 
|
|
25 November 2005 ID card scheme tackled at London UniversityBrian McKennaJohn Daugman, Cambridge-based pioneer of iris recognition told an audience of sixty security professionals, lawyers, and privacy advocates last night: “it is Orwellian to base a political campaign on disinformation”. Daugman had in his sights the LSE report, published in July, critical of the UK government’s identity cards scheme. Simon Davies, Visiting Fellow, Information Systems Department, LSE, also in attendance, conceded that the iris recognition sections of the original report were in error, and are being excised. But he re-stated his main objection “to a creeping communitarianism – where the common good, as defined by the government takes precedence over the privacy rights of the individual”. Daugman and Davies were speaking at a seminar at the University of London’s Institute of Advanced Legal Studies on understanding the technological and legal issues surrounding the UK government's proposed introduction of ID cards. The other speakers were Stephen Harrison, Deputy Director of theID Cards Programme, at the Home Office; Professor Fred Piper, Information Security Group, Royal Holloway, University of London; and Gareth Crossman, solicitor, and Director of Policy at Liberty. Dr Daugman described the LSE report as “one of the most error-prone around. It repeatedly confuses the iris with the retina; it says, falsely, that glaucoma and cataracts are barriers to iris recognition; and it erroneously asserts that pregnancy and medication affect accuracy also”. In fact, he continued, one can “allow one quarter to one third inaccuracy on the data bits, and still get staggering accuracy of identification”. For example, he said, even with 26% mismatched bits you still get a misidentification of one in 50 billion iris cross comparisons. However, he conceded, “iris recognition will always be an opt-in technology, and that is its Achilles Heel”. Enabling legislation Stephen Harrison, on behalf of the British Home Office, began his talk by stressing, “this is enabling legislation, given context by other legislation – such as that on data protection. "Delivery of the scheme will be based in the UK passport service – it won’t be a new agency”, he said. Harrison argued that the card will play a role in combatting terrorism. “When terrorists are run down, they have all sorts of false identity documents. They obviously find them useful for something”. And, in terms of combating crime, he pointed out that the UK has 900,000 unmatched scene of crime fingerprints on record. Moreover, he said, “there will be efficiencies in the interaction of citizens with public services, and that will be even more the case as more services go online”. He said that there are constraints on the information that can go on the register – for example, it can’t expanded to include medical information. "As for the National Identity Register, it is a legal construct – whether it is one, two or 20 databases will be left to future procurement and development processes”. However, he stated that the police, and security services will be able to access data without individual consent, "and you will not be allowed to know about that. Other organizations could be added to that, but that will take further parliamentary approval”. Enrolment the big issue Fred Piper, from Royal Holloway commented that John Daugman’s “statistics are all about iris scans, but there are other biometrics which are not so accurate. I’m a cynic about biometrics in general. Piper asked: “has the government ever procured any security project on this scale? I don’t believe it has. "But enrolment is the big issue. That process merely confirms that the person registered is the person identified. Until there is a solution in place we cannot assess the security of it.” However, Professor Piper cautioned those who raise the spectre of database insecurity that “the mere existence of a database is not, on its own, a make or break issue. Experian and Equifax hold and secure highly sensitive financial information. It can be done”. But, regarding smart cards he made two points to ponder: “the more tamper resistant smart cards are, the more expensive they are; and the card also has to authenticate the terminal!” Not trivial. Positive case not made Garry Crossman, from Liberty eschewed the technological, and targeted the principle of the card. “The government needs to prove the positive case for this, and it hasn’t. "It needs to show that the need to introduce the card over-rides objections to it. And it hasn’t”. He pointed up the danger of function creep. “The Second World War scheme in the UK was for three things originally: national security, conscription, and food. By 1950 it was up to 39 uses!” There is also the danger that the card will be used in a racist manner, he said. “In all European countries where you have ID cards they are used as a method of internal border control”. But his main point lay in the difference between the legal traditions of the UK as opposed to continental Europe. "We have common law in the UK, and civil law in Europe. So, yes, they do have identity cards, but they also have stronger privacy traditions encoded in law. "The ID card scheme will change our relation to the state in a fundamental way. Information will be passed on unless there is a reason not to do so. "As for terrorism, those suspected are known to the police and security services anyway. And, in terms of crime, identity is just not an issue". He added that the government was not putting its best case forward. “They are not selling the benefits of the card in terms of promoting efficiencies in interactions between the individual and public services”, he said. Speaking from the floor, and in a personal capacity, Geoff Llewellyn, of Siemens Business Services, said: “either you buy into the value of a modern, globalized, interconnected world or you don’t. If you do, then an ID card will be a useful component of that world”. The discussion was chaired by Stephen Mason, Stephen Mason, seminar chairman; barrister, Senior Research Fellow, Institute of Advanced Legal Studies. This discussion was organized by the Society for Advanced Legal Studies, in association with the information security publishing programme of Elsevier: which includes Computer Fraud and Security, Computer Law and Security Report and Infosecurity. Links Web page for John Daugman: http://www.cl.cam.ac.uk/users/jgd1000/ Home Office ID cards information page: http://www.homeoffice.gov.uk/passports-and-immigration/id-cards/ SA Mathieson, ‘LSE calls for decentralised UK ID’: http://www.infosecurity-magazine.com/news/050705_lse_id.htm
|
|
