|
Business Consultancy Services Ltd
28 January 2007
Rt
Hon Dr John Reid MP Home Secretary Home Office 50
Queen Anne’s Gate Dear
Home Secretary The need to deliver (2001 election) and the need to listen (2005) Last week did
not help the Home Office’s reputation for competence. At some point soon,
commentators will remember that this same Home Office has been entrusted with
accurately registering the identities of 50m people in the The unique
selling point of the new passports, ID cards and visas (collectively, “ID
vouchers”) is the novel use being made of biometrics, specifically biometrics
based on fingerprints. The fingerprint
technology being implemented for ID vouchers in the It might be be
nice if this was not the case.
Crimes like illegal working could then be prevented with all the simplicity
of a stock control system. But it is
the case, and it is wishful thinking to proceed as though it isn’t. That is the state
of the art. And yet, repeated government announcements and publications
continue to speak of biometrics as though they have near-100% reliability[3].
That is what people have been led to expect but the promise cannot possibly
be delivered[4]. It follows that, when the 81% message coming through
from reality makes itself heard, there will be an almighty row. The only
question is when that row takes
place. If you act quickly, the timing will be to some extent under Home
Office control. Consider three options. According to the Strategic Action
Plan for the National Identity Scheme[5]
(SAPNIS): ·
ID
vouchers with fingerprints will start to be issued from 2010 onwards. The
Home Office could just wait for the bad news to dribble out. But then they
would face embarrassing questions why they allowed several billion poundsworth
of taxpayers’ money to be invested in a false prospectus for so long, when
the facts were known four or five years earlier. ·
Contracts
for biometrics are supposed to be let some time after 30 June 2007. The Home
Office could at that stage say that no contracts will be awarded and SAPNIS
will have to be rethought because no supplier can offer the near-100%
reliability required. ·
Invitations
to tender (ITTs) will be issued before 1 April 2007, following further
consultation with biometrics suppliers. The Home Office could announce some
time soon after 31 March 2007 that the consultations reveal that there is no
point issuing the ITTs as no supplier can offer the near-100% reliability
required and SAPNIS will have to be rethought. There is a fourth option, a strategy which we
recommend, based on two principles: ·
The
problems with biometrics are not restricted to the ·
The
proper focuses of a Home Office ID card scheme should be crime prevention,
crime detection and counter-terrorism. Our strategy, A-S, is as follows: A.
At a summit of EU interior ministers or at a summit with the B.
Announce that the C.
Announce that the A-C are for
international consumption as much as domestic. The interior ministries of
several countries may be expected to be embroiled for some time in devising
clarifications for their parishioners. The points below are more for domestic
consumption. The idea is that you should announce that: D.
Biometrics do not provide a reliable basis for streamlining public services,
ref. DWP’s current plans. Those plans, like SAPNIS, will need to be
rethought. E.
There is no need, therefore, to tear up the wisdom of ages which is the UK
Constitution – the provisions, enshrined most recently in the Data Protection
Act, constraining data-sharing between government departments, will remain in
place. F.
And biometrics do not provide a reliable basis for improving the national and
international payments systems, ref. the G.
There is no point collecting everyone’s biometrics unless and until the technology
improves. The Home Office have themselves noted[12]
the difficulty that employers often have verifying the identity of potential
recruits, the similar identity verification difficulties throughout the
criminal justice system and the mistakes made by the Criminal Records Bureau[13].
There is no reason to believe that IPS staff, without the help of reliable
biometrics, would be any better at establishing people’s identity[14].
There is therefore no point building the new national network of 69 (or 8,000[15])
registration centres for passports and ID cards. H.
And there is no point building the new national network of ID card readers
and biometric verification equipment[16]
which the Identity Cards Act requires. I.
There is no need to issue 50m[17]
plastic ID cards. Creating a pile of plastic 50km high is, anyway, hardly
carbon neutral. J.
The LSE estimated at one point that the total cost of the biometric passport
and ID card schemes would be in the range £10.6bn to £19.2bn[18].
This cost, which would have been borne by government departments, the private
sector and the voluntary sector[19]
will now be saved. K.
There is an abiding need to improve crime prevention, crime detection and
counter-terrorism. There are exemptions in the Data Protection Act, precisely
for matters of national security and crime[20],
which allow for data-sharing between government departments. L.
The sad lesson of the Spanish railway bombings is that ID cards were never
going to provide much assistance with those objectives. Great assistance is provided, though, by the global
mobile phone network. Mobile phones allow the police and the security
services to identify people, locate them and identify their associates.
Mobile phones are effectively ID cards[21]. M.
Stories of how mobile phones are used to locate people and check alibis are
frequently published in the media and have been for years[22].
The civil liberties issues associated with this loss of privacy are thereby
arguably neutralised. Everyone knows that they have this function and yet we
still voluntarily buy and use mobiles. N.
Most people already have mobile phones[23].
They do not need to pay for a second, inferior, smart ID card. In particular,
criminals and terrorists already have mobile phones. We do not need to try to
issue them with ID cards. Most people voluntarily take their mobile phone
with them wherever they go. This is the way society has evolved. The Home
Office now consider it more effective to take advantage of this natural
evolutionary development than to try to go against the grain and force the
old-fashioned, pedestrian technology of smart cards on people. O.
We already have four mobile phone networks up and running in the P. The Home Office intend to pursue the
initiatives launched by Charles Clarke: ·
Mobile
phone network operators in the ·
In
2002, the police and HMRC between them submitted 500,000 enquiries to the
mobile phone network operators for location and timing data[26].
These days, there are more like 1m enquiries a year. The procedures whereby
the authorities obtain location and timing data from the network operators
will be streamlined. Sanctioned by the Regulation of Investigatory Powers Act,
a portal will be developed to query the operators’ databases in real time,
when these queries are raised in connection with a criminal or terrorist
investigation[27]. ·
All
mobiles, including pay-as-you-go phones, will in future need to be registered.
This innovation has been requested for years by NCIS/SOCA[28]
and the Home Office can no longer ignore it. The pay-as-you-go business will
continue to exist. There will still not be an itemised bill turning up on the
doorstep once a month. But it will be easier to associate a name or names
with each mobile phone, pay-as-you-go phones will be less the “terrorist’s
friend” as they are known. Q.
The Home Office will promote this approach to counter-terrorism and
crime-fighting, which we call “dematerialised ID”, with our international partners.
Dematerialised ID is an ID card scheme with no cards. We expect it to be
embraced worldwide, with the same enthusiasm as an earlier invention pioneered
in the R.
According to our partners in the EU[29]:
“Although
smart cards were the main focus, it was also recognised that other non-card
based solutions for carrying out qualified eServices are being developed.
Work on mobile device technology is particularly important, as this medium
potentially offers cost, security and functionality benefits over smart
cards”. Cost. Security. Functionality. Like us, they clearly regret the unimaginative
concentration on smart cards. Like us, they clearly see the benefits of
fitting in with the natural evolution of society and using mobile phones
instead. S. mCommerce, if it ever
comes, may expand the economy and bring benefits to us all[30]. It is not the Home
Office’s job to concern itself with mCommerce but we should at least not
stand in the way of its development. Dematerialised ID achieves that, in
marked contrast to the previously proposed smart card solution. There. An entire strategy for you. There is no doubt that SAPNIS stands or falls on the reliability of
biometrics. All the published data we can find on facial geometry, irisprints
and the new-style fingerprints[31] suggests that you can’t
beat 81%. Unless we have missed something, SAPNIS can only fail. It cannot be
delivered. If the Home Office has a more reliable technology available, it is
one of the better kept secrets in the world. We suspect that there is no such
technology and that this is a case of wishful thinking. Minority Report, it must be remembered, is a film, a piece of
fiction[32], and not reality. The Permanent Secretary has the
reputation of an assassin[33]. Perfect. The two of you
together, it is recommended, should grill your officials and consultants. Can
they prove to your satisfaction that the 99%+ reliability needed[34] is actually within the
Home Office’s grasp? ·
If so, then BCSL will look like
fools but there will be no other harm done. ·
Otherwise, if these people just
have their fingers crossed[35], we stand by our
strategy, A-S above. Dematerialised ID is the result of four years of
research and, unlike the Home Office’s smart card scheme, it has survived all
peer reviews so far. There are no known wrongs with it. It is a scheme the
Home Office could deliver. Not least, because most of it is already here. This is the eighth letter we have sent you (unasked, to advocate an
effective scheme and to save taxpayers’ money) in our delivery and listening
series. Is there any reason to believe that it will have any effect, that you
are listening? Yes. Some. It was February 2003[36] when we first wrote to the Home Office suggesting that there is no need to build a new NIR[37]. The government already has dozens of databases which, on their own and/or together, constitute an NIR. We have written several times more in the intervening four years. It is surprising that it has taken the Home Office so long to announce that they will do just that, that they will make use of existing resources[38], but it is nonetheless welcome[39]. That is
the first ray of light in four years. It has been quickly followed by a second
– we note that biometrics based on irisprints have now been abandoned, at least
for the moment[40]. We look
forward to further quick breakthroughs. The strategy should be co-ordinated
with DWP and should be implemented before the Yours sincerely |
|
[3] From http://dematerialisedid.com/Evidence/Biometrics.html#technobabble,
November 2003, to http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf
(para.92), December 2006, via http://www.telegraph.co.uk/opinion/main.jhtml?xml=/opinion/2006/11/06/do0601.xml |
[5] http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf,
Chapter 6 and Annex 1 |
[8] http://dematerialisedid.com/PDFs/Biometrics%20deployment%20of%20Machine%20Readable%20Travel%20Documents.pdf,
p.15 |
[9] http://dematerialisedid.com/PDFs/feasibility_study031111_v2.pdf,
para.35, 52c, 55 |
[20] http://www.opsi.gov.uk/acts/acts1998/19980029.htm,
clauses 28 and 29 |
[28] http://www.ncis.gov.uk/UKTA2002_1.pdf
This link to the 2002 Threat Assessment report produced by NCIS (now
SOCA) is no longer available on the web. It included the following
at para.2.38: "In choosing
telecommunications products and services, criminals are guided by
the need for security, anonymity and convenience. They remain keenly
aware of new products and services and take advantage of any that
enhance these three features. Mobile phones, in particular prepays,
are particularly popular, since there are no legal requirements for
registering them and so no need to reveal any personal details. They
are also inexpensive enough to be bought in bulk and regularly changed.
Organised criminals also make use of telephone kiosks, foreign roaming
mobiles (also available as prepay) and satellite phones". |
[33] http://www.accountancyage.com/accountancyage/features/2163846/profile-helen-kilpatrick-home-office-fd |
[36] http://dematerialisedid.com/BCSL/4%20February%202003.pdf,
para.1.4-5. It will be noted that in February 2003 BCSL believed the
marketing literature put out by the biometrics suppliers. That belief
has been undermined by the evidence of the UKPS biometrics trial and
US-VISIT. BCSL is now a biometrics apostate, a state recommended here
to the Home Office. |