Monday, September 29, 2003

ID Cards 

The UK government has a working paper out called ‘Entitlement Cards and Identity Fraud’. Note the spin, since is all about ID cards in the UK. There are lots of reasons to be worried.

For a start, let’s deal with the obvious spin. It’s an ID card that is being discussed. Authorised people can ask you for your card, and you have to produce it within a set period of time. Since it’s not mandatory to carry the card, it can’t be a compulsory scheme. Pure spin again, since it is mandatory to produce it, its compulsion to have a card.

To obtain services such as health care you will have to have a card. OK, what good is this going to do? Hospitals are going to have to introduce card readers in order to check on people’s entitlement. This will have to be wired up to a central system in order to check. If this is not done and it’s down to nurses, doctors or receptionists to check the card visually, then the cards can be forged, and the cards would serve no purpose.

Will the cards combat terrorism? No, clearly terrorists will get cards, and for all intents and purposes will appear as normal members of society. Tourists will not need to carry cards, so there aren’t any advantages here.

Will the cards prevent benefit fraud? No, since the majority of benefit fraud is about making false claims, not about making a claim in someone else’s name.

What about illegal immigration? Illegal migrants are driven by economics. They are here to work, and the problem is one of illegal working. The current situation is that it is down to the employer to check. Lots of employers turn a blind eye. With entitlement cards nothing is going to change. The employers will still carry on turning a blind eye, so there isn’t going to be a change.

Crime detection isn’t a problem about identity. It’s very rare that the police cannot prove the identity of someone. The problem is in providing the evidence linking the person to the crime.

In the case of fraud, I think the effect will be negative. If a card or the system is compromised, then the system benefits fraudsters. A universal identity card that is widely accepted would enable a fraudster who has obtained one piece of evidence, the card, to commit fraud with less effort than at the moment. People would be more complacent with an id card than is the current situation.

Data protection is also a concern. Since the cards will have chips with information on the chip, how do you get to see this information? What about data centrally stored and linked? Do you get to see this data? It’s unlikely. The government will not want this information given to individuals.

The governments’ track record in this area is bad. If they can’t organise and control national insurance numbers or driving licenses is there any hope that they can control an id card that contains sensitive data?

It is proposed that the card contains biometric data such as fingerprints or iris scans. It wouldn’t be much of an extension to include DNA. There is a major problem with biometric information. Let’s consider the fingerprint case. If the system is compromised and someone downloads your fingerprints, they can then print the fingerprints onto rubber and make a fake fingerprint. Now they can use this fingerprint to authorise transactions. It’s not far fetched. It’s been known for pensioners who have died in India to have fingers frozen so they can be used to collect pensions. A fingerprint is used instead of a signature when the pensioner is illiterate. Now look at the situation. With a password, where you can get the password revoked, you cannot revoke your biometric data.

Privacy is an issue. Currently if you have a pass on London Underground, your movements are tracked. There is nothing stopping London Underground from tracking your movements, selling the data, or passing the data on to third parties without a warrant. How is your private data going to be secured? Who gets access to see the data? What prevents someone in the NHS from accessing your tax records? What prevents someone in the Inland Revenue finding out that you have visited a clinic for a sexually transmitted disease?

Then there is the cost. Given the governments track record in running projects, it’s going to over run. There is the integration in with existing systems such as tax, driving license. There is the new hardware that would have to be put into anywhere where you get access to your entitlements. There is the cost to the individual at 40 pounds a time. 50% of a pensioner’s on a state pension weekly income. The cards would need renewing. Cards would get lost and the replacements will cost the individual.

What about advantages? Well if you want to privatise the NHS, it’s a start. You would need to identify people’s entitlement to health care or which insurer to bill.

All in all, it’s a bad move and needs to be stopped.