idcards

Bad science

Now for ID cards - and the biometric blues

Ben Goldacre

Sometimes just throwing a few long words about can make people think you know what you're talking about. Words like "biometric". When Alistair Darling was asked if the government will ditch ID cards in the light of this week's data cock-up, he replied: "The key thing about identity cards is, of course, that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be."

Yes, that's the problem. We need biometric identification. Fingerprints. Ins scans. Gordon Brown says so too: "What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary."

Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20. Take a finger and make a cast with the moulding plastic sold in hobby shops. Then pour some liquid gelatin (ordinary food gelatin) into that mould and let it harden. Stick this over your finger pad: it fools fingerprint detectors about 80% of the time. The joy is, once you've fooled the machine, your fake fingerprint is made of the same stuff as fruit pastilles, so you can simply eat the evidence.

But what if you can't get the finger? Well, you can chop one off, of course -another risk with biometrics. But there is an easier way. Find a fingerprint on glass. Sorry, I should have pointed out that every time you touch something, if your security systems rely on biometric ID, then you're essentially leaving your pin number on a post-it note.

You can make a fingerprint image on glass more visible by painting over it with some cyanoacrylate adhesive. That's a posh word for superglue. Photograph that with a digital camera. Improve the contrast in a picture editing program, and print the image on to a transparency sheet, then use that to etch the fingerprint on to a copper-plated printed circuit board (it sounds difficult, but you can buy a beginner's etching set at Maplin for £10.67). This gives an image with some three-dimensional relief. You can now make your gelatin fingerpad using this as a mould.

Take a bit of moulding plastic and some liquid gelatin, and you have a solution you can put your finger on

Should I have told you all that, or am I very naughty? Yes to both.

It's well known that security systems which rely on secret methods are less secure than open systems, because the greater the number of people who know about the system, the more people there are to spot holes in it, and it is important that there are no holes. If someone tells you their system is perfect and secret, that's like quacks who tell you their machine cures cancer but they can't tell you how: it's cobblers.

Open the box, quack. In fact you might sense that the whole field of biometrics and ID is rather like medical quackery: as usual, on the one hand we have snake oil salesmen promising the earth, and on the other a bunch of humanities graduates who don't  understand technology, science or even human behaviour. Buying it. Bigging it up. Thinking it's a magic wand.

But it's not. The leak last week wasn't because of unauthorised access, it couldn't have been stopped with biometrics; it happened because of authorised access which was managed with a contemptible, cavalier incompetence. The damaging repercussions for 25 million people will not be ameliorated by biometrics.

So will biometrics prevent ID theft? Well, it might make it more difficult for you to prove your innocence. And once your fingerprints are stolen, they are harder to replace than your pin number. But here's the final nail in the coffin. Your fingerprint data will be stored in   . your passport or ID card as a series of numbers, called the "minutiae template". In the new biometric passport with its wireless chip, remember, all your data can be read and decrypted with a device near you, but not touching you.

What good would the data be, if someone lifted it? Not much, insisted, Jim Knight, the minister for schools and learners, in July: "It is not possible to recreate a fingerprint using the numbers that are stored. The algorithm generates a unique number, producing no information of any use to identity thieves." Crystal clear, Jim.

Unfortunately, a team of mathematicians published a paper in April this year, showing that they could reconstruct a fingerprint from this data alone. In fact, they printed out the images they made, and then — crucially, completing the circle - used them to fool fingerprint readers.

Ah biometrics. Such a soothingly technical word. Repeat it to yourself.

BEWARE OF CARD TRICKS

The government claims that national identity cards will help to counter  terrorism, illegal immigration and ID fraud.

The other day I went to see my publishers in central I London and prepared for the usual performance at the entrance, which involves me writing my name, the name of my editor and the time in a book. On this occasion the man asked me to type the details into a keyboard then angled a camera on a stalk into my face. I typed away but held one hand in front of the lens before moving swiftly out of the camera's field to make for the lift. "Hold on, sir," shouted the security guard after me. "You can't go in unless you've had your picture taken."

"I can," I said, "because you have no right to take my photograph without my consent. And you most certainly don't have it."

A week later I was confronted with the same piece of equipment at my gym in west London. Again I placed my hand over the camera lens and to the baffled receptionists quoted the Image Retention Act 2002. There was, of course, no Image Retention Act in 2002, or any other year. That time, they let me in. By my next visit they were waiting for me. The receptionist stood back out of range of my hand and snapped my picture before I had time to react.

To many, my behaviour would seem unreasonable. After all, my picture is taken hundreds -maybe thousands - of times every day in London. But that is not my objection. What bothers me is when someone puts my image, my name, the place and time together. That is information of a personal nature, and is an invasion of my privacy.

I have exactly the same response to the ID card and the much more sinister National Identity Register (NIR), which one day will track each one of us through almost every important transaction of our lives. Emails leaked to the Sunday Times at the weekend suggest that senior civil servants in charge of key aspects of the scheme, Peter Smith and David Foord, have grave doubts about the practicalities of introducing the card. This may be reassuring to some but the argument against this folly must take place on every level. I am instinctively against them, politically against

the card and the NIR - and, if it doesn't sound pretentious, philosophically against them too.

At a stretch, I would carry a voluntary little plastic ID card, because I have no objection to identifying myself when it is my choice. I don't mind taking my passport along to the bank or showing my driving licence to collect a parcel from the post office - but I am preternaturally against the state forcing me to supply biomet-ric measurements and 49 separate pieces of information about myself to a database which will be accessed by God knows who without my permission or knowledge. I am genetically incapable of submitting to such a process. I cannot do it. I will not do it, and I pray that when the public understands how this scheme will profoundly alter the relationship between the individual and the state thousands-more will recoil and say the same.

The government's arguments in favour of ID cards keep shifting, and the hugely expensive project has been sold to the British public on a false prospectus. The government began by saying it would prevent terrorism. When that wasn’t tenable it said it would prevent ID theft. When that didn't work, it said it would prevent benefit fraud and when that didn't work it resorted to claiming that it would help control illegal immigration.

So, first of all, terrorism. The Spanish ID card did not stop the Madrid train bombers and a British ID card wouldn't have stopped the London July bombings of 2005. ID cards, it is plain, will not deter home-grown terrorists or suicide bombers who are quite happy for their names to be known once they have carried out their attacks for the obvious reason that martyrdom is pointless when it is anonymous. So when that didn't work, ministers stirred up fears about ID theft as the great scourge of modern society. Yes, it is a problem, but it is nowhere near as large as the government has been making out. In January, the Home Office published a report which said that ID theft cost the British public £1.7bn annually. It turned out that that figure included £395m for money laundering and £504m for the total loss of plastic cards. Thus the figure was exaggerated by a little under 50%.

Rather than stopping ID theft, ID cards are, in fact, likely to increase the problem, because this single unified and trusted identifier will be something that is really worth forging. Already, we hear, criminal gangs have compromised the chip-and-pin technology that will be used. And the new RFID technology — that's radio frequency identifiers — in place in some passports has been read by illegal scanners at 30 paces. Imagine that gadget in the hands of terrorists or criminal gangs.

In February 2004 the government published a report saying that a campaign against benefit fraud had cut losses by £400m. The report said that the government was on target to slash fraud and error by half by this year, quite an achievement. Then the boasting suddenly stopped. Why? Because the government's success at meeting its own targets militated against the argument for ID cards.

Like crime, benefit fraud has decreased. But you hear little of this from No 10 or the rightwing tabloid press, because it suits them to keep us in a state of near frenzy about both. And there is something else to remember: in the majority of cases, benefit fraud is not the result of well-

organised individuals using multiple identities, but rather people exaggerating their sickness and the extent of their disability. The ID card will do nothing to stop someone faking depression or lower back pain.

And, finally, the ID card won't stop illegal immigration. True, it will make the lives of illegal immigrants more difficult, but there is little evidence to, suggest that it will actually deter people-smugglers and desperate migrants.

Not one of these arguments is accepted by the prime minister. Just six months ago, David Cameron asked at Prime Minister's Questions how the government could afford the scheme. Tony Blair replied: "Because if we introduce an ID cards scheme and reduce identity fraud that makes a major difference to the costs of government, to the costs of doing business. In today's world if we want to tackle illegal migration, crime and identity fraud, then using the new biometric technology to have ID cards is an important part of doing so."

One thing we do know is that the cost will be enormous. The London School of Economics puts it at £19bn over 10 years, while the government has said it will cost just £5.8bn, which seems ludicrously optimistic given that £12bn is being spent on the National Health Service database, a much less ambitious project. The government estimates that the cost of running the scheme will be £584m per year, which happens to be exactly the operating deficit of the NHS announced in June. Think of the schools, hospitals or university research centres, or jails, if you like, that could be built for this figure.

I would guess that the LSE has got it about right: after 10 years there won't be much change from £20bn, which," incidentally, is about four fifths of the cost of renewing Trident, a figure that surely interests Gordon Brown. The thing to remember is that this is our money and our children's money and we are about to spend it on a project that will divide people and government with mutual suspicion, that will invade everyone's privacy to a degree never seen in human history and that will make criminals of the people who feel that they cannot submit to the system, And you know what really kills me? It is the vast amount that the government will spend on an advertising campaign which will by turns dragoon the British public, threaten us and seek to reassure us.

Let none of us be under any illusion that ID cards will remain voluntary. The system only works if everyone is forced to carry a card and submit their details to the NIR. Already, £55m has been granted in contracts to set up 69 enrolment centres across the country and the bill, which became law this year, includes provision for a system of heavy fines for non-compliance. These speak eloquently of the government's intention to enforce its will.

It will involve considerable inconvenience, as the NO2ID website makes clear. You will be required to attend an enrolment centre with I some form of identifying material — bank statements, credit cards, driving licence or birth  certificate, who knows what. Then you will be fingerprinted, photographed and the iris in your eye will be measured. You will give the authorities 49 pieces of information about yourself. If you don't, you may be fined up to £2,500. Additional fines of up to £2,500 may be levied every time you fail to comply.

If you fail to inform the police or Home Office

when you lose your card, or if it becomes defective, you face a fine of up to £1,000. If you find someone else's card and do not immediately hand it in, you may have committed a criminal offence punishable by imprisonment for up to two years, or a fine, or both. And you will be fined £1,000 if you fail to inform the NIR of any change of address. You will also be expected to tell the authorities your previous addresses. Truly the government will be able to say with all the menace of the underworld enforcer: "We know where you live."

If you don't inform the register of significant changes to your personal life, or any errors they have made, you will face a fine of up to £1,00. Astonishingly, you may also face a fine if you fail to submit to being reinterviewed, re-photographed, refingerprinted and rescanned.

And for all this you will pay between £30 and £93 (or more) to be registered, with further charges to change your details and to replace a lost or stolen card. It's a devilishly clever scam because, in essence, the government is charging you so that it can charge companies that wish to confirm your identity.

The card that you have paid for and have taken so much trouble over then remains the property of the secretary of state and he or she may withdraw it without explanation. Once that happens you will find it very hard to function in our brave new society.

Some, like the editor of Prospect, David Good-hart, have attempted to portray the cards as "badges of citizenship embodying the idea of the contract between citizen and state". The argument is superficially comforting. "They help us to know who is in the country and what their status is and to protect the precious entitlements of all existing citizens." There is no mention in his recent essay of the database or the terrible potential for intrusion and control. And of course the idea of this being a contract is ridiculous when one party is being forced to sign or face penalties. The notion of a badge of citizenship is codswallop being put about by people who are too impressed by authority and too weak to oppose it.

When reading the ID card bill I am constantly struck by its minatory tone — the threats of fines and the general contempt for the average citizen. There's a reason for this. Rather than being something that is designed to helpus, the card and the register are, in fact, tools of government control and surveillance. Over and above the information you have supplied at enrolment (please note the voluntary connotations of the word enrolment ) your file on the MR will build an entire picture of your life — your hospital visits, your children's schools, your driving record, your criminal record, your finances, insurance policies, your credit-card applications, your mortgage, your phone accounts (and, one presumes your phone records), and your internet service providers.

Every time you get a library card, make a hire-purchase agreement, apply for a fishing or gun licetace, buy a piece of property, withdraw a fairly small amount of your money from your bank, take a prescription to your chemist, apply for a resident's parking permit, buy a plane ticket, or pay for your car to be unclamped you will be required to swipe your card and the data-

ID cards will divide people and governmen with mutual suspicion and criminalise people

who can't submit to the system

base will silently record the transaction. There will be almost no part of your life that the statei will not be able to inspect. And it will be able to use the database to draw very precise conclusions about the sort of person you are - your spending habits, your ethnicity, your religion, your political leanings, your health and even perhaps your sexual preferences. Little wonder that Mis desired - and was granted — free access, to the database. Little wonder that the police, customs and tax authorities welcome the database as a magnificent aid to investigation.

But know this: from the moment the database goes live, we will become subjects not citizens and each one of us will be diminished in relation to the state's power.

Something enormous and revolutionary is about to happen to us. We are giving the most precious part of ourselves to the government, allowing it complete freedom to roam through? our privacy. And it's not just to this government, but to the governments of the future, the nature of which we cannot possibly know. And it's not just our privacy - it is the rights and privacy of future generations. While we are comfortable about handing this information over to the state, the citizens of the future may feel strongly about our complacency and our faith in the British government. We have a duty to those people, just as all the people who fought for the rights we

enjoy today felt a sense of obligation to us.

The prime minister asks us to trust him  and implies that abuse of a database would be unthinkable in Britain. But after the lies before the invasion of Iraq, the revelations of the Hutton inquiry and the evidence about rendition flights using British airspace I would suggest that we treat these sorts of assurances and appeals with the utmost suspicion.

Remember this government's attack on liberty. Remember what we have already lost — the campaign that has diminished defendants rights, introduced punishment without a court deciding that the law has been broken, restricted protest and speech and even assembly. Blair is unabashed about his record and has taken to describing civil liberties as a privilege that may be removed from someone the moment they become a suspect or a defendant.

I am afraid I do not trust the government's motives - nor do I trust its competence. The past decade is littered with failed government IT projects - the Child Support Agency, the immigration records, the working tax credit database, the farmers' single payment scheme are a few that come to mind. This is to say nothing of its record on security. The NIR will literally have thousands of entry points where the information on your file can be accessed.

One of the worst failures of a government database came to light a few weeks ago when the Home Office admitted that the Criminal Records Office had wrongly identified 2,700 people as having criminal records. I cannot think of a clearer case of defamation and it is surprising there is not some kind of class action against the Home Office. Not only were these people's reputations seriously damaged, many were turned down for jobs as a result of the CRO's mistake and can therefore argue for a serious loss of earnings. But the Home Office did not even apologise. It is exactly the arrogance that I fear will come to characterise all government dealings with the person in the street once this database is operational.

As I said, I am instinctively - genetically, as I put it - opposed to ID cards and the Identity

Register. I am also politically opposed because as the government database grows, I believe there will be a commensurate lessening in the state's respect for each one of us. We will be reduced ] to the great mass of classified specimens, pinned down and itemised like dead butterflies in a showcase. Because of the power it possesses over us, I believe the government will gradually become less accountable and less responsive tc the needs and wishes of the people. Whereas once politicians were our servants, they will become our masters and we their slaves.

I have philosophical objections, too. In a free country I believe that every human being has the right to define him or herself independently and without reference to the government of the time, This, I believe, is particularly important in a murfr cultural society such as ours. The ID card and NIR require and will bring about a kind of psychological conformity, which is utterly at odds with a culture that has thrived on individualism, defiance and the freedom to go your own way.

And it will remove the right of those who foi whatever reason wish to withdraw from the cares of the world and the influence of society, to resort to the consolations of solitude and privacy without inspection from a centralised authority. Privacy, anonymity and solitude are rights, and we are about to lose them for ever.

People say that everything about you is known already. Someone has calculated that each of us appears on up to 700 databases. But the real point is that everything that is known about you will become linked up on the NIR. The register will take on a life of its own, for once you set up a system like this it becomes ineluct-ably compelled to find out more and more about you. That will be its hardwired purpose.

Imagine handing over the keys to your home when you are out at work to allow some faceless bureaucrat to rifle through your desk and drawers, your photograph albums and children's school reports, your bills and love letters. That is the kind of access they are going to have, and it is going to grow as time goes by and we become accustomed to this unseen presence in our lives.

Well, it's not for me. I cannot do it. I will not do it, and I hope you won't either.

Henry Porter

 The Guardian 11.07.06

aims

Newsletter one  -  newsletter two  -  newsletter three

  environment &  effects on suffolk   -   nuclear industry   -  letters

membership  -   climate change & the effects of air travel   

 world comment  -  alternatives   -   foe  -