UK home secretary and serial control freak David Blunkett's national ID card scheme has come under fire from an unlikely source - the company currently deploying Belgium's national ID card scheme. This has a certain piquancy, given that Blunkett thinks the UK is "out of kilter" with Europe on ID cards, yet here we have an outfit that knows what it's talking about reckoning that he is out of kilter with ID card thinking.
Bart Vansevenant, director of European security strategies for Ubizen, says Blunkett is too ambitious in planning to use biometrics in the scheme. "The point of an ID card is to prove that a person is who they say they are. In order to prove one's identity, name, home address, date of birth and ultimately signature will suffice for most 'authorities'. If not, you are probably using the cards to close your million-dollar bank account and further authentication may be needed. Today, if asked to prove your identity, when are you ever asked to leave your fingerprint or to have the iris of your eye scanned? I would think not even once a year."
Vansevenant also notes that biometrics on a piece of ID does not necessarily prove you are who you say you are - it merely proves that you are the person whose biometrics are on the ID. So if there are security holes in the issuing process (or if forgery turns out to be feasible), the authorities merely end up replacing one potentially compromised piece of ID with a more expensive potentially compromised one. A simple example of this relates to the US plans to require biometrics on passports at entry points - countries with corrupt and/or deficient issuing systems will act as sources of false passports, and it will remain extremely difficult for the US immigration services to detect these. On a national scale, as planned in the UK, it will prove extremely expensive to police the issuing of ID. Particularly as it is not entirely unknown for British government agencies to - woops - issue false passports and driving licences.
The ability to check validity with a central database is seen by the home office as one of the biggest advantages of the ID card scheme. Vansevenant however points to the privacy implications of this, the difficulties associated with the control of entry points to the database and the large number of false positives that will be thrown up by such checking. If you are simply checking that the fingerprint, face or whatever of the person with the piece of ID matches both the ID and the central record, then it's just about technically feasible because the data should be a very close match. If however you're checking the face against centrally held pictures of Saddam Hussein, then you will end up wrongfully detaining many, many, people, because that does not yet work.
In summary, Vansevenant feels that the UK will be creating many new problems in attempting to solve one. Compared to Blunkett's plans, the Belgian system seems almost cuddly. In common with most of Europe, Belgium has a compulsory ID card system and its new digital ID system is the next generation of this. Cards are issued via a town hall registration process, and then a root key is used to create a PKI signature on the card. Information on the card is legally limited to your national number, name, address and picture.
Basically the card functions in the same way as the old version did, but the PKI aspect is intended to be used in conjunction with a pin number in order to facilitate electronic transactions with government. Compulsory ID cards are traditional and accepted in Belgium, so the government is able to build the authentication necessary for e-government onto this, and it's probably acceptable in a culture that already accepts compulsory ID cards.
The UK, however, is doing it backwards as usual. Belgium is deploying a system that includes, effectively, the universal "entitlement" card of Blunkett's previous dreams, and it's probably secure enough for that purpose. Blunkett has however switched horses on ID, from entitlement to security, and the over-ambitious objectives of the scheme will make it costly to build, vulnerable to security breaches, threatening to privacy and dubious in value. Vansevenant says when designing such scheme you first have to ask yourself what it is you want to do, and then work out how to do it as reliably and securely as the purpose warrants. It would seem to us that Blunkett is not entirely clear as to what it is he wants to do, but has nevertheless become entranced by a misconceived notion that biometric technology will provide a bulletproof mechanism for him to do it with.
Authentication, says Vansevent, is something you have, something you know, or something you are, the latter being obviously the strongest, so he feels biometrics will eventually provide the "are". But it won't do it now, nor will it do it when (or if) the US goes ahead with its biometrics requirements, currently planned for next year. Privacy issues aside, until such time as it is workable the pro-ID authorities would do well to consider the 'what do you want to do' question and answer it with levels of security that are both achievable and commensurate with the job in hand. ®