Monday, December 20, 2004

Blunkett's successor supports ID cards

Unfortunately it seems that even though David Blunkett has gone, his ID card disaster plan has not gone with him. New Home Secretary, Charles Clarke is planning on pushing it through with cosmetic "concessions."

Mr Blunkett's resignation is a real opportunity for the government to extract itself from this fiasco before it does any real damage. That requirement within government to focus on the next headline and be seen to be "doing something" (whatever that something is) could have been deftly turned to their advantage from a PR perspective; but of course they're terrified of being seen as "soft on" crime, terrorism, immigration, benefit fraud [take your pick from these or a long list of other issues], so will probably be too scared to take the "risk."

So let's step away from the simplistic soundbites on all sides and look again (as I have done ad nauseum here, with apologies to regular readers) at the practicalities. Mr Clarke, please just ask yourself a series of logical questions:

1. What problem does your proposed "solution", in this case biometric national ID cards solve? Or to put it in security terms: what assets are you trying to protect?
A: Well the list seems to grow by the day. Mr Blunkett's favourite problems for the ID card solution were - terrorism, public service access, immigration, benefit fraud, social cohesion and citizenship. In the security context - what assets are you protecting - well, translating Mr Blunkett's problems to assets, you're trying to protect everything and everyone from every negative consequence. That's quite an undertaking. (And remember attackers only have to focus on weak spots and get lucky once)

2. What technical infrastructure does your proposed solution require?
A: (a) High tech. cards for everyone. (Just as a matter of interest, since these cards are to be embedded with biometric data, why do we need a card at all? Sure we will all be our own walking ID and we don't lose our irises or fingerprints as easily as we can lose a card.)
(b) A massive central database which contains a great deal of information on everyone registered
(c) A registration process, involving a large number of decentralised registration centres, suitably technically equipped and with a networked connections to the central database
(d) Huge numbers of robust local systems (in hospitals, local council offices, hospitals, every police officer, GP surgeries etc etc) for checking ID cards and verifying/validing via appropriate networks with the central database.

3. How well does this system (the ID card solution) solve the problems identified in question 1.?
A: Not at all.

4. How can this complex ID card "solution" fail and what other problems does it create?
A: It can fail in an untold number of ways because it is so complex and it depends on so many people having access remotely and centrally just for day to day construction and operation. The database can fail - there is not a computer scientist in the world who knows how to secure, in practice, a database as big and complex as the one required to underpin this system. It will have errors, it will become outdated; database staff will make mistakes; remote card verifiers will make mistakes; the biometric technology underpinning all of this is unreliable (despite many vendors claims to the contrary); the system will be misused accidentally and deliberately (in the latter case by a small number of so called bad actors, internal and external); people will lose their cards; people will forget to get their details changed as necessary eg change of address; the system has to "talk to" other government ID systems, which are prone to catastrophic technical failure (eg the Dept for work and pensions IT systems crash from a couple of weeks ago).
There will be a huge incentive for organised crime to engage in forging these cards (since they are allegedly the key to so many services) and they will be forged on a large scale. The database may well be used like the electoral roll to sell personal details to direct marketers. Maintenance of the system will be labour-intensive.
And that is just scatching the surface.

5. How much does it cost?
A: in pure monetary terms, not taking into account just some of the negative consequences listed above, it will cost billions of pounds.

6. Is it worth it.
A: Clearly not. If we have billions of pounds to spend on tackling terrorism, etc. it would be better spent on higher numbers of well trained police, security services, customs and immigration staff. The latter is not, however, a positive headline grabber with the Daily Mail or the Murdoch press and does not provide apparently instant results.

And just back to the list of some of the planned verification uses written into the government's draft bill: enforcing parking fines, preventing underage selling of cigarettes, alcohol, DVDs and lottery tickets, banking services (eg mortgage) applications, TV licence, benefits, driving test and car tax applications, access to public sevices eg GP or hospital, gun licence applications. How will verification for these things tackle terrorism, immigration, benefit fraud or problems of social cohesion?

Just one more time in brief, then,

1. What problem does your proposed solution (ID cards) solve?
A: Lots allegedly, all ill defined.
2. What architecture has your proposed solution got - what does it look like?
A: Complicated.
3. How well does it solve your problem(/s)?
A: Not at all.
4. How can it fail and what other problems does it create?
A: Many ways and lots of other problems.
5. How much does it cost?
A: Billions.
6. Is it worth it?
A: No.

Mr Clarke has an opportunity to step away from what will probably become New Labour's political disaster equivalent of the poll tax. I hope he takes it.


Anonymous said...

One thing to add to the list, under the answer to item 3. Security theatre - the illusion that you are dealing with a security problem by taking some visible action - can make you less secure.

As resources are focussed on pretending the problem is being dealt with and also on presenting the appearance that the security theatre is working, the real problem is neglected and the attackers job becomes easier.

Ray Corrigan said...

Absolutely right! In generic terms security theatre can and regularly does make the job of the "bad" attackers easier.

Security theatre, of course, is not entirely negative. It does have a useful function. People do have to feel secure, as well as be secure, in order to avoid mass panic. Just as we're not allowed to shout "fire" in a crowded theatre.