publicsector/0,3800010403,39153447,00.htm
[8] - Memorandum submitted to Home Affairs Select Committee, January 2004 www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/130/130we47.htm
[9] - Atos Origin, 'UK Passport Service Biometrics Enrolment Trial Report' May 2005 www.passport.gov.uk/downloads/UKPSBiometrics_Enrolment_Trial_Report.pdf
[10] - Detica press release 27/4/04 'Biometric ID Cards - Pilot Scheme Only Examines the Tip of the Iceberg' www.detica.com/indexed/Opinion_BiometricIDCardsPilotScheme.htm