November 2007


On 26 November 2007, six academics wrote a letter to the chair of a committee. It did not make the headlines in the next day's newspapers. But it lit the blue touchpaper. And when this one goes bang, the fireworks are going to be seen all across Europe.

The story starts with the recent revelation of the disgraceful carelessness of HMRC with our personal data. Given which, everyone wants to know, how can the government proceed with the National Identity Scheme (NIS), the cocktail of ePassports, ID cards and biometric visas which we are promised by 2010? There is now very little to defend the NIS, but politicians lit upon one possible defence – biometrics. The NIS will confer security on us, and itself be secure, thanks to biometrics.

The suggestion of the politicians is that biometrics work infallibly. What the academics pointed out is that they don't. The only trial of the NIS biometrics performed by the government revealed that far from making it easier for us to prove our identity, 20 percent of people would find it harder to prove their right to work in the UK, harder to prove their right to non-emergency state healthcare and harder to prove their right to state education for their children. With that, the last defence of the NIS falls.

It does not fall alone. The defence of our borders depends on an initiative known as eBorders. And eBorders depends, in turn, on being able to allocate an electronic identity to everyone. That depends on reliable biometrics and reliable biometrics are not on offer. So eBorders falls, along with the NIS, and so does the transformational government initiative. Transformational government is the UK's plan to deliver public services more efficiently. Like eBorders, transformational government depends on reliable electronic identities and they are just not on offer.

How did we get into this uncomfortable situation? The responsibility for deploying the NIS in the UK falls on the Identity and Passport Service (IPS), an executive agency of the Home Office. We will have to ask them how they allowed the plans for eBorders and transformational government to go forward when they have known since the biometrics trial in 2004 that there is a major problem with the NIS.

IPS were asked about the poor performance of biometrics by the House of Commons Science and Technology Committee. In their July 2006 report, the Committee record IPS's answer – according to them, the trial wasn't meant to be a test of the performance of the biometrics.

In which case, why are the performance figures listed under Key Findings in the Management Summary of the trial report? And if it was not really a trial, then are IPS seriously considering deploying the NIS without having a trial?

These questions do not concern just the UK. In 1999, the European Commission decided that we need pan-European electronic identity management. They gave the job of specifying how it would work to eESC, the eEurope Smart Cards forum. And in 2003, eESC delivered OSCIE, the open smart card infrastructure for Europe. eESC was then dissolved and custody of OSCIE was passed to IDABC, their job being to implement the Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens.

We are currently in the middle of the EU's latest 5-year plan, known as i2010, and it is IDABC's job to make sure that we all have eGovernment, throughout the EU, by 2010. The September 2007 conference on eGovernment held in Lisbon is just the latest occasion on which our ministers agreed unanimously how to achieve that objective. The Declaration issued at the end of the conference says, on p.2:

"Ministers recognise that ... in order to meet the need to exchange information across borders, such as those arising from the obligations of the Services Directive, Member States shall intensify efforts to achieve cross-border interoperability, the importance of which has already been highlighted in the electronic Identity and eProcurement areas. The objective of achieving interoperability applies equally to the implementation of Article 8 of the Services Directive which will be facilitated by interoperable and mutually authenticated electronic identities and electronic documents."

Most of IDABC's work is behind the scenes but it sometimes makes it into the media. As when the Shadow Home Secretary asked Jacqui Smith in the Commons about the EU's Project Stork. Would that project mean that our personal data could be shared with the other 26 members of the EU? The Home Secretary did not reply but the Chief Executive of IPS has now done so on her behalf: "Project Stork is not about ID cards, has nothing to do with the National Identity Scheme or providing data from the National Identity Register".

His answer is hard to reconcile with the EU's own announcement, which says that Project Stork "aims to establish EU-wide interoperability for eIDs [electronic identities] by 2010".

And the EU's plans for eGovernment are hard to reconcile with the facts. These plans depend on OSCIE, which assumes that we can all carry our identity on a smart card, verified by biometrics and registered on national databases, with the details accessible by every agency in every country which needs them. This is of more than academic interest. No reliable biometrics, no OSCIE. No OSCIE, no eGovernment. Fireworks.

David Moss has spent five years campaigning against the Home Office's ID card scheme.

2007 Business Consultancy Services Ltd
on behalf of Dematerialised ID Ltd