|
Information Rights Team |
20 January 2010 |
|
The unique selling point
of the National Identity Service (NIS) is
that it uses biometrics. Take the biometrics away, and there is no reason
to believe that the NIS will work any better than the dozens of other
population
registers maintained by the government. To some extent, the same
is true of the UK Border Agency (UKBA) and eBorders. Several field trials
suggest that the biometrics proposed for the NIS and eBorders are highly
unreliable. And these days, the Identity & Passport Service
(IPS) and UKBA are reluctant to publish figures on the reliability of
the biometrics they have chosen. This reluctance starts to look suspicious,
as though IPS and UKBA have a guilty secret – they know that the biometrics
they are relying on cannot deliver the promises made. Freedom of Information
(FOI) request #13523/09 provided another opportunity, in a long line of them,
for IPS to make a clean breast of it. Attachment
A to this letter gives the details. It includes the original request
(“the Request”), its acknowledgement and the FOI Team’s response (“the
Response”). Once again, IPS have
ducked the issue. This appeal is made to you on the grounds that the
Response is unsatisfactory in at least the following seven ways: 1.1 It is proposed that the NIS should use biometrics
based on (a) facial geometry and (b) flat print fingerprints. The Request
was for figures on the reliability of each of these biometrics. 1.2 When the House of Commons Science and Technology
Committee asked IPS about this matter, IPS said that for facial geometry
they expected “a failure to acquire rate close to zero [and] a false
accept rate of 1%”, and for fingerprints they expected “a failure to
acquire rate of 0.5-1%, [a] false match rate of 1.3e-10, [and a] false
nonmatch rate of 0.01” – please see para.18 of the Committee’s report. 1.3 Have these acceptance levels been achieved?
We don’t know, because on the occasion of the Request, IPS have chosen
a more philosophical approach. The FOI Team identify about nine types
of reliability. Any reasonable
person would therefore expect the Response to provide about nine different
sets of reliability figures for each of the biometrics (a) and (b).
Instead, no figures are provided. None at all. That is unsatisfactory
and the appeal is made to you to provide those figures. 1.4 In connection with their nine or so different
definitions of reliability, the FOI Team say “generally these give very
different performance figures”. They wouldn’t know that, if they didn’t
have the figures available. Given that they have the figures available,
they should have no trouble giving them to you. 2.1 The FOI Team say “it is not possible to provide
a generic response to your request”. If it is impossible to provide
the figures, then the assumption must be that they do not exist. IPS
would in that case be open to the charge that they are planning to deploy
the expensive and disruptive NIS nationwide without having any idea
whether it will work. That would be unbusinesslike and irresponsible. 2.2 The appeal is made to you to explain how
IPS defend themselves against the charge of unbusinesslike and irresponsible
wishful thinking. 3.1 The FOI Team disagree that the NIS is meant
to ensure that, in the words of the Request, each person is recorded
once and once only on the National Identity Register (NIR). “IPS does
not accept the interpretation you have placed on its wording ...”. 3.2 Attachment B to
this letter lists quotations from two Prime Ministers, three Home Secretaries,
an Executive Director of IPS and three Home Office documents, all of
which suggest that the Request is right about one-for-one correspondence.
If, after all, the FOI Team are right, the appeal is made to you to
confirm that all these politicians and civil servants are wrong, and
that they have been misleading the public for as much as seven years. 4.1 Does using biometrics provide a significant
improvement compared with “conventional methods”? Yes it does, according
to the FOI Team, as demonstrated by “its successful deployment for visa
applicants and Identity Cards for Foreign Nationals”. 4.2 About three million biometric visas have
been applied for, tens of thousands have been issued by UKBA, and about
3,500 cases of attempted “identity
fraud” have been detected. 4.3 UKBA are to be congratulated on those 3,500
cases of detection. The question remains, how were these successes achieved?
The public have never been told. Was it thanks to biometrics based on
facial geometry? Or flat print fingerprints? Or was it nothing to do
with biometrics? 4.4 The appeal is made to you to provide some
details. Without that, the FOI Team’s claim that the biometrics in the
NIS will mark an improvement over conventional methods cannot be evaluated. 5.1 The suspicion – which you may confirm – is
that many of UKBA’s eBorders successes are thanks to identity verification
based on flat print fingerprinting. With the equipment configured to
have a more or less 0% false match rate, UKBA can be pretty sure to
detect many cases of people applying for a visa when an earlier application
has already been rejected. 5.2 The problem is that, in that configuration,
the false non-match rate appears
to rise to about 20%. And if 20% of people can’t use flat print fingerprinting
to prove their right to work in the UK, or their right to non-emergency
state healthcare, or their right to state education for their children
– all applications of the NIS,
according to IPS – then there will be a riot. 5.3 The appeal is made to you to explain how
denying 20% of people these rights, and causing a riot, is an improvement
over conventional methods. 6.1 IPS cannot provide any figures for the reliability
of biometrics based on facial geometry, according to the FOI Team, because
they haven’t yet used the technology. But UKBA have tested facial geometry
at Manchester airport and, based on the result of those tests, they
have deployed “smart
gates” to 10 airports in the UK. So UKBA must have some statistics
and it is unsatisfactory that the FOI Team did not provide them. IPS
clearly have access to UKBA’s flat print fingerprinting statistics,
as noted, and IPS are happy to refer to them. So why not the facial
geometry statistics? 6.2 The appeal is made to you to release the
results of UKBA’s smart gates tests so that the public can assess the
merits of smart gates in particular, and biometrics based on facial
geometry in the NIS in general. 6.3 You may care to consider, in connection with
this appeal, that although a lot of non-EEA students in the UK now have
biometric visas, not a single educational establishment has the
equipment needed to use these cards to verify identity. 7.1 The Home Office Scientific Development
Branch have confirmed that UKBA have statistics on the false
non-match rate of flat print fingerprinting. Would you please release
those, too? The false non-match rates are some of the figures needed
to assess the reliability of the biometrics proposed for the NIS. The
appeal is made to you to make good on the FOI Team’s unsatisfactory
failure to release these figures in the first place. The House of Commons
Science and Technology Committee more or less begged IPS not to choose
the biometrics for the NIS until they had the strong supporting evidence
that can only be provided by a large scale field trial. IPS have ignored
them. The Committee also recommended that IPS publish figures on the
biometrics chosen so that the public could have confidence in the NIS.
Again, IPS have ignored them. The Committee reported that the US Department
of Homeland Security (DHS) believe that there are no biometrics reliable
enough to underpin a national ID card scheme. What have IPS done? They
have ignored the DHS. According to the Daily
Telegraph: All foreign nationals
from outside the European Union will have to show a British ID card
if they want a job, obtain a National Insurance card or claim benefits
once the scheme is running in 2008, Tony Blair says today. Writing in The Daily
Telegraph, the Prime Minister makes clear that ID cards will not only
be compulsory for overseas citizens resident in Britain for three months
or more, but will be an absolute requirement to gain access to public
services or to seek work. Mr Blair believed the
Home Office. But Mr Blair was no technologist. And no-one else appears
to share his faith. DWP have never said that they will make work or
benefits dependent on ID cards. Not for UK nationals. The Department
of health, similarly, have never insisted on ID cards for non-emergency
state healthcare, and the Department for Education (as was, now DCSF
and DIUS?) have no published position on the need for UK nationals to
present ID cards to get state education. The Home Office are
peculiarly isolated. Their technology doesn’t work. And nobody wants
it. Not government departments. Not
the airline industry. And not the banks or the major
retailers. It may help you in conducting the review appealed for
if you see the Home office for what they are. In the NIS and, to some
extent, eBorders, the Home Office are trying to sell a product that
doesn’t work to a lot of people who don’t want it. The sooner we can
get them off the hook, the better. Your review may help. In the past few years,
Germany
has added flat print fingerprinting to its visa system. No mean feat.
It may be pointless, but it was a lot of hard work. Not only that, but
they have managed to interface their system with the EU-wide visa system,
VIS, the European Commission’s Visa Information
System. Again, a lot of hard work. And
what have IPS achieved? Nothing. What do they do all day? Another point
you may like to consider. For
example, IPS claim that they can register the entire population on the
NIR. How? Is there a national
network of registration centres? No. They have failed to establish
one. IPS have been in existence for nearly four years. What is there
to show for it? A lot of press releases. A lot of draft framework agreements.
But no NIS. Pakistan have issued 60 million biometric ID cards. IPS
can’t even answer a FOI request properly. What do they do all day? Is
there a national network of cameras, fingerprint scanners, card readers,
and keyboards linking hospitals and schools and employers and pubs and
police stations and job centres and airports to the NIR so that people’s
identity can be verified? No. IPS have failed to provide one. After
four years or more, the NIS remains a fantasy. With
no published statistics to support their choice of biometrics, IPS have
nevertheless commissioned IBM
to develop the biometric NIR. And IBM have commissioned Sagem
to provide the facial geometry and flat print fingerprinting technology
required. Does this technology work? We don’t know. Perhaps even IPS
don’t know. But they’re spending £265 million of our money on it anyway. Meanwhile,
after a two-year trial, the business
schools of the world have dropped flat print fingerprinting. It
doesn’t work. And the FBI
have announced that, after 40 years of watching developments in the
facial geometry sector, they still aren’t going to invest in this flaky
technology, it just doesn’t work*. Biometrics are meant to
be the unique selling point of the NIS. But they don’t work. There is
a hole at the heart of the NIS and pretty close to the heart of eBorders.
Your work on this appeal is important. Yours faithfully David Moss Freedom of information request
submitted 3 December 2009, 12:01: I refer to the ID card “Is your business ready”
information pack issued to employers. Acknowledgement received 8 December
2009, 16:16, FOICR 13523/09: Thank you for your email of 3 December concerning
the Identity Card Information Pack. You have also asked for information
facial recognition technology. Response
received 11 January 2010, 16:49: The term ‘locked together’ means that biometric
information about an individual (fingerprints and facial images) is
associated with the individual’s biographical information (name, address
etc) in the National Identity Register, although to maintain security
the storage of biometric and biographic data is separated. •
Biometrics "will make identity theft and multiple identity impossible.
Not nearly impossible. Impossible." |
|
|
* The Guardian article referred to above, http://www.guardian.co.uk/commentisfree/libertycentral/2009/nov/01/biometrics-home-office, written by me, turned out to be wrong and a heartfelt apology was issued to Mr James A Loudermilk II of the FBI. This is extremely embarrassing. It remains the case nevertheless that there is considerable doubt about the reliability of biometrics based on face recognition and flat print fingerprinting. |
|