Monday, January 16, 2006

LSE Identity Project Report

The London School of Economics has published their latest Identity Project Status Report. It's 63 pages long and full of sensible analysis and questions.

Director of the LSE, Howard Davis, says in his introduction to the report that in spite of his surprise at the vitriolic attacks of the government over their first ID card report last year, the LSE stand by the integrity of their researchers engaged in a genuine attempt to produce an informed analysis of the scheme. He rounds off nicely

"We believe the government's proposals can only benefit from informed and independent scrutiny of the sort this work attempts to produce. I hope the government can receive this latest contribution in that spirit and eschew the emotive language with which they responded to the first effort. The authors are not politically biased, or "mad" - at least no more so than academic researchers normally are!"

The press release accompanying the latest report reads:
The London School of Economics (LSE) today publishes the second report of its controversial ‘Identity Project’. The first report from the project [pdf 5.5 MB] was published in June 2005.

Today's report levels criticism at the government over the secrecy of the ID planning process, conflicting statements made by the Home Office and a disregard for Parliament's right to consider important costs and facts related to the scheme.

The report recommends that planning for the ID card be removed from the Home Office and given to Treasury. The report's authors argue that the Home Office is not the appropriate department to deliver or operate the scheme. ‘In light of the numerous inconsistencies and conflicts that have emerged, serious unanswered concerns that remain, project dynamics that are dysfunctional and potential outcomes that may be harmful to the public interest we can now no longer support even the principle of an identity scheme owned and operated by the Home Office.’ the report says.

The report observes: ‘Dozens of questions about the scheme's architecture, goals, feasibility, stakeholder engagement and outcomes remain unanswered. These questions are outlined in this report. The security of the scheme remains unstable, as are the technical arrangements for the proposal. The performance of biometric technology is increasingly questionable. We continue to contest the legality of the scheme. The financial arrangements for the proposals are almost entirely secret, raising important questions of constitutional significance.’

For these reasons, the LSE team has declined to publish further costings for the scheme. In his introduction to the report LSE's Director, Sir Howard Davies observed: ‘As this second report shows, the Government have not been very forthcoming in providing details of their proposals. The LSE team stands by the cost estimates outlined in its first report, but changes to the policy made by the Home Office make it difficult now to produce a definitive assessment of the total cost. Other government departments, if they wish to adopt the ID scheme, may opt in at a later date. Any estimates made of the cost of the current proposals may therefore significantly underestimate the total cost of the scheme in the longer term.’

Professor Ian Angell, head of LSE's Department of Information Systems said: ‘We don't know what to believe any more. Contradictions, guesswork and wishful thinking on the part of the Home Office make a mockery of any pretence that this scheme is based on serious reasoning.’

Dr Edgar Whitley, reader in information systems at LSE said: ‘We have been surprised at how little consistent or reliable information exists about the government's proposals. Claims are routinely made for the scheme and then just as quickly are abandoned or contradicted.’
The "unanswered questions" alone, listed in Section III demonstrate a grasp that these researchers have of the scheme which contrasts sharply with the Observer piece I mentioned earlier.

"To what extent does the legislation place a requirement on government departments to adopt the ID provisions...

To what extent is integration with the private sector a necessary requirement...

What criteria will be used to determine which levels of NIR verification (e.g. online, biometric) will be made available to an organisation? How will their use of NIR checks be verified and audited, and at what frequency...

To what extent and in what form will direct charging to customers apply for NIP checking by organisations...

Will direct charging by the private sector be capped...

How will organisations conducting NIR checks be verified and audited...

How will liability and non-liability be determined both for NIR checks and transactions where NIR checks are not conducted...

How will local verification against cards be used? In what circumstances and using what technology...

Will there be a requirement that biomentrics tehnology used for checking and verification will be of the same technical quality as the registration technology...

Will biomtrics be stored on the ID card, and if so what form wil this take (has, image etc.)...

What security standards will apply to verification checking, transmission of data, and data storage...

What advice has been obtained by government relating to the legality of the proposals...

What are the current integration cost and cost/benefit estimates from each government department relating to the scheme...

Precisely how will personal information be updated on the system, and what options are being considered to expedite this procedure...

To what extent will the system be reliant on chip and pin architecture...

what security measures are being considered in the event that the system will be based on chip and pin...

What limits, if any, are envisioned on use of the card by the private sector...

Precisely how can ID cards and the NIR be used for CRB checks, and how can the individual be integrated into the process at an administrative level...

What backup systems and processes will be instituted to ensure that denial of service does not occur in the event of technology or system failure...

Who owns and/or controls biometric data...

Will the identity number be visible...

Will local verification of ID cards be subject to oversight and audit, and if so, how...

How will organisations determine whether a person is required to be registered on the NIR...

How will government monitor the performance of IC checks within the private sector (failure of biometric technology, failure to match, failure of local card verification etc.)..."

These are all basic design, use, security and contingency questions of the kind that you need to make of any planned big information system. That there are so many of them at this stage of the process tells its own story. The concluding remarks are clinically damning:

"At the outset the LSE Identity Project supported the implementation of an identity scheme in principle" [given government attacks many people are surprised when they learn that] but expressed significant concerns regarding the Home Office proposal. In the light of the numerous inconsistencies and conflicts that have emerged, serious unanswered concerns that remain, poject dynamics that are dysfunctional and potential outcomes that may be harmful to the public interest we can no longer support even the principle of an identity scheme owned and operated by the Home Office.

Despite all this, however, the policy has changed hardly at all since it was first proposed three years ago. It still involves a highly centralised system. It still involves numbersou biometric technologies. Its primary purposed remain unsubstantiated. Its benefits remain unclear and its costs opaque. The scheme's own advisers are worried about time slippage and the underestimation of risks. Prospective users of the scheme are unwilling to state publicly the benefits they expect from use of the system.

Perhaps most alarming in all this is that the scheme is about to become central to the Government's strategy for IT...

the Governmentis saying it must rethink how IT is used across government, so long as it revolves around what the Home Office is offering...

Many of the perceived flaws in the scheme are a result of the Home Office's continued resistance to both listening and to adhering to traditional processes and procedures of policy deliberation. The proposed scheme is overly burdensome, dangerously centralised, and is designed only to meet the goals of the Home Office: a vast register of biometric data that will be used for policing purposes.

A more open and federated model is required for an identity scheme that will provide gains for e-government, promote access to government services, and generate trust...

We recommend that another department be made responsible for establishing an identity infrastructure for the UK...

The Treasury has extensive experience in complex IT systems...

We therefore com to the inescapable conclusion that the ID card scheme in the UK should be taken forward by the Treasury.

Identity management may well be "an idea whose time has come". But as with any such idea, there are a multiplicity of choices to be made, and directions to choose. After three years the Government remains on the wrong path."

No comments: