How to cancel the NIS

1 The National Identity Scheme (NIS) has unimpeachable objectives – to fight crime and terrorism and to deliver more efficient public services.

2 It cannot achieve those objectives. There are two technological problems:

2.1 Firstly, it has been evident since July 2002, when the Home Office issued its consultation document on entitlement cards[1], that the scheme is based on the wrong technology. The Home Office chose to use smart cards[2], [3]. They should have chosen mobile phones[4].

2.2 Second, it has been evident since May 2005, when the report on the UKPS biometrics enrolment trial was published[5], that the scheme cannot work. The biometrics it depends on are not reliable enough for the job they have to do[6], [7], [8]. The NIS is being sold on a false prospectus.

3 Since HMRC lost the discs containing millions of people's personal details, all those people have lived with the threat of identity theft. And they will continue to do so for the rest of their lives unless and until they change their bank accounts. The NIS has always faced unanswerable civil liberties objections from a few activists. Now everyone is interested in what the activists have been talking about and public support for the NIS is falling.

4 There is no point the government suffering all this unpopularity given that the NIS cannot achieve its objectives. The government cannot stand by and watch its political capital being destroyed. It is irrational to proceed with the scheme[9]. This is a time for difficult decisions. But they should not be allowed to crowd out the easy ones – the NIS must be cancelled.

5 The question is how to handle the cancellation. There has been plenty of time to think about that question[10], [11], [12] and the following recommendations are made.

6 It is recommended firstly that you say something along the lines of the following about smart cards and mobile phones:

6.1 "It is wanton to ignore the worldwide growth in the use of mobile phones. Almost everyone has a mobile phone and takes it with them wherever they go. The mobile phone network makes no distinction between people of different ages or different nationalities and it doesn't matter where they are in the world, people can be identified – within limits – and located by their mobile phone[13]. In effect, we already have ID cards, in the form of our mobile phones, the global mobile phone network is already up and running and there is no need to introduce the NIS, a second and inferior form of ID.

6.1 "The mobile phone is a powerful tool in our fights against crime and terrorism[14] and the Home Secretary has decided, after consultation with the police and the security services, that resources are better invested in mobile phone-based security measures[15] than in relatively ineffective smart cards, which people may or may not have tucked in their wallets, or hidden away in a drawer of their desk at home."

7 Second, the matter of biometrics must be tackled:

7.1 "The only large-scale field test of biometrics we have conducted was the 2004 UKPS biometrics enrolment trial and the results were poor. The technology is not reliable enough to support the weight of expectations placed on it. It may improve. But, until it does, and until that improvement has been demonstrated in a large-scale trial, it would obviously be imprudent to deploy biometric technology nationally.

7.2 "This is a government of the real world, we do not proceed on the basis of wishful thinking. The biometrics envisaged for the NIS are not even admissible as evidence in court. If and when the technology demonstrably improves, biometrics can be stored on people's mobile phones, with their large memory capacities, more effectively than on smart cards. Until then, acknowledging reality, we shall proceed without biometrics, as the world always has done. We are not missing out on anything – the alleged benefits of biometrics are, for the moment, a mirage."

7.3 The unreliability of the biometrics chosen casts doubt on the UK's plans for transformational government[16] and our plans for eBorders[17]. Both of them depend on reliable biometrics. Both of them depend for the moment, therefore, on nothing more than wishful thinking.

8 Third, the EU:

8.1 "It is a common mistake to treat the UK as though it is the only country trying to implement an NIS. In fact, all EU countries have been enjoined by the European Commission to implement similar schemes, in the name of eGovernment, ever since the year 2000, when the EU's then 5-year plan, eEurope, came into force. We are now only two years away from the end of the EU's next 5-year plan, i2010[18], [19], which enjoins all member states to issue their people with ID cards and to enrol them onto national registers, verifying their identities by reference to their biometrics, and sharing their data with any EU agencies which require it[20].

8.2 "i2010 is not feasible and I shall be raising the matter with my fellow heads of government in the Council of Ministers. The Commission has some explaining to do."

8.3 We are about to enter three months of Parliamentary debate on the EU Reform Treaty. You say that the document is not a Constitution. This will be a hard line to hold. Former President Valéry Giscard d'Estaing says that it is a Constitution[21]. And he should know. He wrote the original Constitution. You may as well get Parliament to confront the fact that the NIS is an EU-inspired initiative at the same time.

8.4 And the same goes for the transformational government scheme. Transformational government is no more than what your predecessor called "joined up government" and what the EU call "eGovernment" in their various 5-year plans. Best to get that out in the open, too.

9 Something has got to stem the tide of unpopularity, disrespect and ridicule. Something like the actions recommended above is going to have to be done, and I commend them to you.

Yours faithfully

David Moss

Review

R.1 By way of a review, suppose that the government do not follow these recommendations, or something like them.

R.2 In that case, the civil liberties questions will remain unanswerable, whereas they have already been neutralised for mobile phones. The government will be missing an opportunity to improve its reputation. Everyone interested already knows that the police use mobile phone records to check alibis, and yet we all continue to use our mobiles – we have already acquiesced in that loss of privacy, giving it up in favour of the utility of the phone.

R.3 The Crosby Forum report has not been published[22], [23]. Everyone interested already knows, therefore, that the NIS is no use to the banks and the major retailers and they can guess that, for the same reasons, whatever they are, it is no use to the country as a whole. To continue with the NIS nevertheless, is to invite ridicule.

R.4 Everyone can read the Office of Government Commerce emails[24] leaked to the Times in July 2006 and so everyone interested already knows that it is the opinion of OGC/the Treasury that the government is setting itself up to fail with the NIS and that it is ignoring reality if it doesn't cancel the scheme.

R.5 Implementation of the NIS is the job of the Identity and Passport Service (IPS). The NIS includes ID cards, biometric visas and ePassports. Everyone can read the National Audit Office report[25] on IPS's implementation of ePassports and so everyone interested can see that, in the opinion of the NAO, the project was on time, on budget and added little if anything to the security of the nation. They will also see that the UK has unnecessarily agreed to store fingerprints on ePassports[26]. They will see further that there isn't room to store them on the ePassport chips specified by IPS. And finally they will see that, at various times, IPS have estimated that ePassports would cost between £100m and £344m, or save either £2,000m or £89m, or they would cost £98m.

R.6 Everyone can read the House of Commons Science and Technology Committee July 2006 report[27] on IPS's plans for the NIS and so everyone interested already knows that the Committee is "concerned", "surprised", "regretful", "sceptical" and "incredulous" at the "confusion", "inconsistency" and "lack of clarity" of those plans. Everyone interested can read, also in the Committee's report, that when IPS gave the Committee a breakdown of their cost estimates for the NIS, surely uniquely among cost breakdowns, it included … no figures. And, for good measure, they can read that the US Department of Homeland Security themselves warned the Committee against relying on biometrics in their current state.

R.7 Everyone can read the European Commission's document which launched i2010 and so everyone interested can see there, and in related documents[28], [29], [30], that the NIS is an EU initiative. Not one of your ministers or ex-ministers can ever explain how the NIS will achieve its stated objectives and their commitment to the scheme is forever mysterious – until we realise that it is not their scheme at all, it is the EU's.

R.8 Everyone can read John Reid's 10 May 2007 article[31] about ID cards in the Guardian and Jack Straw's 12 December 2007 article[32], also in the Guardian, an article about Labour's civil liberties record, in which he manages not to mention ID cards. Mr Reid's article received over 100 reader's comments, Mr Straw's over 500 and everyone can see that almost every one of these comments is a well-informed and impassioned criticism of the NIS. Where is the well-informed and impassioned support? There isn't any.

R.9 Everyone interested knows that IPS and its predecessors have had about six years to think about the NIS and to prepare for it, with the assistance of at least £50m-worth of consultancy[33] and, presumably, the unstinting assistance of every prospective supplier[34]. And yet, nearly two years after the Identity Cards Bill was enacted, they still haven't produced even an invitation to tender for the biometric goods and services required for the NIS. Why? It's not that difficult to write an ITT. One possible explanation is that IPS think it inadvisable to produce one.

R.9.1 IPS told the House of Commons Science and Technology Committee that the maximum allowable false non-match rate for fingerprints in the NIS is 1%. In the UKPS biometrics enrolment trial, the biometric fingerprinting technology used failed to match about 20% of participants to their registered prints. Problem. 20 is greater than 1. What to do? Cancel the NIS?

R.9.2 Not a bit of it. IPS told the Committee that the trial wasn't really a trial. If true, that means that IPS intend to proceed without a trial. You might care to look into this, Prime Minister. It defies good scientific practice. More than that, it defies common sense.

R.9.3 In a written response to the Committee, IPS cited a report written in 2005 by the US National Institute of Standards and Technology (NIST). That report[35] was written in the early days of US-VISIT and NIST anticipated that the false non-match rate would be 0.5%. In the event, US-VISIT actually has a false non-match rate closer to 20%, just like the UKPS trial, and NIST have spent the years since then, together with the US Department of Justice, trying to get the Department of Homeland Security to improve their use of biometrics. It's an uphill struggle against reality. If you are grilling IPS about biometrics, Prime Minister, watch out for their use of NIST reports.

R.9.4 By the way, NIST were using a database of about six million sets of fingerprints and it required all their ingenuity to check, in the time available, that there were no duplicates. We shall have about 60 million sets of fingerprints on file if the NIS goes ahead and the EU will have more like 600 million, if they get their way, and there is an EU-wide database. There must be considerable doubt as to whether the promise of the NIS – that it will be impossible for criminals and terrorists to maintain multiple identities – can be delivered.

R.10 Everyone can read IPS's Strategic Action Plan for the National Identity Scheme[36] according to which the Crosby Forum report was to be published by April 2007. It wasn't and still hasn't been. "Biometric procurement" was meant to begin by June 2007. It didn't and still hasn't. And an "IND enhanced employee checking service" was meant to be "available for employers", also by June 2007. It wasn't and it still isn't. These are strategic actions. And yet they haven't been performed. What are IPS doing?

R.10.1 There's rather an interesting point here, Prime Minister. One of the benefits promised for the NIS is that it will help to stop illegal working in the UK. Without the NIS, the Home Office say that it is very difficult to identify people. They make this point at great length in their first Section 37 cost report on the NIS[37]. It is very hard, they say, for any of the agencies in the criminal justice system to identify people. And the problem doesn't stop there, at the CJS. As the Home Office say, "currently, employers do not have a reliable means of establishing whether a job applicant has the right to work here or not".

R.10.2 So, according to the Home Office, employers do not have a reliable means of establishing whether a job applicant has the right to work here or not. There is not much room for ambiguity in those words, is there? Employers might have a reliable means, if the IND enhanced employee checking service was available to them, but it isn't. The implication is that any employer caught employing people illegally will have a cast iron excuse, supplied by the Home Office, and cannot be successfully prosecuted.

R.11 Australia have recently abandoned their plans for an NIS[38], Scotland have made their opposition clear[39] and so have several English local authorities[40]. The Madrid rail bombings were not prevented by Spain's ID cards, the NIS in Pakistan[41] did nothing to protect the unfortunate former Prime Minister Benazir Bhutto and they would have done nothing to protect us in the UK against the 7/7 bombings.

R.11.1 Everyone will remember that, two weeks after that, we had the 21/7 would-be bombings and that Hussain Osman was tracked all across France and Italy, and finally arrested, thanks to location data provided by the mobile phone network[42]. An ID card in his back pocket would not have helped one iota.

R.12 Conclusion from the review? The government cannot disregard reality. Reality is daily attracting ridicule to the NIS and daily destroying confidence in the government. The NIS cannot achieve its objectives. It cannot help to fight crime and terrorism or to deliver more efficient public services. Meanwhile, thanks to the global mobile phone network, we already have a superior ID card scheme anyway, so we don't need the NIS – that is the government's escape route from mirage and back to reality.