At the end of last year, hundreds of UK citizens went to government offices, sat down, and had the image of the irises of their eyes photographed and scanned into a machine. But this was not a medical examination, or X-Files subterfuge. It was part of the testing of biometric technology that could underpin a far-reaching change in everyday life: entitlement cards.
The Government believes that entitlement cards (which, unlike ID cards, would not be carried compulsorily) have numerous benefits. It says they are a "powerful weapon" against illegal immigration (something its critics strongly contest); reducing the risk of identity theft or fraud; and making it easier to access government services such as unemployment benefit. Biometrics would help by using biological measurements as a kind of hi-tech fingerprint. The Home Office says that public acceptance of the iris-scanning system was encouraging – 81 per cent of those who took part in the trial being in favour of its use.
Identity cards are nothing new. They were introduced in the UK during the First and Second World Wars but withdrawn in 1952 following a legal challenge. Paradoxically, despite the advances since then, industry experts warn that introducing a UK entitlement card could face near insurmountable technical obstacles.
Such as? Correctly issuing tens of millions of entitlement cards to the public and creating a central database of resident UK citizens, not to mention managing one of the most ambitious government projects ever, which would cost £3bn according to some estimates.
"How are you going to go through the process of issuing 50 million ID cards?" says Dave Birch, a director of Consult Hyperion, an IT consultancy specialising in e-commerce. "This big-bang approach would be incredibly difficult to do with any element of security. If you start now and say you will issue a card to everyone in the country for accessing all services, the procurement process alone [to agree contracts with suppliers] will take five years. The whole rollout could take 10 years. Projects that are really big just don't work."
If the scheme is given the go-ahead, Birch recommends that the Government roll out the cards gradually by letting local authorities issue them. Debit and credit cards could also store a person's unique entitlement number once a card has been issued, he adds.
What would the cards hold? A name, date of birth, national insurance number, perhaps an address and, controversially, the capacity for more sensitive data such as race or religion; plus unique biometric details such as iris scans or fingerprints, which all would be encoded on to a microchip embedded in the card.
Here's the tricky part. Those details would have to be mirrored on a central database, covering the resident population of the UK. Everyone would also need a unique personal number or identifier to cut the risk of duplication and identity theft.
Imagine how often details might need to be changed, to account for changes in circumstances or entitlement, and you can see how large the chances of failure are. While it's easy to imagine it working well – you might apply for a bus pass or book a hospital appointment by slotting your card into your PC or a properly enabled phone – one must also consider what happens if the data was corrupted, wrong, or the card was lost. Furthermore, the scheme might suffer what soldiers call "mission creep", going beyond its initial specification.
"As soon as the project starts, everyone in government will see an opportunity to use it to benefit their department and push very hard to increase the scope of the project," warns Linda Walton, a consultant at Morgan Chambers, an outsourcing advisory company. "You are designing an access capability in the microchip that goes on to the card, which links to a secure database, and the biometric information has to be read by a device. Potentially every time you change or modify something on the card it has a knock-on effect, for example on the database."
And it's not hard to find examples of large-scale IT government projects that have flopped. In the mid-1990s the Tory government tried to introduce a swipe-card system and automate the payment of benefits. Known as Pathway, the initiative was finally abandoned in 1999 after protracted delays, having cost around £1bn.
Similarly, a few years ago, the Inland Revenue was left red-faced after leaked memos revealed that millions of tax details went missing after it tried to transfer records between two systems, run by separate suppliers. Any failure in the technology of entitlement cards would be highly visible. And that's before the other inevitable story of the computer age: hackers. System design will be key to minimising that.
"The central database will be vulnerable to flaws and hacking so when designing a system you should start with the assumption that someone will break in," says Birch. "The entitlement card number is public knowledge, but I don't want someone to hack into the entitlement-card database and get my driving licence details, if they have been transferred from the DVLA database. I want them to at least go to the trouble of breaking into a second database."
The reality is that it may be too big a leap in technology, too soon. Compared with the London congestion charge (which uses number-plate recognition technology that is ancient by today's standards), biometric technology is still relatively immature. And until we know enough about its faults and flaws to design around them, the potential for another expensive disaster is all-too apparent.Reuse content