Open letter


Haroona Franklin

Identity & Passport Service

Globe House

89 Eccleston Square

London SW1V 1PN


Your ref. NBIS DJWO10/09


8 August 2009




Dear Ms Franklin

Correspondence with the UK Statistics Authority

Thank you for your letter dated 20 March 2009 [1].

That is a long time ago. You may have moved on by now. Nevertheless, herewith my response.

People who understand the probabilistic nature of today's mass consumer biometrics have a different way of speaking to those who don't.

People like Nigel Sedgwick of Cambridge Algorithmica [2], people who understand, say things like [3]:

There is a desire to prevent multiple applications passing undetected, even after say 40 million people have already enrolled.

Each false match needs to be checked by non-biometric means.

For extra checks on only every 10th applicant, the FMR needs to be around 0.00000025% (2.5x10-7%).

What proportion of undetected duplicate applications is acceptable? Do we need 95% detection, or 99%, to be a good enough deterrent. Or perhaps even better against terrorist commanders. This determines the tolerable FNMR.

An operating point with 1% FNMR and 0.00000025% FMR is about equivalent to an Equal Error Rate (EER) of 0.0005%.


Those who don't, say things like:

David Blunkett [4]: biometrics "will make identity theft and multiple identity impossible. Not nearly impossible. Impossible."

Tony Blair [5]: "biometrics give us the chance to have secure identity".

Gordon Brown [6]: biometrics “will make it possible to securely link an individual to a unique identity”.

Jacqui Smith [7]: "As the [ID] cards become more widely available the whole country will see real benefits for citizens, businesses and the country by giving a convenient and secure proof of identity that locks people to one identity".

Alan Johnson [8]: "when the man in front of you has an ID card you just know he is who he says he is".


Mr Sedgwick makes the point that "each false match needs to be checked by non-biometric means". Professor Daugman, the father of biometrics based on the iris, makes the point that, with the biometrics the Identity & Passport Service (IPS) are using, there would be billions of these checks required [9]. It is therefore not feasible to make them. It is therefore not feasible to say how many duplicate identities there might be on the national Identity Register (NIR) and the quotation you cite is statistically illiterate:

The matching of newly enrolled biometrics against all those already enrolled may not be 100% reliable, raising the risk that a very small number of people may be able to enrol more than once without authorisation.


Mr Sedgwick's conclusions depend on a biometric with a false match rate of around 0.00000025% and a false non-match rate of around 1%. There is no such biometric.

Mr Sedgwick acknowledges that and adds that you can't expect a single biometric to have that sort of performance, you need multi-modal biometrics. Asked, in that case, if there is a composite biometric with that sort of performance, he is candid [10]. He doesn't know of any. But there might be one.

In the absence of any such known composite biometric, we cannot check every tenth person on the NIR to see if he or she is a duplicate and we certainly can't check everyone. Politicians are misleading the public if they say we can, perhaps civil servants are misleading politicians when they brief them and perhaps someone else is misleading the civil servants. Goodness knows who that might be. All we know is that it is a false prospectus.

You say:

You will be aware that there are a number of large scale biometric systems already in use, US-VISIT being one example.


I am, indeed, aware of that and I am aware that the false non-match rate with the flat print fingerprinting used by US-VISIT is, or was, something like 20% [11]. US-VISIT is a graphic demonstration of why IPS's National Identity Service (NIS) can't work. You can't tell 20% of people that they have no right to work in the UK [12], no right to non-emergency state healthcare and no right to state education for their children.

And that's why the US Department of Homeland Security, the people who run US-VISIT, recommend against relying on today's mass consumer biometrics for ID cards, as noted at para.81 of the House of Commons Science and Technology Committee report that you cite [13]:

On 6 March 2006, we met informally a group of senior policy advisers from the Department of Homeland Security to discuss the identity cards programme. When questioned about the maturity of biometric technologies, the advisers agreed that currently the technology was probably not as reliable or as accurate as it might need to be for a national identity card scheme.


You say that:

Furthermore the UKBA’s biometric visa system has fingerprinted over 2.8 million people and so far has detected 3500 instances of attempted identity fraud.


The success in detecting fraudulent visa applications is to be applauded. As noted, it is likely that 20% of fraudulent visa applications, ceteris paribus, will have been missed. That point should be made.

It should also be noted that these biometrics, flat print fingerprints, are not admissible as evidence in court [14]. The decisions to grant a UK visa or to deny one are being made by UKBA at least partially on the basis of evidence inadmissible in UK courts. Otherwise the public is misled.

And the public won't be amused if they find that 20% of them can't work in the UK, and can't get the healthcare and education that they need. And that's what could happen if IPS are allowed to pursue this hopeless project and waste our money on the NIS, which depends for its success on laughably unreliable biometrics [15].

You say that:

Therefore I am afraid I cannot agree with your statements that biometrics will not work, when we have clear and current evidence that it does.


Sorry, Haroona, but I am confiscating that "therefore".

The UK Statistics Authority asked for a response from the Chief Scientific Advisor and Director of Research, Development & Statistics at the Home Office, Professor Paul Wiles. For whatever reason, he did not respond, and the short straw was awarded, instead, to you.

IPS are misleading the public [16]. The NIS can't work as advertised [17]. They are ignoring the evidence [18]. They provide no evidence of their own to support the case for the NIS. They are living in a fantasy land at our considerable expense [19]. The NIS is a charade [20]. And they are not treating Haroona Franklin fairly.

Best wishes

Yours sincerely

David Moss


cc         Sir Michael Scholar KCB, Chair, UK Statistics Authority

            Sir David Normington KCB, Permanent Secretary, Home Office

            Nigel Sedgwick, Cambridge Algorithmica

            James Hall, Chief Fantasist, Identity & Passport Service









[8] Quoting from memory, Radio 4 PM programme, 30 June 2009, Eddie Mair in the chair






[14] paras.5.14, 33 and 51