Last week saw the re-introduction of ID Cards, now with the ostensible mandate of being in the Labour Manifesto. Our Listening Government has apparently amended the proposals from last time out in response to genuine concerns over purpose, cost and privacy, but to be honest, it looks the same to me. And as I noted yesterday, it's not good. The Government's argument is based on a number of false assumptions and falser deductions from it.

Reading and listening to the government's statements, (lamentably relegated to inside pages by most of the liberal broadsheet press who are still still focusing on PR), I've a few challenges to the liesstatements and oversimplificationsassumptions:

Purpose and Benefit

Apparently, there are 3 purposes to the introduction of mandatory ID cards. In descending order of announced priority, ID cards will combat:

1. Identity Theft
2. Benefit Fraud
3. Terrorism
4. Illegal Immigration

So, let's look at each of these.

Identify Fraud

HMG claims that identity theft costs UK citizens £1.3 billion a year, and that ID cards are just the thing to save it all.

True, ID Theft is a significant issue, but as the original report states, most of the consumer-related theft is credit card fraud, most significantly Cardholder Not Present (ie telephone and online) transactions, where the goods are delivered to addresses other than the cardholder's. Naturally, if you're not present, you can hardly prove you're who you say you are with your ID card, now, can you?

The other major Credit Card ID Theft is where cards have been skimmed - the data on the magnetic strip has been read when your card went out of site at that dodgy restaurant, and duplicated onto another card. Charles Clarke may not have noticed, but there's a wee project already underway that will kill this dead.

The banks have also been pretty active in combatting ID theft. I bought a new iPod this week on the AppleStore - Egg recognised an unusual transaction and called me within 2 minutes to confirm it. Banks' money laundering procedures have also tightened up a lot over the last decade or so, which require fairly stringent proof of ID.

Benefit Fraud

Leaving aside the double counting (the £1.3bn mentioned above included ID-related Benefit Fraud), yes, ID cards *could* help reduce Benefit Fraud. For those on Benefits. If ID-related Benefit Fraud were actually a significant problem, compared to - say - under-reporting of income. Best estimates are that it might save a whole £35m a year. Even Obergruppenfuhrer Blunkett is clear that benefit fraud is only a tiny part of the problem in the benefit system. And ID-related fraud is only a small part of that. Keep that £35m/year in mind for when we come onto the costs section below.

Gaining this small amount of improvement for DWP warrants a tactical project - a minor tidying up exercise at best, announced in a written response to ministerial questions and the subject of one small section of a Benefits Modernisation Bill, not a flagship Number 10 policy requiring its own primary legislation and mandating every person in the country to be registered. Disproportionate, anyone?

Terrorism

Terrorism is a useful word for repressive governments - it gives them a handy bogeyman to hang just about any piece of civil-liberties limiting legislation on, without incurring the kind of scrutiny that it should from the opposition, the media and so on.

And here, HMG wheels it out again. And once again, it's a pretty clear red herring. Privacy International did some research into the relationship between National ID Cards and Terrorism. Their summary is worth quoting in full:

• While a link between identity cards and anti-terrorism is frequently suggested, the connection appears to be largely intuitive. Almost no empirical research has been undertaken to clearly establish how identity tokens can be used as a means of preventing terrorism.
• The presence of an identity card is not recognised by analysts as a meaningful or significant component in anti-terrorism strategies. Five criteria are generally used to assess and benchmark the level of terrorist threat within a particular country: motivation of terrorists, the presence of terror groups, the scale and frequency of past attacks, efficacy of the groups in carrying out attacks, and prevention - how many attacks have been thwarted by the country.
• The detailed analysis of information in the public domain in this study has produced no evidence to establish a connection between identity cards and successful anti-terrorism measures. Terrorists have traditionally moved across borders using tourist visas (such as those who were involved in the US terrorist attacks), or they are domicile and are equipped with legitimate identification cards (such as those who carried out the Madrid bombings).
• Of the 25 countries that have been most adversely affected by terrorism since 1986, eighty per cent have national identity cards, one third of which incorporate biometrics. This research was unable to uncover any instance where the presence of an identity card system in those countries was seen as a significant deterrent to terrorist activity.
• Almost two thirds of known terrorists operate under their true identity. The remainder use a variety of techniques to forge or impersonate identities. It is possible that the existence of a high integrity identity card would provide a measure of improved legitimacy for these people.
• Of the ten most frequently employed methods terrorists use to enter or operate within a country, only one would potentially be combated by a national identity card. Most terrorists enter a country on tourist visas which because of their popularity are subject to low-level scrutiny,
• At a theoretical level, a national identity card as outlined by the UK government could only assist anti-terrorism efforts if it was used by a terrorist who was eligible and willing to register for one, if the person was using their true identity, and if intelligence data could be connected to that identity. Only a small fraction of the ninety million crossings into the UK each year are supported by comprehensive security and identity checks.

Source: Mistaken Identity: Exploring the Relationship Between National Identity Cards & the Prevention of Terrorism

Illegal Immigration

Like the Benefit Fraud idea, this is a Daily Mail fodder knee-jerk policy in the first place. Add to that the fact that asylum seekers already have an ID Cards system, and employers of immigrants working without visas aren't exactly going to check ID Cards, and you've got a perfect recipe for soundbite policy without substance.

Cost and Time

Out of the three stated purposes of the card, the only one that stands up is perhaps £35m of reduction in Benefit Fraud. So perhaps we've got a bargain in front of us - a system that will cost less than this and save the taxpayer money (hooray!)

Ah, no. The Treasury is currently claiming that running the system will cost £5.8bn over 10 years. Which, as this is being met by direct fees rather than general taxation, is about £93 (oh, plus VAT of course) each. However, the LSE has done some analysis and is estimating the final bill to be between £12bn and £18bn, or a nearer £300 bill to you when you pick up your mandatory card.

This is just the cost of producing the cards and running registration.

Add to that the card readers, that to have a hope of implementing the Govt's vision of ID checks will need to be in every doctor's surgery, every hospital, every school, every local and central government office, every bank, every Post Office, every police car, every sensitive building, every employer and so on. Again, the official forecast of £250 - £750 per reader contrasts with the LSE's estimate of between £3000 and £4000.

Add to that the cost of the initial IT implementation. Add to that the cost of *running* all those scanners. Add to that the cost of chasing all those who refuse to register for a card. And all this for a £35m pa benefit?

Can It Be Done?

Well, HMG's record in IT projects of this scale isn't great. But for a number of reasons (not least that I'm currently working on a Government project that isn't suffering such problems), I'm going to ignore that one for now.

However, the Government's eGov head thinks it's impossible. And China abandoned its Biometric ID scheme after it concluded that the technology was unworkable with large populations.

Certainly it's going to be extremely complex and large scale - it'll also have a profound impact on all the other (actually delivering real benefit) Government IT projects, as there are only a limited number of people with the expertise to work on this scale of system, and most of them are already working on Govt projects.

As for the timescales, even assuming the systems, processes and people are in place on time, someone did a quick calculation on how long it'll take to get the UK's 50m adults issued with cards, assuming that the proposed number of issuing stations at Passport Offices are going flat out (at 8 minutes per card).

It works out at about 1m registration a year, so approx 50 years for the initial rollout.

And the proposal is to have cardholding mandatory in under 10. And the lifespan of each card is expected to be 10 years, so by the time you're doing the 2nd 10m, the 1st lot are back in demanding replacements. The Forth Bridge has nothing on this.

Will It Work?

Is Biometric Identification Reliable?

The Government's answer to all the problems of security is that the Cards will use Biometric identification, by which they mean automated systems for recording and comparing your supposedly non-forgeable bodily features (fingerprints, iris prints etc), and they proclaim that this will be entirely reliable. However, the trials to date don't support this. The least problematic Biometric method - iris scanning (and who is happy about having laser eye scans regularly? Not me, for sure) - shows at best a 4% error rate. Quite low, you think? Well, with 90m ID checks each year at passport entry points alone (let alone all the new places where you'd have your ID checked), this means nearly 250,000 mistakes every day. Again, how many of these need to be terrorists? Still just the one.

No wonder that in Germany, their chief Data Protection Officer is calling for a moratorium on Biometric Passports

Yesterday, Germany’s Data Protection Officer Peter Schaar took the occasion of the presentation of the first progress report since he took office in December of 2003 to criticize the German government’s plans to include biometric features in passports this autumn as premature. Biometrics, he warned, would often not be able to fulfill expectations. Scientific studies and application tests have shown, he explained, that biometrics often does not work as reliably as required for blanket use.

Can it be forged?

Well, what do you think? Prosecutions for dealing with or creating false ID cards and high-level identity documents have been pursued in Britain, Hong Kong, Pakistan, Ireland, Malaysia, Yemen, Czech Republic, Venezuela, India, Italy, and Sri Lanka where the forgeries were supplied to suicide bombers. The Israeli government estimates that hundreds of thousands of fake ID cards are in the hands of its population.

It's not really credible that the UK has a magi bullet technology to make them unforgeable. And how many potential terrorists does it take to have a forged card? Just the one.

Will it work for everyone?

There are significant barriers to people with disabilities from registering for and using biometric ID Cards. If you need to have an ID Card to access government services, then you've just excluded the disabled from the very services that they need more than the rest of the population. DDA anyone?

And as noted above, different ethnic minorities have different rates of error in detecting Biometrics, with black people having more difficulty enrolling their facial biometric, iris, and fingerprint than other races. I'm sure that's going to go down a storm with the Equal Opportunities Commission.

Summary

So there you go. Even without considering the Civil Liberties argument, it's clear that:

1. The aims of ID Cards are bogus.
2. The costs are bogus.
3. There's little to no chance of it working.

Why on earth would any sane politician like TB insist on making it a flagship policy and the core of his legacy?