Saturday, November 15, 2003

ID cards and biometrics

Fiona McTaggart, a govt minister and former chairwoman of Liberty, defends ID cards in a Guardian article. An excellent rebuttal can be found at spy.org.uk's blog, and the Guardian's letters section also contains some excellent points. An interesting section from the spy.org.uk rebuttal is this:

Here we go again, the repetition of the false claim that biometrics are somehow unique. Not even the people with a vested commercial interest in selling the technology dare to make that claim. Your "biometric characteristics" may be reasonably individual to you personally, but that is not the same as saying that what ends up inside a Smart Card or database is "unique" or "unforgeable".

The specious reasoning goes along the lines of: if your Smart ID Card ever gets lost or stolen, there would be no need to worry, since, for example your fingerprint biometric would make it impossible for anybody else to use it, thereby crushing Identity Theft.

Leaving aside the statistics of False Positives, False Negatives, and the small percentage of people with no usable biometric at all (tens of thousands in a population of 60 million) the fact is that you leave your fingerprints all over your ID Card. There is a very high probability (around 80%) that latent fingerprints taken off your ID Card could be used to construct a "false finger" which is sufficient to fool the finger print scanner.


Emphasis added. The point here is that biometric identifiers are compared with each other in a manner that is probabilistic. The higher the number of data points compared, the more certain you can be that a match is a real match but the less certain you can be that you'll get a match. Thus you have to trade off the false positives, getting a match on biometrics from 2 different people, against the false negatives, failing to detect that two biometric readings are from the same person.

Now if someone claims that they've got a false positive rate for a particular biometric system, of 1 in a billion this might sound like it will give real certainty and allow a national identity register to be created in a manner that prevents people from applying from multiple identities. They'd reason that in a population of 60million, a 1 in a billion chance of a false positive is safe. They'd be wrong.

To compare every person's biometric with every other person's biometric (as would be required to create the database in this manner) would involve (60,000,000 times 59,999,999)/2 = 1,799,999,970,000,000
comparisons. For each comparison there's 1 billionth of a chance of getting a false positive. You'd therefore expect
1799999.97 of those comparisons to return a false positive match. That's roughly 1.8million false positive matches. Note that that does not involve 1.8million people, but rather 1.8million comparisons.

In other words, you can guarantee that there will be a large number of false positive matches as the database is assembled. Without a means of determining whether a positive match is a true or false positive, you won't be able to prevent people from creating multiple identities on the system. Worse, if you concentrate on getting such a low false positive rate, the false negative rate is likely to shoot up, making if even more likely that if someone did try to get multiple identities on the system, their attempt would not even show up as a positive match. And note that the false positive rate needs to cover software glitches, hardware glitches and human error too. Also, if you double the size of the population you roughly quadruple the number of comparisons.

It seems to me that without a solution to this, the idea that a national ID card can provide a secure and reliable means of verifying identity is simply a mirage.

Tuesday, November 11, 2003

10 reasons why the govt's ID cards plan will not work

"Clandestine entry and working in this country, the misuse of free public services, the issues around organised crime and terrorism - all these issues will be the ones for years to come."

Blunkett's statement above (see this report from the Guardian) sums up the reasons the govt claims the ID cards are necessary. Below are 10 reasons why I believe the plan will not deal with any of these problems.

1. The govt has to issue the cards to us. They will therefore need to ask for existing ID documents to prove who we are. The cards will therefore be no more reliable a means of identification than the weakest existing documents that are sufficient for the govt to issue the new cards.

2. Terrorists, and organised criminals, can simply, forge, fraudulently obtain, or recruit people with ID cards. Suicide bombers are not known for repeat offending.

3. Illegal immigrants will simply avoid contact with the authorities (e.g. work for "cash in hand") until they've managed to forge or fraudulently obtain ID cards.

4. Benefit fraud due to false identity has been estimated at £20-£50 million per year. ID cards are estimated to cost at £1.6 billion a year to implement. On these figures the cards will cost at least 30 times as much as the benefit fraud they could prevent. These are govt figures. See the commons debate on ID cards.

5. The govt will be creating a single card that can be used for accessing public services, travelling abroad, proving eligibility to drive, applying for jobs, proving legal residence, etc. It could easily end up being required for opening bank accounts, taking out loans and mortgages and anything else where identity is considered important. Thus, if the card becomes accepted and trusted in the way the govt intends, to pretend to be you in ALL these areas of life, criminals will only need to successfully forge one document.

6. By creating a central database of personal information, used to back the ID cards, the govt will create a single target that can be attacked by criminals to obtain the necessary information to track you down, pretend to be you, forge records for forged cards,etc.

7. The govt has a hopeless record on creating computerised databases, e.g. consider this Guardian story about the Courts' computer system.

The odds are the ID system will be ridden full of bugs and errors, cost considerably more than currently claimed and will fail to work.

8. The govt claims biometric identifiers will make forgery impossible. This is simply false. Biometric identifiers do not work 100% correctly. Forgers can obtain or forge blank cards and download their own biometrics onto such cards. Biometric identifiers can also be stolen and forged themselves. They might make things difficult in which case a weaker part of the system will be attacked (e.g. the documentation to acquire the cards).

9. Identity theft currently occurs where people gain enough sensitive information to pretend to be someone else. They gain this information from a variety of sources, e.g. from thrown out bank/credit card statements, from restaurant receipts, from customer databases etc. ID cards will not close off all these options and will create new options.

10. Illegal workers need only avoid contact with the authorities to avoid the need to produce an ID card. Even if ID cards were compulsory to carry, the opportunities for forging or fraudulently obtaining the cards would be still be available.


Further reading:

Richard Hallam MP has written an excellent article in his blog.

The Register has an excellent article here.

ID cards -- the next steps is the govt's latest document outlining the plans.

STAND is worth looking at too. And don't forget to try some of the links on my sidebar...

Big Blunkett announces incremental plan for national ID cards.

The BBC and the Guardian report that Blunkett has outlined his plan for national ID cards. In the face of cabinet splits over the issue, he is going for an incremental approach to introducing the cards.

According to the govt's new document on the subject the national ID cards will be introduced in 2 phases. In phase 1, a new national identity register will be established, passports and driving licences will be replaced by cards carrying biometric identitifiers (e.g. fingerprints or iris scans) starting in 2007/8, a voluntary ID card for those without passports or driving licences will be made available and mandatory ID documents containing biometric identifiers will be introduced for foreign nationals staying in Britain for more than 3 months.

In phase 2, after a full debate and a vote in parliament, the cards will be made compulsory to own and access to public services will require presentation of such a card. The cards will also be required to apply for jobs legally.

Blunkett is trying desperately to justify this claiming the cards will make identity theft impossible (which is simply false -- biometrics will not prevent forgery or false application for the cards) and asserting they're necessary without explaining why. Moreover the new govt document on this topic repeats a lie about the govt's earlier consultation on entitlement cards. The document states:

Of the 5000 people who responded formally to the consultation, 4200 expressed a view. Over 60% of these were in favour. We also received over 5000 emails from an organised opposition campaign. Over 96% of these were opposed.

But the 5000 emails referred to were sent by individuals responding to the govt constultation via the STAND website, and thus were a formal part of the consultation. It is simply disengenous to separate these from the other responses since they were sent via the gov'ts formal channels for the consultation and involved individuals making their own mind up to oppose (or support in some cases) the cards.

For some detailed criticism of the cards, this article in the Register is worth a look. The Stand website also has good material including more detail on the spinning and lies over the results of the consultation exercise. Finally, Samizdata and White Rose also comment on this.

Thursday, November 06, 2003

And the Tories think this man will be taken seriously...

We are here to serve - the syllable at the heart of our party and the heart of our jams. Lovely strawberry preserves to spread on toast. Mmmm! Mmmm!

Well, OK, I admit it, Mr Poll Tax Michael Howard did not say that. He did say something almost equally stupid however:

We are here to serve - the syllable at the heart of our name, and at the heart of our purpose.

Choose a different syllable and you'd get "We are here to con...". This is the highlight of a speech full of meaningless waffle. What a great start. Blair must be quivering in his boots. Time will of course tell whether Dracula Howard can do the job, but he'll need to do better than this or he may resemble Count Duckula more than Count Dracula.

Commons debate on ID cards

White Rose highlighted a House of Commons debate held on ID cards. It is well worth reading. The news reports suggest that a draft Bill will be presented in the Queen's Speech with a view to legislating later. The govt seem to be heading for an incremental implementation of such a card. This issue doesn't seem likely to die any time soon.

Saturday, November 01, 2003

Courts approve use of Terrorism Act against peaceful protestors

Back when the Terrorism Act 2000 was merely a bill, Jack Straw, the Home Secretary at the time, reassured us that "There is nothing in the bill that will interfere in the right of people to protest peacefully, " and "The legislation is not intended to deal with alleged offences properly dealt with under the existing criminal law. Neither will it in any way curb individuals' democratic rights to protest peacefully."

So of course it came as a complete surprise (NOT) when the Terrorism Act 2000 was used against peaceful protestors in London. Still given Straw's reassurances and the fact the current Home Secretary David Blunkett does not control the police directly, it might seem only fair to wait for the outcome of the legal challenge. Well the courts have upheld the use of the Terrorism Act in these circumstances. So much for the reassurances given by Straw when it was a bill. It is worth remembering why he gave the reassurances. It's all down to the definition of terrorism, which states:

1. - (1) In this Act "terrorism" means the use or threat of action where-
(a) the action falls within subsection (2),
(b) the use or threat is designed to influence the government or to intimidate
the public or a section of the public, and
(c) the use or threat is made for the purpose of advancing a political,
religious or ideological cause.

(2) Action falls within this subsection if it-
(a) involves serious violence against a person,
(b) involves serious damage to property,
(c) endangers a person's life, other than that of the person committing the action,
(d) creates a serious risk to the health or safety of the public or a section of the public, or
(e) is designed seriously to interfere with or seriously to disrupt an electronic system.

(3) The use or threat of action falling within subsection (2) which involves the use of firearms or explosives is terrorism whether or not subsection (1)(b) is satisfied.

(4) In this section-
(a) "action" includes action outside the United Kingdom,
(b) a reference to any person or to property is a reference to any person, or to property, wherever situated,
(c) a reference to the public includes a reference to the public of a country other than the United Kingdom, and
(d) "the government" means the government of the United Kingdom, of a Part of the United Kingdom or of a country other than the United Kingdom.

(5) In this Act a reference to action taken for the purposes of terrorism includes a reference to action taken for the benefit of a proscribed organisation.


Clearly, this definition covers acts of mere civil disobedience, or even threats thereof. It seems clear to me the police could argue that any demonstration involves a threat of "terrorism" so defined, since some of the protestors might try to damage property or threaten to do so through civil disobedience. Once the police get approval to stop and search on this basis, they have the power to search anyone for articles that might be used for "terrorism", e.g. anything that could be used to damage property, or for disrupting an electronic system -- a faxable document for example, mass faxing being a way of disrupting a fax machine which is an electronic system.

The irony is that the trading of arms is far more likely to have involved real terrorists or the risk of such arms falling into their hands than the protests against the trading of arms going on outside the fair.

The moral of the story is that govt assurances that legislation is not intended to be used in certain situations are worthless when the legislation explicitly allows such usage. Bear in mind the above definition of terrorism, and look over the offences in the Terrorism Act 2000 and ask yourself how easy it would be to arrest perfectly innocent people as "suspected terrorists". A more detailed article on the Terrrorism Act can be found here.