UK to consider national biometric ID cards, database

  • Laura Rohde (IDG News Service)
  • 01 December, 2003 07:12

U.K. government is set to consider legislation next year for the establishment of compulsory biometric identity cards and a central database of all U.K. subjects, it was announced by the government last week.

The Identity Cards Bill is to be considered in the next session of Parliament, the government announced. As proposed by Secretary of State for the Home Department David Blunkett earlier this month, the legislation calls for a system of ID cards carrying biometric identifiers in an embedded chip, linked to a "secure national database," to be created by 2010.

The purpose of the ID cards is to deal with the "21st century challenges" of greater global mobility and advancing technology while combating such problems as illegal working, immigration abuse, ID fraud, terrorism and organized crime, according to Blunkett.

The information that the government is considering for inclusion on the card includes personal details such as a person's home address and telephone number, their National Insurance number (the equivalent of the U.S. Social Security number), medical information and criminal convictions, as well as the biometric information, most likely in the form of an iris, fingerprint or palmprint scan.

The ID cards would be rolled out in two stages, beginning with the biometric identifiers being included on renewed and newly-issued passports and driving licences. Also as part of the first phase, once the national database was available, the government would issue identity cards to European Union and foreign nationals seeking to remain in the U.K., and would also offer an optional card for those who do not have a passport or driving licence. As part of the second phase of the program, to be implemented five years after the launch of the program, the national ID card would become compulsory.

The government estimates residents will be charged about £35 (US$60) for the card, while setting up the basic system will cost taxpayers £180 million, and up to £3 billion to fully implement.

A spokeswoman for the Home Office declined to reveal which technology companies were working with the government on the technical aspects of the ID cards, "for reasons of commercial confidentiality." Companies that have worked with the U.K. government in the past include Oracle Corp. and Electronic Data Systems Corp. (EDS), which has already created a database that is currently holding tax-related information on around 9 million U.K. taxpayers.

Representatives of EDS, of Plano, Texas, and Oracle, of Redwood Shores, California, were not available to comment on possible involvement in the ID card program.

Civil liberty groups such as Liberty contend that along with being expensive and ineffective, the scheme would represent a real threat to civil liberties and personal privacy, while providing no obvious upside.

In a speech to the House of Commons on Nov. 11, Blunkett asserted that the development of specific personal identifiers, or biometrics, "would mean that identity could not be forged or duplicated." But the government's own feasibility study on the use of biometrics issued in February said that such methods "do not offer 100 percent certainty of authentication of individuals" and went on to warn that the "practicalities of deploying either iris or fingerprint recognition in such a scheme are far from straightforward."

Bart Vansevenant, director of security strategy at Ubizen NV, said that his company sees no real value for adding biometrics to ID cards, especially as it would not stop terrorism or fraud. Ubizen has been working on Belgium's electronic ID card scheme, the first in Europe to move beyond the pilot stage, according to Vansevenant.

The Belgian ID cards, which should be fully rolled out in three to four years, use digital certificate technology which is cheaper and more reliable than biometrics, Vansevenant said. "There is no reason that is good enough to explain the use of biometrics. It is still a very immature technology plus you have the additional costs of equipment, support and administration problems," he said.

The biometric card would also only work for tracking U.K. residents, while international terrorists would most likely use foreign passports when trying to gain entry into the U.K. "If this were to work worldwide for combating international terrorism, the system would have to be used worldwide," Vansevenant said. "I don't think the U.K. government could convince other countries to use it."

Vansevenant also expressed serious doubts about the security of a national database. "It is a pretty bad idea, especially the database which would be an ideal target for hackers and terrorists."

Belgium, in contrast, does use a database for holding information obtained on an individual when a card is first issued, but it is completely isolated, has no online element and is not related to other national databases, he said.

In the U.K. government's efforts to track terrorists and other criminals entering the country, Vansevenant suggested the use of a smaller central database holding details of people with criminal convictions that could be used as a sort of blacklist.

"Perhaps the U.K. and the U.S. (which is also proposing the use of biometric data on U.S. passports) are using biometrics and related databases from a marketing point of view and trying to position it as the big solution to the problem of terrorism," Vansevenant speculated. "But even then, it's still a bad idea."