The government's ID cards scheme has been slated by a researcher at IBM. Michael Osborne attacked the project on the grounds of cost, among a number of other reasons.
Based in Big Blue's Zurich research labs, where the scanning tunnelling microscope was invented and won its inventors a Nobel Prize, Osborne said the problem is neither the cards nor the fact that the scheme is intended to use biometric technology.
The major issue is that the UK government plans to set up a central database containing volumes of data about its citizens. Unlike other European governments, most of whom already use some form of ID card, the central database will allow connections between different identity contexts – such as driver, taxpayer or healthcare recipient – which compromises security. Centrally stored biometric data would be attractive to hackers, he said, adding that such data could be made anonymous but the government's plans do not include such an implementation.
Osborne added that biometric technology is still immature. "It's not an exact science", he said.
In real-world trials, some 10 percent of people identified using iris recognition failed to enrol, which means the system didn't recognise them. Even fingerprinting is no panacea, as four per cent failed to enrol. Scale that up to a whole population – the UK contains nearly 60 million people – and the problem of biometric identification becomes huge, Osborne said.
He also criticised the government for the potential cost of the system, claiming it will cost a lot more than anyone thinks. He pointed out that a project of this size hasn't been tried before, so the government's projected costs are not necessarily accurate.
Finally, Osborne used a dozen criteria, including whether or not such as system is mandatory or time-limited, to show that on all but two, the scheme fails – even before controversial civil-liberties issues are considered.
And as for whether ID cards are the right tool to defeat terrorists in the first place, security expert Osborne said: "ID cards won't solve the problem because terrorists don't care about identification – and they'll have valid IDs anyway. The issue is the central database.
"But no one knows if it'll work, or if it'll be accurate enough – it's more about perceived security than actual security."
Osborne suggested an alternative, which involved keeping the data on the card. With such a system, only the template is downloaded and identity processing happens on the card using Java and local data rather than centralised storage and processing.
He added that since terrorists wanted to be identified, having an ID card was unlikely to be a deterrent. "However, in some previous studies, some criminals were found to be deterred by the need to possess an ID card," he added.
Osborne said his remarks were made in a personal capacity.
This story first appeared on Techworld.com.