It's not often that a government technology project becomes a topic of derision in British pubs, but one recent initiative has achieved that dubious honor.
The project that has Britons talking revolves around a proposed national identity card and an accompanying identity-verification database system. The government says the scheme will help combat fraud, illegal immigration, organized crime, and terrorism. But critics insist it will be ineffective, expensive, and intrusive.
According to the proposal, every person living in the United Kingdom will be issued an ID card with a microchip containing some personal information--name, date and place of birth, and other details--as well as some biometric marks, such as fingerprint, face, or iris scans. This and possibly other data, collected when an individual applies for the card, would also be stored in a massive government-controlled central database.
The project's proponents say that the card-database combination will provide a foolproof identity check. For example, suppose a bank wants to verify that you are who you say you are. First, using a card reader, the bank retrieves a unique number, called the National Identity Registration Number, that is stored on your card; then, with a biometric device, the bank captures your fingerprints or some other physical characteristic. Next, the bank transmits this information to the government's database, which uses the unique number to find your records and verifies whether the received and stored biometric data match.
The identity card proposal was part of Prime Minister Tony Blair's reelection platform and is now high on his Labor Party's third-term agenda. The initiative has already consumed more than £20 million (about US $34 million)--mostly on consulting contracts and a biometrics trial--even though the government has yet to pass legislation approving a full rollout.
At press time, the bill, introduced last May, was making its way through Parliament, with a vote expected early this year. With the government going all out for a quick approval and critics doing their best to savage it, the outcome is highly uncertain. If the ID card scheme is approved without significant changes, it could become the largest technology project ever undertaken by the British government.
In a press conference on 27 June 2005, Blair noted that this year the UK and other countries will begin issuing passports with chips containing biometric data, as recommended by the International Civil Aviation Organization. The introduction of biometric passports, he said, "makes identity cards an idea whose time has come."
Not everyone agrees. That same day, the prestigious London School of Economics and Political Science (LSE) released a 300-page report on the project. More than 100 industry and academic experts from all over the world contributed to the study, available at http://is.lse.ac.uk/idcard.
"We're trying to say this is not the only way to do an identity card scheme," says Edgar A. Whitley, a researcher at LSE and one of the coordinators of the report.
The study says that ID cards could in principle have some benefits to citizens, but it criticizes the current proposal for lacking well-defined goals; for example, the government never clearly explained what impact ID cards would have on identity theft and terrorism. Moreover, the report says, the ID cards' proponents hugely underestimated the project's cost. The government projection is £584 million per year, or about £5.8 billion for the expected 10-year rollout. But the LSE study estimated the expenditures at £10.6 billion to £19.2 billion.
The LSE researchers also concluded that the project's deepest flaws are of a technical nature. "The controversy, challenges, and threats arising from the Government's identity proposals," they wrote, "are largely due to the technological design itself."
First, there is the idea of a single central database, which they note could become a critical choke point if it suffers failures and denial-of-service attacks. And then there is the use of biometric systems, whose accuracy levels may not be adequate to handle such a large number of individuals, resulting in identification errors.