Intended content

1
Identity Cards in the UK An update
Dr Edgar A. Whitley e.a.whitley_at_lse.ac.uk Reader
in Information Systems Information Systems and
Innovation Group, Department of Management London
School of Economics and Political
Science Research coordinator LSE Identity
Project http//identityproject.lse.ac.uk
2
Intended content

• LSE Identity Project assessment of second s37
  cost report
• Perspectives on the Crosby review of public and
  private sector Identity Management issues

3
s37 Timeline

• 31 March 2006 Act Receives Royal Assent
• 1 April 2006 UK Identity and Passport Service
  created
• 6 October 2006 First s37 Cost Report
• Second cost report still missing

4
s37 Report to Parliament about likely costs of ID
cards scheme

• (1) Before the end of the six months beginning
  with the day on which this Act is passed, the
  Secretary of State must prepare and lay before
  Parliament a report setting out his estimate of
  the public expenditure likely to be incurred on
  the ID cards scheme during the ten years
  beginning with the laying of the report.
• (2) Before the end of every six months beginning
  with the laying of a report under this section,
  the Secretary of State must prepare and lay
  before Parliament a further report setting out
  his estimate of the public expenditure likely to
  be incurred on the ID cards scheme during the ten
  years beginning with the end of those six months.

5

• The requirement to publish six monthly cost
  reports to Parliament is not necessarily aligned
  with the programmes lifecycle. As a result, it
  may not always be possible to provide updated
  costs estimates in each report.

6
Joan Ryan

• The costs will be presented, as we are committed
  to doing, in the cost report, which will be
  published shortly, and in the Identity and
  Passport Service annual accounts for 2006-07. The
  hon. Gentleman can rest assured that the report
  will be before him soon.

7
Crosby Review

• Terms of reference
• Review the current and emerging use of identity
  management in the private and public sectors and
  identify best practice.
• Consider how public and private sectors can work
  together, harnessing the best identity technology
  to maximise efficiency and effectiveness.

8

• Announced as reporting back early next year
  (2007)
• Now,
• The Chancellor of the Exchequer has asked the
  Forum to produce a full report which will be
  delivered in late summer

9
ID cards scheme recent events
10
Whats happened

• Increased openness about the Scheme
• Strategic Action Plan (December 2006)
• Details about enrolment centres
• NAO report on e-Passports
• Intellect vs David Davis
• Cabinet Office Report on Identity Risk Management
  for e-Government Services (November 2006)
• Other issues

11
A culture of openness

• James Hall
• Two webchats
• 14 November 2006
• 5 March 2007
• Passport agency goes public on test errors
• UKIPS vision
• To become the trusted and preferred provider of
  identity services

12

• Tony Blair
• The National Identity Register will help police
  bring those guilty of serious crimes to justice.
  They will be able, for example, to compare the
  fingerprints found at the scene of some 900,000
  unsolved crimes against the information held on
  the register

13
A culture of secrecy

• FOIA application for Gateway reviews to be made
  public went to Information Tribunal
• Home Office working assumptions (via DWP)
  finally released
• B.4.3 Offline PIN check The processing time for
  an offline PIN interaction from moment of
  inserting card into reader, to the moment a
  result is received is assumed to be 15 seconds.
• B.4.5 Offline Biometric Process The processing
  time for an offline Biometric process interaction
  is assumed to be 15 seconds.

14
Strategic Action Plan

• Released as a written statement on the last day
  of Parliamentary session (19 December 2006)
• A radical redesign to address the most common
  criticisms that they are high-risk and too
  expensive
• Doing something sensible is not necessarily a
  uturn

15
Key differences

• From a single, new database to multiple existing
  databases
• Dropping the use of iris biometrics

16
Databases

• Original plan New database, with high levels of
  security built in from start
• Designed for volume of enrolments and
  verifications

17
Nigel Seed

• Security is not going to be an addon, it is
  being done now. We have not even gone out with
  our requirements. The security is embedded
  within my procurement team. The security of the
  data centre itself is down to even very basic
  things like making sure it is not on or near a
  floodplain. We are looking at all that sort of
  stuff, right from very basic level access and
  flooding and losing it that way right the way
  through to hacking

18
Katherine Courtney

• Based around a single, logical database that
  may involve a series of data storage solutions
  
• I did not mean to imply that a solution might
  involve stringing a number of legacy databases
  together. That has never been part of this
  proposition. We have always said that our
  requirements are for a data repository that could
  be populated one record at a time

19
Strategic Action Plan

• Existing government databases will now be used
  for the key elements of the system.
• Biometric information will be stored initially
  on existing biometric systems used for asylum
  seekers and biometric visas
• Biographical information will be stored on the
  Department of Work and Pensions Customer
  Information System
• Technical, PKI, data will be stored on existing
  UKIPS systems.

20
Security?

• Must be assumed that each of these databases has
  been selected because UKIPS is confident that
  each system already has the requisite level of
  security

21
Contracts?

• All based on existing contracts with technology
  suppliers.
• New uses of the databases will have implications
  on the performance of the existing systems
• Issues with contract renegotiations, including
  who will pay suppliers

22
Biometrics

• Iris scanning no longer part of the Scheme at
  this time
• We will put in place the skills and expertise to
  support large-scale use of biometric matching.
  Biometric technology identifies small percentages
  of what are known as false matches or false
  nonmatches. These need expert human assessment
  to ensure that matches are being made correctly.
  For this, we will build on resources which
  currently exist within government

23
Katherine Courtney

• There has been a recommendation that no single
  biometric is the solution. What we are looking
  for from the multiple biometrics is a system
  combined with the checking of peoples
  biographical footprints that allows us to
  attempt to avoid a duplicate registration of
  identities

24
Continued

• There is no single biometric today that is
  universally applicable to everybody. You may
  have individuals, for example, who have lost
  their hands and are unable to register
  fingerprint biometrics but would be able to
  register a face and irises. We were looking to
  create a scheme that was universally accessible
  for people, and that was one of the important
  reasons

25
Dr Henry Bloomfield

• What we may do is use fingerprint and iris
  biometrics in conjunction so that if it turns out
  that your fingerprint matched against a few other
  peoples fingerprints in the database, it is
  possible that an iris biometric may then be used
  to discriminate amongst those people

26
Katherine Courtney

• You cannot record someones fingerprints if they
  do not have any fingers. That is a known
  limitation and one of the reasons behind our
  intention to use multiple biometrics to try to
  overcome that limitation

27
Facial biometrics?

• Current facial recognition technology is not
  reliable enough to enable the automated checking
  of applications against the full database of
  existing passport holders although the IPS is
  piloting its use on a smaller scale
• This is, in part, because of the limited
  resolution (300 dpi) of the facial image

28
Biographical verification

• Biographical footprint checks involve
  facetoface interviews with registrants of 1020
  minutes duration.
• At the interview, customers will be asked basic
  information about themselvesnot deeply private
  information, but information that can be checked
  to confirm that they are who they say they are
  checking

29

• Interviews initially targeted a first time
  applicants for passports, taking place at the 69
  new interview centre locations.
• Based on assumption of 600,000 first time
  passport applicants per year.
• By 2010-11, 4,220,000 new and renewed passports

30

• News reports suggest that the questions will be
  drawn from a list of 200 possible questions

31
Home Office response to LSE alternative blueprint

• The LSE claims that the Government plans to vet
  peoples life history and activities in the
  enrolment process.
• We have no intention of vetting a persons life
  history and activities. We are simply confirming
  the true existence of an identity before issuing
  an ID card-that is not the same as obtaining
  details about someones life activities or their
  credit history

32
e-Passports

• The UK ID card is intended to be usable like a
  passport within Europe
• The data stored on the ID card chip would be
  compatible with those chips installed in
  biometric passports (i.e. conforming to ICAO
  standards about data storage, activation and
  transmission).

33
NAO report

• Only two suppliers suitable for sourcing the
  chips
• The durability of the chip for the full ten year
  life of an epassport remains unproven
• Manufacturers are currently only providing a chip
  warranty for two years
• Unclear what the warranty actually covers
• It takes at least 8 seconds for front desk
  readers to read chip data

34
Intellect vs David Davis

• Just as much as laws, the design of IT systems
  can have strong effects in embodying and freezing
  a particular set of administrative capabilities

35

• The considerable costs of making a relatively
  fixed investment in a particular type of computer
  system, with a particular software and defined
  programmes and routines written within it, thus
  add a significant layer to the insulation of
  current policy orientations

36
Conservative plans

• David Davis wrote to Cabinet Secretary, Sir Gus
  O'Donnell, giving formal notice that an incoming
  Conservative administration would scrap the
  Governments ID card project

37
John Higgins, Intellect

• Firstly, it is important to state that the UK
  technology industry is neither for, nor against
  the policy of introducing ID cards in the UK. 
  This public policy debate took place and was
  voted upon in Parliament. 

38

• As an industry we are now working hard with the
  Identity and Passport Service to ensure that the
  ID cards procurement results in solutions which
  are practical and deliverable.  To this end, we
  believe it is wholly inappropriate for the
  industry to be used as a mechanism for scoring
  political points.

39

• Moreover, it is highly likely that the manner of
  this intervention will undermine the confidence
  of the supplier community in any future
  Conservative Government honouring other
  contractual commitments which may have been
  entered into by previous administrations.

40

• It will potentially make companies wary of
  entering into any public sector contracts at all.
  Such a fall in confidence would inevitably affect
  business decisions companies make about investing
  in UK Plc generally.

41
Identity Risk Management in e-Government Services
42
Aim of report

• Centralised advice on identity risk management
  for e-Government
• Based around a process for assessing risk and
  detailed specifications of action for each level
  of risk

43
How the Identity Risk Management Process works

• Identify service level
• Select appropriate processes
• Confirm residual risk
• Handle special cases

44
Service levels (0-3)

• Level Zero
• Services are those which involve a best
  endeavours relationship between the service
  provider and the individual requesting the
  service
• Level One
• Relates to services where there is an obligation
  on the part of the service provider to make all
  reasonable efforts to provide the service to the
  requesting party

45

• Level Two
• The relationship between the parties is formal.
• Level Three
• Represents the highest potential impact in cases
  of possibly falsified or mistaken identity for
  online services. The likely impacts here include
  damage to property, severe embarrassment to an
  individual, significant financial harm to an
  organisation (including the service provider) and
  possibly physical harm to individuals

46
(No Transcript)
47
Scores for the ID cards scheme?
48
Advice on risk mitigation

• Clients will authenticate themselves to the
  system by the presentation of a digital
  certificate. This will be held in an access
  token, which would ideally be a smart card, token
  or mobile device. Clients will demonstrate their
  right to that credential through the use of a
  private key, and a password or biometric.

49

• The system will authenticate users based on the
  validity of public key / private key pairs, and
  on the validity of the credential.
  Username/password combinations are not acceptable
  for Level 3 authentication

50
Joan Ryan

• There will be a number of different methods of
  verifying identity under the National Identity
  Scheme ranging from a visual check of the card,
  which will not require a card reader, to card
  authentication, PIN verification and up to
  biometric verification where a high level of
  identity assurance is required

51
John Reid

• Design work with potential users of the identity
  verification service remains ongoing. As such, it
  is not possible to state which services and
  information will be available online to ID card
  holders through the use of a personal
  identification number at this time

52
Other issues
53
Increased concern about the surveillance society

• Information Commissioners Office
• A Report on the Surveillance Society
• Royal Academy of Engineering
• Dilemmas of Privacy and Surveillance Challenges
  of Technological Change

54
Parliamentary inquiries

• House of Commons Home Affairs Committee inquiry
  into A surveillance society?
• The inquiry will focus on Home Office
  responsibilities such as identity cards

55

• House of Lords Constitution Committee inquiry
  The Impact of Surveillance and Data Collection
  upon the Privacy of Citizens and their
  Relationship with the State
• Information systems and processes used to
  identify individuals and information about them
  (including, ID cards).

56
Further information

• http//identityproject.lse.ac.uk