Identity cards…

29 May 2005

I know, let’s talk about ID cards. I’ve been itching to for ages.

Identity cards, as they are being proposed, aren’t actually identity cards. In fact they have very little to do with identity. This may seem a little strange, but let me explain: there is a difference between identitfication – i.e. who we are and where we have come from, and verification – i.e. whether we actually are who we claim to be. Identity is a highly complex concept which is innately interwoven with our own sense of self; it varies depending on which context you are in – when writing a blog entry, I assert my identity in very different ways from when I am at passport control, for example.

In this case, the government is trying to introduce a verification mechanism aimed at linking our identity, as it is regarded as within the context of transactions with the state – claiming benefits, crossing borders, being stopped and searched. These data are quite dry and factual, and only form a minor subsection of our whole identity. In fact the old “entitlement cards” name was a far better and more apt name for what is at the end of the day a verification mechanism.

In fact, the “cards” bit isn’t very accurate either; since the most important factors in the system aren’t the cards, but the biometric scanners and the data about you that are being held on the national identity register.

Anyway, when providing your identity within a context, you often have to supply verification. Computer networks often use usernames and passwords; cash machines use cards (which store your account number) and PIN numbers. In both cases, we have two separate devices; the identification device that is unique but not very private; and the verification device, which is secret but probably not unique. Together, they work to say “I am X and I can prove it by showing you Y”.

The problem with identity cards is that confuse these two concepts; thanks in no small part to the “wonders” of biometrics. A biometric is a digital representation, based on the unique patterns of our irises or fingerprints. But this suffers from a horrible confusion – just because your fingerprint is unique, it does not entail that your biometric is. The representation is only an approximation; as a result it would be entirely possible for a scanner to say you’re not who you are (a false negative), or for two people with similar patterns to share the same biometric data (a false positive). Given that fingerprints and irises are both analogue and highly similar, there is no way a system of digital biometric representation can ever be proven to be unique for every person. This is not to say biometrics are useless (although even iris scans only have a 96% success rate) but just as it is stupid if we only had to type a 4-digit PIN to access our cash, it is stupid to rely just on biometrics to 100% guarantee our identity. A system that assumes verification = identification (and the Home Office far prefers to use the latter over the former in its papers and bills) runs the risk of blind faith in something which is in actual fact quite fallible.

Now, up till now I’ve said biometrics are the same as PIN numbers. But they’re not; there’s a big big difference, and it makes biometrics far worse. If we think someone else might know our PIN and we want to stop them, we can change it to something else. But we can’t do that with the biometric – we can’t change our irises or fingerprints, so we can’t change the verifier either. Biometrics truly are the worst of both worlds – more than one person can have the same one, and we can’t change it if we find out.

Bad so far? I haven’t even considered what happens when there are deliberate attacks on the system, rather than accidental errors. And believe me, it is a certainty the register will be successfully broken into and subverted: the sheer size of the national ID register, and the number of people who will have to be able to access it in order for it to run, means that it won’t be too hard to find someone with insider access who can be bribed or threatened into fiddling it on someone’s behest. As well as the means, there is the will – for a government that continually warns us of this alleged multi-billion identity theft industry, it hasn’t stopped for one second to realise that fraudsters are going to try their damnedest to get their hands on fake cards, which being “unfakeable” and “unique”, will be worth their weight in gold.

So we have non-unique verifiers that are being touted as unique identifiers, a system that will be far less secure than touted, and they are unchangable and unrevokable. So there will be duplicates and mistakes, there will be fraudulent entries. Some people will be denied services they are perfectly entitled to, others will slip through the net totally unseen. And it will be very difficult to fix these problemss. Fine. One or two people dying of cancer because they’re not given the treatment they are entitled to, or a known terrorist gaining access to an airliner, would be an acceptable risk if, overall, the benefits outweighed the costs.

Except that the benefits are not clear. There has been no analysis on how ID cards will cut terrorism, or crime that is not identity-related. As for the menace of identity fraud purportedly costs the UK ?1.3bn a year (in what is not much more than a bad guesstimate). As identity fraud is just a catch-all for a highly varied set of crimes, many of which borne by the private sector and do not involve personal transactions – such as Internet fraud or false postal applications for credit cards. There are no figures on how much the specific crimes that ID cards could stop actually do cost the economy every year, but it is bound to be only a proportion of this figure.

Still, this figure is in the hundreds of millions, possible. But given that the system could cost as much as ?18bn – which is three times the government’s estimate, but this is more or less the going rate for government IT projects. That’s a lot of money for saving a few hundred million a year.

Oh yeah, the loss of civil liberties. Forgot that (Just like Charles Clarke in fact…). Anyway, the most nauseating statement that can be said on the matter, and one that instantly marks the speaker as being fundamentally mentally defective, is “If you’re innocent you have nothing to worry about”. This is bullshit. It is precisely because we are innocent that we should worry. There is a fundamental principle that we should be presumed innocent rather than guilty; that suspicion should not fall on us as a blanket measure. The ID cards bill compels compulsory ownership and thus compulsory use; the police will be given powers to make you present yourself with ID if they don’t like the look of you – this will inevitably be misused against the poor, and the marginalised just as stop and search and other measures have been in the past, regardless of actual guilt.

Right – that’s all I’m going to say for now on why ID cards are rubbish – if you want more, there’s plenty of other literature out there from respected writers and academics like Bruce Schneier and David Lyon who write a fair bit on the subject, and better than I can.

A final question – despite little supporting evidence for the benefits, overwhelming and rapidly rising costs and significant public opposition, still the government pushes a national identity scheme forward as an essential measure. I mean, ?6bn is a lot of money; ?18bn even more so. Which really demands the question – why? Why risk fucking up so much? I’ve thought of several reasons but none of them are that satisfactory:

  • The government are a bunch of technology fetishists: Plausible, but why not just pick yet another NHS or social security IT project instead of something so tricky?
  • They’re being heavily pressured by IT providers to come up with another reason to line their pockets in exchange for an inferior product: I like this less than the first one; also again why pick such a difficult project?
  • They’re this is part of the masterplan along with imprisonment without trial, implementation of postal voting, etc. to slowly turn the UK into a dictatorship: I really don’t like this option one bit.
  • They want a prestigious project to show competence and effectiveness: Maybe… but why not spend that money on something obvious and simple that no-one will object to like more policemen or hospitals, rather than a controversial and difficult project?
  • They’re just plain stupid: Depressingly enough, this is the most plausible and the least worst option of the lot.

Dunno about you, but I’m now scared.

3 Responses

ID Cards to cost 300 quid

The costs of the ID card scheme is to be 300 quid for every person in the country. The total cost is now quoted as 18 billion, this is a big increase on a previously quoted value of 3 billion….

Paul Squires

Of course it’s not too late to do something about unpopular policies (as the French have shown). Everyone can sign up the campaign against ID cards ( and try and raise public awareness on this issue.


All I can think of is that they (“they” apparently being Tony, since policy doesn’t shift even an inch when they replace one Home Sec with another) really, really want the central database for Something. If it really was about the cards themselves, then the central database is an unnecessary and hugely expensive white-elephant. Decent public-key encryption means they could confirm the data on the card hasn’t been faked without any massive infrastructure phoning a central point of weakness.

Now, the Inland Revenue already has a big lovely database of info about each taxpayer, the Electoral Roll is another on everyone who can vote, and the DVLA obviously knows about anyone who can legally drive (which is most of the adults), along with the current passport system. The digital photo id on the DVLA’s card is even enough to keep the demand for an international biometric passport happy.

So why do they want to do all this over again? I really, really can’t come up with an answer that isn’t either scary because it implies they’re up to something nasty, or scary because it implies they’re that monumentally dumb.