21 Comments »

1. I’m just going to quote a bit of a statement Ross Anderson, a security expert, made in an interview on Sky News (this is his abstract of his statement, not a transcript):

   "I [said] that the card project was a huge displacement activity – 9/11 challenged politicians and the correct responses were too many, too small, too difficult – and when confronted with a hard problem the natural human response was to rush into solving a similar, easier one instead. ID cards could be to the UK government as the Iraq war was to the US government."

   This is as good a short statement of the practical and political problems with this proposal as I’ve seen.

   Comment by Chris Lightfoot — 20 Dec 2004 on 3:53 pm | Link

2. When people ask how the cards will be any use until carrying them is made compulsory they miss the point entirely. Once a person’s prints or whatever are on the system the card merely confirms that. To test or prove identity one DOES NOT NEED THE CARD, merely one’s own fingerprints/eye balls/ face/ hand or whatever. The police won’t stop you and say "Show me you card." They’ll say "WHat is your name? Fine, now press your finger on this little screen." This will be attached to a moblile/ radio and from there to the computer to confirm what you say.

   Comment by Mr Pooter — 21 Dec 2004 on 10:04 am | Link

3. One of the issues is that the government will be able to keep any kind of information that it chooses – just like it does now – on any individual. ID cards will make it easier for them to tie the information to the individual. The documented items that will be kept on record are described in the bill – it is the undocumented items that will be held and which will be invisible to anyone without the appropriate security clearance that will be of ‘real’ value to the government security services.

   The technology for biometrics is still poor and inaccurate but the scheme will press ahead because of the value of the ‘hidden’ data.
   There will be cock-ups but the only people to be inconvenienced will be ordinary folk who have no power to make any changes.

   The problem of ‘false positives’ has not been aired yet and this is a ‘biggie’.
   When you implement statistical systems on this scale – in order to be sure to capture information on the person you are screening – you have to make the search algorithm loose enough. This generally means that for every one person you are trying to identify there will be 10 or more found.

   There has not yet been any estimate of the number of additional police et al required to eliminate these false positives which will inevitably arise. nor has any money been budgeted to cover these additional costs.

   There is no known way of eliminating ‘false positives’ without risking letting the target person fall through the net – so we can all look forward to more contact with the police in future as we get arrested to "help with enquiries" until we can eliminate ourselves from the ‘false positive’ list.

   Comment by Roger Huffadine — 21 Dec 2004 on 2:20 pm | Link

4. So where is the evidence of the likely effectiveness of this massively expensive scheme? Time and again we see Ministers and the proponents of ID Cards stating that these cards will help us all to be ‘safer’.

   Well, as I wander around my High Street in the midst of the pre-Christmas chaos, the only immediately obvious terrorist activity is that of the 7th Traffic Warden Panzergrenadier Division. What would actually make me feel safer is a reduction in low-level crime, trains that don’t fall off the line or crash and ambulances which arrive within their ‘target times’ and which take people to efficient and hygenic hospitals. Oh, and it would be slightly cheering if one could occasionally see a uniformed policeman, without all the Star Wars kit, ambling around in the streets and maybe even talking to people.

   Virtually the only times we get to see our local Officers of the Peace is when they park up on the yellow lines outside MacDonald’s to get their (free?) meals, but they’re pretty soon back in the comfort and warmth of their ‘service centres’. True, occasionally we’ll see a pair of Robocops walking together around the shopping mall and clearly enjoying each other’s company, but as for real contact with Joe Public on the local housing estates…….

   Once our local Police ‘Force’ – which had previously been (our) public servants – became a Police ‘Service’, their whole approach became totally authoritarian and isolationist. An interesting demonstration of NewSpeak.

   An ID Card is really going to transform all of this, isn’t it? No doubt when we dial 999, assuming we can actually get through to anyone in the call-centre, we’ll be obliged to provide our ID Number before we’re allowed to report the crime. And maybe, if our details check out on the new, reliable, and super efficient computer system, we can eventually get to talk to our local police station. The ‘Support Officers’ there might even deign to write the crime into the Station Logbook – if such a thing continues to exist and they can actually do the joined up. And of course the ‘Crime Report’ number will be absolutely essential for our spurious insurance claim.

   But as for real action??

   Comment by Chuck Unsworth — 22 Dec 2004 on 11:00 am | Link

5. An ID card won’t solve anything, but I for one am not too worried. Judging by the governments capabilities, if they are aiming for 2008, it’ll be at least 2020 before we see one that works at all, although the \xA385 will probably be \xA3850 by then. I am sure we have had enough furore by then to force it to a referendum or have a government (hopefully it won’t be the same one all the way to 2020) throw it out after an election pledge.

   But just imagine all the married women Blunkett could have got free cards for! I wonder if that was his real motivation behind it…

   Comment by Lodjer — 22 Dec 2004 on 11:12 am | Link

6. This kind of story is, no doubt, what attracts the Home Office…..

   http://www.washtimes.com/national/20041220-103705-9177r.htm

   Comment by Mr Pooter — 22 Dec 2004 on 12:58 pm | Link

7. Anyone who has seen the US Border Patrol operation (and I recently have in several places) would understand that this is futile. Both the border with Canada and that with Mexico are wide open. As a colleague remarked to me, if one wanted to bring a full battle tank regiment with its supporting arms into California, the port at San Francisco would be an ideal place to start. Even so, if you’re inclined to make something go bang you don’t need to import anything at all, particularly in the USA, as has already been graphically demonstrated.

   This is all about the feel good factor of having lots of grossly overweight ‘security’ personnel body-searching airline passengers, whilst the real danger comes from within and by other means.

   No one should be fooled into believing that these security arrangements actually work. They are merely a diversion of effort into an expensive PR exercise, and a means of re-arresting those already known to the authorities. I doubt if Osama bin Laden’s iris scan – let alone those of any of his foot-soldiers – appears on any database. And by the time everyone in the whole world is required to carry such ID there will be plenty of methods of evading detection already devised and implemented by the various criminal fraternities.

   Comment by Chuck Unsworth — 22 Dec 2004 on 3:37 pm | Link

8. Anyone who has seen the US Border Patrol operation (and I recently have in several places) would understand that this is futile. Both the border with Canada and that with Mexico are wide open. As a colleague remarked to me, if one wanted to bring a full battle tank regiment with its supporting arms into California, the port at San Francisco would be an ideal place to start. Even so, if you’re inclined to make something go bang you don’t need to import anything at all, particularly in the USA, as has already been graphically demonstrated.

   This is all about the feel good factor of having lots of grossly overweight ‘security’ personnel body-searching airline passengers, whilst the real danger comes from within and by other means.

   No one should be fooled into believing that these security arrangements actually work. They are merely a diversion of effort into an expensive PR exercise, and a means of re-arresting those already known to the authorities. I doubt if Osama bin Laden’s iris scan – let alone those of any of his foot-soldiers – appears on any database. And by the time everyone in the whole world is required to carry such ID there will be plenty of methods of evading detection already devised and implemented by the various criminal fraternities.

   Comment by Chuck Unsworth — 22 Dec 2004 on 3:50 pm | Link

9. Ok
   This has been debated to death – we know it is coming – and cannot do a thing about it.
   Look at the positives – yale lock tool for the burgulars, handy toothpick, ice scraper for the car windscreen and booze pass for the more youthful looking yobs of our society.
   Bloody expensive though – at least Blunkett will probably have to pay the full whack now.

   Comment by old soldier — 29 Dec 2004 on 9:51 pm | Link

10. Oh, I have much better uses than that…

    Comment by Francis Irving — 5 Jan 2005 on 2:14 pm | Link

11. I saw this and thought I’d pass it on:

    Sweden refugees mutilate fingers
    <a href="http://news.bbc.co.uk/1/hi/world/europe/3593895.stm">http://news.bbc.co.uk/1/hi/world/europe/3593895.stm</a&gt;

    I haven’t found any sites with information I’d trust on removing fingerprints (if there are any, pass them on). But how would this effect the biometric scheme?

    There have to be people who have just damaged their fingers – through accidents. What will this mean for them in practice, if a "bad" set of prints have been recorded? Or if a good set of prints have been recorded, but you then have an accident which destroys them. Existing police fingerprinting powers are going to be the main method of verifying IDs once the database is running.

    Comment by square peg — 5 Jan 2005 on 2:25 pm | Link

12. Has it been decided which biometrics they intend using? Two fingers and an iris would be most effective in avoiding false positives but only the finger print scanner is realistically portable. One can get them on pocket PCs already and it would be relatively simple to WiFi/telephone check with the main data base. If the print is not machine readable the suspect can be carted off to the nick for an eye scan. If lopping off one’s fingers and blinding oneself catches on they might have to resort to more intimate biometric measures….. On second thoughts, they might not be too worried about blind and fingerless terrorists

    Comment by Mr Pooter — 6 Jan 2005 on 4:16 pm | Link

13. Iris scan, fingerprints (not sure how many) and the laughable "facial geometry biometric".

    There was a wonderful moment on "Newsnight" a couple of weeks ago when Charles Clarke was asked by Jeremy Paxman whether, since in the US tests had shown something like 5% failure-to-enroll rates for the fingerprint and iris biometrics, he believed that British people were "superior physical specimens" and hence not susceptible to this kind of problem. "Ah," cried the Home Secretary, "but we are going to use THREE biometrics!"

    Paxman unfortunately had not been briefed with the fact that the "facial geometry" thing has something like a 10% error rate in pairwise comparisons and is therefore more-or-less useless in any application short of pumping money out of the "Department for Homeland Security" and into the pockets of unscrupulous IT entrepreneurs. So Clarke got away with that one. Oh well….

    Comment by Chris Lightfoot — 6 Jan 2005 on 6:12 pm | Link

14. Oh, and on the fingerprints thing — lots of people ( have unreadable fingerprints anyway; the classic example is bricklayers who tend to wear them away (on bricks, obviously). The "International Biometric Group" (some sort of trade lobby outfit, I think) gives a figure of 1-2% of the population as being "unable to provide a workable fingerprint"; see:
    <a href="http://www.biometricgroup.com/in_the_news/06_01_03.html">http://www.biometricgroup.com/in_the_news/06_01_03.html</a&gt;

    Comment by Chris Lightfoot — 6 Jan 2005 on 6:16 pm | Link

15. Guitarists too…

    Comment by PapaLazzzaru — 7 Jan 2005 on 2:06 am | Link

16. False negatives aren’t the problem. As long as only 1-2% or less are sieved out for a second identifier the system could cope. The percentage of those failing,say, two fingerprints, an iris scan and facial or hand geometry tests would be minimal. These hayfever suffering, red eyed, weight losing, sweaty palmed, bricklaying guitarists would not only be few in number but would then have to face the more usual ID questions – and? provide DNA for later analysis?

    False positives are the issue. If even one person is able to assume the identity of another and pass through the system under a false identity the whole thing is worse than useless because the infiltrator then has the unfettered run of the place.

    Comment by Mr Pooter — 7 Jan 2005 on 11:34 am | Link

17. I’m not sure that false positives won’t be a problem. If someone is required to prove that they’re them, in order to use the NHS for example or leave/enter the country, and can’t they’re effectively denied any rights as a citizen. All three identifiers won’t neccessarily all be used at the same time. With 50,000,000 people with cards and biometrics being checked regularly, even a small percentage of errors is a going to be a very high number of people falling foul of the system.

    Facial geometry has a 10% error rate, fingerprints can easily change, it looks like iris scans are the strong link in the chain. Are there any comparable problems with them?

    Comment by square peg — 7 Jan 2005 on 2:28 pm | Link

18. A false positive occurs when eg. Mr Pooter misrepresents himself as Mr Joe Blogs using false papers in order to get into the USA and is accepted and passed through as Mr Joe Blogs.

    A false negative occurs when Mr Pooter is not recognised as being Mr Pooter. Anger management courses will have to be made available on the NHS. 1% is a lot of people – hence the need for two or three bio-identifiers.

    I imagine an identity sieve would operate on a tiered system – the 1% who fail to pass the fingerprint test pass to the second finger print test the 1% who fail that get their face measured, the 10% who fail that get their iris scanned, the 0.1% who fail that get interrogated… Chaos may well reign at the doctor’s surgery unless they have at least two tiers of the ID sieve. Because of the aggro it’s quite likely that people will fall back on the usual ID – name, address, dob, maiden names etc – for the low level identity issues so the savings they hope for on the real or imagined medical tourists will probably be illusory. Getting in and out of the country, airports and nuclear power stations won’t be so easy.

    You say fingerprints change – they don’t – but, as above, they are not always readable.

    Comment by Mr Pooter — 7 Jan 2005 on 3:14 pm | Link

19. In my earlier posting the term ‘false positive’ was associated with the records that matched any particular search – but included matches that were not true.
    "Who is the person with this/these particular characteristic(s)?"
    The answer will return several results and if the filter is working the target person will be in that bunch of people.

    a ‘false negative’ would be a similar search like
    Is this person Mr Pooter?
    answer "no"
    whoops 🙁
    Mr P now has to jump through hoops whilst (dying, being in custody, denied travel, being held face down on the floor) to prove that he is Mr P
    The problem with ALL databases is that they contain uncertainties and the bigger the database and the more variables then the more false results one will get from any search.
    Just because the technology permits us to build databases and encode biometric information onto chips in credit card sized devices doesn’t mean that the ID card scheme is workable.

    I guess nobody has sat down to do a FMAECA [Failure Modes And Effects Criticality Analysis] – basically "how can we break this and what would the effects of any breakdown be?" – ‘cos when they do somebody is either going to have to bury the results in a 60 year file or eat a very big humble pie.
    My money is on the former.

    Comment by Roger Huffadine — 7 Jan 2005 on 5:37 pm | Link

20. "You say fingerprints change – they don’t – but, as above, they are not always readable." — no, fingerprints are rather easy to change. Scar your finger, for instance.

    Comment by Chris Lightfoot — 8 Jan 2005 on 11:45 pm | Link

21. Chris – and you know what else, if you poke a nail into your eye your iris scan won’t be identical to how it was before you pricked it. Amazing! Come to think of it, if you cut your nose off you won’t look like your most recent photograph! Don’t worry thought, it’ll still be the same specious old you.

    If you cut the Mona Lisa would it cease to be recogniseable as the Mona Lisa? Might it be ‘the Mona Lisa with cut’ or if repaired ‘the Mona Lisa with scar’? Perhaps you think it would cease to be the Mona Lisa altogether? Unrecogniseable because of that one cut? Or perhaps you think it might transmogrify into a Bridget Riley? Might one be able to tell the difference from the undamaged brush marks for example or would that one cut remove all the other comparitors?

    Short of a transplant, fingerprints are NOT easy to change. Damage, yes; change, no.

    Comment by Mr Pooter — 10 Jan 2005 on 4:12 pm | Link

---

RSS feed for comments on this post.

Post a public comment

Name (required)
E-mail (required)
(You must give an email address, but it will not be displayed to the public.)
Website
(You may give your website, and it will be displayed to the public.)

Comments:

This is not a way of contacting the Prime Minister. If you would like to contact the Prime Minister, go to the 10 Downing Street official site.

Privacy note: Shortly after posting, your name and comment will be displayed on the site. This means that people searching for your name on the Internet will be able to find and read your comment.