Information Rights Team
Information and Record Management Service
Home Office
4th Floor, Seacole Building
2 Marsham Street
London SW1P 4DF

20 January 2010


FOICR 13523/09 – Appeal

The unique selling point of the National Identity Service (NIS) is that it uses biometrics. Take the biometrics away, and there is no reason to believe that the NIS will work any better than the dozens of other population registers maintained by the government. To some extent, the same is true of the UK Border Agency (UKBA) and eBorders.

Several field trials suggest that the biometrics proposed for the NIS and eBorders are highly unreliable. And these days, the Identity & Passport Service (IPS) and UKBA are reluctant to publish figures on the reliability of the biometrics they have chosen. This reluctance starts to look suspicious, as though IPS and UKBA have a guilty secret – they know that the biometrics they are relying on cannot deliver the promises made.

Freedom of Information (FOI) request #13523/09 provided another opportunity, in a long line of them, for IPS to make a clean breast of it. Attachment A to this letter gives the details. It includes the original request (“the Request”), its acknowledgement and the FOI Team’s response (“the Response”).

Once again, IPS have ducked the issue. This appeal is made to you on the grounds that the Response is unsatisfactory in at least the following seven ways:

1.1      It is proposed that the NIS should use biometrics based on (a) facial geometry and (b) flat print fingerprints. The Request was for figures on the reliability of each of these biometrics.

1.2      When the House of Commons Science and Technology Committee asked IPS about this matter, IPS said that for facial geometry they expected “a failure to acquire rate close to zero [and] a false accept rate of 1%”, and for fingerprints they expected “a failure to acquire rate of 0.5-1%, [a] false match rate of 1.3e-10, [and a] false nonmatch rate of 0.01” – please see para.18 of the Committee’s report.

1.3      Have these acceptance levels been achieved? We don’t know, because on the occasion of the Request, IPS have chosen a more philosophical approach. The FOI Team identify about nine types of reliability.  Any reasonable person would therefore expect the Response to provide about nine different sets of reliability figures for each of the biometrics (a) and (b). Instead, no figures are provided. None at all. That is unsatisfactory and the appeal is made to you to provide those figures.

1.4      In connection with their nine or so different definitions of reliability, the FOI Team say “generally these give very different performance figures”. They wouldn’t know that, if they didn’t have the figures available. Given that they have the figures available, they should have no trouble giving them to you.

2.1      The FOI Team say “it is not possible to provide a generic response to your request”. If it is impossible to provide the figures, then the assumption must be that they do not exist. IPS would in that case be open to the charge that they are planning to deploy the expensive and disruptive NIS nationwide without having any idea whether it will work. That would be unbusinesslike and irresponsible.

2.2      The appeal is made to you to explain how IPS defend themselves against the charge of unbusinesslike and irresponsible wishful thinking.

3.1      The FOI Team disagree that the NIS is meant to ensure that, in the words of the Request, each person is recorded once and once only on the National Identity Register (NIR). “IPS does not accept the interpretation you have placed on its wording ...”.

3.2      Attachment B to this letter lists quotations from two Prime Ministers, three Home Secretaries, an Executive Director of IPS and three Home Office documents, all of which suggest that the Request is right about one-for-one correspondence. If, after all, the FOI Team are right, the appeal is made to you to confirm that all these politicians and civil servants are wrong, and that they have been misleading the public for as much as seven years.

4.1      Does using biometrics provide a significant improvement compared with “conventional methods”? Yes it does, according to the FOI Team, as demonstrated by “its successful deployment for visa applicants and Identity Cards for Foreign Nationals”.

4.2      About three million biometric visas have been applied for, tens of thousands have been issued by UKBA, and about 3,500 cases of attempted “identity fraud” have been detected.

4.3      UKBA are to be congratulated on those 3,500 cases of detection. The question remains, how were these successes achieved? The public have never been told. Was it thanks to biometrics based on facial geometry? Or flat print fingerprints? Or was it nothing to do with biometrics?

4.4      The appeal is made to you to provide some details. Without that, the FOI Team’s claim that the biometrics in the NIS will mark an improvement over conventional methods cannot be evaluated.

5.1      The suspicion – which you may confirm – is that many of UKBA’s eBorders successes are thanks to identity verification based on flat print fingerprinting. With the equipment configured to have a more or less 0% false match rate, UKBA can be pretty sure to detect many cases of people applying for a visa when an earlier application has already been rejected.

5.2      The problem is that, in that configuration, the false non-match rate appears to rise to about 20%. And if 20% of people can’t use flat print fingerprinting to prove their right to work in the UK, or their right to non-emergency state healthcare, or their right to state education for their children – all applications of the NIS, according to IPS – then there will be a riot.

5.3      The appeal is made to you to explain how denying 20% of people these rights, and causing a riot, is an improvement over conventional methods.

6.1      IPS cannot provide any figures for the reliability of biometrics based on facial geometry, according to the FOI Team, because they haven’t yet used the technology. But UKBA have tested facial geometry at Manchester airport and, based on the result of those tests, they have deployed “smart gates” to 10 airports in the UK. So UKBA must have some statistics and it is unsatisfactory that the FOI Team did not provide them. IPS clearly have access to UKBA’s flat print fingerprinting statistics, as noted, and IPS are happy to refer to them. So why not the facial geometry statistics?

6.2      The appeal is made to you to release the results of UKBA’s smart gates tests so that the public can assess the merits of smart gates in particular, and biometrics based on facial geometry in the NIS in general.

6.3      You may care to consider, in connection with this appeal, that although a lot of non-EEA students in the UK now have biometric visas, not a single educational establishment has the equipment needed to use these cards to verify identity.

7.1      The Home Office Scientific Development Branch have confirmed that UKBA have statistics on the false non-match rate of flat print fingerprinting. Would you please release those, too? The false non-match rates are some of the figures needed to assess the reliability of the biometrics proposed for the NIS. The appeal is made to you to make good on the FOI Team’s unsatisfactory failure to release these figures in the first place.

The House of Commons Science and Technology Committee more or less begged IPS not to choose the biometrics for the NIS until they had the strong supporting evidence that can only be provided by a large scale field trial. IPS have ignored them. The Committee also recommended that IPS publish figures on the biometrics chosen so that the public could have confidence in the NIS. Again, IPS have ignored them. The Committee reported that the US Department of Homeland Security (DHS) believe that there are no biometrics reliable enough to underpin a national ID card scheme. What have IPS done? They have ignored the DHS.

According to the Daily Telegraph:

All foreign nationals from outside the European Union will have to show a British ID card if they want a job, obtain a National Insurance card or claim benefits once the scheme is running in 2008, Tony Blair says today.

Writing in The Daily Telegraph, the Prime Minister makes clear that ID cards will not only be compulsory for overseas citizens resident in Britain for three months or more, but will be an absolute requirement to gain access to public services or to seek work.

Mr Blair believed the Home Office. But Mr Blair was no technologist. And no-one else appears to share his faith. DWP have never said that they will make work or benefits dependent on ID cards. Not for UK nationals. The Department of health, similarly, have never insisted on ID cards for non-emergency state healthcare, and the Department for Education (as was, now DCSF and DIUS?) have no published position on the need for UK nationals to present ID cards to get state education.

The Home Office are peculiarly isolated. Their technology doesn’t work. And nobody wants it. Not government departments. Not the airline industry. And not the banks or the major retailers. It may help you in conducting the review appealed for if you see the Home office for what they are. In the NIS and, to some extent, eBorders, the Home Office are trying to sell a product that doesn’t work to a lot of people who don’t want it. The sooner we can get them off the hook, the better. Your review may help.

In the past few years, Germany has added flat print fingerprinting to its visa system. No mean feat. It may be pointless, but it was a lot of hard work. Not only that, but they have managed to interface their system with the EU-wide visa system, VIS, the European Commission’s Visa Information System. Again, a lot of hard work.

And what have IPS achieved? Nothing. What do they do all day? Another point you may like to consider.

For example, IPS claim that they can register the entire population on the NIR. How? Is there a national network of registration centres? No. They have failed to establish one. IPS have been in existence for nearly four years. What is there to show for it? A lot of press releases. A lot of draft framework agreements. But no NIS. Pakistan have issued 60 million biometric ID cards. IPS can’t even answer a FOI request properly. What do they do all day?

Is there a national network of cameras, fingerprint scanners, card readers, and keyboards linking hospitals and schools and employers and pubs and police stations and job centres and airports to the NIR so that people’s identity can be verified? No. IPS have failed to provide one. After four years or more, the NIS remains a fantasy.

With no published statistics to support their choice of biometrics, IPS have nevertheless commissioned IBM to develop the biometric NIR. And IBM have commissioned Sagem to provide the facial geometry and flat print fingerprinting technology required. Does this technology work? We don’t know. Perhaps even IPS don’t know. But they’re spending £265 million of our money on it anyway.

Meanwhile, after a two-year trial, the business schools of the world have dropped flat print fingerprinting. It doesn’t work. And the FBI have announced that, after 40 years of watching developments in the facial geometry sector, they still aren’t going to invest in this flaky technology, it just doesn’t work*.

Biometrics are meant to be the unique selling point of the NIS. But they don’t work. There is a hole at the heart of the NIS and pretty close to the heart of eBorders. Your work on this appeal is important.

Yours faithfully

David Moss


Attachment A

Freedom of information request submitted 3 December 2009, 12:01:

I refer to the ID card “Is your business ready” information pack issued to employers.

The pack includes a covering letter from Jackie Westbury, Head of Product marketing.

The second paragraph of this letter reads as follows:

“The identity cards are a Government-backed form of identification that you can trust. Background checks are conducted to confirm a person’s details. These details are locked together with their unique fingerprints, and digital image, making identity cards a more secure proof of identity and giving you a more secure way to meet your legal obligations.”

Could you please explain in detail what “locked together with” means in this case?

Please provide statistics which demonstrate how reliable face recognition is when it comes to verifying identity. Please include statistics showing how reliability varies with the age of the registered photograph, say after 1 month, 1 year, 5 years and 10 years.

The suggestion seems to be that fingerprints can be used to ensure that each person can be registered once, and once only. Please confirm if that is the case and, if so, provide the evidence.

Acknowledgement received 8 December 2009, 16:16, FOICR 13523/09:

Thank you for your email of 3 December concerning the Identity Card Information Pack. You have also asked for information facial recognition technology.

Your request is being handled in accordance with the terms of the Freedom of Information Act 2000.

We aim to send you a substantive reply to your request within 20 working days of our receiving it on 3 December 2009. Therefore you should receive a substantive response by 5 January 2010.

If you have any queries regarding the handling of your information request please do not hesitate to contact us.

Response received 11 January 2010, 16:49:

The term ‘locked together’ means that biometric information about an individual (fingerprints and facial images) is associated with the individual’s biographical information (name, address etc) in the National Identity Register, although to maintain security the storage of biometric and biographic data is separated.

The reliability of a biometric system is context-dependent, depending on the configuration of the system, the resolution and quality of the images being compared, the type of search being undertaken and the performance of the matching algorithm being used. In addition, the term reliability has several possible interpretations when applied to a biometric system. Reliability may be applied to overall system performance, which would include human-expert checking stages and other biometric modalities that may be used to assist a decision or simply the raw performance of the matching engine. Generally these give very different performance figures. For example, the Identity and Passport Service (IPS) will use a combination of human expert examiners and automated matching. However, given that reliability statistics are dependent on all these variable factors, it is not possible to provide a generic response to your request. IPS does not currently use automated facial recognition for verification of identity and so it is unable to provide you with any statistics that relate to its use by IPS.

IPS does not accept the interpretation you have placed on its wording in your final paragraph. It is well known all biometric systems have an associated error rate and indeed IPS has previously corresponded with you on this matter. The issue is whether the use of biometrics provides a significant improvement in assurance of identity, compared to conventional methods. This is clearly the case, demonstrated by its successful deployment for visa applicants and Identity Cards for Foreign Nationals. Please refer to our correspondence ref NBIS DJW010/09 which is in your possession.

Attachment B

Biometrics "will make identity theft and multiple identity impossible. Not nearly impossible. Impossible."
David Blunkett November 2003

Individuals can only register once as their biometrics will be linked to a single identity, which will prevent the creation and use of multiple identities.
Home Office Section 37 cost report October 2006

"Biometrics give us the chance to have secure identity … By giving certainty in asserting our identity and simplicity in verifying it, biometrics will do away with the need for producing birth certificates, driving licences, NI and NHS numbers, utility bills and bank statements for the simple task of proving who we are ... Terrorists routinely use multiple identities – up to 50 at a time – to hide and confuse."
Tony Blair November 2006

Biometrics will tie an individual securely to a single unique identity. They are being used to prevent people using multiple or fraudulent identities … Over time, we will be able to link people to a single identity across our systems using biometrics.
Home Office December 2006

Using biometric technology we can permanently link people to a unique identity … With biometric visas to help lock down travellers to a single identity …
eBorders March 2007

Biometrics “will make it possible to securely link an individual to a unique identity, thus preventing the registration of multiple identities.”
Gordon Brown January 2008

"As the [ID] cards become more widely available the whole country will see real benefits for citizens, businesses and the country by giving a convenient and secure proof of identity that locks people to one identity".
Jacqui Smith January 2009

We plan to use all 10 fingerprints and facial biometrics to ensure someone can only enrol on the scheme once, thereby preventing multiple identities being established.
Dr Duncan Hine, Executive Director Integrity and Security Identity & Passport Service, January 2009

Labour insists the [National Identity Register], which will keep the fingerprints and biometric details of all new passport holders, is essential for preventing identity fraud and keeping Britain's borders safe … Mr Johnson [pointed] out the register was "the most effective way of preventing criminals or terrorists assuming a double identity".
Alan Johnson January 2010


* The Guardian article referred to above,, written by me, turned out to be wrong and a heartfelt apology was issued to Mr James A Loudermilk II of the FBI. This is extremely embarrassing. It remains the case nevertheless that there is considerable doubt about the reliability of biometrics based on face recognition and flat print fingerprinting.