IBM researcher Michael Osborne, whose job is research into secure ID cards, slated the U.K. government’s ID cards plan on the grounds of cost, over-centralization, and being the wrong tool for the job.
Based in Big Blue’s Zurich research labs, where the scanning tunnelling microscope was invented and won its inventors a Nobel Prize, Osborne said that the problem is neither the cards nor the fact that the scheme is intended to use biometric technology.
The big issue is that the U.K. government, plans to set up a central database containing volumes of data about its citizens. Unlike other European governments, most of whom already use some form of ID card, the central database will allow connections between different identity contexts — such as driver, taxpayer, or health-care recipient — which compromises security. Centrally-stored biometric data would be attractive to hackers, he said, adding that such data could be made anonymous but that the U.K. government’s plans do not include such an implementation.
Osborne added that biometric technology is still immature. “It’s not an exact science”, he said. In real world trials, some 10 percent of people identified using iris recognition failed to enroll — which means the system didn’t recognize them. Even fingerprinting is no panacea, as four percent failed to enrol. Scale that up to a whole population — the U.K. contains nearly 60 million people — and the problem of biometric identification becomes huge, he said.
Osborne also criticized the government for the potential cost of the system. He said that it will cost a lot more than anyone thinks, pointing out that a project of this size hasn’t been tried before, so the government’s projected costs are not necessarily accurate.
Finally, Osborne also used a dozen criteria, including whether or not such as system is mandatory or time-limited , to show that on all but two, the U.K. government’s plan fails — even before controversial civil liberties issues are considered.
And as for whether ID cards are the right tool to defeat terrorists in the first place, security expert Osborne said: “ID cards won’t solve the problem because terrorists don’t care about identification — and they’ll have valid IDs anyway. The issue is the central database.
“But no-one knows if it’ll work, or if it’ll be accurate enough — it’s more about perceived security than actual security.”
Osborne suggested an alternative, which involved keeping the data on the card. With such a system, only the template is downloaded and identity processing happens on the card using Java and local data rather using centralized storage and processing. He added that since terrorists wanted to be identified, having an ID card was unlikely to be a deterrent. “However, in some previous studies, some criminals were found to be deterred by the need to possess an ID card.”
Osborne said his remarks were made in a personal capacity.