Fishy Tales

29 June 2005

Monsters from the ID

Excuse the punny reference to Forbidden Planet, but it's certainly true that, from not very far below the surface of the latest proposal for ID cards in the UK, monsters are indeed emerging.

Perhaps surprisingly, I'm for the principle of ID cards (or rather a central ID register) overall - but I do have ulterior motives. For one thing I like the idea of reducing form-filling and red tape, and therefore the number of civil servants required, and therefore the expense, of pulling together data that is already held on me by the government. Much better if, when I wish to claim benefits or whatever, I can choose to allow one department to exchange details with another using the common reference ID - in much the same way as I currently allow financial organisations to perform credit checks. My proposal is already pretty different to the proposed UK ID register however, in that it suggests I have full control over what use is made of my personal details. But let's leave that aside for now.

I also like the idea of snap referendums and NGO petitions through which verified members of the electorate can have their say and, if their numbers are substantial enough, amend government policies. With the web and a new interest in phone voting, direct democracy could become a reality. And rather than having to support a particular party and therefore its manifesto 100%, we can all pick and choose on the issues that really matter to us (I've talked about this before). Nice idea, but you can bet that our Glorious Leaders will resist any attempt to join up verified identity and democratic rights. Just look at the resistance to standard referendums or indeed anything that threatens the status quo.

Anyway, according to a Home Office Briefing the proposed ID scheme appears to be intended more to prevent negatives than to produce positives:

An ID cards scheme will help the UK counter
  • Identity Theft
  • Illegal Immigration and Working
  • Misuse of Public Services
  • Organised Crime and Terrorism

A summary by the Green Party takes all of these apart very well, as does the NO2ID Campaign, I'll selectively quote from both and trust them not to mind (you should still check sources):

Identity Theft
Both Australia and the USA have far worse problems of identity theft than Britain, precisely because of general reliance on a single reference source.
Costs usually cited for identity-related crime here include much fraud not susceptible to an ID system.
Nominally 'secure', trusted, ID is more useful to the fraudster.
The Home Office has not explained how it will stop registration by identity thieves in the personae of innocent others.

Illegal Immigration and Working
People will still enter Britain using foreign documents - genuine or forged - and ID cards offer no more deterrent to people smugglers than passports and visas. Employers already face substantial penalties for failing to obtain proof of entitlement to work, yet there are only a handful of prosecutions a year.

Asylum seekers have to be enrolled, background-checked and use a "smart" card to claim regular income benefits. People who defraud the benefits service usually do so by lying about finances and illegal work.

Many people working illegally do so with the full knowledge of their employers.


Misuse of Public Services
The overwhelming majority of benefit fraud occurs from people lying about their economic circumstances and health, not about their identity. ID cards will make little difference unless the data on the cards is expanded to include financial, medical and employment records.

Identity is "only a tiny part of the problem in the benefit system." Figures for claims under false identity are estimated at £50 million (2.5%) of an (estimated) £2 billion per year in fraudulent claims.

Organised Crime and Terrorism
Most crime is unsolved because the perpetrator hasn’t been caught, rather than because they haven’t been identified. In the UK last year, over 75% of 4 million reported crimes went "undetected" – no-one was even
arrested, much less charged or convicted.

Faking ID cards is no object at all to sophisticated terrorist and money-laundering groups: the perpetrators of the 9/11 atrocities were all either in possession of legitimate identification documents or held compelling forgeries. Those who are active in terrorist networks may well have the appearance of being typical law-abiding citizens in other aspects of their lives. The French government discovered that fraudulent production of their new "unforgeable" smartcard quickly became one of the most profitable criminal activities in the country in the mid-1990s.

Identity is not the key to preventing crime or terrorism. So unless the cards are used for greater "stop and search" police powers, or unless it becomes compulsory to carry them, it is difficult to see how they can affect crime figures.

We should also note that setting up an ID Register means implementing and maintaining about the biggest, baddest and most critical IT system you can get. Do we trust the current government to make a good job of it, or to bring in the right people to do the job? Simon Jenkins in the Sunday Times draws attention to plenty of past and current form which means you could bet your shirt on yet another outrageously wasteful and expensive IT fiasco, probably courtesy of the Government's favourite IT Services provider EDS. Which, being an American company, ensures we maintain our "special relationship" with the US i.e. we give them our money but fail to hold them to account when they fail to deliver. Admittedly Government specifications are usually wooly and variable, as witness the amount the goalposts have already moved around regarding the proposed ID Register. I'll bet they never stop moving.

Even once a proposed ID Register is up and running, IT Systems aren't magical. To repeat the old phrase "garbage in, garbage out". People need to be registered on the system by other, fallible, people who have to look at other, possibly fallible or fraudulent, evidence of identity and trust it's worth.

"Ah," I hear you ask, "but won't Biometrics sort this out - fingerprint recognition, iris recognition and so on? So people will only be able to register once and will always be uniquely identifiable?"
In short, no, because biometrics aren't reliable enough in themselves; even according to the International Association of Biometrics as quoted in the New Scientist back in Nov 2003:
Bill Perry, of the UK's Association for Biometrics, agrees that there is an upper limit to the reliability of iris scans. There are too many environmental variables: scans can be affected by lighting conditions and body temperature, so much so that a system can fail to match two scans of the same iris taken under different conditions.
"It's not an exact science," says Perry. "People look at biometrics as being a total solution to all their problems, but it's only part of the solution."

I've found what I consider a brilliant critical appraisal of biometrics courtesy of the EFF (Electronic Frontier Foundation). As with a lot of science - certainly more than we're led to believe - biometrics are about probabilities rather than certainties; specifically the probabilities of false accepts (someone incorrectly identified as someone else) and false rejects (a failure to correctly identify someone). You can "tune" a biometrics system so that it tends to over-accept or over-reject, and for a system to be even reasonably effective, that's exactly what you need to do. After all, a mere 1% error rate spread over the entire population of the country makes for a lot of people who will be identified incorrectly or be plain unidentifiable. This means that you must have a clear idea of how exactly a biometrics system will be used so you can tune it correctly.

So how the hell do you do that with something as generalised, wooly and Hydra-headed as the UK Government's proposed ID Register? I suggest it simply can't be done. One size can never fit all.

But - I'll bet that the proposed system, should it ever be created, will be tuned towards a higher "false accept" rate. That way the system is less likely to let a bad guy or gal slip past. Sure there's a much higher number of innocent people drawn into the same net and potentially hauled over the coals, but better safe than sorry, eh? And the Government clearly believes we value safety over freedom any day, as witness other poorly considered and rushed Anti-Terrorist Legislation . You can't argue with the fact that New Labour still won the election straight after pushing that legislation through.

Anyway, my conclusion is that despite wanting some kind of ID Register, I would rather eat cold sick than accept an ID system implemented by a centralisation-mad government that is consistently driven by fear, and that takes the opinions of public servants (e.g. police) more seriously than those of the public itself. That's a recipe for an oppressive and powerful authoritarian state, not for a proud country in which individuality and certain fundamental freedoms are cherished.

If you feel the same way, you really should Act.


Addendum
19th July: Very amusing vision of the future of ID cards found in the Rockall Times. Highly recommended!

0 Comments:

Post a Comment

<< Home