861zaba.

qxp

25/05/2005

30 newstatesman

12:02

Page 1

30 May 2005 l features

When the

eyes

dont haveit
With its built-in iris measurements and
fingerprints, the high-tech ID card is
held up by the government as the answer
to everything from terrorism to benefit
fraud. Not so, reports CHRISTINA ZABA.
This card will open the door to disaster

ust over a year ago, David Blunkett declared his belief

in magic. The ID card system will make identity theft
impossible, he said. Not nearly impossible: impossible. Security geeks everywhere shook their heads and groaned,
but the Home Secretary wasnt listening.
Now that the Identity Cards Bill looks likely to become law,
however, at an estimated cost of 5.5bn, and with compulsory biometric registration and criminal penalties for non-compliance,
it is time to listen. Cryptographers can read the technology that
so dazzles the government. They can see that the Home Offices
plans are founded on hubris and heading for disaster. They also
know there is an ethical way of rescuing the project.
Public opinion likes the idea of ID cards because it seems
like the ultimate solution to all known problems, says Brian
Gladman, retired director of strategic electronic communications at the Ministry of Defence. But actually, the way this bill is
designed enables a police state. Youre not going to be allowed to
opt out of having an ID card, the linked databases make detailed
tracking feasible, and a system with this combination of complexity and scale is way beyond the state of the art. It wont be reliable or safe. Anybody with access to the database will be able to
target anybody. Its horrendous what youll be able to do.
The National Identity Register is the less-publicised part of the
governments ID cards strategy. Bigger than any such scheme
anywhere in the world, it will hold detailed information on
roughly 46 million people, and it is meant to work like this.
You will be summoned (with up to a 2,500 fine for nonattendance) to visit a clerk, who will take your biometrics: the
iris pattern in your eye, a fingerprint and a digital photograph.
They will go into the system along with your name and other
information, and you will hand over 85 and get a passport, ID
registration number and card. From that moment, every use of
your card will be automatically added to your government
record, or audit trail, whether its at the social security office,
your bank, Sainsburys, the sexual health clinic, your office or on

the way to your Alcoholics Anonymous meeting. Over time, a

detailed and permanent account of your activities will build up.
The state will own this information. You wont get to see it,
but it will be available to the police, the Inland Revenue, other
public bodies and any commercial concerns the Home Secretary
chooses. These visitors wont leave their own audit trail saying
that theyve called. We wont know who is observing us.
The government wants to reassure us. It says its trustworthy;
it says theres a lot of scattered data out there about us anyway
surely its just common sense to link it up? Yet security experts
know that the linking and aggregation of detailed personal information on this gigantic scale will be unstable and dangerous to
everyone, because of the depth of what it reveals, because of its
secrecy and because it will present a vulnerable target for electronic attack, whether by hostile governments, by international
terrorism, or by your spiteful colleague.
Once compiled and linked, detailed data on tens of millions
of people cant easily be separated out or destroyed. In March,
a team of academics from the London School of Economics,
together with technical and policy specialists from Europe and
the US, noted in The Identity Project: an assessment of the UK
Identity Cards Bill and its implications that the bill includes
potential violations of Article 8 (privacy) and Article 14 (discrimination) of the European Convention on Human Rights.
They also found it to be in direct conflict with the UK Data
Protection Act 1998 to which the governments solution is
simply to lift the scheme out of the data protection regime.
Jamie, a black-clad young mathematician in a Manchester basement caf with a black silk rose in his ponytail, is a master of the
art of prising open electronic security systems, earning 1,000 a
day for the trickier jobs. If I wanted to steal someones identity,
so-called, it wouldnt be hard under the new scheme, he says.
He explains: Analytically, whats a biometric? It tells you that
this card matches that iris. It doesnt tell you who I am, though.
Id just take someone elses life details peoples true information

861zaba.qxp

25/05/2005

12:02

Page 2

features l 30 May 2005 l newstatesman

is mostly a matter of public record, and its surprising what else

you can find out from what they throw or give away. Then Id
register those details with my own biometric and name. There,
Ive faked an ID. Easy. Falsifying data from scratch is trickier, but
not impossible. Youd buy a birth certificate using the name of
someone who died young is good. Then youd join a temp agency;
get a P45 and P60; get your manager to sign and certify your photo
using the false name; open a bank account with it. Itd take about
a month. Unsurprisingly, Jamie is unimpressed by government
rhetoric. The off-the-shelf systems theyre using are easy to
break. Tying so much information together in one place will
make it very insecure. If I wanted to circumvent it, I could. Half

The system is easy to break. Half the

members of every maths department
in Britain could probably do it
the members of every university maths department in Britain
probably could. Most wont, but one day someones going to
say: Its a computer system lets break it! And then you might
find the whole UK benefits system disabled by someone sitting
at a terminal in North Korea.
Among those concerned about the outlook is the Information
Commissioner for the UK, Richard Thomas, who wrote last
year: As the full magnitude of the proposals starts to emerge,
my previous healthy scepticism has turned to increasing alarm.
The LSE report, meanwhile, summarises the bill as too complex,
technically unsafe [and] overly prescriptive.
Even its overt aims dont stand up to scrutiny. In a study last
year, the human rights watchdog Privacy International found no
evidence that ID cards really do combat terrorism. Terrorists typically move across borders using legitimate tourist visas (as in the

31

9/11 attacks) or have a valid ID (the Madrid bombings). You cant

read someones intentions in their fingerprint. The scheme wont
prevent identity theft either: US experience shows that using
widely known numbers to link personal information with identity actually increases such theft. It wont really detect or prevent
crime, in which evidence-gathering is more important than identity. It wont stop benefit fraud: identity falsification amounts to
less than 1 per cent of such offences. What it will do, in its ponderous devouring of civil liberties and its naively old-fashioned,
lock-step, Seventies-style design, is open up the possibilities for
new kinds of national and international crime on a grand scale.
It could all be so different. A hundred ways exist of establishing
personal identity and connecting it with safely separated databases. As the geeks point out, when you change where the information is kept, and how its kept, you change everything.
The governments design could hardly be worse for privacy,
with the agencies thatll have access, and its vulnerability to being
hacked into, says Ian Brown of University College London and
the Foundation for Information Policy Research. There are lots
of technical alternatives.
You begin with a statement of requirements. What is the system
really for, and what are the democratic trade-offs between privacy, efficiency and security? Solutions follow. A scheme being
considered in France, for example, would retain all your personal
information on the ID card itself, with no external database. A
unique master identifier, securely embedded within your card,
would allow good governance of data-sharing for legitimate
public policy reasons, while limiting infringements of privacy.

eal biometric identification doesnt require a card anyway: just a small electronic device that recognises, say,
your fingerprint. By placing your finger on it, you yourself would release encrypted, accurate, unique information to
any authenticated computer: in a bank, at the doctors, anywhere.
The receiving computer would be assured of your data; but it
would not be able to trace who you were. Confidential, elegant,
cheap, simple and no database or audit trail needed.
People have been experimenting with this technology for
at least ten years, remarks Dr Brown. Privacy-protecting
personal biometric ID readers are nothing new. But is there the
political will to use them?
History determines imagination. They constantly try to
escape/From the darkness outside and within/By dreaming
of systems so perfect that no one will need to be good, wrote
T S Eliot in the 1930s. The organising mechanisms of the police
states whose rise he was chronicling were, in themselves, every
bit as morally neutral as todays technology, but that didnt stop
fascism locking everyone down in the end.
We need not sleepwalk into a mass surveillance system this time
around. If we want an ID scheme and there are arguments for
having one then the technology itself offers a way forward. The
machines dont have to oppress us, encouraging disobedience and
crime; they can instead civilise, educate and empower. Privacy
and security need not be opposites; they can and should be mutually reinforcing. Theres no magic about technology. The magic is
in people, their creativity and willingness to change.