A question of identity
8 Comments Rated 0% Send link Print
Hall has come from the private sector
When Sir Gus O’Donnell started work as cabinet secretary he spent part of his first day on the job at Globe House, the headquarters of the UK Passport Service in Victoria. “It’s easy to presume that all civil servants simply operate out of Whitehall but on my first day, I wanted to get out of the office to see how they are delivering what people need at a community and customer level,” Sir Gus said at the time.
Now, nearly two years on, Globe House is home to what has become the Identity and Passport Service (IPS), and is run by James Hall, a former managing partner of Accenture. As chief executive of the Identity and Passport Service, and director general for identity services, Hall finds himself in one of the key positions in the civil service – somewhat ironic, as it transpires that Whitehall’s HR managers rejected the chance to hire him after he graduated from university. “I was tempted to join the civil service but the civil service wasn’t tempted to employ me!” he says, smiling. “I got through the first half of the Civil Service Board, as it then was, but frankly I’m delighted with the way it’s turned out – what goes around comes around.”
Hall joined Accenture in 1976 as an analyst and programmer and worked his way up the organisation. Appointed as the managing partner for Accenture in the UK in 1994, a post he held until 2000, he spent the following five years as managing partner with responsibility for technology and systems integration across the organisation. So what made him move to the public sector? “I figured about 18 months ago that 30 years was an indecent time to spend with any single employer and made the decision to leave last summer,” he replies, adding that a portfolio career was his most likely destination.
“But I’d done a lot of work with the public sector and was always attracted by the opportunity of working there, and as I started to review the opportunities, this opportunity came up. The more I thought about it the more it became clear that I had a choice between doing a number of part-time and intrinsically perhaps rather boring things where you couldn’t really be accountable or make anything happen, or this position – which was clearly not part-time and very interesting and worthwhile. Obviously there is a formal place that you need to go through. At the end of the day it was a competitive selection process but I felt that it was an opportunity I would kick myself if I didn’t go for.”
The IPS was established as an executive agency of the Home Office last April. Hall has overall responsibility for the organisation, operation and management of the service, including the successful introduction of identity cards and the national identity scheme.
The scheme aims to provide a comprehensive and secure way of managing the personal identity data of all those who legally reside or work in the UK by helping secure our borders and tackle illegal immigration, prevent identity fraud and become a key defence in the fight against crime and terrorism. The scheme also aims to improve customer service, as it will make it possible to join up and personalise services across government departments, and the wider public sector.
Under the plans, applying for an identity card will be the same as when applying for a passport. When a person enrols, their biometric information – such as facial image and fingerprints – is recorded. Each person will need to re-enrol once every 10 years, in much the same way as passports are currently renewed every 10 years. The National Identity Register (NIR) is where personal identity details will be recorded and maintained. It will have links with other government systems to share identity data, and will support identity checking services. From 2008 the Border and Immigration Agency will issue biometric identification to foreign nationals and from 2009 the IPS will issue identity cards for British citizens. From 2010 IPS will issue significant volumes of ID cards alongside British passports.
Clearly, then, this is a massive government project and, as Hall admits, it has attracted a high degree of political controversy. Asked what lessons from his time in the private sector that he hopes to apply to his IPS role, Hall says that actually, he has been surprised by the similarities between the two sectors.
“A lot of people from the outside presumed there would be some massive cultural shift between working in the public sector and private sector,” he says. “But I’ve found it much less of a shift than people anticipated. If you’re working with large, complex organisations and dealing with complex problems, you’ve got the same set of issues and the same set of things to deal with. And in many ways I’d say that if you compare life in the public sector to life in a large multi-national, I’d probably get more freedom of action here than there.”
But surely the media spotlight in the public sector must take a little getting used to? “Yes, clearly there are differences. We are subject to a degree of media scrutiny and to some extent media cynicism that people in the private sector don’t have to deal with and don’t, frankly, begin to understand. We’ve certainly had our fair share over the past six months! You can’t take it personally obviously – it comes with the territory – but I suppose it just means that you have to have a high level of personal confidence that you are doing the right thing and that you can defend what you’re doing on television.”
At the end of last year the Home Office’s permanent secretary, Sir David Normington, admitted to Whitehall & Westminster World, that it had been a “tumultuous year” for his department and Hall agrees that it has been through the mill. “The Home Office has had an unbelievably negative, relentless media focus over the past 12 months or so,” he points out. “And there is no organisation in the world – public or private – that could survive that much critical scrutiny completely unscathed. Everybody makes mistakes. Every large organisation makes mistakes. And, frankly, with the great majority of them, people correct the mistake over the due course of time and they move on. Although every single thing is subject to this absurd level of critique, it hasn’t become debilitating and I think the Home Office has survived it very well. We’re moving through it, dealing with it and getting back on to the front foot.”
In terms of his role at IPS, Hall says that he is working towards a set of key benchmarks. “As a management team we set ourselves not even annual targets but we look four to five months ahead about what we need to accomplish and achieve,” he says. “I think it’s very easy – particularly under the media scrutiny we’re under – to constantly get distracted and to forget about what we’re really trying to achieve here.”
He goes on to set out his three main targets. “First of all we’ve got an operational service that we deliver today to which we’re making some quite significant enhancements and changes,” he says. “We’ve got to do all of that and keep that show on the road. There is a lot happening in 2007 and in any other circumstance you would regard that as a very big programme. Secondly, we’ve got to deliver the national identity scheme in terms of actually getting to the point where we can issue identity cards and capture the required biometrics by the back end of 2009. There is an awful lot of work ahead to make that happen. And the third thing we’ve got to do is, even in advance of the time we start to issue identity cards, is start to drive the use and adoption of those cards.”
Hall is clearly a passionate advocate of the identity scheme, describing it as an “identity utility”. Not for him the doubts of civil liberty campaigners or opposition politicians. “The value of the scheme is proportionate to how widely it is used,” he says. “Both in terms of how many citizens take up the card but also how many business processes the card is embedded in across the public and the private sector. Identity activities are absolutely everywhere – they’re not limited to the borders or to government agencies – they happen every time you go to the bank or wherever. What we’re seeking to do is make our identity product the standard.”
And he admits that they can’t do it all at once. “What we’re seeking to do is to start to define priority areas where we can start to drive real value to groups of citizens very early on in the process,” he says. “So that when we’re starting to say in 2009 that the cards are available, we can also say that here’s half a dozen useful things where life starts to be a bit simpler, either for the individual or for a business or for a government department, as a consequence of you having that identity product.”
Asked whether he understands why some doubt the government’s ability to effectively deliver this massive project, particularly as its track record is not flawless – one thinks of the Dome, or the problems with the NHS IT programme – Hall argues that no-one’s track record is perfect. “And of course, the law of big projects is that we will have some hiccups and some things will go wrong – this is as inevitable as night follows day,” he adds. “The government’s track record, by the way, is far better than you would ever surmise from reading the newspapers because no-one ever writes about the successes. But if you look at what the DVLA have done over the past few years, or DWP’s success in implementing radical amounts of technology very successfully, or what we did here at IPS with e-Passports, having chips embedded in all passports, there is a track record of success. The other point to make is that of course there is a lot of technology in this but it is only a fairly small proportion of the cost over the next ten years. The much larger proportion of the cost comes from needing to be able to deal with our customers directly and collect their biometrics.”
Hall goes on to say that the Home Office itself is a highly political
department. “The subjects it deals with are, by definition, political,” he says. “Identity cards have become a debating issue between the two main political parties and I think the discussion tends to overwhelm the range of benefits. No-one has ever said the cards are a silver bullet solution to any given problem but they are worthwhile because they help citizens, business and government with common problems around identity assurance. And actually some of the most disadvantaged people in society – those who are at the margins – are the people who need most help from government and have the most difficulty in proving their identity as they don’t always have three utility bills to hand and so on. If we can give them a simple, secure mechanism for controlling identity then I think that would be extremely helpful.”
Hall is such a strong defender of the identity cards scheme, it seems pertinent to ask whether he was signed up to it before taking up the role. He was – but he is more of a fan now. “The more you think about it, the more you realise they can be helpful across such a broad range of situations,” he says. “It starts to become common sense. And if people ask why they need a passport and an identity card, well you don’t need a passport unless you’re travelling outside of the European Union. If you’re in the EU the identity card will be a perfectly legitimate travel token, but for the time being the passport beyond the EU borders is the only internationally accepted travel document.”
Although, as he points out, the identity card is no silver bullet against terrorist activity, Hall nevertheless believes it will be a valuable tool for law enforcement agencies. “From the statistics we’ve been able to glean, 0.15 per cent of our passport applications may well be fraudulent,” he says. “This is a tiny percentage but because we issue well over six million passports a year, it turns out to be quite a large number. These fraudulent passports are almost universally the tip of an iceberg which leads to other forms of organised criminality. Why do people want a fraudulent passport? They want to disguise their identity and they are doing this in the context of immigration fraud, people smuggling, money laundering, terrorism and so on. Frankly, as we have moved the passport itself to be a great deal more difficult to counterfeit, the sophisticated criminal or terrorist isn’t going to get into the business of trying to forge these documents.”
Hall, then, has clearly got a lot on his plate but he is keen to stress that for his organisation, you can’t divide the passport and identity card businesses. “When we have rolled out the identity scheme there will be the same enrolment process and biometrics for both,” he adds. “You can’t really separate them.”
Pictures: Gary Lee/UPPA/Photoshot
re: A question of identity
David Moss - Jul 16 2007 12:31 AM
ON TRIAL
According to last Thursday's Times [1]:
QUOTE
From next year all passengers travelling on domestic BA flights from Heathrow will have to give their fingerprint and have their face scanned as part of the security check prior to take off.
The new biometric techniques, which will be introduced at Terminal 5 when it opens in March, were being implemented as a result of "recent security threats," airports operator BAA said. Similar procedures are already in force in other countries, such as the US …
[A BAA] spokesman added that while there were no plans yet to introduce biometric security checks across all airports such checks were "definitely the way of the future".
The new machinery at Terminal 5 also had the potential to synchronise with other databases, so that a passenger's biometric information could instantly be checked against, for instance, an ID card database …
Starting in September, more than 14,000 people will take part in trials of the facility. The site, which is the size of Hyde Park, is due to open on March 27.
UNQUOTE
It may well be the case that the US have implemented similar procedures. That does not mean that they work.
All the statistics available suggest that these biometrics are not reliable enough for the job in hand and that they are therefore not "the way of the future" and will not support any useful cross-reference to the National Identity Register or to watchlists supplied by the security services and the police.
The Identity and Passport Service (IPS) have conducted no trial of biometrics since 2004 [2]. That trial revealed that 19% of able-bodied people could not be recognised using their flat print fingerprints and 31% of them could not be recognised using their facial geometry. With failure rates like that, the technology would not be trusted, it would quickly fall into disuse and any resources expended on it would have been wasted.
The cost of the National Identity Scheme has led to quadrupling the price of an adult 10-year passport from £18 in 1997 to £72 this October. People expect value for money. We do not expect our money to be wasted on technology that doesn't work. We do not expect to pay for executive agencies who proceed on the basis of wishful thinking. We want, need, deserve and pay for better government than that.
According to the BBC on Saturday, the airline industry are already complaining about the cost of security measures [3]. They will complain even more if these measures don't work. The threat of terrorism is real. It will not be countered with make-believe deterrents.
Now, at last, it looks as though we shall see another trial, this time performed by BAA at Heathrow Terminal 5. That is a trial of biometrics.
It will also be a trial of IPS.
David Moss
http://DematerialisedID.com
----------
1. http://travel.timesonline.co.uk/tol/life_and_style/travel/article2066498.ece
2. http://dematerialisedid.com/PDFs/UKPSBiometrics_Enrolment_Trial_Report.pdf
3. http://news.bbc.co.uk/1/hi/uk/6898576.stm
re: A question of identity
David Moss - Jul 13 2007 06:03 PM
Q. WHAT DO THE EXPERTS THINK ABOUT BIOMETRICS?
A. THEY'RE MOSTLY HYPE.
The job of the National Identity Scheme (NIS) is to help to prevent and detect crime, to help to counter terrorism and to help to improve the efficiency of public services.
Crime is a real problem. The terrorist threat is real. The efficiency of public services really does need to be improved.
The NIS depends on biometrics. The biometrics chosen are not reliable. The NIS therefore cannot achieve its objectives. It is an unreal mixture of theatre and wishful thinking pitched against threats which are all too real.
Disbelief can only be suspended for so long. It is time for this fantasy to stop and for resources to be devoted to real deterrents.
FACIAL GEOMETRY
The National Physical Laboratory [1] consider that “face recognition on its own is a long way from achieving the accuracy required for identifying one person in 50 million”, “even under relatively good conditions, face recognition fails to approach the required performance” and “facial recognition is not a feasible option”.
One supplier claimed to have used biometrics based on facial geometry to wipe crime off the streets of Newham. The police accused them of lying [2].
In the UKPS biometrics enrolment trial, 31% of able-bodied participants could not be recognized using this technology and, in the case of disabled participants, the figure was 52% -- the technology failed more often than it worked.
The Commissioner of the Metropolitan Police has confirmed that biometrics based on facial geometry are unlikely to be useful [3].
The US Department of Homeland Security (DHS) do not use biometrics based on facial geometry in the case of US-VISIT.
The only major implementation of biometrics based on facial geometry, despite the fact that it doesn't work, is the ePassports decreed by the Berlin Resolution of the International Civil Aviation Organization.
The National Audit Office doubt that ePassports have improved our security.
And the police have considered bringing public order charges against the Border and Immigration Agency because of the over-crowding at airports caused by the slow performance of ePassport-checking [4].
It is, thus, not clear what Stephen Harrison, Director of Policy at the Identity and Passport Service (IPS), had in mind when he said: "biometric ID is not just about control it's about making life easier for legitimate travellers" [5].
The unreliable biometrics chosen by IPS cannot deliver control over people. If that's what he wants, these biometrics will not help him. What they will do is to make life harder for legitimate travellers.
When it comes to biometrics based on facial geometry, we should reduce our expectations of any benefits to nil.
FLAT PRINT FINGERPRINTS
Traditional, rolled prints are admissible as evidence in court because, after 100 years experience, we quite rightly have confidence in their reliability. The flat prints envisaged for the NIS, on the other hand, are not admissible as evidence in court. They are not reliable enough.
The UKPS biometrics enrolment trial revealed flat prints to have a false non-match rate (FNMR) of 19 or 20%. IPS told the House of Commons Science and Technology Committee that they demand a maximum FNMR for flat prints of 1% for the NIS to be acceptable. Logic would seem to dictate, therefore, that flat prints are not acceptable – 19 is greater than 1.
The Committee found IPS's treatment of these statistics to be "confusing", "selective", "inconsistent" and "lacking in rigour".
The DHS use flat prints for US-VISIT but advised the Committee that they had doubts about its feasibility for a national identity scheme. The point is here that US-VISIT only applies to non-US citizens.
The Office of the Inspector General (OIG), part of the US Department of Justice, note that on average 118,000 people pass through US-VISIT every day and 22,350 of them have to be referred to secondary inspection [6].
In some cases this will be because they look suspicious. In most cases, it will be something to do with their biometrics. Either their prints don't match the flat prints registered or they do match the prints on a watchlist provided by the FBI.
22,350 is 19% of 118,000. Is that the same 19% FNMR revealed by the UKPS biometrics enrolment trial?
No-one is sure but it is an interesting coincidence. What we do know is that US-VISIT refuses entry to just 1,811 people each day. That is 1,811 out of 22,350, or 8% of secondary inspections. 92% of secondary inspections are a waste of time in the sense that the visitors are subsequently allowed into the US. Flat prints are a blunderbuss, not a precision instrument.
In our case, flat print fingerprinting would require us to perform about 100,000 secondary inspections a day on international travellers and to detain about 8,000 of them [7]. How? Where?
The OIG note that known criminals continue to cross the border through US-VISIT undetected and, in some cases, to commit crimes on US soil.
The OIG would like all visitors' flat prints to be checked against the FBI's master database of 47m fingerprints. The FBI system cannot cope with the volumes involved. The US are even richer than we are. Can we succeed where they have failed?
US-VISIT does not seem like the right model to copy for the NIS. It fails, with 118,000 users per day. The NIS would have to cope with over 50 million ID cardholders, ePassportholders and biometric visaholders.
If we adopt flat print fingerprinting as the basis for the NIS, then 19% of us will find it hard or impossible to get non-emergency state healthcare, to get state education for our children and to work legally.
When it comes to biometrics based on flat print fingerprinting, we should reduce our expectations of any benefits to nil.
IRISPRINTS
Although they were originally included, IPS have now dropped irisprints from the candidate list of biometrics to be used for the NIS, at least for the moment, citing technology and cost problems [8].
Just as well. In the UKPS biometrics enrolment trial, 10% of able-bodied participants could not register their irisprints in the first place and that figure rose to 39% for disabled participants. These people would not exist in an NIS based on irisprints.
Tony McNulty MP is quoted as saying: “… there are difficulties with the technology … not least with people with brown eyes ... none of these problems are new, but increasingly as biometrics are more and more used ... we think the technology can only get better and better and better …” [9].
That would hardly be a businesslike basis for proceeding with irisprints.
When it comes to biometrics based on irisprints, we should reduce our expectations of any benefits to nil.
ALL THREE BIOMETRICS
At this stage, we have run out of biometrics to support the NIS. There are no candidates left on IPS's list. Unless IPS are irrational, they will wind the project down now. If it relies on these biometrics, the NIS will not support ID cards or ePassports or biometric visas, it will not support eBorders and it will not support transformational government.
IPS should have known this years ago. Their own consultants, PA Consulting, published a paper called 'Biometrics – Is that really you?' in November 2004 [10] which includes a diagram of a little car going from Concept Boulevard, up Biometrics Hill and down to The Car Park of Antiquity via Obsolescence Avenue. The car is yellow and, according to the PA Consulting legend, that means that biometrics are mostly hype.
David Moss
http://DematerialisedID.com
----------
1. Most of the assertions made in this comment are supported by references cited in the earlier comments below dated between 1 and 12 July 2007.
2. http://DematerialisedID.com/Capture.html#visionics
3. http://news.bbc.co.uk/1/hi/uk/4095830.stm
4. http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/06/20/nairports120.xml
5. http://www.silicon.com/publicsector/0,3800010403,39167824,00.htm
6. http://www.usdoj.gov/oig/reports/plus/e0501/exec.htm
7. http://DematerialisedID.com/Biometrics.html#detention
8. http://www.itweek.co.uk/computing/news/2171789/iris-dropped-id-card-plans
9. http://news.bbc.co.uk/1/hi/uk_politics/4348942.stm
10. http://www.paconsulting.com/nl/NR/rdonlyres/8C70168E-B730-4906-BAB7-356961361FFE/0/foresight_biometrics.pdf or http://dematerialisedid.com/PDFs/Foresight_Biometrics.pdf
re: A question of identity
David Moss - Jul 12 2007 04:04 PM
WE WANT, NEED, DESERVE AND PAY FOR BETTER GOVERNMENT THAN THIS
From the Sunday Telegraph of 29 April 2007 [1], we learn that there are about nine million National Insurance numbers (NINOs) extant which cannot be accounted for:
QUOTE
The Government admitted in a recent parliamentary answer that there are now 76.7 million numbers on the database, well in excess of Britain's adult population of 49 million.
Some of the surplus numbers are legitimate. The DWP estimates that 16.5 million are registered in the names of dead people whose surviving spouses can lawfully claim a pension against their late spouse's NI contributions. Another 1.5 million are thought to belong to pensioners living abroad who can claim UK benefits.
However, a spokesman for the DWP said the remaining nine million had yet to be categorised.
UNQUOTE
There is one advantage to this situation: "… once people have a NI number, they are liable to pay tax and national insurance – even if they are not legally allowed to work" [2].
That aside, these nine million uncategorised NINOs represent nothing but problems. This situation clearly increases the probability of benefit fraud and errors. It may increase the probability of people being able to establish a false identity. Further:
"An official inside the DWP told The Times that, even though legally the onus is on employers to make checks … holding an NI number is widely seen as establishing someone’s availability for work" [2].
This situation therefore increases the likely incidence of illegal working. Also, if the size of the working population is only known accurate to the nearest nine million, how does anyone know if the economy is running out of capacity? If it is, then that will tend to increase inflation. Otherwise, not. But which is it? In this situation [3], how do you set interest rates?
DWP are adamant that they only issue a NINO if they are satisfied as to the identity of the bearer [2]. With nine million uncategorised NINOs in circulation, that claim rings hollow.
Not surprisingly. According to the Identity and Passport Service (IPS), it is hard to establish people's identity. The unspoken assumption is that it is hard if people are actively trying to make it hard. According to their Section 37 cost report on the National Identity Scheme (NIS) issued in October 2006 [4, p.5]:
QUOTE
Currently, employers do not have a reliable means of establishing whether a job applicant has the right to work here or not …
It is difficult and resource intensive to ascertain the identity of prisoners suspected of being foreign nationals and those arrested by the police …
It is currently very difficult for Criminal Records Bureau (CRB) Registered Bodies to establish an applicant's identity efficiently ... It is already known that on some occasions, individuals are matched against the wrong criminal record ... this can lead to delays in processing their applications. In a small number of cases, people known to the police have been able to proceed through the system undiscovered …
UNQUOTE
So DWP are not alone. Employers, the CRB and the schools and hospitals who use their services and the whole criminal justice system all face the problem how to identify people.
That is the problem. What is the solution? 31 times in that short Section 37 cost report alone [4], the solution proffered is biometrics.
Three months after the cost report, IPS issued their Strategic Action Plan for the National Identity Scheme [5] and in the final paragraph (92), there it is again:
"Within the Home Office we are already working on simplifying and improving the way we handle identity information. Over time, we will be able to link people to a single identity across our systems using biometrics."
This has been going on for some time. The Cabinet Office's November 2005 paper on transformational government [6] states at para.39(7):
"Identity Management: government will create an holistic approach to identity management, based on a suite of identity management solutions that enable the public and private sectors to manage risk and provide cost-effective services trusted by customers and stakeholders. These will rationalise electronic gateways and citizen and business record numbers. They will converge towards biometric identity cards and the National Identity Register. This approach will also consider the practical and legal issues of making wider use of the national insurance number to index citizen records as a transition path towards an identity card."
Coming back up to date, in the March 2007 paper on eBorders [7] produced by the Home Office and the Foreign and Commonwealth Office jointly, we find at para.1.3:
"Managing identity is fundamental to delivering this new approach [i.e. border controls begin off-shore]. Using biometric technology we can permanently link people to a unique identity."
All of these government departments are basing their plans on biometrics. If the biometrics concerned were traditional fingerprints or DNA, the plans might be feasible. But they're not. The proposed biometrics are flat print fingerprints and facial geometry. The evidence adduced below suggests that it is wrong to place so much confidence in these biometrics [8]. These biometrics should be treated sceptically – they are guilty until proved innocent. To proceed otherwise is irrational.
Other countries are using them. That does not make them reliable. Biometrics are found to be popular whenever surveys are performed. That does not make them reliable.
The NIS appears to be based on a sham. That is not a businesslike way to proceed. We want, need, deserve and pay for better government than this.
David Moss
http://DematerialisedID.com
----------
1. http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/04/29/ninos29.xml
2. http://business.timesonline.co.uk/tol/business/law/public/article670429.ece
3. http://www.telegraph.co.uk/opinion/main.jhtml?xml=/opinion/2006/11/05/do0503.xml
4. http://dematerialisedid.com/PDFs/costreport37.pdf
5. http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf
7. http://www.ind.homeoffice.gov.uk/6353/aboutus/Securing_the_UK_Border_final.pdf
8. Please see the comments below dated Jul 10 2007 03:18 PM and Jul 08 2007 06:55 PM
re: A question of identity
David Moss - Jul 11 2007 12:37 PM
WE ALREADY HAVE ID CARDS -- OUR MOBILE PHONES
The following report appeared on the BBC News website at 10:22 GMT today [1]:
"Four men convicted of the 21 July bomb plot have been imprisoned for life, with a minimum tariff of 40 years each ... Muktar Ibrahim, 29, Yassin Omar, 26, Ramzi Mohammed, 25, and Hussain Osman, 28, were found guilty on Monday."
The case of Hussain Osman is particularly interesting. How did he get away? And how was he caught?
UK passport controls had been suspended at Waterloo International station on the Eurostar service. Mr Osman was therefore able to escape to France and from there to Italy.
He was tracked across Europe and finally arrested in Rome thanks to the global mobile phone network [2]:
"Italian investigators say police used cell phone records to track down one of the suspects in the failed suicide bombings in London on 21 July. Hussain Osman was arrested on Friday in his brother's flat on the outskirts of the Italian capital, Rome. He was traced using call records from two cell phone numbers, supplied to the Italians by UK police."
How would it have helped if Mr Osman had had an ID card? It wouldn't. ID cards would provide little assistance, if any, in locating suspects, victims and witnesses. Mobile phones already do and have done for years [3].
The mobile phone network is already global. The mobile phone network operators can already sit in the UK and watch a mobile phone roam from one radio mast to the next in any country in the world. They can already list all the numbers dialled from that mobile phone and all the numbers that have dialled it – i.e. they can already identify the associates of the bearer of the phone [4].
The Crosby Forum on identity management has been asked to comment on the technology being used in the National Identity Scheme (NIS) [5]. It is to be hoped that they will point to the effective facilities provided by the mobile phones we already have and that they will contrast those with the under-powered, pedestrian facilities offered by the smart cards we are being offered.
The NIS is a throwback to the old-fashioned model of give-everyone-a-card-and-keep-a-list. It ignores the 21st century ID card equivalent – the mobile phone – which we already have. It ignores the evolutionary processes evident to everyone else whereby so many people voluntarily acquire a mobile phone and voluntarily take it with them wherever they go, like an electronic tag.
It makes sense to research how the mobile phone network could provide more assistance [6]. It does not make sense to continue to pin our hopes on smart cards.
What of biometrics? The comments below [7] suggest that the NIS has no reliable biometrics to offer. But suppose that that situation changes? Then store the biometrics on mobiles phones. Mobile phones are powerful portable computers with huge storage capacities compared to smart cards. Again, mobile phones make sense, smart cards don't.
And what of passport controls? If passport controls are reintroduced and we rely on the biometrics proposed for the NIS, it is easy to show that we are likely to have to detain about 8,000 people per day at our borders [8].
That is not feasible. That is the result of basing the NIS on wishful thinking. It would be useful if the proposed biometrics worked. But they don't.
In the face of the blandishments offered by the NIS, remember Hussain Osman.
----------
1. http://news.bbc.co.uk/1/hi/uk/6291238.stm
2. http://news.bbc.co.uk/1/hi/world/europe/4730265.stm
3. http://DematerialisedID.com/Evidence/Crime.html
4. http://DematerialisedID.com/Mobiles.html
5. http://www.hm-treasury.gov.uk./newsroom_and_speeches/press/2006/press_51_06.cfm
6. http://DematerialisedID.com/Register.html
7. Please see comments at Jul 08 2007 06:55 PM and Jul 10 2007 03:18 PM
8. http://DematerialisedID.com/Biometrics.html#detention
re: A question of identity
David Moss - Jul 10 2007 03:18 PM
FINGERPRINTS ROLLED FLAT
Quoting from the article above:
"Under the plans [for the National Identity Scheme], applying for an identity card will be the same as when applying for a passport. When a person enrols, their biometric information – such as facial image and fingerprints – is recorded … The National Identity Register (NIR) is where personal identity details will be recorded and maintained. It will have links with other government systems to share identity data, and will support identity checking services".
There is every reason to believe that biometrics based on facial geometry are quite incapable of supporting "identity checking services" [1]. On the basis of the quotation above, that leaves only biometrics based on fingerprints to support these identity-checking services.
Traditional fingerprints, rolled prints, taken by police experts, using ink, work. Our confidence in them is justified by 100 years of experience. Rolled prints are admissible as evidence in court. A single suspected error causes consternation worldwide. For example, independent experts were flown in from abroad to review the case of Shirley McKie, the Scottish policewoman wrongly suspected of murder [2]. That is only proper, in a respectable technology.
But this is not the technology on offer in the National Identity Scheme (NIS). Instead we are offered flat prints. The name is the same – "fingerprints". But otherwise, the two technologies could not be more different.
Flat prints involve no police expert and no ink. The stock in trade of flat prints is a photocopy of our fingers. This image is processed by a computer program – a fingerprint algorithm – which attempts to determine its unique properties.
How reliable are these algorithms?
In the UKPS biometrics enrolment trial, each participant registered their flat prints. Following registration, a number of participants then pressed their fingers into a device of the sort that would be used by policemen or GPs or employers to take advantage of the NIS identity-checking services. The flat prints of 19% of able-bodied participants, and 20% of the disabled, did not match any of the registered flat prints [3, please see para.1.2.1.3-4]. Their prints were there, they had been registered, but they could not be matched.
It may be because of this unreliability that flat prints are not admissible as evidence in court, unlike rolled prints. There certainly won't be any international experts flying in if roughly 20% of all verification attempts give a false result.
In effect, roughly one in five people were told by a computer that they were not themselves. These people would not be able to use their flat prints to verify their identity. They would be severely inconvenienced as a result. At the limit, according to the terms of the NIS, 20% of the population would not be entitled to non-emergency healthcare, they would not be entitled to state education for their children and they would not be entitled to work here legally.
That is clearly unacceptable. There would have to be alternative ways of determining people's identity. The Identity and Passport Service (IPS) have not suggested what these alternatives might be. But if there are alternatives – such as our present procedures -- and they work, why bother with flat print biometrics in the first place? Flat print biometrics would quickly be distrusted and fall into disuse.
Is the situation as bad as this? Are IPS really hoping that the NIS can be supported by a technology which has a 20% error rate? No-one sensible expects any scheme to be 100% reliable. But surely an error rate of 20% is unacceptable?
These questions were asked of IPS by the House of Commons Science and Technology Committee [4]. The Committee began by establishing that IPS demand a maximum 1% false non-match rate if the NIS is to be acceptable [4, para.18].
19 and 20 are both greater than 1. Flat print biometrics are therefore unacceptable, aren't they? They fail IPS's own acceptance criteria, so the NIS should be cancelled, shouldn't it? That is what reason dictates, isn't it? No, said IPS:
“… testing of the biometric technology itself was not one of the objectives of the Trial, rather the Trial aimed to test and measure the processes around recording and verification of biometrics” and “… it is important to reiterate that the enrolment trial was a trial of process and customer experience. It was not designed as a trial to look at performance of the technology per se” [4, para.88].
If the UKPS trial isn't a test of the reliability of the chosen biometrics, why does the report list the statistics on the success and failure of biometric registration and verification under the heading Key Findings [3, para.1.2] in the Management Summary? How can they be key findings if that is not what the trial is meant to measure?
The Committee understandably enough consider this treatment by IPS of the UKPS trial results to be "confusing", "selective", "inconsistent" and "lacking in rigour" [4, para.88].
The Committee "note an apparent discrepancy between the advice offered to us during our visit to the United States in March 2006 and the advice subsequently provided to the identity cards programme team. On 6 March 2006, we met informally a group of senior policy advisers from the Department of Homeland Security to discuss the identity cards programme. When questioned about the maturity of biometric technologies, the advisers agreed that currently the technology was probably not as reliable or as accurate as it might need to be for a national identity card scheme" [4, para.81] and recommend accordingly that:
"In order to build public confidence in the technologies involved, we recommend that the Home Office publishes an overview of the scientific advice and evidence that it receives as a result of international co-operation" [4, para.81].
This recommendation has not been implemented.
The Committee are "surprised and concerned that the Home Office has already chosen the biometrics that it intends to use before finishing the process of gathering evidence. Given that the Identity Cards Act does not specify the biometrics to be used, we encourage the Home Office to be flexible about biometrics and to act on evidence rather than preference. We seek assurance that if there is no evidence that any particular biometric technology will enhance the overall performance of the system it will not be used" [4, para.93].
No such assurance has been given.
The Committee say that: "In written evidence the Home Office said it was not necessary to embark on publicly funded scientific research to improve the capabilities of biometrics. This claim was subsequently denied in oral evidence and the identity card team asserted that research was being undertaken into fingerprint biometric performance … We regret the confusion at the Home Office regarding the research that it is funding and what research it requires" [4, para.96].
It seems that this regrettable confusion still prevails a year later.
And so, on and on, it goes, with the Committee asking questions that IPS can't answer and making recommendations that IPS don't implement [5]. Altogether, the Committee are concerned more than 20 times in a 62-page report, surprised four times, regretful three times, sceptical twice and incredulous once. They identify 15 or so cases of confusion, four of inconsistency and about 50 cases of lack of clarity.
So that, for the moment, the promises made for the NIS look like so much wishful thinking. In the only trial IPS have undertaken, the technology the NIS depends on -- flat print biometrics -- proved itself to be not reliable enough.
Despite that, IPS proceed.
We learn from the National Audit Office's February 2007 report [6] that:
"There are additional EU requirements specifying that by 2009 ePassports should include fingerprint data which will require personal attendance for fingerprint enrolment. The UK is not obliged to comply with the EU regulations as it is not a signatory of the Schengen Agreement but has decided to do so voluntarily" [6, para.1.7].
Why has the UK volunteered to spend money unnecessarily on deploying flat print fingerprints in ePassports?
We learn also that:
"... although there is spare capacity on the chip [in the ePassport] to store two fingerprints, the current model of chip has insufficient capability to accommodate the enhanced operating system and electronic key infrastructure required to protect fingerprint data" [6, para.3.14].
It looks as though we have volunteered to deploy this technology even though we can't – there isn't room for it on the ePassport chips – and even though it may well be too unreliable to work.
All this comes at a cost. In October this year, the price of an adult 10-year passport rises to £72 [7]. It will have quadrupled in 10 years to pay for IPS's work on the NIS from which it seems we may derive no benefits whatever.
There are a number of questions here for IPS to answer.
David Moss
http://DematerialisedID.com
----------
1. Please see comment below, Jul 08 2007 06:55 PM.
2. 'Fingerprints in the dock', http://news.bbc.co.uk/1/hi/programmes/panorama/4986570.stm
3. UK Passport Service Biometrics Enrolment Trial, http://dematerialisedid.com/PDFs/UKPSBiometrics_Enrolment_Trial_Report.pdf
4. http://dematerialisedid.com/PDFs/1032.pdf
5. Please see http://dematerialisedid.com/PressRelease2.html and http://dematerialisedid.com/Open2.html
6. http://dematerialisedid.com/PDFs/0607152.pdf
7. http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=462192&in_page_id=1770
re: A question of identity
David Moss - Jul 08 2007 06:55 PM
CLEAR OUT THE DEADWOOD
It is now time, surely, to recognise that resources devoted by the Identity and Passport Service, and anyone else, to biometrics based on facial geometry are wasted.
On 28 June 2002, the members of the International Civil Aviation Organization (ICAO), including the UK, agreed unanimously to adopt facial geometry as the "globally interoperable biometric" to be used in passports [1, p.15]. This is the Berlin Resolution of the ICAO.
In February 2003, the National Physical Laboratory (NPL) submitted a feasibility study [2] to UKPS, DVLA and the Home Office which states that biometrics based on facial geometry are too unreliable to be used for registering people's identity. They say: “face recognition on its own is a long way from achieving the accuracy required for identifying one person in 50 million” (p.11), “even under relatively good conditions, face recognition fails to approach the required performance” (p.15) and “facial recognition is not a feasible option” (p.15).
Putting these two points together, we obtain the following – every member of the ICAO, including the UK, is bound by the Berlin Resolution to deploy a useless technology. This is unfortunate but, being bound, we have deployed it.
ePassports are sometimes known as "biometric passports". This is a misnomer. There is no biometric assistance available. Either human Passport Control Officers think the photograph matches the person in front of them or they don't. No computer software helps them to make that judgement.
From that point of view, we are in exactly the same position with ePassports as we were without them. Any licence fees, support fees, maintenance fees and royalties paid by anyone to the owners of the facial geometry algorithms used are wasted.
To the extent that our efforts to improve the efficiency of public services depend on biometrics based on facial geometry, those efforts are wasted.
To the extent that our efforts to combat crime depend on biometrics based on facial geometry, those efforts are wasted.
To the extent that our efforts to combat terrorism depend on biometrics based on facial geometry, those efforts are wasted.
To the extent that ePassports, ID cards and biometric visas depend on biometrics based on facial geometry, these devices are a waste. They are a waste in the UK, the rest of the EU, the US and elsewhere.
Yesterday was the second anniversary of 7/7. Only a week ago, we had car bombs in the West End of London and in Glasgow. The teamwork of our international partners, the intelligence services, the emergency services and the public has successfully averted further atrocities in the UK so far.
The Identity and Passport Service are on the same team but, to the extent that they devote themselves to biometrics based on facial geometry, they are playing a different and pointless game [3].
----------
1. http://dematerialisedid.com/PDFs/Biometrics%20deployment%20of%20Machine%20Readable%20Travel%20Documents.pdf
2. http://dematerialisedid.com/PDFs/feasibility_study031111_v2.pdf.
The NPL report was co-written by Tony Mansfield and Marek Rejman-Greene. The latter is now Head of the Home Office Biometrics Centre of Expertise.
The NPL are not alone in finding biometrics based on facial geometry to be useless. Please see for example the following article in the New Scientist magazine: 'Face-off', 7 September 2002, Issue 2359, p.38, http://www.newscientist.com/article.ns?id=mg17523595.400.
Please see also http://dematerialisedid.com/Capture.html#visionics.
3. The Department of Homeland Security, for example, do not waste any time with biometrics based on facial geometry when it comes to US-VISIT. They concentrate on flat print fingerprints.
re: A question of identity
David Moss - Jul 01 2007 05:04 PM
AFTER FIVE YEARS OF WAITING, FINALLY, WE'RE WAITING.
The Strategic Action Plan for the National Identity Scheme [1] was published in December 2006. Annex 1 includes a list of tasks to be completed by the end of June 2007 -- yesterday:
QUOTE
1. Live pilot of interviewing first-time adult passport applicants begins
2. Biometric Home Office travel documents are introduced (facial biometric)
3. Biometric procurement begins
4. First secondary legislation introduced (under Section 38 of the Identity Cards Act 2006)
5. Design work completed on using the Department for Work and Pensions’ Customer Information System database technology
6. IND enhanced employee checking service available for employers
7. Roll-out of commercial partnership enrolment of UK biometric visas
UNQUOTE
It was presumably a mistake to include task no.2 in the list. According to the National Audit Office report [2] on the introduction of ePassports, 2.2 million of them had already been issued by September 2006 (para.2.1), nine months ago.
But what of the other 6 tasks?
The Home Office published its consultation document on entitlement cards [3] in July 2002, five years and four Home Secretaries ago. The Identity Cards Bill was enacted in March 2006, 15 months ago.
The National Identity Scheme (NIS) is meant to address pressing problems to do with terrorism, crime and the efficiency of public services. And yet 15 months later -- or five years later -- the Identity and Passport Service (IPS) have yet to issue invitations to tender, let alone to begin "biometric procurement" (task no.3).
According to InfoWorld, 25 June 2007 [4]:
QUOTE
A "major" procurement process was set to begin, but "we're not quite ready yet," said James Hall, chief executive of the U.K. Identity and Passport Service, which is in charge of the ID card project. Hall spoke Monday at the Gartner Inc. identity management conference in London. Hall did not say when procurement would start.
UNQUOTE
It would be interesting if Whitehall & Westminster World could discover for us what progress, if any, has been made.
How is morale at IPS being maintained?
Are the prospective suppliers becoming impatient? Or losing interest? Their best people must long since have been re-deployed.
There are good reasons to doubt that the NIS can deliver the benefits offered [5]. How committed do the UK government remain, to this project, which appears to be treading water, while the milestones pass it by?
How much has the NIS cost so far? £100 million? And what is the opportunity cost? Some intelligent and energetic people are being diverted, for years at a time, who could otherwise work on initiatives which could genuinely make a contribution to crime-fighting and counter-terrorism and which could successfully re-engineer public services.
How committed do our international partners remain? The REAL ID Act faces problems in the US [6]. So does US-VISIT, according to the US Department of Justice [7]. And, as far as the rest of the EU is concerned, IDABC [8] appear to have few success stories to report, if any, since the 1999 start of eESC [9].
David Moss
http://DematerialisedID.com
----------
1. http://DematerialisedID.com/PDFs/Strategic_Action_Plan.pdf
2. http://DematerialisedID.com/PDFs/0607152.pdf
3. http://DematerialisedID.com/PDFs/complete_hi_r.pdf
4. http://www.infoworld.com/article/07/06/25/UK-delays-ID-passport-projects_1.html
5. Please see 23 Jun 2007 10:24:37 comments on http://timesonline.typepad.com/comment/2007/06/the-arctic-monk.html
6. http://news.zdnet.com/2100-9595_22-6193735.html
7. http://DematerialisedID.com/Biometrics.html#usvisit
8. http://europa.eu.int/idabc/
9. http://DematerialisedID.com/Mobiles.html#nothing
Rate This Article
Please Log In To Rate This Article
Register Now
For news tailored to your interests, daily and weekly email bulletins, and access to our online discussions, Register your details with us now.
Latest headlines
- Relocation threat sparks protest
- MoD 'saved' £1.4bn
- MoJ gears up for reform
- Sure Start 'failing' disadvantaged families
- Language school closure criticised
- FoI 'inhibiting' civil service advice
- Insider memoirs 'offend' senior diplomat
Most Popular Articles
The top 5 stories on the site this week:
2. Frontline innovation - the way forward?
3. OGC appoints Shell executive
4. Staff with 'no roles' revealed
5. Sacked official has cost £250,000 - so far
re: A question of identity
David Moss - Jul 16 2007 01:10 AM
IDABC, OSCIE, eESC & IPS
The European Commission includes a directorate general called the "Directorate General for Informatics". The Directorate General for Informatics includes a unit called "IDABC".
"IDABC" stands for Interoperable Delivery of European eGovernment services to public Administrations, Businesses and Citizens [1].
IDABC is the custodian of OSCIE, the Open Smart Card Infrastructure for Europe, a generalised specification for a smart card-based ID card scheme to improve the efficiency of public services.
OSCIE was developed between 1999 and 2003 by eESC, the eEurope Smart Card forum.
In July 2005, IDABC said:
"Although smart cards were the main focus, it was also recognised that other non-card based solutions for carrying out qualified eServices are being developed. Work on mobile device technology is particularly important, as this medium potentially offers cost, security and functionality benefits over smart cards" [2].
In other words, if the Identity and Passport Service (IPS) continue to base the National Identity Scheme (NIS) on smart cards, then it will cost us more than if we used mobile phones, we will have less security and less functionality.
The Crosby forum on identity management are due to report to the Prime Minister on the technology choices made for the NIS. They will undoubtedly take the words of IDABC into account.
It would be interesting to hear, two years later, what IPS's view is of IDABC ruing the day when smart cards were chosen and mobile phones were ignored.
David Moss
http://DematerialisedID.com
----------
1. http://ec.europa.eu/idabc/
2. http://ec.europa.eu/idabc/en/document/4484/5584