More tests needed for ID card technology

Professor Sasse, a Specialist Advisor to the Home Affairs Committee's inquiry into ID cards in 2004, recently gave evidence to the Select Committee on Science and Technology as part of an inquiry into how government handles scientific advice, risk and evidence.

Despite broad consultation and the controversy surrounding ID cards, pilots to test the way that the biometric data - including facial measurements and characteristics, iris scans and fingerprints - will be enrolled and verified have been insufficiently rigorous and unrepresentative.

In 2004 the UK Passport Service ran the one large-scale trial to date, involving 9,000 demographically representative participants, but the pilot only took into account a single verification of the data eight to ten days after enrolment. Since then, trials have focused on frequent travellers, most of whom fall into categories unlikely to encounter difficulties with the system.

A number of glitches have surfaced through this patchy testing. For example, the equipment has trouble registering the iris pattern of some visually impaired people and those with particularly dark skin.

However, the government's failure to provide detailed performance specifications and the absence of adequate documentation mean that disability organisations, such as the Royal National Institute for the Blind, are struggling to understand the ramifications and how they can help find a solution.

"The government seem to find it much easier to spend money on buying hardware rather than carrying out sufficient trials, despite their record with large-scale IT projects," commented Professor Sasse.

In Professor Sasse's view, the government is attempting to make people feel more secure through big visible gestures - "security theatre" - at the expense of analysis and planning that are vital to the integrity of the system.

"One of the benefits that the government keeps returning to is that it would reduce benefit fraud. If you look at the Department of Work and Pensions' statistics, you will find that well over 90 per cent is committed by people who do not lie about their identity; they lie about their circumstances. You would need a much more detailed technology proposal to deal with that."

Professor Sasse is also critical of the way that the Home Office sought to win public approval of the ID card scheme early on in the debate by asserting its effectiveness in tackling illegal immigration, organised crime and terrorism without proper assessment to support these claims.

The system is also vulnerable. Mounting a technical attack might be difficult, Professor Sasse suggests, but bribery of staff poses a more straightforward problem. The identity card system therefore has to be engineered and operated to an extremely high standard, not just of technical assurance but also in terms of auditing all the interactions that take place. In the US, mismatches between a person's name and biometric have already had unnerving consequences, most notably the false arrest of an attorney last year on suspicion of terrorist activities.

Furthermore, the huge value of the data to be held in the central register will make it an attractive target for thieves. The German government, for one, has judged the risk too great, choosing instead to store biometrics on ID cards themselves.

"A single piece of technology cannot solve the security problem; the government has taken a shortcut in assuming that biometric technology provides a single solution to a number of problems it wishes to tackle. Further trials with different groups and involving usability experts are needed to get the ID card scheme back on track," concluded Professor Sasse.

• Links:
• Professor M. Angela Sasse
• Select Committee on Science and Technology
• UK Passport Service biometric enrolment trial report (in pdf format)