Ever since the announcement by Alistair Darling in the Commons that the Government had lost 25 million people’s personal data, ministers have been spouting the fantasy that biometrics will prevent the same thing happening with the National Identity Register, which will underpin the ID cards scheme.
It is nice to see that someone has finally called their bluff. Academic ninjas Ross Anderson and colleagues have published an open letter to the Government explaining, in excellent language that even a minister could understand, why biometrics won’t make a jot of difference. This is splendid news, although I suspect it’ll be ignored along with the rest of the advice that academics have offered the Government over the last few years. Nevertheless, somebody had to do something to counter the stream of fantastical nonsense which has been flowing, unstemmed, from the mouths of Government ministers over the last week or so:
“The key thing about identity cards is, of course, that they will mean that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.” — Alistair Darling, 20/11/07
This is a complete non sequitur. It makes no sense whatsoever to anyone with even the most frail grasp of the technology at work. The ignorance this demonstrates is appalling.
“What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary, so that people can feel confident that their identity is protected.” — Gordon Brown, 21/11/2007
Is it now? Is it actually safe given that in April — 7 months ago — academics in the states managed to reconstruct a fingerprint capable of fooling a scanner from the data which is sent from a passport to a reader over the air when its RFID chip is scanned? The very same data which, despite being encrypted, has such a weak key that it can be cracked in a few minutes by anyone with a desktop PC?
“There is of course an important protection in an identity card system, through the use of biometrics. Biometrics will link a person securely and reliably to his or her unique identity. It will therefore become much more difficult for people to misuse other people’s identity, even if full details of their biographical information are already known. The current plan for the national identity register is for biometric information to be held separately from biographical information, thereby safeguarding against the sort of eventuality that the right hon. Gentleman described.” — Jacqui Smith, 21/11/2007
In response to this pleasant-sounding fantasy, David Davis replied that he did not look forward to the day when somebody asks for this data and is sent it. Indeed. How, also, does Ms Smith propose that biometrics be used to secure information when a fingerprint, suitable for fooling a scanner, can be lifted from a tumbler or a CD case and attached, almost undetectably, to the tip of one’s finger?
These people are living in a complete fantasy, and a dangerous one at that. I don’t think the HMRC scandal is the nail in the coffin for the ID cards scheme, but it’s certainly one of them. Nor do I think that, were the ID cards scheme to die a quiet death, the problem would be solved.
This government has big plans for centralisation of data, and big plans for lots of neat technology, but they lack the most important ingredient: a culture of privacy protection and respect for people’s personal information. The absence of this trait is stark and worrying. What does it say about a government that hires expert consultants, for hundreds of thousands of pounds, to produce policies on data handling that fill inch-thick books with obvious advice, only to leave them languishing in a drawer while giving junior office lackies access to half the population’s personal data without any effective supervision or oversight?
Is it really prudent for this Government to create more and more and more and more databases when these incidents are happening over and over and over and over again? What planet are these people on? When will they be jolted out of this utopian technological fantasy?
If this hasn’t done it, what will?