Dear Marek

Mass consumer biometrics

Our correspondence began with my email to you dated 21 August 2008 [1]. There followed a number of communications [2], [3], [4] and [5]. Then there was your letter dated 14 October 2008 [6], for which thank you, and my first answer dated 2 January 2009 [7].

You were kind enough to make several points in your letter. Let's start with the last, which is pretty well where I started six years ago:

I trust that these comments resolve your concerns. I am encouraged by your interest in the potential of biometric technologies in the safeguarding of people's identity and the privilege of UK citizenship, as well as in securing our borders and controlling migration for the benefit of our country.

For six years I have sent proposals to UKPA (then UKPS, now IPS), NCIS (now SOCA), the Metropolitan Police and others, for a voluntary alternative [8] to the National Identity Scheme (NIS). The opening statement of my alternative proposal is: "The main objectives of the Home Office's ID cards scheme are beyond criticism". The methods chosen by the Home Office to achieve them are doomed to failure but there's nothing wrong with the objectives.

My early proposals took it for granted that mass consumer biometrics work. It took years for me to correct that mistake. But gradually, year on year, the evidence piled up [9], the 2004 UKPS biometrics enrolment trial was the final straw, and now it is embarrassing to imagine how naïve my faith in mass consumer biometrics must have looked to some of the recipients of those proposals.

To this mass consumer biometrics apostate, no, your comments do not resolve his concerns. You say:

You have also referred to the results of the Biometrics Enrolment Trial. Its objective, as set out in section 1.1.2, was 'to test the processes and record customer experience and attitude during the recording and verification of facial, iris and fingerprint biometrics, rather than test or develop the biometric technology itself. It was not a technology trial.' Performance figures have been published as part of the documentation, but it is misleading to use this data from an enrolment trial, especially in discussions on the verification performance to be expected from fully engineered modern systems.

Whether or not it was the objective to test the reliability of the biometrics used in the UKPS enrolment trial, it was tested. Tested and reported, at length, over 300 pages, in detail, in May 2005, by Atos Origin [10], the consultancy which managed the trial on behalf of UKPS.

Under the heading Verification Success Rates, we learn that:

·         31% of the able-bodied participants in the trial could not have their identity verified by the facial recognition technology being used. For the disabled participants, that figure rose to 52%. As far as the latter are concerned, everyone would do better to toss a coin than try to rely on biometrics based on facial recognition.

·         19% of the able-bodied, and 20% of the disabled, could not have their identity verified by their fingerprints. It follows that 19 or 20% of people could have trouble proving their right to work [11] in the UK, if the Identity & Passport Service (IPS) have their way. These people could also have trouble proving their right to non-emergency state healthcare, their right to state education for their children and their right to travel. And we're not talking about criminals and terrorists here, we're talking about millions of ordinary, regular, decent people.

·         4% of the able-bodied and 9% of the disabled could not have their identity verified by their irisprints. It is commonly held that there would be about 50 million ID cardholders at any one time if the NIS is ever deployed. Even that 4% figure would imply that 2 million people could have their lives made harder by ID cards, their everyday lives could be blighted by IPS's plans.

How will these people who have no verifiable biometric identity survive in the world of the NIS? There is no answer from IPS. They and their predecessors have had at least six years to think about it since David Blunkett published his consultation document on entitlement cards back in July 2002 [12]. There is still no answer.

Some people could suffer an even worse fate. Under the heading Enrolment Success Rates, we learn that:

·         10% of the able-bodied could not register their irisprints in the first place and, for the disabled, the figure was 39%. These people would not even exist [13] in an NIS based on irisprints.

You say that it was not a reliability trial, it was a usability trial. Not just you, of course. It is the Home Office party line. But if that is the case, if it was a usability trial and not a reliability trial, then certain questions arise:

·         Why are the verification and enrolment results above included at section 1.2 of the Management Summary in the 2005 Atos Origin report? There is something self-contradictory going on here.

·         Why are they headed "Key Findings"? How can they be key findings if they formed no part of the objectives of the trial?

·         Why are there hundreds more pages of performance figures in the report?

These are not rhetorical questions. I have a hypothesis to put to you by way of an answer – that usability and reliability cannot be separated. You cannot test one without testing the other. Usability, in the Atos Origin report, is discussed for 300 pages in terms of reliability. They stand or fall together. If the reliability results are misleading, so are the usability results. To say that the UKPS trial was valuable for its findings on usability but irrelevant for its findings on reliability is neither true nor false, it is meaningless. It is nonsense.

There are other instances which seem to support that hypothesis. The UKPS 2003-04 Annual Report and Accounts [14], for example:

Second biometric

A trial to determine the most appropriate biometric for future needs began in late 2003–04 (continuing into 2004–05), and will involve 10,000 volunteers providing facial, iris pattern and fingerprint data.

This trial will help inform the UKPS and partner organisations on implementing, if appropriate, a second biometric to passport documents. A second biometric will help deter and detect duplicate applications, and strengthen the link between passport/ID cards and the individual holder.

Of course UKPS must take people's experience of enrolment into account. But it's not as though UKPS would choose a biometric that people find congenial but which just happens also to be unreliable. It must be a reliability trial as well as a usability trial, otherwise it can't "determine the most appropriate biometric".

And it makes no sense to separate enrolment into the NIS from the subsequent use of ID cards, to verify people's identity. UKPS would hardly choose a biometric which is usable and reliable for enrolment but which just happens to be useless for verification.

A further instance of my hypothesis occurred when the House of Commons Home Affairs Committee [15] asked why the start of the UKPS biometrics enrolment trial was delayed for so long (4 May 2004):

Q672 Mr Prosser: There has been some discussion this afternoon about the passport pilot project. That was some months late in starting, we think that it will have less coverage than was anticipated and will be over a shorter period. In fact, three attempts by this Committee to meet with that group have been postponed because of all of those delays. What is that an indication of? Is it an indication of the complexities or difficulties of the technology behind the ID card or something else?

Mr Blunkett: It is an indication, firstly, that there has been a change from previous methodology which was not as successful as the new programme. Secondly, that it is important to get it right rather than to get it quickly, which is what we have explored already. Thirdly, that it is the number in the pilot, not the time. I do not know where this differential of five or six months has come from. We want 10,000 people and, as was being indicated a moment ago by you, a lot of people are queuing up to be part of this right across the country, which is very encouraging, including parts of the country where there is not a pilot. We are enthused by that. It is the 10,000 pilot we are interested in rather than whether it takes five or six months. I hope very much that we can learn very rapidly from it. The whole point of the pilot, the whole point of this process, is to learn the lessons, and I do not mean just go through the motions but actually learn what it is, and the development partner and commercial consultation and the scrutiny by Parliament is all part of that same process.

Q673 Mr Prosser: How thorough will the testing be? For instance, will there be attempts to deceive the system or to feed in fake and false information?

Mr Blunkett: Yes. We already did that with the previous technology and one of the reasons why it is important to get this pilot right is that there has been enhancement having learnt the lessons from that. I think worldwide it has been known, and it is one of the reasons why it has taken until now to move to such a scheme, that it was possible in the past to be able to defraud the equipment. Do either of you want to say a word about this because you have been on top of it?

Katherine Courtney: I think it is important to say that while the pilot itself is not really about testing the robustness and scalability of the particular biometric technologies that are being deployed, it is about studying the enrolment process and the customer experience and being able to validate some of the assumptions that we have built into the business case around the time that it takes to enrol and the customer acceptability. I am pleased to say on the limited sample so far that is bearing out our assumptions. I am quite pleased about that. We will be attempting to re-register duplicate identities even with this technology, which is not being tested as the technology that we would expect to take forward, to gain some lessons from this experience about how robust this particular configuration might be. Also we are considering the security risks around the enrolment process, ie the environment in which people enrol, the process itself, how people arrive, how they go through having their fingerprints recorded, their irises scanned etc to ensure things are built into the system like the inability for somebody to replace themselves with somebody else half way through the process so that the application is actually reflecting more than one individual, that sort of thing. We are building those things into the pilot and gaining a lot of experience from that.

Q674 Mr Prosser: Finally from me, how will you make your final assessment? How will you say, "Yes, this works well enough to go ahead"? Will any of that assessment be done independently?

Mr Blunkett: Yes. Do you want to add to that?

Mr Browne: The contract for this particular piece of work is a number of what are called deliverable milestones. Payment will be made on the contract on the basis of people reaching those milestones and there will be an independent element in the assessment of those results. Tony Mansfield from the National Physical Laboratory is an independent assessor of progress and outcome of the trial.

For all that the trial was supposed to be about usability only, it seems to have been delayed because some of the elements weren't reliable enough – the "previous methodology" was "not as successful as the new programme", i.e. it was not as reliable. And it seems to have been designed to check reliability as well as usability – the trial was to be used to test the resilience of the system against spoofing, for example, which would make the NIS unreliable.

Hypothetically (remember) you are reduced to talking nonsense if you try to separate usability from reliability. Not just you but Katherine Courtney, too: "We will be attempting to re-register duplicate identities even with this technology, which is not being tested as the technology that we would expect to take forward, to gain some lessons from this experience about how robust this particular configuration might be". Run that past me again ...

What is the point of testing the usability of a technology that you won't use? Why weren't "fully engineered modern systems", as you call them, used in the trial? Or were they? After all, why would anyone pass up the opportunity of a useful trial?

To be consistent, presumably the Home Office believe that some eminent experts who should know better are deliberately misleading the public. That seems unlikely:

·         Here is Professor Angela Sasse [16] at University College, for example, talking about the UKPS trial (25 May 2005):

Professor Angela Sasse, a biometrics expert who has advised MPs on the home affairs select committee, said biometric technologies were "a lot less mature" than manufacturers made out.

"To be honest, I think it is a possibility that eventually we will conclude it isn't good enough or that the current systems we're using aren't good enough for a large scale public domain application such as an ID card," she said.

·         And then there's IDABC [17], the European Commission's custodians of OSCIE [18] (31 May 2005):

The findings of a biometrics enrolment trial conducted by Atos Origin on behalf of the UK Passport Service (UKPS) show that biometric technologies are still not foolproof and suggest that large-scale issuance of biometric identity and travel documents would inevitably run into some glitches ...

Facial recognition was the least successful identification technology ...

Among other things, further trials are needed, specifically targeted towards those disabled groups that have experienced enrolment difficulties due to environment design, biometric device design, or to specific group problems – for example, black participants and participants aged over 59 had lower iris enrolment success rates ...

A report released by the European Commission on 30 March 2005 warned that – on the technological side – there is currently a lack of independent empirical data. This means that there is an urgent need to conduct large-scale field trials to ensure the successful deployment of biometric systems.

Was the UKPS biometrics enrolment trial a technology trial, or wasn't it? The question was still being asked when the House of Commons Science and Technology Committee published their report [19] on identity card technologies in July 2006. They found that even a Home Office Minister had used the results as though it was a technology trial:

88 ... the Home Office has selectively used evidence from the biometrics enrolment trial to support its assertions. We believe that the Home Office has been inconsistent regarding the status of this trial and this has caused confusion in relation to the significance of the evidence gathered about biometric technologies.

Amidst the inconsistency and confusion and unanswered questions, one point is clear. If it wasn't a technology trial, as the Home Office contend, then people are being asked to spend billions of pounds on the NIS without a trial having been conducted. It is irresponsible, unscientific and unbusinesslike to spend all that money without first determining whether the technology works:

91 … we are surprised by the Home Office's unscientific approach and suggest that rather than collating figures merely to provide information regarding performance, the Home Office admits that it cannot release details until it has completed trials.

93 We are surprised and concerned that the Home Office has already chosen the biometrics that it intends to use before finishing the process of gathering evidence. Given that the Identity Cards Act does not specify the biometrics to be used, we encourage the Home Office to be flexible about biometrics and to act on evidence rather than preference. We seek assurance that if there is no evidence that any particular biometric technology will enhance the overall performance of the system it will not be used.

95 We note the lack of explicit commitment from the Home Office to trialling the ICT solution and strongly recommend that it take advice from the ICT Assurance Committee on trialling. We seek an assurance that time pressure and political demands will not make the Home Office forgo a trial period or change the purpose of the scheme.

96 In written evidence the Home Office said it was not necessary to embark on publicly funded scientific research to improve the capabilities of biometrics. This claim was subsequently denied in oral evidence and the identity card team asserted that research was being undertaken into fingerprint biometric performance. Katherine Courtney said “I would not say that we have not commissioned research. We have commissioned research. We have a piece of research that the Home Office is funding right now into fingerprint biometric performance”. We regret the confusion at the Home Office regarding the research that it is funding and what research it requires.

Is there any reason to believe that the proposed mass consumer biometrics are reliable enough to make the NIS work? If the reliability figures reported in the Atos Origin report are misleading, what are the correct figures? The Home Office have provided none. Has Tony Mansfield made an independent assessment as promised to the Home Affairs Committee by David Blunkett and Des Browne? Has anyone else made an independent assessment? Is there any reason for people to feel confident that their money is being well spent? No trial has been conducted, according to the Home Office. Is there any other evidence to reassure people?

The answer given to the Committee to that last question is a May 2004 report [20] produced by the US National Institute of Standards and Technology (NIST):

ABSTRACT

This report discusses the flat-to-flat matching performance of the US-VISIT fingerprint matching system. Both one-to-many matching used to detect duplicate visa enrollments and one-to-one matching used to verify the identity of the visa holder are discussed. With the proper selection of an operating point, the one-to-many accuracy for a two-finger comparison against a database of 6,000,000 subjects is 95% with a false match rate of 0.08%. Using two fingers, the one-to-one matching accuracy is 99.5% with a false accept rate of 0.1% ...

4.3 Trading FRR for FAR

As thresholds are increased, TAR decreases (which is bad) while FAR decreases (which is good). Given the definitions of TAR and FAR used in this section, the false reject Rate (FRR) is defined as (1 – TAR), so as IDENT thresholds are increased, FRR increases while FAR decreases. This means there is an inverse relationship, or trade-off, between the achievable levels of these two types of system errors. This means there is an inverse relationship, or trade-off, between the achievable levels of these two types of system errors.

To help understand the difference between FRR and FAR, we can use the example of a watch list application. A false reject occurs when a person known to be on the watch list presents his fingerprints to the biometric system but is not correctly identified. There are two conditions under which this can happen. Either the system remains silent and does not return any candidates, or the candidates returned do not include the person’s mate. In the first case, when the system returns no candidates, the person will pass on through primary inspection. In the second case, the person is redirected to secondary inspection while the candidates reported are reviewed ...

NIST predicted in their report that the fingerprinting technology used for verification in US-VISIT [21] would be 99.5% accurate, i.e. there would be a false reject rate of 0.5%. Were they right?

The Office of the Inspector General (OIG) at the US Department of Justice reported, in December 2004 [22], that 118,000 people pass through US-VISIT each day, they are all subject to primary inspection, and 22,350 of them fail and are referred to secondary inspection. 22,350 is 19% of 118,000. Not 0.5%. NIST were wrong.

I know how they must have felt. Embarrassed by their earlier proposal after the OIG report was published. And let down by the technology they had previously trusted.

Of the 22,350 people detained every day for secondary inspection, just 1,811 are subsequently refused entry into the US. 1,811 is 8% of 22,350. 92% of people put through secondary inspection have their time wasted.

The US only apply US-VISIT to non-nationals. In the UK, we are proposing to use the same technology on everyone coming into the country and leaving it, nationals and non-nationals alike. Using the same performance figures, that would require us to perform 95,780 secondary inspections a day [23]. How many staff will the UK Border Agency (UKBA) need? And 7,662 people will be detained every day, not allowed to enter or leave the country. Where are we going to put them?

Mass consumer biometrics are a blunderbuss, a million miles away from the precision of the forensic use of DNA, for example, and the proper, traditional fingerprints taken by police experts. With traditional fingerprinting, if there is ever any doubt, independent experts are flown in from all over the world to resolve it. That is the mark of a proper science. Think of the Shirley McKie and David Asbury case [24].

No-one is going to fly experts in to adjudicate on a technology with a 19% error rate. We're not dealing with biometrics here so much as glorified photocopies of people's fingers.

19% is not only the false reject rate for the fingerprinting technology used in US-VISIT, it is also the false reject rate recorded by the UKPS biometrics enrolment trial, for able-bodied participants, using fingerprints to verify their identity. It is possible that, far from being misleading, the UKPS trial figures are an accurate measure of the reliability of mass consumer fingerprinting.

What about biometrics based on facial recognition? Does US-VISIT experience similar failure rates – 31% for able-bodied visitors and 52% for disabled visitors?

No. Because US-VISIT doesn't use biometrics based on facial recognition. They're too unreliable. According to NIST:

3. VERIFICATION PERFORMANCE

...

3.3 Comparison with Face Recognition

... Even under controlled illumination, which is not used in US-VISIT, the error rate of face is 50 times higher than the two-fingerprint results discussed here. If the case of uncontrolled illumination is considered, this factor would be 250 ...

There is no equivalent in US-VISIT with which to compare the 31%/52% able-bodied/disabled false reject rate for biometrics based on facial recognition. But perhaps there is an equivalent closer to home, at the facial recognition trial currently being conducted at Manchester airport [25], the subject of my letter to you dated 2 January 2008. According to a UKBA person quoted by the Daily Telegraph [26] (4 October 2008):

"Up until the point of the official launch, it was rejecting 30 per cent of those who tried to get through it," the UKBA worker said.

"We believe they had to recalibrate it – essentially make it easier to get through the system."

That allegation by an unnamed UKBA worker is not evidence, of course, just an allegation. But has it been denied? Do UKBA care what allegations are made about them? Has any proof been volunteered that the allegation is false? Has the equipment been re-calibrated? Has the false reject rate decreased? Has the false accept rate increased as a result? More unanswered questions ...

In the feasibility study [27] conducted by you and Tony Mansfield, you say:

52 (c) In the BWG [UK government Biometrics Working Group] evaluation, face recognition achieved a false match rate of 1 in 1000 with a false non-match rate of 1 in 10. This level of performance was realised under ideal lighting conditions and with subjects directly facing the camera, and with test images taken 1 to 2 months after enrolment. In the Facial Recognition Vendor Test FRVT2000, with a longer timespan between enrolment and verification attempts, and with less ideal illumination, performance is degraded somewhat (a false match rate of 1 in 1000 would result in a 6 in 10 false non-match rate!). Even under relatively good conditions, face recognition fails to approach the required performance.

"6 in 10" is a 60% false non-match rate (or false reject rate) and well worthy of the exclamation mark you awarded it. The UKPS biometrics enrolment trial results for facial recognition seem to be in line with other studies.

I put it to you, Marek, that the reliability figures reported for the UKPS biometrics enrolment trial are not misleading. What is misleading is to suggest that today's mass consumer biometrics are reliable enough to achieve the goals for the NIS [28].

The NIS is founded on the National Identity Register (NIR), a database recording everyone's biometrics. If the biometrics chosen do not reliably identify people, then the NIR is just like scores of other public sector and private sector databases. There would be no point building a new NIR. It would be no better than all the NIR equivalents we already have. The NIS would be a waste of time and money.

In fact, the NIS would be a reprehensible diversion of resources, away from effective measures to detect and prevent crime, to counter terrorism and to improve the efficiency of public services. A diversion of resources away from effective measures and into a project which can only fail.

And it's not just the NIS.

eBorders [29], the plan to protect the UK's borders, also depends to some extent on reliable biometrics (March 2007):

1.2 ... We believe a new doctrine is demanded, where controls begin offshore and where we use information, intelligence and identity systems to allow scrutiny at key checkpoints on the journey to and from the UK.

1.3 Managing identity is fundamental to delivering this new approach. Using biometric technology we can permanently link people to a unique identity. We can check this against other records that can reveal, for example, if someone poses a security risk, has previously committed crimes in the UK, or has tried to enter the country under false pretences. It provides us with confidence in who we count in and out.

So does the Cabinet Office's plan for transformational government [30] (November 2005):

39 (7) Identity Management: government will create an holistic approach to identity management, based on a suite of identity management solutions that enable the public and private sectors to manage risk and provide cost-effective services trusted by customers and stakeholders. These will rationalise electronic gateways and citizen and business record numbers. They will converge towards biometric identity cards and the National Identity Register. This approach will also consider the practical and legal issues of making wider use of the national insurance number to index citizen records as a transition path towards an identity card.

If the biometrics chosen are unreliable, it is not just the NIS that suffers and it is not just the UK. Many other countries have similar plans. If mass consumer biometrics are not up to the job they have to do for the NIS, eBorders, transformational government and the like, in the UK and abroad, then we are wasting our time and money.

And that is what I fear is happening. There will be fireworks [31] ...

You assert that biometric technology has improved since 2004:

Regarding one of the principal comments you make - that there is no reason to believe that face recognition 'technology now works better than it did five years ago' - I believe you are aware of the conclusions of the Face Recognition Vendor Test 2006 [32] [FRVT2006], which demonstrated that there has been considerable improvement. These results confirmed the feasibility study's observation that this technology could be applied successfully in a one-to-one (verification) mode. These tests were conducted by a consortium led by the US National Institute of Standards and Technology.

Another NIST report. Another 56 pages of impressive-looking academic research. And very possibly just as wrong as their other report, where they predicted 0.5% and the outcome was 19%. More computer-based competitions whose results are never replicated in the field. Nothing in the outside world is "demonstrated" or "confirmed". More disappointment in store. It's not evidence that the technology has improved. As you say yourself:

Of course, it is only once this technology is tested in a specific context, with optimised algorithms and reference images, that we can be sure that such improvements translate into capabilities which can be deployed in a working system ...

So we agree. Up to now, IPS have had no reason to believe that mass consumer biometrics are capable of doing the job. They were just hoping ... they had their fingers crossed ... something will turn up – it's just not a responsible or scientific or businesslike approach, is it?

Is the Manchester airport trial being conducted according to the standards you indicate? Or will we be told in a year's time that it was only a usability trial, not a reliability trial?

You and Tony Mansfield recommended in your feasibility study that the Home Office set up a national network of 2,000 biometric registration centres. In the event, they have set up a network of only 69 centres (Italy have 8,101 [33] of them). Biometric registration is to be performed largely by retailers [34], it seems, as a sideline [35]. That is part of the "specific context" in which mass consumer biometrics will need to be tested.

NIST's FRVT2006 progress report concerns biometrics based on facial recognition and irisprints only. Presumably we may assume that biometrics based on fingerprints have made no progress and that the false reject rate is stuck on the 19% mark.

Mass consumer flat print fingerprinting is not like traditional rolled fingerprinting. Rolled prints are admissible as evidence in court. Flat prints aren't. They're too unreliable. Arguably, to give both technologies the same name, "fingerprinting", is a confidence trick [36].

Is that the explanation for the inability of IPS to produce its invitations to tender (ITTs) to begin the procurement process for biometric systems for the NIS? The December 2006 IPS strategic action plan stated that procurement would begin by June 2007 [37]. Despite being a strategic action, these ITTs have still not been prepared, 18 months after the deadline.

You go on to say:

... Operational testing, e.g. in Australia and in Portugal, has confirmed the improvements which the NIST technology tests have identified. These tests took advantage of the higher quality reference images which are now available in electronic passports issued in the European Union and elsewhere, and whose specification has been set by an internationally developed standard, as we mentioned in our earlier reply.

You cannot see it from the typography, Marek, and so I have tell you that several days have passed since the previous full stop and the start of this sentence. If the Australian and Portuguese trials provide compelling evidence that computerised facial recognition now works reliably, then something very important has happened. Perhaps that faith in mass consumer biometrics from six years ago can be revived. You do not provide any references in your letter. Please provide some if you can. I have looked for evidence. I have not found any. Just this [38], from Australian IT (8 April 2008):

After several delays the federal Government has given the go-ahead to the $62 million SmartGate project and the biometric passport technology will be rolled out nationally for Australian and New Zealand citizens ...

The system incorporates facial recognition technology, which matches a live image of the traveller against a digitised photo stored on a microchip embedded in the passport. If the images match, the traveller is cleared through the control point.

If not, the traveller will be referred to a customs officer for further examination ...

The ability of the system to accurately identify people was questioned in the early stages of the pilot of the technology in Sydney and Melbourne, which had false rejection rates of 6 to 8 per cent ...

Customs refused to disclose the rates at which the system inaccurately identified people ...

When the system was being tested in Brisbane in the middle of last year, it was reported the false negative rate was down to 2 per cent and the false positive rate was less than 1 per cent.

If the Australians and/or the Portuguese have compelling evidence that mass consumer biometrics are reliable enough to deliver the benefits sought from the NIS, eBorders and transformational government, let us see it.

The Australians may have reservations about publishing the evidence. There are no such constraints in the UK – speaking on 16 December 2008, the Home Secretary said [39]:

… Safeguards, openness, proportionality and common sense.

For the public to have confidence that we will protect them and protect their rights, it is our responsibility as a government to ensure that these standards apply even as technology evolves.

... I am equally clear that we have to measure these efforts [robust powers to tackle crime and disorder] against our standards for safeguards, openness, proportionality and common sense.

... I will continue to put safeguards and openness, a sense of proportion and above all common sense, at the heart of everything we do.

Openness is the order of the day here in the UK, even if it isn't in Australia. There are no impediments to publishing a full report on the Manchester airport biometrics trial including the results and the evaluation methodology.

By the same token, HOSDB treated my 21 August 2008 email to you as a Freedom of Information request. And today's letter to you, as Head of the Home Office Biometrics Centre of Expertise (Science and Technology Committee report, para.4a), is an open letter, also available at http://dematerialisedid.com/bcsl/Marek%20Rejman-Greene%20002.html.

The Manchester airport trial, and the new SmartGate systems in Australia and Portugal, are all meant to verify people's identity. You say:

I would also like to take the opportunity to clear up one area of confusion regarding verification and identification accuracies. As you have observed, para 58 in our report does indeed state that 'For one-to-one identity verification, it is only necessary to use a single finger, a single iris or face recognition'. This is confirmed by the matching error rates as noted earlier in para 52, in the section on identification accuracy, and where we comment that such figures also show that face recognition on its own would indeed not be appropriate for 'one-to-many' matching in very large scale systems.

I would contend that under Tony Mansfield's expert, patient, tolerant, accidental and intermittent tutelage, I have actually got quite good at distinguishing verification and identification. And I've noticed something – you've had to give up on identification.

The politicians and the civil service are still talking about unique, fixed electronic identities [40]:

Gordon Brown [41] (January 2008): biometrics "will make it possible to securely link an individual to a unique identity".

The Home Office [42] (December 2008): "ID cards will securely lock foreign nationals to one identity and help businesses crack down on illegal working".

But the mass consumer biometrics community make it plain that identity, for them, is discretionary. Set the threshold on the biometric equipment to (x₁,y₁) and a match takes place, you are Marek Rejman-Greene. Set it to (x₂,y₂), and you're not. Biometrically, your identity is in the gift of the person setting the threshold. That is not what we conventionally understand by "identity".

That much has been clear for years. Statements such as those above by the Prime Minister and the Home Office are simply false.

But now, Professor John Daugman [43] has introduced a new point [44] (September 2008):

Daugman said that even if the error rate was as low as one in a million, the 10 to the power of 15 comparisons needed to verify the IDs of 45 million people would result in one billion false matches.

He told silicon.com: "The use of fingerprints will cause deduplication to drown in false matches" ...

Even with a tiny error rate, one in a million, it is not practical to prove that each person is recorded on the NIR once and only once. Not with the millions of people involved. The mass consumer technology cannot deliver what the politicians and the civil service are promising.

And no-one in the mass consumer biometrics community is pretending that it can. The terms of reference for your feasibility study were to see if cheap, off-the-shelf biometric systems could establish identity in a population of 50 million people. They can't. When I suggested to Tony Mansfield that the important test is to see if identity can be established in the world population of 6 billion+, ... he wasn't very impressed. But that's what we really need, isn't it, if the NIS and its ilk are to do their job? What with all the present talk of countries pooling their national schemes [45] and sharing the data worldwide [46].

There are still plenty of claims made for verification. No serious mass consumer biometrics expert has offered identification for years.

Marek, I made many of the points above to John Reid [47] when he was Home Secretary. Twice [48]. And to Gordon Brown [49]. It's a strange thing, but the message doesn't seem to be getting through. Politicians just carry on wasting resources on biometrics. That is understandable if I am wrong. But if I am right, then it is a scandal. Which is it, do you think? Is it a scandal?

Yours sincerely

David Moss