UK gov unleashes biometric IDs

£4.7bn for cards. £0 for card readers


The British Identity and Passport Service (IPS) has spent £4.7bn ($6.6bn) on its new biometric ID card system. But it has not established a timeline for a card-reader rollout.

Without the necessary card readers, the biometric information such as fingerprint scans stored in the cards is inaccessible and therefore useless for ID verification.

In a statement released on January 29, the IPS reiterated its schedule for releasing the cards, beginning with over 50,000 foreign nationals by this April, then airport workers in the fall of 2009, and leading up to full availability in 2011 and 2012 "to the wider population on an entirely voluntary basis."

But Silicon.com reports that no police stations, border entry points, or job centres are equipped to actually read the cards. And IPS planning documents make no mention of card readers.

When Silicon.com talked with Identity minister Meg Hillier about the cards, she told them that the biometric information was a "vital part" of the ID system. But only if you can read the fingerprint information. The card readers aren't ready. And they won't be for some time.

To be fair - actually, to bend over backwards being fair - we note that Hiller told Silicon.com that "We have always said that we would roll out the scheme incrementally."

But there's a difference between an incremental roll-out and an unplanned one.

According to Hiller, "There's no prospect in the immediate future for the government directing anybody that you have to buy those things [readers] because we would be placing a burden on these organisations.

"The manufacturers of the machines have also got to decide whether it is worth their while to produce them."

And without card readers, British citizens will need to decide whether it is worth their while to acquire the cards. "On an entirely voluntary basis," of course. ®

Broader topics


Other stories you might like

  • California's attempt to protect kids online could end adults' internet anonymity
    Websites may be forced to verify ages of visitors unless changes made

    California lawmakers met in Sacramento today to discuss, among other things, proposed legislation to protect children online. The bill, AB2273, known as The California Age-Appropriate Design Code Act, would require websites to verify the ages of visitors.

    Critics of the legislation contend this requirement threatens the privacy of adults and the ability to use the internet anonymously, in California and likely elsewhere, because of the role the Golden State's tech companies play on the internet.

    "First, the bill pretextually claims to protect children, but it will change the Internet for everyone," said Eric Goldman, Santa Clara University School of Law professor, in a blog post. "In order to determine who is a child, websites and apps will have to authenticate the age of ALL consumers before they can use the service. No one wants this."

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Woman accused of killing boyfriend after tracking him down with Apple AirTag
    New meaning for accessory to murder

    A woman in the US has been charged with murder after she allegedly tracked down her boyfriend using an Apple AirTag and ran him over after seeing him with another lady.

    Gaylyn Morris, 26, found her partner Andre Smith, also 26, at Tilly’s Pub in an Indianapolis shopping mall with the help of the gadget in the early hours of June 3, it is claimed.

    A witness said Morris had driven up to him in the parking lot and inquired whether Smith was in the bar, stating she had a GPS tracker that showed he was inside, according to an affidavit [PDF] by Detective Gregory Shue. Morris, the witness said, subsequently spotted Smith within the establishment.

    Continue reading
  • Spain, Austria not convinced location data is personal information
    Privacy group NOYB sues to get telcos to respect GDPR data access rights

    Some authorities in Europe insist that location data is not personal data as defined by the EU's General Data Protection Regulation.

    EU privacy group NOYB (None of your business), set up by privacy warrior Max "Angry Austrian" Schrems, said on Tuesday it appealed a decision of the Spanish Data Protection Authority (AEPD) to support Virgin Telco's refusal to provide the location data it has stored about a customer.

    In Spain, according to NOYB, the government still requires telcos to record the metadata of phone calls, text messages, and cell tower connections, despite Court of Justice (CJEU) decisions that prohibit data retention.

    Continue reading

Biting the hand that feeds IT © 1998–2022