Skip to content or view screen version

Beam me up Scottie - ID Cards and Biometrics.

Liz | 25.09.2005 20:15 | Repression | Technology

TO ERR IS HUMAN BUT FOR REALLY BIG MISTAKES, YOU NEED A COMPUTER.
ALL THESE BIOMETRICS IN ONE BIG F**K OFF COMPUTER DATA BASE - OH MY!

Implementing a nation-wide identity card scheme will involve enormous practical difficulties. The adoption of biometric technology requires a massive administrative and IT support system to ensure its effective operation. The support system must be responsible for ensuring that information is updated accurately and efficiently on a regular basis. Easy Peasy………….

So what are biometrics?

Biometrics - fingerprints, iris scans, face recognition etc will be a central element of the proposed compulsory National Identity Cards. Biometrics provide the final element of "three factor authentication": something you have (card), something you know (PIN) and something you are (biometrics).

Questions have been raised about the adequacy of current biometric technologies for supporting a national identity scheme on the scale proposed. Given the current pace of technological change, it is also inevitable that in due course the system will become obsolete and will need to be replaced. Guess who’ll be paying for this – that’ll be you then!

There have been no proper tests of the biometric technology to be used for ID cards, just some preliminary data from the UK Passport Service biometric enrolment trial published on the same day as the ID Cards Bill.

The government has published this report (The Report of the UK Passport Service Biometrics Enrolment Trial). The report set out the results of the passport office biometric trial. The trial shows conclusively that biometric technology is not yet ready for use on this wide a scale. Of the three biometrics used, even the best - iris scanning - had a 4% verification failure rate (9% in disabled people). Fingerprint recognition had a failure rate of 19% and facial recognition a failure rate of 31%. Imagine if you had a one in twenty-five chance of being stopped from boarding a plane or refused medical treatment because your iris verification failed. Imagine the queues at the airport.

You can download the full report at:  http://www.passport.gov.uk/downloads/UKPSBiometrics_Enrolment_Trial_Report.pdf

The report gives cause for concern about the practicality and cost of the scheme. This trial indicates that it will be difficult to verify a significant proportion of the UK population using each of three biometrics: facial, iris and fingerprint. The findings strengthen the likelihood that renewal of biometrics will need to take place more frequently (and hence at greater expense to the public – you’ll be paying for it).

It also raised disturbing and unresolved issues about the effectiveness of biometric verification on a significant portion of the population. The trial found that less than 50% of disabled participants could be verified using facial biometrics. In addition, even iris verification was only successful for 91% and iris scan technology was less successful with ethnic minorities and those aged over 59. The impact of this will mean an inability to utilise scanners at airports, a higher rate of failure and a longer registration process. Looking good isn’t it?

Taking the 96% success rate for the iris scan, this means that for every 100 scans there will be 4 false matches. On a database of 50 million, this would mean each person’s scan would match 2 million other records, making it impossible to stop someone claiming multiple identities, the whole point of having ID cards. Gets better all the time doesn’t it?

The accuracy of the system will be greatly improved by using more than one biometric identifier and that is why ministers have now announced that all three forms of biometric will be incorporated on the identity card/passport. Even with a system as accurate as 99.9%, which would be fine for a relatively small database eg for criminal records, for a 48 million (all those 16 and over) population there would still be 48,000 false matches! Fantastic!

So that’s alright then – sorted!

Still it’s not all bad news - lots of corporate peeps will make loads of money:-

See here “the greasy palm” list from Corporate Watch and Defy ID
 http://archive.corporatewatch.org/newsletter/issue22/issue22_part5.htm

See here for information on biometrics and ID cards
 http://www.justice.org.uk/images/pdfs/idcardcc.pdf
 http://www.stand.org.uk/StandEvidenceOnIdCardsToHASC.website.doc

Imagine the queues

Decisions are yet to be made on the number and location of centres where biometric information may be collected but that nice man Charles Clarke has indicated there could be around 70 such centres. Are they going to run a bus service to these centres? Imagine the queues when you get there! And anyway Biometrics only work when the biometric data is reliably linked to identity. So when I go to have my iris scanned I’ll have to prove who I am. How will I do this if I don't have a passport or driving licence? “My name is Spartacus” – think that will do it? And while we are on the subject of queues, will all libraries, post offices and hospitals etc have the iris reading machines, and who’s paying for all those then? Will the Accident and Emergency Dept in your local hospital have the equivalent of a supermarket a “ten items or less queue” for those seriously ill? And what happens if the computer network goes down? We've all tried to get cash only to find the cashpoint network is down. If the ID network goes down then the country stops. Madness isn’t it?

Until the proponents of Identity Cards can answer all those questions (and they can’t), there is a huge question mark hanging over the use of biometrics on such a large scale.

Only the technically naive can believe that it will be "impossible" to fake ID Cards. Difficult, yes, but organised criminals and terrorists have huge resources and great incentive. Then there’s the issue of the security of the database itself. Hackers who got access to the database could cause havoc.

In fact biometrics could be worse than useless. If people don't understand the technology and simply believe "It's biometric so it's secure" then the Cards could in fact introduce a false sense of security and allow a fake ID Card to pass unchallenged.

A Computer Weekly article concludes that biometrics are “not yet ready to secure corporate IT”. If they're not ready to secure corporate IT, what chance have they got of securing a whole country?
 http://www.ebusinessforum.com/index.asp?layout=rich_story&doc_id=6878

A detailed article from The Economist discusses biometrics and concludes that they will be ineffective: The emerging use of biometrics  http://www.ebusinessforum.com/index.asp?layout=rich_story&doc_id=6878
They conclude that biometrics today will not work but if/when the technology improves: “privacy, as it has existed in the public sphere, will in effect be wiped out”.

Oh yes and by the way if you get sold the line that we must have biometrics for passports to comply with EU law, well as the song goes “it ain’t necessarily so”

See Statewatch analysis: -

EU: Biometrics - from visas to passports to ID cards
The EU does not have the powers to introduce biometrics for national ID cards. The ICAO standard only requires a "facial image" USA not intending to introduce biometrics on its passports - only a digitised normal passport photo.
 http://www.statewatch.org/news/2005/jul/eu-bio-passports-id-cards.pdf

EU governments blackmail European Parliament into quick adoption of its report on biometric passports. The Council of the European Union (the 25 governments) has told the parliament it can have full powers of "co-decision" after it adopts its report on biometric passports. How many national parliaments were re-consulted after the decision to make fingerprinting mandatory?
The costs are completely unknown and the "details" will be decided in a secret committee. The EU has no legal powers to introduce such a Regulation
 http://www.statewatch.org/news/2004/nov/12biometric-passports-blackmail.htm

EU biometric passports and mandatory fingerprinting
Statewatch legal analysis questions the legality of the proposed Regulation
"no powers conferred upon the EC by the EC Treaty, taken separately or together, confer upon the EC the power to adopt the proposed Regulation"  http://www.statewatch.org/news/2004/nov/11biometric-legal-analysis.htm


Error 404: File not found. Should I fake it? (Y/N)

Yours in fear, fury and fervent solidarity.

Liz