Business Consultancy Services Ltd
Rt
Hon Dr John Reid MP Your
ref. T4450/7
Home Secretary
Home Office
Dear
Home Secretary
The
need to deliver (2001 election) and the need to listen (2005)
This document provides evidence for the
belief that the Identity and Passport Service (IPS) are out of control. It
calls on you, once again, to grill them to see if they have any good reason to
believe that they can deliver the promises made for the National Identity
Scheme (NIS). If not, then there would be great benefits to taxpayers in the
I refer to my open
letter[1] to
you dated 28 January 2007 and the response dated 12 February 2007 received from
IPS, ref. T4450/7. As with all of the responses received from them, this one fails
to address the matters raised in my letter.
In particular, the
unnamed[2] writer
of T4450/7 says: "A considerable portion of your letter and the points you
put forward rest on your assertion that biometrics are inherently
unreliable". I do not make this assertion in my letter or anywhere else.
In my eight letters to you this is the ninth and
in the dematerialised ID proposal I sent you on 24 May 2006 and on my website, http://DematerialisedID.com, I have always
been careful to make my position on biometrics clear:
·
DNA
and traditional fingerprints work.
·
These
are not, however, the biometrics being considered by IPS[3]. IPS are
considering or have considered three quite different biometrics[4] facial
geometry, irisprints and fingercopies. "Fingercopies" is my name for
the new-style fingerprints, which are arguably nothing more than glorified
photocopies of people's fingers.
·
These
three biometrics are currently too unreliable to make it worth spending
billions of pounds on the
·
If
they become more reliable, then they could usefully be incorporated into
dematerialised ID[5].
The case against the current design of the
·
The
objectives of dematerialised ID are to assist with crime prevention, crime
detection and counter-terrorism.
·
In
order to achieve those objectives, dematerialised ID is based on mobile phones[7] and not
smart cards[8].
Compared with mobile phones, smart cards are old-fashioned, under-powered,
pedestrian and of little use to the police in locating suspects and gathering
evidence.
·
Biometrics[9] should
only be incorporated into dematerialised ID if they are reliable. With reliable
biometrics, crimes like illegal working could be prevented with all the
simplicity of a stock control system. But that is just wishful thinking in
light of the poor reliability demonstrated so far by IPS's chosen biometrics.
·
The
rτle of the public key infrastructure[10] (PKI)
must be properly understood. IPS repeatedly confuse identification, which is
what biometrics are meant to provide, with security, which is what PKI offers.
·
There
is no need to build a new National Identity Register[11]
(NIR). We
already have scores of them, in the public sector and elsewhere.
The evidence in
favour of dematerialised ID comprises over 1,200 references to source material,
with more being added all the time.
Contrast that with
the current
|
Select Committee report |
BCSL comment |
15 |
there are many different types of
biometric technology: facial, fingerprint, iris, signature, voice, hand
geometry, vascular patterns, retina, DNA, ear recognition, keystroke and gait
it is envisaged that different biometrics would be used for different
scenarios. Katherine Courtney, the Executive Director of Business Development
and External Affairs at IPS, explained in oral evidence that In different
business applications, a different biometric might be more appropriate than
others. You see, for instance, iris being used quite successfully where you
have a high volume of people passing through a system, such as the expedited
gate clearing at the airports. |
Irisprints have
now been dropped from the |
There are no mutually-accepted standards for testing
biometric technology and industry claims about performance vary widely ...
The Home Office has stated that it expects the following performance levels
to be sufficient for its requirements in the identity cards scheme: Face failure to acquire rate close
to zero, a false accept rate of 1%. Fingerprint failure to acquire rate
of 0.5-1%, false match rate of 1.3e-10, false nonmatch rate of 0.01. Iris failure to acquire rate of
0.5%, false non-match rate of 5% false match rate of 5e- 12. |
IPS exclude the
false non-match rate from their criteria for biometrics based on facial
geometry. In the UKPS biometrics enrolment trial[14],
based on facial geometry, 31% of able-bodied participants were told that they
were not themselves and that figure rose to 52% for disabled participants. Far from being 1%,
the false non-match rate for fingercopies in the trial was 19% for the
able-bodied and 20% for the disabled. Far from being
0.5%, the failure to acquire rate for irisprints was 10% for the able-bodied
and 39% for the disabled. |
|
81 |
We also note an apparent discrepancy
between the advice offered to us during our visit to the |
How did senior advisors
in April 2004 rebut senior policy advisors' views expressed two years later
in March 2006? The 2006
advisors had two years more experience of US-VISIT than the 2004 advisors,
who could only have had a few months' experience US-VISIT began on 5 January
2004. As far as I
know, IPS have still not published an overview of the scientific advice and
evidence that they receive as a result of international co-operation. What do they do
with their time? Things move
slowly in the world of biometrics and we may have to make do with Katherine Courtney's[15] no comment for some time to come. 284
days ago, on 28 May 2006, I published a paper[16]
on the European Biometrics Portal Is
the biometrics emperor wearing any clothes? and I am still waiting for
an answer. The public may
well remain confident that the biometrics chosen are reliable. I do not. Neither do the
courts. Unlike traditional fingerprints, fingercopies are not admissible[17]
as evidence in court. Biometrics do
not become reliable because people are confident about them. Nor because lots
of people use them. And certainly not because IPS just hope they will. |
88 |
... The Home Office has repeatedly
asserted that this trial was not an assessment of the technological
capabilities of biometrics. The report noted that testing of the biometric
technology itself was not one of the objectives of the Trial, rather the
Trial aimed to test and measure the processes around recording and
verification of biometrics. As will be discussed in the chapter on public engagement,
the status of the trial caused confusion and there were numerous press
reports detailing the apparent problems with the technology (see paragraph
138). This confusion has perhaps been exacerbated by the Home Offices
treatment of the results from the trial and their inconsistent use of it as
evidence. When questioned in an oral evidence session about the false
non-match rates that resulted from the Atos Origin trial, Katherine Courtney
said that I think it is important to reiterate that the enrolment trial was
a trial of process and customer experience. It was not designed as a trial to
look at performance of the technology per se. However, the results of the trial
have been used to provide information about technology performance. On 29
June 2005, despite noting that the Atos Origin trial was not intended as a
test of technology, the then Parliamentary Under-Secretary for Immigration,
Citizenship and Nationality, Andy Burnham used statistics from the trial in
order to answer a question relating to the failure to acquire rate of the
technology. There is evidence that whilst trial
plans were set out clearly the processes with which they were enacted lacked
rigor. As a result, the Home Office has selectively used evidence from the
biometrics enrolment trial to support its assertions. We believe that the
Home Office has been inconsistent regarding the status of this trial and this
has caused confusion in relation to the significance of the evidence gathered
about biometric technologies. We recommend that the Home Office clarifies
whether or not it accepts the validity of the results gained during the trial
regarding the performance of biometric technologies. |
The trial
referred to by the Committee is the biometrics enrolment trial[18]
conducted on behalf of UKPS by Atos Origin. As noted above,
the results were far below the acceptance levels set by IPS themselves. The
reliability demonstrated by the chosen biometrics was so poor that there is
no point proceeding with the Rather than
accept that, IPS argue that it wasn't really a reliability test. They
advanced that argument to the Select Committee, with the scornful reception
recorded opposite. Over six months later, they used the same argument in
T4450/7. If it wasn't a
test of the reliability of the chosen biometrics, why does the report list
the statistics on the success and failure of biometric registration and
verification under the heading Key
Findings (para.1.2) in the Management
Summary? How can they be key findings if that is not what the trial was
meant to measure? The Select
Committee find IPS's argument confusing, selective, inconsistent and lacking
in rigour. So do I. As long as the
biometrics chosen remain as unreliable as this, if IPS implement your plan
(by 2014) to check people leaving the country as well as people coming in,
and if our experience follows the pattern of US-VISIT then, I have calculated[19],
Immigration Officers will have to perform about 100,000 secondary inspections
a day and you will have to find room for about 8,000 detainees a day. How feasible do
you think that is? That is one
implication of relying on nothing more than optimism to make the chosen
biometrics reliable. |
91 |
we are surprised
by the Home Office's unscientific approach and suggest that rather than
collating figures merely to provide information regarding performance, the
Home Office admits that it cannot release details until it has completed
trials. |
Yes, IPS are
putting the cart before the horse. Again, the
question arises just what they, and their predecessors going back to the
Entitlement Cards Unit in July 2002, do with their time. |
93 |
We are surprised and concerned that the Home Office has
already chosen the biometrics that it intends to use before finishing the
process of gathering evidence. Given that the Identity Cards Act does not
specify the biometrics to be used, we encourage the Home Office to be
flexible about biometrics and to act on evidence rather than preference. We
seek assurance that if there is no evidence that any particular biometric
technology will enhance the overall performance of the system it will not be
used. |
The Select Committee
is not just surprised, now, at the cart being put before the horse, but
concerned as well. |
95 |
We note the lack of explicit commitment from the Home
Office to trialling the ICT solution and strongly recommend that it take advice
from the ICT Assurance Committee on trialling. We seek an assurance that time
pressure and political demands will not make the Home Office forgo a trial
period or change the purpose of the scheme. |
Were IPS
seriously going to roll out a national system without testing it? It is
inconceivable in the IT industry that you release any system without testing.
It is instructive that the Select Committee felt it necessary to make this
obvious point. |
96 |
In written evidence the Home Office
said it was not necessary to embark on publicly funded scientific research to
improve the capabilities of biometrics. This claim was subsequently denied in
oral evidence and the identity card team asserted that research was being
undertaken into fingerprint biometric performance. Katherine Courtney said I
would not say that we have not commissioned research. We have commissioned
research. We have a piece of research that the Home Office is funding right
now into fingerprint biometric performance. We regret the confusion at the
Home Office regarding the research that it is funding and what research it
requires. |
Here we are,
back to confusion. And regret. It's not that
the Select Committee don't know whether IPS need to do any research. It is
IPS themselves who don't know. With several
years to think about it, IPS should know what their requirements are, whether
the resources available meet them and, if not, how to set about closing the
gap. What do IPS do
with their time? |
97 |
The Home Office cannot afford to delegate
responsibility for horizon scanning to others. |
|
99 |
The Home Office has repeatedly stated that the total
year-on-year running costs of the scheme, primarily relating to people and services,
would be £584 million. Katherine Courtney said to us that We are quite
confident in our cost estimates. However, the Home Office has not released
meaningful estimates within this figure. In December 2005, the then Minister
Andy Burnham said that the estimates are
commercially sensitive and to
release them may prejudice the procurement process and the Department's
ability to obtain value for money from potential suppliers. |
The analysis of
IPS's cost estimates has never been published and the Select Committee are
clearly reluctant to take IPS's word on trust. |
100 |
... in oral evidence Dr Edgar Whitley from the LSE
still said that On the basis of no technology trials or limited technology
trials and specifications still being changed I just cannot see how they can
be so clear that it is £584 million. We have no wish to guess the true costs
but it is difficult to believe that such a certain figure can be established
when there are so many variables. |
The Select
Committee find it difficult to believe that IPS's cost figure can be known so
precisely and that it never changes
|
101 |
The Home Office figures were audited by KPMG. The Home
Office has interpreted this audit, which was published in November 2005, positively
... In oral evidence, Katherine Courtney stated that, our cost assumptions
have been independently audited by KPMG and so we can have quite a high
degree of confidence in them at this point in the development of the scheme. |
not least
because the KPMG audit report IPS appeal to for proof provides no such
assurance
|
102 |
However, the audit highlighted some potential problems
with the scheme. Despite Government assertions that a 10-year card life would
be feasible, KPMG found that supporting information from suppliers was
inconclusive. KPMG stated that the durability of the cards over the ten year
period is questionable and it recommended that the Home Office revise its
cost estimates accordingly. KPMG also noted that: the performance of the
biometric matching drives a significant amount of cost [
] the IDCP [identity
card programme] team should have further discussion with the USVISIT
programme to gain detailed insight into the cost drivers for this area and
the UAE [United Arab Emirates] to verify the cost and performance of the
fingerprint and iris hardware matchers respectively. When questioned on 22
March 2006 about whether the identity cards team had followed this
suggestion, Katherine Courtney admitted that they had not yet done so. |
indeed, the
KPMG audit report recommends that IPS check its figures and what do they do
with their time? they still hadn't checked at the time of the Select
Committee report. We know some of the things IPS do with their time: ·
They
try to convince the Department for Work and Pensions[20]
that the ·
And
they make plans to fingercopy[21]
everyone over the age of 11, even though the Identity Cards Act[22]
clearly specifies at §2(2) that the age limit is 16. Why? Surely IPS would
do better to get on with the job in hand. |
103 |
We do not share the Home Offices belief in their
costings given that the breakdown of technology costs provided to us in confidence
only provided a broad overview and did not include any figures. In the light
of this lack of evidence, we can only conclude that the Home Office is not
confident in its figures and as a result, we are incredulous that the Home
Office is seemingly able to produce firm costings regarding the running costs
of the scheme when the costs of the technology are not yet clear. |
The idea of a
costs breakdown that does not include any figures is novel. The Select
Committee do not share IPS's belief in the costings, they doubt that IPS
believe the figures themselves and, in the end, the Select Committee declare
themselves incredulous. Home Secretary,
short of saying that IPS are lying to them, the Select Committee could hardly
go any further. And if they're worried, I think you should be as well. |
Remember, Home
Secretary, it's not me, these are your colleagues speaking to you, fellow
parliamentarians. They are concerned more than 20 times in a 62-page report, surprised
four times, regretful three times, sceptical twice and incredulous once. There
are 15 or so cases of confusion, four of inconsistency and about 50 cases of
lack of clarity.
It's not just
parliamentarians who have a message for you. So does the Office of Government
Commerce (OGC), who have to recommend to the Chancellor whether to approve
funding for the
Email |
OGC/UKPA ID cards scheme correspondence[23] |
Foord, David (OGC) 08 June 2006 15:17 |
This has all the inauspicious signs of a project
continuing to be driven by an arbitrary end date rather than reality. I conclude that we are setting ourselves up to
fail. ... the (un)affordability of all the individual
programmes ... the very serious shortage of appropriately qualified staff and
numbers of staff ... the lack of clear benefits from which to demonstrate a
return on investment ... |
Smith Peter (UKPA) 08 June 2006 15:44 |
I wouldn't argue with a lot of this ... It was a Mr Blair who wanted the 'early variant' card. Not my idea ... |
Foord, David (OGC) 09 June 2006 11.38 |
Just because ministers say do something does not
mean we ignore reality - which is what seems to have happened on ID Cards. I do not have a problem with ministers wanting a
face saving solution ... a botched introduction of a descoped early variant
ID Card, if it is subject to a media feeding frenzy (queues outside passport
offices! and more recently IND) - which it might well be close to a general
election, could put back the introduction of ID Cards for a generation and
won't do much for IPS credibility nor for the Govt's election chances either
(latter not our problem but might play with ministers). My view based on present experience is that
neither the Home Office or IPS should attempt challenging, they should be
forced to do safe. |
Clearly OGC don't
think that UKPA/UKPS/IPS are up to the job and, what's more, the latter agree.
That is a serious warning to us all.
Can you imagine
the
Do you genuinely
believe that Parliament would be wise to grant more data-sharing[24] powers
to IPS?
Consider
the February 2007 National Audit Office (NAO) report[25],
Identity and Passport Service: Introduction
of ePassports:
|
NAO report |
BCSL comment |
1.7 |
There are additional
EU requirements specifying that by 2009 ePassports should include fingerprint
data which will require personal attendance for fingerprint enrolment. The |
Please see comments[26] on my
website. IPS are said to have decided "voluntarily". The NAO could
just as well have said "secretly". Not only has this unilateral decision to add fingerprints to
ePassports not been debated publicly, it is further unfortunate because ... |
3.14 |
... although
there is spare capacity on the chip [in the ePassport] to store two
fingerprints, the current model of chip has insufficient capability to accommodate
the enhanced operating system and electronic key infrastructure required to
protect fingerprint data. |
the chips IPS have put in the ePassports are too small for their
growing ambitions. Presumably all ePassports may have to be re-issued as a
result. Note that 2.2m had already been issued by September 2006 (para.2.1). |
3.1 |
The impact of
using readers to examine ePassports in high volume situations at the durability
of the ePassport chip unit for the full ten-year lifespan of the passport
remains unproven
the loss of
critical staff and institutional memory could threaten the cost-effective
delivery of future projects
|
We don't know what the effect will be on delays at airports and
seaports and stations. We don't know how well the readers or the ePassports will perform. And we're relying on temps[27]. |
3.2 |
It is not yet
clear whether increased security benefits will be delivered at border
control. |
Which does rather beg the question what is the point. |
3.3 |
Front desk readers are estimated to take around
8 seconds to read chip data. Readers have not been tested in high volume
situations and Immigration Officers will, until September 2007, have to leave
the front desk to undertake additional checks of the digital signature using
the readers located in back offices. This creates the risk that ePassport
chips may not be read frequently enough to deliver the full security
benefits. |
On the one
hand, we have the new ePassports, bristling with PKI authentication
facilities. On the other hand, for the next six months, the Immigration
Officers won't have appropriate readers on the front desk to check that each
ePassport is authentic and hasn't been tampered with. Instead, they will have
to go to the back office to use the reader there. 300 times for the average
Jumbo jetful of passengers? How long have
IPS had to prepare for ePassports? Answer, the Berlin Resolution[28] was
"unanimously endorsed" on 28 June 2002. |
3.4 |
Facial
recognition software is not reliable enough to use with large databases. |
So much for
the repeated claims that biometrics will stop people being able to register multiple
identities, e.g. this one from IPS's strategic action plan[29]: "Biometrics will tie an individual securely to a
single unique identity. They are being used to prevent people using multiple
or fraudulent identities" (para.13). (When are IPS
going to understand that biometrics don't even theoretically provide
security? That's PKI[30].) No attempt is being made to use biometric algorithms to compare the
image on the ePassport chip with the live image on camera of the
passport-holder. What we have got is an expensive new passport and the old
system of Immigration Officers comparing the photograph with the person in
front of them and making their best guess. How many people know that? It's just as
well, of course, as biometrics based on facial geometry are unreliable, see
above. How many people know that? |
3.13 |
Owing to its development of the chip and
involvement in the international committees that set technical standards,
Philips Semiconductors holds many of the intellectual property rights in the
chip unit. The Identity and Passport Service has been aware of this issue
since the outset and has sought to pinpoint where intellectual property
rights and patents reside given the evolving nature of requirements. The
Identity and Passport Service is employing legal advice to assess its
position on this issue. In particular, the Identity and Passport Service is
seeking to quantify the risk of possible patent infringement and assess any
possible costs arising. Security Printing and Systems Limited holds other key
intellectual property rights but the Identity and Passport Service has
protected its position by inserting a clause in the amended agreement
allowing it to use Security Printing and Systems Limited patents under
licence after the contract expires. |
So we have
unknown liabilities to pay licence fees and maybe royalties in respect of
ePassports. Will this be
repeated if and when IPS introduce fingercopies[31]
to ePassports Will this be
repeated if and when IPS introduce ID cards? Do IPS have time
to prepare budgets? Which brings us
to
|
Appendix 6 |
The cost-benefit
analysis considered ... in June 2004 estimated the project would involve a
net cost to the UK economy of between £100 million and £344 million ... By
October 2005, the net cost was replaced by an estimated net benefit to the UK
of £2.0 billion for the period 2003-04 to 2010-11. The final version of the
business case, prepared in February 2006 was the most detailed and sought to
quantify just one of the benefits ascribed to ePassports the |
the cost
benefit analysis of ePassports. According to
IPS, ePassports could cost the Or they could
save us £2bn. Or perhaps only
£89m. Or they might
cost us £98m. These are the
same people who asked the Select Committee to share their confidence in the
unchanging budget for the |
On the evidence above:
·
The
Select Committee found IPS untrustworthy. They are no good at budgeting. It is
not clear what they do with their time. They make unilateral decisions without
public debate. They keep calling for more powers. But they have nothing to
offer. They do not understand PKI. And as far as biometrics are concerned, they
seem to be just hoping that reliability will improve. That is not a scientific
approach. National security is at stake. Billions of pounds are at stake.
·
The
NAO clearly find IPS to be incompetent.
·
So do
OGC.
·
And
IPS agree.
The recommendation
in my last open letter, Home Secretary, was that you grill IPS. Depending on
the result of the grilling, you could then consider implementing the strategy described
in that letter, beginning with: "
Invitations to tender (ITTs) will be
issued before 1 April 2007, following further consultation with biometrics
suppliers. The Home Office could announce some time soon after 31 March 2007
that the consultations reveal that there is no point issuing the ITTs as no
supplier can offer the near-100% reliability required
".
It is no good attacking David Davis for being soft on
crime when he promises to repeal the Identity Cards Act and cancel all related
contracts[32].
It just begs the question are IPS doing anything to improve security? By their
own lights:
·
Unless
they can deliver reliable biometrics, the answer is no.
·
Unless
they can follow PKI procedures properly, the answer is no.
·
Unless
they can get equipment on desks at airports and seaports and in town halls and police
stations and benefits offices and hospitals and schools and universities and
banks, the answer is no.
·
Unless
they can get the right size chip in ePassports and ID cards and biometric visas
and residence permits, the answer is no.
T4450/7 includes
the following: "it is also worth remembering that the National Identity
Scheme will grow incrementally and we are taking a cautious approach to the
introduction of new technology. We are not intending to launch the scheme as a
'big bang'."
They would say
that, wouldn't they? They want to keep their jobs.
It is in their
interests to extend the timescales as much as possible. How long will it take
to achieve 80% adoption of the proposed ID cards? Until the first quarter of
2019, according to the Home Office documents reported in the Sunday Times[33]. We
have 80%+ adoption of mobile phones now[34]! IPS
are using the wrong technology.
It is not in the
public's interest to wait 12 years before getting improvements to crime
detection, crime prevention and counter-terrorism.
We do not want to
find ourselves in the position where billions of pounds have been spent
"incrementally" and, as a result of this "cautious
approach", it is only after they
have been spent that we discover that the scheme doesn't work. There is nothing
cautious about this approach. To be cautious, IPS need to demonstrate to you
that they have a viable biometric technology before they go on to spend billions of taxpayers' pounds.
IPS appear to be
out of control. In view of which, a response from them saying "we are not
out of control" would be unconvincing. It would be a welcome change,
therefore, to hear from you this time.
You may have seen
the latest edition of Private Eye,
no. 1179, with a report on the NHS National Programme for IT (£12bn?). The
Yours sincerely
[2] Letters from IPS are signed "Yours
faithfully, On behalf of the Identity and Passport Service". Peculiarly,
no name is ever given. Do these people have no identity?
[3] "IPS" is used throughout to
denote IPS or UKPS or UKPA, whatever the organisation is called for the time
being. It has been repeatedly re-structured. With some organisations this
succeeds in imparting new motivation. With others, the only effect is that the
same Muppets sit in the same chairs at different points on the same deck.
[7] http://dematerialisedid.com/Mobiles.html
See also http://www.economist.com/finance/displayStory.cfm?story_id=8697424
[8] You may find yourself pushing at an open
door with the EU if you adopt this proposal IDABC say "
Although smart
cards were the main focus, it was also recognised that other non-card based
solutions for carrying out qualified eServices are being developed. Work on
mobile device technology is particularly important, as this medium potentially
offers cost, security and functionality benefits over smart cards," see http://ec.europa.eu/idabc/en/document/4484/5584.
[15] http://dematerialisedid.com/Capture.html,
see last four paragraphs
[17] http://dematerialisedid.com/PDFs/complete_hi_r.pdf,
see para.5.14, 33, 51
[28] http://dematerialisedid.com/PDFs/Biometrics%20deployment%20of%20Machine%20Readable%20Travel%20Documents.pdf,
see p.15