A number of UK computer science professors: Professor Ross Anderson, Dr Richard Clayton; Dr Ian Brown; Dr Brian Gladman; Professor Angela Sasse; and Dr. Martyn Thomas, wrote an open letter to Mr. Andrew Dismore MP, who is chair of the Joint Committee on Human Rights in the Commons calling into question the security and privacy of the planned UK ID cards. They write:
"The government, in response to the recent HMRC Child Benefit data breach, has asserted that personal information on the proposed National Identity Register (NIR) will be 'biometrically secured':
'The key thing about identity cards is, of course, that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.' - The Chancellor, Hansard Column 1106, 20/11/07
'What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary, so that people can feel confident that their identity is protected.' - The Prime Minister, Hansard Column 1181, 21/11/07
These assertions are based on a fairy-tale view of the capabilities of the technology, and in addition, only deal with one aspect of the problems that this type of data breach causes."
"Ministers assert that people's information will be 'protected' because it will be much harder for someone to pass themselves off as another individual if a biometric check is made. This presupposes that:
(a) the entire population can be successfully biometrically enrolled onto the National Identity Register, and successfully matched on every occasion thereafter - which is highly unlikely, given the performance of biometrics across mass populations generally and especially their poor performance in the only, relatively small-scale, trial to date (UKPS enrolment trial, 2004). Groups found to have particular problems with biometric checks include the elderly, the disabled and some ethnic groups such as Asian women;
(b) biometrics are 'unforgeable' - which is demonstrably untrue. Biometric systems have been compromised by 'spoofing' and other means on numerous occasions and, as the technology develops, techniques for subverting the systems evolve too;
(c) every ID check will be authenticated by a live biometric check against the biometric stored on the NIR or at the very least against the biometric stored on the chip on the ID card which is itself verified against the NIR. [N.B. This would represent a huge leap in the cost of the scheme which at present proposes only to check biometrics for 'high value' transactions. The network of secure biometric readers alone (each far more complex and expensive than, e.g. a Chip & PIN card reader) would add billions to the cost of rollout and maintenance.]"
The professors ask that before the government proceeds any further, that:
"It is therefore our strongest recommendation that further development of a National Identity Register or National Identity Scheme (including biometric visas and ePassports) should be suspended until such time that research and development work has established beyond reasonable doubt that these are capable of operating securely, effectively and economically on the scale envisaged.
Government systems have so far paid little attention to privacy. Last week's events have very significant implications indeed for future government information systems development."