 |
|
The Identity Project |
Press release on the launch of report of The Identity Project: an assessment of the UK Identity Cards Bill and its implications
ID Cards - UK's high tech scheme is high risk
Published 27 June 2005
- Download the full report (approx 300 pages)
- Download the executive summary
The likely cost of rolling out the UK government's current high-tech identity cards scheme will be £10.6 billion on the 'low cost' estimate of researchers at the London School of Economics and Political Science (LSE), without any cost over-runs or implementation problems. Key uncertainties over how citizens will behave and how the scheme will work out in practice mean that the 'high cost' estimate could go up to £19.2 billion. A median figure for this range is £14.5 billion.
If all the costs associated with ID cards were borne by citizens (as Treasury rules currently require), the cost per card (plus passport) would be around £170 on the lowest cost basis and £230 on the median estimate. The Annex (below) shows where LSE expects costs to be incurred and the 'Top Ten Uncertainties' about the project as currently planned.
The LSE report The Identity Project: an assessment of the UK Identity Cards Bill and its implications is published today (27 June) after a six month study guided by a steering group of 14 professors and involving extensive consultations with nearly 100 industry representatives, experts and researchers from the UK and around the world. The project was co-ordinated by the Department of Information Systems at LSE.
The LSE report concludes that an ID card system could offer some basic public interest and commercial sector benefits. But it also identifies six other key areas of concern with the government's existing plans:
- Multiple purposes Evidence from other national identity systems shows that they perform best when established for clear and focused purposes. The UK scheme has multiple rather general rationales, suggesting that it has been 'gold-plated' to justify the high tech scheme. For example, the government estimates that identity fraud crimes may cost up to £1.3 billion a year, but only £35 million of this amount can be addressed by an ID card.
- Will the technology work? No scheme on this scale has been undertaken anywhere in the world. Smaller and less ambitious schemes have encountered substantial technological and operational problems that are likely to be amplified in a large-scale national system. The use of biometrics creates particular concerns, because this technology has never been used at such a scale.
- Is it legal? In its current form, the Identity Cards Bill appears to be unsafe in law. A number of elements potentially compromise Article 8 (privacy) and Article 14 (discrimination) of the European Convention on Human Rights. The government may also be in breach of law by requiring fingerprints as a pre-requisite for receipt of a passport. The report finds no clear case why the ID card requirements should be bound to internationally recognized requirements on passport documents.
- Security The National Data Register will create a very large data pool in one place that could be an enhanced risk in case of unauthorized accesses, hacking or malfunctions.
- Citizens' acceptance An identity system that is well-accepted by citizens is likely to be far more successful in use than one that is controversial or raises privacy concerns. For example, it will be critical for realizing public value that citizens want to carry their ID cards with them and to use them in a wide range of settings.
- Will ID cards benefit businesses? Compliance with the terms of the ID cards Bill will mean even small firms are likely to have to pay £250 for smartcard readers and other requirements will add to the administrative burdens firms face.
The LSE report concurs with 79 out of the 85 recommendations made by the House of Commons Home Affairs Committee in its report on the draft Identity Cards Bill. Following up suggestions there and coming from industry and academic experts, the LSE team also set out an alternative ID card scheme that would still incorporate biometrics, but would be simpler to implement and radically cheaper. The LSE alternative ID card would also give citizens far more control over who can access data about them, and hence would be more likely to win positive public and industry support.
Dr Gus Hosein, a fellow in the Department of Information Systems at LSE, said : 'We have proposed an alternative model that we believe to be cheaper, more secure and more effective than the current government proposal. It is important that Parliament gets the chance to consider a range of possible models before the ID Cards Bill is passed. Even if government figures were correct, the costs of the government scheme are disproportionately higher than the scheme's ability to protect the UK from crime, fraud or terrorism.'
Professor Patrick Dunleavy, Professor of Political Science and Public Policy at LSE, said: 'This report is not an argument for or against ID cards, but an impartial effort to improve the evidence base available to Parliament and the public. The Home Office currently officially suggests that ID cards will cost around £6 billion to implement over ten years, but it has not yet justified this estimate in detail. By contrast, we recognize considerable uncertainties ahead with such a novel, high tech scheme and we show how these uncertainties might affect costings.'
Ends
Contact:
- Professor Patrick Dunleavy: tel: 020 7955 7178, email: p.dunleavy@lse.ac.uk
- Dr Gus Hosein, tel: 020 7955 6403, email: i.r.hosein@lse.ac.uk
- Professor Ian Angell, 020 7955 7638, email: i.angell@lse.ac.uk
- Jessica Winterstein, LSE Press Office, tel: 020 7955 7060, email: j.Winterstein@lse.ac.uk
Notes:
The LSE report includes a preface by Information Commissioner Richard Thomas. He writes: 'I welcome the report commissioned and undertaken by the LSE as a valuable contribution to an issue which engages significant data protection and privacy concerns. I have expressed my unease that the current proposal to establish a national identification system is founded on an extensive central register of personal information controlled by government and is disproportionate to the stated objectives behind the introduction of ID cards.
'The report makes clear that a system which minimises the amount of personal information generated and held by the government on card holders can be established without sacrificing the essential attributes of security, reliability and trust in the system. I hope that during the scrutiny of the ID Cards Bill, as it passes through the parliamentary process, this report helps focus debate on the actual system for administering ID cards and the need to ensure that this is one which is proportionate to the reasons for wishing to introduce ID cards.'
Annex: showing Costs breakdown and 'Ten Key Uncertainties'
ANNEX
Where costs will arise in the ID Cards Project over ten years
|
Low costs estimate |
Median estimate |
High costs estimate |
Issuing passports (based on Passport Service data) |
3,936 |
3,936 |
4,065 |
Managing the National Identity System |
2,261 |
3,658 |
5,341 |
Designing and constructing the National Identity Register and adapting 'first round' government computer systems |
1,559 |
2,169 |
2,910 |
Staff costs and training |
1,719 |
3,368 |
5,308 |
Direct costs of issuing Identity Cards |
814 |
1,015 |
1,216 |
Providing ID card readers for public sector bodies (as specified in the Bill) |
291 |
306 |
317 |
Miscellaneous |
22 |
64 |
117 |
TOTAL |
10,602 |
14,516 |
19,274 |
Note: We assume that over ten years 67.5 million people (UK citizens plus EU nationals living in the UK) will be covered by the scheme. Some costs (for example, for issuing cards) could be higher (or lower) if more (or less) people needed to be covered.
The LSE estimates include the costs of 'pulling' information from other government computers needed for verifying people's identities, and of 'pushing' ID card data to Home Office databases, police databases and the Department of Work and Pensions. But they exclude the costs of adapting the full range of other government computer systems to use ID card data (likely to be substantial), nor the costs that will accrue to the private sector.
Ten Key Uncertainties over the ID card project
All data relate to the first ten years operation
The ID cards themselves
1. How much will the scheme cost the UK?
Our 'best case' scenario is that it will cost around £10.6 billion (very roughly £170 per card and passport) though some of this cost may be absorbed into government budgets and passed on through tax. If the scheme is fully integrated into government IT systems this cost may increase considerably. Worst case: 19.2 billion, with a proportionately higher unit price per person.
2. How often will the cards or the biometrics on them need to be renewed?
Best case: once in 10 years for everyone. Worst case: once in five years for everyone. Median: some people (for instance, some elderly or ill people) will need to renew their biometrics every 5 years or more; some others will need to renew cards because of personal circumstance changes; but other people can go 10 years.
3. How often will ID cards be lost or damaged and need to be replaced?
Best case: Loss and damage will be the same as for passports. Worst case: More problems than with passports because ID cards are in use much more.
The ID card service
4. How difficult will it be to initially enroll people on the ID card scheme?
Best case: People flock to enroll speedily and there is no tail-end of resisters. Worst case: People need extensive chasing, some people resist cards to the end, and enrollment is slow.
5. How straightforward is it to verify people's identities and to enforce compliance with ID cards? How costly will it be to make corrections and re-enroll people in the ID card scheme?
Best case: No verification problems, few corrections, simple re-enrollment. Worst case: Significant problems with verifications, more corrections, difficulties checking other databases; enforcement is more costly because of citizen resistance, and re-enrollment is somewhat more complex.
Public affairs aspects
6. To what extent will the public accept the government's proposals?
Best case: people come to embrace the government's scheme, seeing benefits in having an ID card backed by a Register. Worst case: a mass campaign of non-cooperation that creates unbearable pressures on the system with consequent financial cost.
7. To what extent will there be civil liberties and privacy implications in the scheme?
Best case: government is able to maintain strict protection of data on the register. Cards use secure technologies to limit the threat of data misuse. Worst case: the scheme suffers from "function creep" to the extent that a card becomes an internal passport without which a person cannot function.
8. Will disabled people suffer hardship and discrimination through the system's operation?
Best case: government recognizes the challenges that face many disabled people in relation to biometrics, and incorporates technology to meet and support these problems. Worst case: to rein in costs the government buys cheap technology that inherently disadvantages disabled people, resulting in severe day-to-day problems for them, for instance, possible denial of service and loss of dignity.
Security
9. Are there any security concerns about the system?
Best case: the security of personal data remains much as it is in the current environment. Worst case: if intruders or hackers could compromise security, then large numbers of identity records are at risk.
10. Is there a risk that new kinds of ID fraud could arise from cards coming into pervasive use?
Best case: No new ID fraud. Worst case: Some new, high tech ID fraud develops, with greater costs for those citizens affected. Successful identity theft of a person's biometric data would mean that their fingerprints or iris scans are permanently in the hands of criminals, with little hope of revoking them.s
27 June 2005
Page
last updated
8 July, 2005
