Google Search Dematerialised ID Search WWW

Limber up
Introduction
Mobiles
Biometrics
PKI
NIR
Anonymity/identity
Capture
Dematerialisation
Campaign
Press releases
Blogging
Visitors
References
TOC

 

 

 
Newcomers and returning visitors, please note that you are welcome to talk to the hermit using this new invention, email.

Dematerialised ID

 

The voluntary alternative

to material ID cards

 

A Proposal by David Moss

of Business Consultancy Services Ltd (BCSL)

 

 

Section 3

 

The government speak of biometrics as though they are almost 100% reliable. The evidence suggests that they are not.

The government speak of how other countries are using biometrics and of how popular they are. Biometrics may be pervasive and popular but that does not make them reliable.

The government speak as though international obligations are forcing them to introduce biometrics. In fact, their introduction is largely the government's own initiative.

The unreliability of biometrics will create many problems. Such as the need to check the identity of 100,000 international travellers a day by some means other than biometrics. How many staff will be required? How will they perform the checks? How much will it cost? Is it worth it? On these questions, the government are silent.

 

There are many hopes for biometrics
What makes the government ID voucher scheme any different from an old-fashioned give-everyone-a-card-and-keep-a-list scheme? Nothing, apart from its use of biometrics. What data would the National Identity Register store which is not already available to the government from other sources? None, apart from people’s biometrics. Biometrics are the unique selling point of the ID voucher scheme. The feasibility of the scheme depends on biometrics working.

Loosely, the hope is that a biometric can be found which, throughout his or her life, identifies each person uniquely in a practical way such that, for example, a Jumbo jetful of people can be moved quickly through the arrivals procedures at an airport while confirming each passenger’s one and only identity.

... they could bring to politics all the precision of Marks & Spencer's stock control systems
If such a biometric could be found, then it would greatly strengthen any ID voucher scheme. The biometric would irrevocably bind each person to his or her record on the National Identity Register. The ID voucher scheme would become a simple human stock control system.

If no such biometric can be found, if it is just wishful thinking, then the ID voucher scheme would have to be radically altered to proceed as best it can without such a binding, as such schemes always have done in the past. Either that or it should not proceed at all.

... and they have important objectives
The objectives for biometrics are specified more precisely by the National Physical Laboratory (NPL) in their feasibility study (para.22) conducted for the United Kingdom Passport Service (UKPS, now the Identity and Passport Service), the Driver and Vehicle Licensing Agency (DVLA) and the Home Office and are to:
  • Allow people to establish their identity by enrolling in the National Identity Register. That identity must be unique. Among other effects of this stipulation, the one-third of terrorists and organised criminals who, it is reported, use multiple identities, would be impeded.
  • Allow people to verify their identity when travelling overseas, for example, or when claiming state benefits or opening a bank account or registering with a GP.
  • Allow the police and the security services to operate watchlists so that they can look out for known or suspected criminals or terrorists.
... so before proceeding, please consider three questions
The ID cards scheme is meant to be "universal", to use the Home Office's own term. That implies that everyone who should have an ID card, should be able to enrol in the scheme, they should be able to register their identity. Registration, according to the scheme, ideally involves everyone recording their biometrics. The result is ideally that it should be possible to use their biometrics to verify everyone's identity.

The experience of biometrics would not be ideal, there would be exceptions. 100% reliability cannot be achieved. The standard must be relaxed. The question is, how much can we afford to relax the standard?

  • Too little, and no-one could use their biometrics to verify their identity. In the case of fingerprints, for example, the slightest difference in the angle at which the fingers are presented or the slightest difference in pressure would produce a print deemed to be different from the registered original. There has to be some tolerance.
  • Too much, and the identity being verified stops being unique. The prints produced match Person A's registered fingerprints, but then they also match Person B's and Person C's.

Either way, the ID voucher scheme would deliver no benefits. It would be a waste of money.

The government have not stated what their relaxed standard is. In that sense, there is no correct answer to the question what level of error or failure is acceptable. If 1% of people cannot register their biometrics, in a scheme with 50m cards in issue, that affects 500,000 cardholders. Is that acceptable? Or too many? If 0.1% of people cannot use their biometrics to verify their identity, that affects 50,000 cardholders. Acceptable? Too many?

If there is no correct answer, then your answer is as good as anyone's:

  • How low would you like the probability to be that you can never have your identity verified by your biometrics? That you will have trouble, as a result, registering with a GP, for example? Or opening a bank account? Or travelling overseas? Or getting your children into state schools or universities? Very low, obviously, but how low?
  • How high would you like the probability to be, that a criminal or a terrorist can be identified by his biometrics, before you think that it is worth spending money on the ID cards scheme? Very high, obviously, but how high?
  • And how frequently do you think that people will be required to use their biometrics to verify their identity, if and when ID cards are introduced? Once a year? Once a month? Every day?

Your answers to these questions will inform your reading of the paragraphs below.

Remember, the same biometrics will be used not only for ID cards but also for the new passports. The need for biometrics to be reliable applies to both.

DNA and fingerprints seem to be reliable biometrics but they are not the biometrics on offer
The biometric that people trust is DNA. DNA evidence is admissible in court and it is trusted by our previous Home Secretary but one, for example. Unfortunately, DNA tests take too long to meet the Jumbo jet requirements above.

We have 100 years experience of the reliability of fingerprints. Fingerprint evidence is admissible in court and it is trusted worldwide. A single example of a suspected mistake with fingerprint evidence is enough to cause consternation throughout the world forensic establishment. It takes a long time to register all 10 fingerprints using traditional methods, i.e. so-called “rolled prints” taken by police experts using ink. And it takes a long time for a fingerprint expert to verify a person’s prints in the traditional way against the registered set – too long, again, to meet the requirements above.

It is the contention of this proposal that the confidence people have, rightly or wrongly, in DNA and fingerprints is being borrowed and exploited for quite different biometrics. Biometrics which, the figures suggest, do not deserve the same confidence. A confidence trick, in fact.

The bar for the biometrics which are on offer has arguably been set too low
Three apparently more practical biometrics are under consideration – facial geometry, irisprints and what we shall continue for the moment to call “fingerprints”.

The terms of reference for the NPL’s feasibility study were to calculate the probability that any of these biometrics could identify a person uniquely in a population of 50m (para.11, 29), the likely number of UK ID cards in circulation.

The Home Office used a figure of 67.5m cards in their July 2002 consultation document (para.5.39).

67.5m is 35% higher than 50m. That's quite a difference. Which figure is correct?

Given that UK residents travel abroad and overseas residents visit the UK, it might be argued that the real test is to see whether these biometrics can be used to identify a person uniquely in the world population of 6.5bn. If they can’t, perhaps we shouldn’t rely on them.

In theory, irisprints and the new-style fingerprints should work. Facial geometry does not work even in theory
The NPL’s findings were:
  • Biometrics based on facial geometry are too unreliable for registration. This conclusion of theirs is unqualified. “Face recognition on its own is a long way from achieving the accuracy required for identifying one person in 50 million”, they say (p.11), “even under relatively good conditions, face recognition fails to approach the required performance” (p.15), and “facial recognition is not a feasible option”. The Commissioner of the Metropolitan Police has confirmed that biometrics based on facial geometry are unlikely to be useful.
  • Unlike facial geometry, irisprints almost never indicate that Person B is Person A (false positive, para.52b), and only rarely indicate that Person A is not Person A (false negative).
  • With many reservations, fingerprints might work, if at least four and preferably all 10 prints are registered on enrolment into the ID card scheme. Some of these are major reservations. It can be difficult, the NPL say (p.34), to register the fingerprints of “women, East Asians, manual labourers [and] older people”, in addition to the obvious problems of people with missing fingers. Also, people associate being fingerprinted with being a suspected criminal. And some fingerprinting equipment can be spoofed with artificial gelatine fingerprints.
... facial geometry
In email correspondence with BCSL, the NPL have confirmed that they were surprised at their findings. They were surprised how poorly the biometrics based on facial geometry performed. So much so that they felt it necessary to include in their February 2003 report the results of investigations by other biometrics experts, who had recorded even worse performance, so that it would be clear that the NPL’s own findings were not freakish exceptions.

They found that verification was unreliable immediately after registration – there is one chance in 10 that Person A will be told that he or she is not Person A. Two months after registration, it was useless – the probability of a false negative rises to six out of 10. The government have proposed that ID cards should be issued for 10 years at a time. For two months, registration on the basis of facial geometry would be unreliable. For 118 months, it would be useless.

While arguing convincingly that they are too unreliable for registration, the NPL state that biometrics based on facial geometry are nevertheless reliable enough for verification purposes (para.108a, b). It is hard to see how they support this statement if six times out of 10 the computers are going to say that Person A is not Person A. Their claim that these biometrics are adequate for small watchlists seems similarly dubious (para.63).

The more correct conclusion is surely this – it may be worth encouraging more research into biometrics based on facial geometry but it cannot be sensible now to spend money deploying a national ID voucher scheme which relies on them in any way.

As a member of the International Civil Aviation Organization (ICAO), the UK is bound by the ICAO’s Berlin Resolution (p.15) to incorporate biometrics based on facial geometry into new biometric passports.

If there is any way to amend this resolution, it should be explored.

Otherwise, the sensible option is to abide by it in the cheapest way possible, as Ireland have done, while recognising that there is no benefit to be gained from biometrics based on facial geometry. No other money than for that minimal compliance should be spent on the deployment of biometrics based on facial geometry.

... irisprints
According to the NPL, the probability of a false positive with a single irisprint can be as low as one in 1,000,000 (106). Given that most of us have two irises, the probability that biometrics based on irisprints will say that Person B is Person A could be as low as one in 1012. There are only 6.5 billion people in the world (6.5 x 109). It follows that irisprints could be good enough to identify people in the population of the whole world, never mind the mere 50m in the NPL’s terms of reference.

This conclusion is tempered by the fact that the probability of a false negative with two irisprints is one in 10,000. That is, on average, one person in every 10,000 will be told by computers that he is not himself. 5,000 cardholders in the UK scheme would be affected, 0.01% of the population. Could we ignore these 5,000 people? Is 99.99% an acceptably high success rate?

There are three more significant problems:

  • A lot of people cannot register their irisprints in the first place (10% of the able-bodied and 39% of the disabled, para.1.2.1.3).
  • Whereas the police can gather photographs of suspects under surveillance and latent fingerprints from glasses they have handled, for example, they cannot gather latent irisprints. (It must be remembered that the film Minority Report is fiction. Too many people forget.)
  • And, unlike photographs of their faces and copies of their fingerprints, the police do not have a database of the irisprints of known and suspected criminals and terrorists – it would be years before they could create watchlists based on irisprints.
… fingerprints
The police can already create watchlists with fingerprints. The UK National Automated Fingerprint Identification System (NAFIS) records 6m sets of fingerprints. NAFIS deals with 1,500 enquiries per day, submitted by police forces all over the country and by other services.

According to the NPL, the best computerised fingerprint verification systems can reduce the probability of a false positive with one fingerprint to one in 100,000 (105). Given 10 fingerprints, the probability that Person B will be identified as Person A may therefore be as low as one in 1050. Also using all 10 fingerprints, the probability of a false negative could be as low as one in 1020.

Fingerprints, therefore, seem to be even better than irisprints at identifying people.

... in practice, the results are embarrassing
The figures quoted above are mainly the results achieved in tests by the NPL and other biometrics experts around the world. The results achieved by non-experts in the 2005 UKPS biometrics trial were quite different.

Facial geometry successfully verified identity a few minutes after registration only 69% of the time for able-bodied participants and only 48% of the time for disabled participants (para.1.2.1.4). In neither case did it achieve the 90% reliability that the NPL feasibility study might lead us to expect.

Irisprints were successful 96% of the time for able-bodied participants and 91% of the time for disabled participants (para.1.2.1.4). These figures are nothing like the 99.99% that we might have expected on the basis of the NPL’s feasibility study. And only 90% of the able-bodied could be registered in the first place – as far as irisprints are concerned, 10% of able-bodied people do not exist. And that figure rises to 39% for disabled people (para.1.2.1.3).

Fingerprints successfully verified the identity of the able-bodied participants in the trial only 81% of the time (para.1.2.1.4). For those aged 65 and over, the figure drops to between 67% and 71% (pp.249-50). Again, there is a wide gap between theory and practice.

It may be argued that the UKPS trial was not designed to measure the accuracy of biometric registration. Perhaps. But unintended consequences are still consequences.

Suppose that 330 able-bodied people under the age of 65 buy tickets for a long haul flight. Using the statistics above in the strictest way possible, 33 of them will not get as far as the Departures lounge, having been unable to register their irisprints. And what is going to happen at the Arrivals desk? Facial geometry will wrongly require 93 of them to be sent home, fingerprints will wrongly require 60 of them to be sent home and irisprints 12. Up to 198 of the original 330 ticket-holders – 60% of them – will be victims of the registration problems and the false negatives of biometrics. How many false negatives is it acceptable for there to be? Almost none.

It may be argued that biometrics would never be used in this way. But then, how will they be used? The government have not explained. What are the plans for people who cannot register their biometrics in the first place? How are false negatives going to be dealt with?

Failure rates like this are unacceptable. Biometric verification would instantly become a laughing stock. If they were not trusted, then biometrics would not stop criminals and terrorists from being able to maintain multiple identities – any biometric evidence casting doubt on one of their identities would be discounted. Biometrics would, on the other hand, make a lot of innocent people furious when they are told by a computer that they are not themselves.

Biometrics are not ready to be relied on. Any money spent deploying them now would be wasted.

... and they confirm that the new-style fingerprints and traditional fingerprints are not the same thing
On the one hand, so to speak, we have traditional fingerprint technology, where a single mistake in 100 years is sensational. On the other hand, we have a technology where 20% of those tested could not have their identity verified by reference to their fingerprints. What accounts for this enormous difference? Answer, the fingerprints recorded during the UKPS biometric trial are not the same thing as the fingerprints traditionally recorded.

The fingerprinting method chosen for the government’s ID cards scheme involves a so-called “flat print” system (para.30, 72 ). There is no ink involved and no fingerprint expert. You put the four fingers of one hand on what looks like a photocopier, then the four fingers of the other hand and then the two thumbs. These are not the fingerprints the public know and trust after 100 years of experience. They are arguably no more than glorified photocopies of people’s fingers and they are referred to henceforth as “fingercopies”, to distinguish them from fingerprints.

This is a sleight of hand. There are two different biometrics, fingerprints and fingercopies. By using the same word for both of them ("fingerprints") we are being lead to associate the proven reliability of fingerprints, with something quite different – fingercopies.

Ask most people if they trust biometrics and they say yes, they're fingerprints, aren't they? No, they're not. They're fingercopies.

According to the Home Office themselves, in their July 2002 consultation document, fingercopies are not admissible as evidence in court (para.5.14, 33, 51). If someone is deprived of some entitlement on the basis of his fingercopies and takes the matter to court, what is going to happen? The government have not explained. Over four years later.

It would be imprudent and unbusinesslike therefore to deploy biometrics now
The Home Office describe this poor performance as “teething problems”. That is an inordinately lenient judgement and the panglossian response of Mr Tony McNulty MP is not businesslike:

“… there are difficulties with the technology … not least with people with brown eyes ... none of these problems are new, but increasingly as biometrics are more and more used ... we think the technology can only get better and better and better …”.

If today’s biometrics cannot verify identity with anything like adequate confidence, then the only prudent and businesslike option is to delay the deployment of biometrics until they can be relied on.

The government point to widespread public support for the introduction of ID cards. That is not the same thing as saying that ID cards would be reliable. The support exists but it is based on the assumption that ID cards would work. If and when they are introduced, if they rely on biometrics, and the biometrics do not work, then the support will evaporate.

At best, the biometrics chosen for the new passport and ID card schemes offer 80% reliability. You are unlikely, when answering the three questions above, to have put forward such a low figure.

Given the confidence you have in biometrics – principally fingerprints and DNA – you may be surprised to discover that the reliability of the chosen biometrics is so low. But that is what the evidence suggests.

It is only by ignoring the evidence that the government can pursue its plans.

... the biometrics project is a major risk, a risk that the government are taking unnecessarily
The intellectual property rights (IPR) in the algorithms used by facial geometry and fingercopy and irisprint biometrics are owned by various companies, who will be owed royalties whenever the biometrics are used (Q466). It is obviously right to pay these royalties if the biometrics work. It is obviously wrong if they do not.

Suppose that the agreed royalty payment is 1p per verification and suppose that 50m cardholders have their identity verified once a year. Then the company owning the IPR will earn royalties of £500,000 p.a. If verification takes place on average once a month, then the company will earn royalties of £6m p.a. Daily verification would take earnings to £182.5m p.a. And that assumes 1p per verification. At 10p per verification, the taxpayer would be paying £1.825bn p.a., etc ... Excluding VAT.

These royalties would be payable in addition to the licence fees to use the algorithms and any associated support costs and equipment sales.

The government have announced the establishment of 69 biometric registration centres in the UK:

"We are acquiring and fitting out 69 offices throughout the UK. Next year we will progressively introduce interviewing of first time adult passport applicants which will be an important measure to deter and to detect fraud" (p.9).

The NPL used a figure of 2,000 registration centres as a tentative working assumption in their report (para.14, 105). The Home Office used the same figure in their July 2002 consultation paper (Annex 5, para.16).

The UK has over seven times as much land as the Netherlands and over three-and-a-half times as many people, and yet the Netherlands are proposing to have 4,200 registration centres (para.4.1). Italy has about 58m people and issues ID cards from 8,101 comuni nationwide.

69 is clearly just the tip of the iceberg. Establishing this new network of 2,000 or more biometric registration centres is yet another expensive and risk-prone project for the Home Office to take on.

If biometrics are unreliable and useless, then there is no point building and maintaining and staffing a national network of biometric registration centres. There is one less excuse to take up everybody’s time with interviews which require attendance in person to get a passport. And there is no need to pay royalties to the suppliers of proprietary biometric technology.

... the government themselves question how accurately people can be registered
According to an April 2004 booklet issued by the Home Office, it is the responsibility of employers to ensure that they offer jobs only to people who are legally entitled to work. The booklet includes a list of 18 documents we can use to establish that entitlement.

According to the Home Office's October 2006 cost report on the ID cards scheme:

"Currently, employers do not have a reliable means of establishing whether a job applicant has the right to work here or not" (Tackling illegal working, p.5).

Are we employers now absolved from our previous responsibility?

According to the cost report, it is not just employers who have trouble establishing people's identity. So does the criminal justice system:

"It is difficult and resource intensive to ascertain the identity of prisoners suspected of being foreign nationals and those arrested by the police" (Identifying those who present a risk to the public, p.5) .

The problems do not end there:

"It is currently very difficult for Criminal Records Bureau (CRB) Registered Bodies to establish an applicant's identity efficiently ... It is already known that on some occasions, individuals are matched against the wrong criminal record ... this can lead to delays in processing their applications. In a small number of cases, people known to the police have been able to proceed through the system undiscovered" (Protecting the most vulnerable people, p.5).

If employers can't identify people properly and the criminal justice system can't either, despite having several hundred years experience, and the CRB can't, despite that being their job, what reason do we have to believe that the staff of the proposed registration centres will do any better? This question remains unanswered by the government.

... biometrics do not offer certainty
The evidence given by David Blunkett to the Home Affairs Committee suggested that computers could use biometrics to deliver conclusive decisions about identity with logical certainty:

“it would be possible for you to be issued an ID card on the identity that … you had assumed some years ago,” he said, “but that would be your identity for the rest of your life coming in or going out of the country. You would have adopted by your own actions an identity that you could not change” (Q634).

He has also been quoted as saying, of the use of irisprints and fingerprints on ID cards, that they “will make identity theft and multiple identity impossible — not nearly impossible, impossible”.

That raises the level of expectations.

The Commissioner of the Metropolitan Police has confirmed that biometric identification needs to be “almost foolproof, ... almost perfect” if ID cards are to achieve their objectives.

The NPL report states that, far from being foolproof, far from perfection or logical certainty, all that can be delivered by biometrics is a probability that a given person is who he says he is: "biometric methods do not offer 100% certainty of authentication of individuals" (para.4). The evidence of the UKPS biometrics trials suggests that this probability is too low to support conclusive decisions. That is the state of the art. Biometrics do not provide the basis for a reliable ID voucher scheme.

On what basis, therefore, can the Prime Minister state, as he did, in his 6 November 2006 article in the Daily Telegraph newspaper, that:

"by giving certainty in asserting our identity and simplicity in verifying it, biometrics will do away with the need for producing birth certificates, driving licences, NI and NHS numbers, utility bills and bank statements for the simple task of proving who we are"?

How did that word "certainty" get in there?

On what basis can the Identity and Passport Service (IPS) write in their first Section 37 cost report on the ID cards scheme:

"Ultimately this will ensure that everyone who has been given permission to enter the UK ... can be identified securely using their biometrics" (Making the nation's borders more secure, p.4)?

How did that word "everyone" get in there?

And how will it work in practice? When biometric equipment at an airport, say, indicates that a passenger’s identity is suspect, that passenger will have to be investigated. There is a limit to how many investigations can be carried out by the given number of staff on duty. The tolerance levels on the biometric equipment will have to be set to suit the number of staff. There will be a butcher’s thumb on the scales. That is a far cry from the offer of conclusive identification. The level of expectations with respect to biometrics needs to be lowered.

The argument advanced by the software houses bidding for UK government contracts for ID cards is that, yes, the biometrics under consideration are not admissible as evidence in court, and yes, they cannot be relied on by themselves to identify people, but biometrics do help, in conjunction with other data, such as biographical details. How? How can data, which is acknowledged to be unreliable, become all of a sudden reliable, because of some other data? It can’t. The argument is without merit.

... they do not act as a deterrent
There is a weak argument that biometrics have a deterrent effect even if they do not work. That is a very expensive bluff with diminishing returns.
... and even the Home Office's own consultants do not believe that biometrics are reliable
The Home Office have been advised on ID cards for some time by PA Consulting. The following diagram is taken from PA's website. What with the car on Biometrics Mountain being yellow, they seem to be saying that biometrics is "mostly hype":
PA Consulting's Innovation Highway
We can learn from the experience of biometrics in the US
Under the US-VISIT scheme, which has been operating since 5 January 2004, a lot of money has been spent on biometric systems to register 100% of visitors to the US.

Until now, the State Department and the Department of Homeland Security (DHS) have considered it practical to record a digital photograph and just two fingercopies for each visitor. There isn’t time, they said, to take more fingercopies at border crossings and ports.

The NPL recommend registering a minimum of four fingercopies and would prefer to see all 10 registered (para.5, 57). The US National Institute of Standards and Technology (NIST) insist that all 10 are required:

"... the NIST-recommended Technology Standard is for ten flat fingerprints to be taken to add or 'enroll' individuals in databases and to conduct searches of the databases ... Thus, the current US-VISIT fingerprint collection standard (two flat fingerprints for enrollment and database searches) is not consistent with the NIST-recommended Technology Standard".

There is a danger here that a lot of money (between $10bn and $20bn according to Forbes magazine) has been spent on an expensive charade. A danger that the DHS just look as though they are operating a security system.

The requirement for biometrics on travel documents for US-VISITors was established by the Enhanced Border Security and Visa Entry Reform Act of 2002. One US biometrics expert interviewed by New Scientist magazine pointed out: "The act, if you read it carefully, doesn't require that the system actually works, just for it to be there". A charade, in other words, would not actually be illegal.

The Office of the Inspector General (OIG), part of the Department of Justice (DoJ), reviewed the first year of operation of US-VISIT. If the OIG are right, we certainly do not want to get into the same position as the US. The Americans deserve better. So do we. The findings of the OIG report are:

  • 118,000 people pass through US-VISIT each day. They are all subject to biometric checks (i.e. primary inspection, by computers). 22,350 of them (19%) fail and are referred to secondary inspection, by immigration officers. 1,811 of them (1.5% of all visitors, 8% of secondary inspections) are refused entry into the US.
  • The DHS have adopted the policy of checking visitors against a watchlist extracted from the FBI fingerprint database, IAFIS, which records 47m known or suspected criminals and terrorists. The watchlist has only been updated monthly. The OIG consider this to be too infrequent.
  • According to the OIG, “a [DoJ] study of the extracted data has shown that extracts are prone to have errors and omissions that result in missed criminals” and “almost three quarters (73.1percent) of the criminal aliens encountered at Border Patrol stations and ports of entry were identified only by checking IAFIS, and would not have been identified by checking IDENT [the DHS database] alone”.
  • The OIG would therefore like to see all visitors checked against the full FBI fingerprint database, not just against the watchlist.
  • Notwithstanding the OIG recommendation, the DHS only intend to check between 800 (0.7%) and 6,400 (5.4%) visitors per day against the FBI database ...
  • ... which may be just as well, because the FBI system could not handle enquiries on 100% of visitors, even if the DHS wanted to submit them. The capacity limit at the time of the OIG report was 8,000 per day (6.8%) and that capacity was due to be increased by October 2005 to only 20,000 per day (16.9%) ...
  • ... and anyway, although the FBI system is meant to be available 99% of the time, it achieves only 96.3% uptime. Sometimes it is unavailable to respond to enquiries for several hours at a time. (The same, and worse, happens in the UK.)
  • Taking two fingercopies instead of 10 is inaccurate and slows down the FBI's computers: “the DHS’s decision to continue using two flat fingerprints rather than ten … makes direct searches against IAFIS impractical because … [they] significantly reduce the accuracy of IAFIS by increasing the number of false positives” and “the cost of searching IAFIS with two flat fingerprints is 25 times greater than 10 fingerprints and requires significantly more computer processing resources”.
  • In contravention of the USA Patriot Act, the DHS system is not “readily and easily accessible” to other federal, state and local law enforcement agencies, partly because of the practice of recording two fingercopies instead of 10 and partly because the DHS do not believe that other agencies should have access to their database.

While the money has been spent and the scheme has been deployed, known criminals continue to enter the US. The OIG cite a number of revolting cases to make the point, one involving the rape of two nuns and the death of one of them, another involving a mass murderer who carried out four murders after successfully crossing the border.

How is the UK going to avoid the same problems? Another question the government have not answered.

... and from the absence of any success stories for biometrics in the media
We can all think of well-publicised cases where mobile phones have been used to track down terrorists, criminals, their victims and witnesses. This technology is known to work.

The same applies to DNA. There are frequently stories in the media of crimes being cleared up by DNA analysis, often decades later. Again, the technology works.

If there were any similar cases of facial geometry or fingercopies or irisprints being used to unmask people, then they, too, would have been well publicised. US-VISIT has been operating for over two years. There are no such success stories in the media. Far from it, the media are awash with stories of failure and doubt.

On 28 May 2006, BCSL put up a paper entitled Is the biometrics emperor wearing any clothes? on the European Biometrics Portal. There has been no answer so far.

It is hard to resist the conclusion that the investment in biometrics now is like the bubble investment in the South Sea Company in the 1710s. And that belief in biometrics now is like the tulipmania that afflicted Holland in the 1630s. And that this emperor has no clothes. For the moment, the government’s ID voucher scheme is going to have to get by without biometrics.

The ICAO do not provide cover for the introduction of ID cards
As noted, the members of the ICAO, including the UK, have agreed unanimously, in the Berlin Resolution, that all passports should in future include biometrics based on facial geometry.

The Berlin Resolution says:

“ICAO TAG-MRTD/NTWG endorses the use of face recognition as the globally interoperable biometric for machine assisted identity confirmation with machine readable travel documents” (p.15).

But facial geometry is the least reliable biometric of all, it is a waste of money. Far from forcing the Home Office, as they suggest, to introduce biometric passports and ID cards, the Berlin Resolution surely needs to be reconsidered.

The Berlin Resolution says further:

“ICAO TAG-MRTD/NTWG further recognizes that Member States may elect to use fingerprint and/or iris recognition as additional biometric technologies in support of machine assisted identity confirmation”.

That is “may elect to”, not “are forced to”.

The ICAO list 13 considerations behind their reasoning in favour of the Berlin Resolution, including the following:

  • "Facial photographs do not disclose information that the person does not routinely disclose to the general public”.
  • “[Facial geometry] does not require new and costly enrolment procedures to be introduced”.
  • “[Facial geometry] can be captured from an endorsed photograph, not requiring the person to be physically present”.

The Home Office are certainly not being forced by the ICAO to introduce an expensive system of compulsory attendance at a national network of 2,000 or more biometric registration centres where people will have their fingerprints taken like criminals in order to obtain a UK passport. That is their own initiative.

… nor does EC 2252/2004
There is a Regulation of the Council of the European Union, EC 2252/2004, binding members to introduce passports incorporating biometrics based on facial geometry by August 2006 and biometrics based on fingercopies by February 2007. Denmark, the UK and Ireland are “not taking part in the adoption of this Regulation” and are “not bound by it or subject to its application”. Thus, although we may be bound to introduce cheap and useless biometrics by the ICAO, we are not bound to introduce expensive and useless biometrics by the EU.
... nor do the other precedents cited by the Home Office
The Home Office’s May 2005 Identity Cards Briefing document includes several of these unconvincing arguments for introducing biometric passports:
  • They cite the US-VISIT scheme in the US as a reason for registering everyone’s fingercopies on biometric passports. US-VISIT has its own problems, as noted above. Suffice to say here that there is no point, for the US or for the UK, introducing a scheme which will fail to verify the identity of 20% of people.
  • They cite the EU’s decision to record facial geometry and fingercopies on passports issued by members of the Shengen area, EC 2252/2004. This does not alter the fact that facial geometry is useless and fingercopies are unreliable. Further, the UK is not in the Shengen area and we are not bound by this decision anyway, as also noted.
  • They cite the EU decision to move towards introducing the same unreliable biometrics based on facial geometry and fingercopies on residence permits and visas issued to Third Country Nationals. The relevance of this point is unclear. UK citizens are not Third Country Nationals.
  • They mention the existing practice in the UK of recording fingerprints on the Application Registration Cards (ARCs) issued to asylum seekers. But these are traditional, proper rolled prints, taken by fingerprint experts and admissible as evidence in court, unlike the fingercopies envisaged for UK citizens.

On that last bullet point, consider the following quotation from the Home Office's own July 2002 consultation document:

"Asylum seekers are now being issued with Application Registration Cards (ARCs) which also include biometric information in the form of fingerprints. Asylum seekers present a particular problem in verifying identity as they often enter the country without any official documents such as passports and those they have may not be genuine. The fingerprinting of asylum seekers to a legal standard of proof (unlike that suggested for the entitlement card [now ID card] scheme) helps to ensure that an individual cannot make more than one application for asylum and that the fingerprint evidence can be used in court" (para.5.14).

ARCs are not comparable to ID cards. Had the Home Office forgotten this fact when they wrote the May 2005 briefing document? Are we expected to have forgotten it? They seem to be prepared to ignore the evidence, even their own evidence, in the bid to convince us that the biometric passport and ID card schemes will work.

The Home Office make questionable use of their budget figures
The attempt is being made to use these poor precedents as cover for the introduction of ID cards. We have to do so much work anyway to abide by the Berlin Resolution and the other initiatives above that we might as well, it is argued, spend just the little bit extra which is needed for ID cards.

This cockeyed reasoning based on marginal costs was used by David Blunkett, when he gave evidence to the Home Affairs Committee, to state that the cost of an ID card would be only £4:

"The vast bulk of the cost will be incurred irrespective of whether we move to the ID card and the clean database. I think once people understand that, that what we are being is transparent about the likely cost over a ten year period as the scheme builds up rather than simply increasing the price of a passport, which is how securer passports have been dealt with previously, then they will understand that the small additional amount for the use of the card and the secure database to be used in that way is worth it. A small amount, our estimate at the moment is an additional £4 over the ten years for those who have the passport and, if we use them in future, driving licences. That is not the case, of course, for people who have got neither, they would obviously be paying the substantive sum of around £35 over the ten year period" (Q673).

He went further, and argued that the cost of ID cards is tiny if you look at it on an annual basis. The Home Office’s July 2002 budget covered a 13-year period. Of course if you divide any positive number by 13, you get a smaller number. 13 times smaller.

You still have to pay the whole bill and that is rising fast. In July 2002, the Home Office estimated the budget for ID cards, covering three years of development work and the first 10 years of operation, to be between £1.318bn and £3.145bn (Annex 5, para.33). Their latest estimate is £5.4bn (p.10), down from the previous £5.8bn. The London School of Economics (LSE) at one stage estimated it to be between £10.6bn and £19.2bn (pp.5, 11, 245), more like £157-£286 per card than £4 per card.

Since then, the LSE have been defeated in their attempts to estimate the cost of the scheme. The Home Office's vision of how the scheme will work is so unclear that it is impossible to prepare useful estimates.

The budget for passports is being confused with the budget for ID cards.

One minute the focus is on the whole budget, next it is on the marginal cost.

One minute the focus is on the whole budget, next it is on just one year’s worth.

These three tricks with budgets cannot disguise the fact that the NPL’s findings, the UKPS biometrics trials and the experience of US-VISIT confirm that biometrics based on fingercopies and irisprints are unreliable and biometrics based on facial geometry are useless. ID cards and biometric passports are equally unreliable and useless.

... and the cost of biometrics remains unknown
The government want to include biometrics on their ID cards at a budgeted cost (Annex 5) of £0.7bn: £608m (registration centres) + £69m (equipment operation) + £28m (equipment acquisition). This budget figure covers the set-up costs for a biometrics system, spread over three years, and the first 10 years of its operation, 13 years in all.

Three different biometrics are being considered. The government may choose to use one, two or all three in the scheme. The budget cannot be the same irrespective of which choice is made. The single figure of £0.7bn must be treated with some scepticism.

The budget figure gives an incomplete picture:

  • The proprietary technologies used will attract royalties, payable every time anyone anywhere appeals to the biometric record to try to prove his or her identity. We do not know the cost of these royalties any more than we know the cost of IDNet.
  • The cost of biometrics will presumably be reduced by making the staff of the CRB redundant. If ID cards are introduced, there should be no need for these staff or for anyone else whose current job it is to identify people. What is the value of that saving?
  • The cost of biometrics will presumably be increased by the fact that the landlords of the registration centres, Mapeley, are registered offshore and pay no corporation tax on their profits in the UK. What is the value of that loss to the Exchequer?
  • They will be further increased by the cost of crowd control outside biometric registration centres, and even riot control, if and when people discover that their money has been wasted.

Despite the Home Office publishing their cost report, we have little idea as yet what the cost of biometrics will be.

The fact that other countries have deployed biometrics does not make them reliable
If biometrics are unreliable and useless for passports, then they are unreliable and useless for ID cards. If biometrics are unreliable and useless in the UK, then they are unreliable and useless in the rest of the EU and in the US and everywhere else where they are being considered or have already been adopted. The argument that other countries are deploying biometrics and therefore the UK has to rely on them does not hold water. Biometrics may become pervasive. That does not make them reliable.
... nor does the fact that the private sector is introducing biometrics
The Chancellor of the Exchequer, in a speech to the Royal United Services Institute, was impressed by the fact that:

"Already one million people have bought and use an IBM laptop which uses fingerprint recognition to control access - and for the future, manufacturers are looking at the same fingerpint recognition technology to make mobile phones and MP3 players worthless if stolen".

Do the biometrics on these laptops work for everybody or do 20% of users find that they don't work? The Chancellor doesn't say. If and when security measures incorporating biometrics can make stolen devices useless, well and good, but biometrics are not reliable enough yet. They may be popular and they may be pervasive both, without being reliable.

... the private sector can quite legitimately ignore 20% of the population, the government can't
According to the US company Pay By Touch, "more than 160 million consumers have opted-in to participate in Pay By Touch-managed programs, available in more than 12,000 retail locations". That's fine for the private sector. But if theirs became the only way to make payments, 20% of people couldn't buy anything. The private sector can but the UK government cannot afford to ignore 20% of people in that way. They have to govern for all of us.
... there is a case for prudence here
One of the NPL's reservations about fingercopy technology, remember, is that it can be spoofed with artificial fingerprints. In that case, the Chancellor and IBM and Pay By Touch should note, the security of fingercopies may be a myth. They may care to review the evidence of Mythbusters, the Discovery Channel programme, on which security doors and laptops fitted with fingercopy readers were broken into using nothing more than a photocopy of the user's finger.

In view of which, together with the evidence that 20% of the public can't be registered using the biometrics chosen, surely the government would be best advised to watch and wait. Let the private sector perform the biometrics experiment:

  • If it fails, no taxpayer's money will have been wasted. The government will avoid being the object of public ridicule for failure. And of public fury for guessing and hoping and, in the end, wasting our money.
  • If it succeeds, the lessons how to deploy biometrics will have been learnt. The pitfalls will have been identified and can be avoided. The protocols for how to use biometrics will have been developed. The case for the reliability of biometrics will have been proved. The government can proceed with confidence. Public confidence.

... and the banks, prudently, show no sign of ignoring the unreliability of biometrics
The fact that 20% of people will not be able to register their fingercopies in the first place, and the fact that security based on fingercopies can be subverted, may account for the further fact that not a single UK bank has yet said that it will rely on the government's ID cards when people try to open a new account.

That is a litmus test for the ID cards scheme. If the banks feel that they have to continue to use other methods of identification, that the ID card will not alone be sufficient, that they still have to follow all the anti-money-laundering procedures of know-your-customer (KYC), then people will see no difference when it comes to dealing with their banks. They will quite rightly feel cheated, having spent billions of pounds on the biometric passport and ID card schemes, and the government will have to answer the charge that they have wasted taxpayers' money.

The government are in the position of supplicants in this matter. If the banks were to announce that they will rely on the government's ID cards, that would endorse the scheme. But the biometrics involved are unreliable. There is no business case for gratifying the government's wishful thinking. The banks would have to answer to their accountholders and their shareholders for a manifest lack of prudence.

One implication of all this optimism in the UK? 8,000 detentions per day
According to the Office for National Statistics (ONS), “in 2004 overseas residents made a record 27.8 million visits to the UK” and “the number of visits abroad made by UK residents has almost tripled since 1984, to a record 64.2 million visits in 2004”.

US-VISIT is a scheme for overseas residents only. The US do not put their own citizens through it. By contrast, the UK proposes to check not only overseas visitors but also its own citizens. Based on ONS figures, that makes 92m entries into the UK during the year or 252,055 primary inspections per day on average, more than twice as many as the 118,000 processed through US-VISIT.

The US perform secondary inspections on 19% of all US-VISITors, 22,350 people per day. If our experience is the same as the US, the equivalent figure in the UK will be 47,890.

The Home Secretary has promised that by 2014 everyone will be checked on exit from the UK as well as on entry. That would double the figures and take us to 95,780 secondary inspections per day. More unanswered questions are raised. How long does a secondary inspection take? What do you do with the people who have missed their train or boat or plane as a result? How many staff will be needed? What will it cost? Where do you put the 7,662 (8% of secondary inspections) people per day who will be detained?

This extraordinary figure of roughly 100,000 secondary inspections and 8,000 detentions per day is one measure of the implications of relying on flawed biometrics, of proceeding on the basis of hope alone and of ignoring the evidence.

It is not just airports and seaports that will be affected. Secondary inspections will be required also in banks and hospitals and schools and benefits offices and anywhere else that public or private sector bodies might decide to require verification of people's identity with government ID cards. Who is going to perform these secondary inspections? And is the benefit great enough to warrant the cost?


Essays:
midata 2
midata 1
Brodie Clark 2
Brodie Clark 1
Control
Towel
UIDAI *
Whitehall * *
Maude
Morpho
23
G-Plan
Hacked off
NCP
Evidence * *
Appealing 3
Tsunami
Brakes
Appealing 2
Faith *
Noble
Fraternal review
Scorecard
Appealing 1
Adventure
Torpedo *
Psychobabble *
Compromise® *
Delusion® *
Tulipmania
Pharmacy
Clean water *
UKBA
eOdyssey
Commercial
interest
ID in care *
Ely, St Neots
Intelligence *
Scholarship *
Fantasy
Elor (4,8) *
Statistics
ASA
Misleading
Misery *
Stork
HOSDB
SOPCom *
Charity *
Carols 2 *
Carols 1 *
Lifebuoy *
Woolies *
Segments *
Listening *
Risk
Hallmark *
dIPSticks *
Cost *
Data sharing
Pie
Surprise
McQueen
Genealogy
Noitatlusnoc *
Consultation
Dogma
Frankenstein
Espionage
Crosby
Clegg
Fingerprints
Mobile ID
Conspiracy
Festival
Work
Hook
Fireworks
Irisprints
IPS
Respect * *
HAC 3
Propiska
Reid 2
Reid 1
HAC 2
HAC 1
Emperor *
 
 
* also available at
 
Off topic:
Management
Public interest 2
Public interest 1
Nick Robinson
SNAFU
Misfeasance
Prescott
Maude
Letwin
Watmore
Less for more
Whitehall
O'Donnell
Clouds
Polarisation *
Swiss guards *
Good news *
Tennis
Competition *
Miliband 3
Covenant *
Heseltine *
Watergate *
Influence 2 *
Influence 1
NewWorld 2
NewWorld 1
Fire
U-turn
Miliband 2
ABC
Gauntlet
Hilton
Miliband 1
Ryan
Blunkett
 
* also available at

Unsolicited testimonials:
  1. Spy Blog
  2. RogiLife.Com
  3. Gronmark
  4. Thought Alive
  5. ... er ...
  6. That's it.

Mobile phones are today's ID cards
© 2002-2011 Business Consultancy Services Ltd
on behalf of Dematerialised ID Ltd
PKI exists

Limber up
Introduction
Mobiles
Biometrics
PKI
NIR
Anonymity/identity
Capture
Dematerialisation
Campaign
Press releases
Blogging
Visitors
References
TOC