Identity Cards - Assignment Example

Running Head: ARE IDENTITY CARDS IN THE FORM CURRENTLY PROPOSED Are Identity Cards in the form currently proposed for the UK a good thing [Author's Name] [Institution's Name] Are Identity Cards in the form currently proposed for the UK a good thing Introduction During 2003, the UK government appeared to blow hot and cold about the feasibility of introducing an entitlement - or identity - card. However, by the end of the year, the possibility of a roll-out of ID cards in the UK strengthened following the announcement in the Queen's Speech (the centrepiece of the UK's opening of parliament, and the process that sets out the legislative agenda for the year) of measures to create a national identity card system. This could pave the way for the publication of a draft bill during 2004. For some, the announcement of measures to create a national identity card system marks a major breakthrough, which could put smart card technology into the pockets of millions of UK citizens. However, debate continues as to how well a smart identity card containing a biometric will actually address the problems of terrorism, illegal immigration and working, benefit fraud, abuse of public services and identity theft. The terrorist attacks in London have stoked up the debate over the UK Government's identity card scheme, and highlighted the central issue of whether they would actually make such incidents less likely. Yet it is not just core privacy activists who continue to argue that any benefits will be outweighed by the growth of surveillance and snooping that would inevitably in their view occur once the scheme is up and running. A counter argument is that the cat is already out of the bag, and that we will live under a canopy of increasing surveillance and leakage of personal information whether or not identity cards come in. According to this argument, biometric passports, combined with growing databases of personal information relating to health, life style and identity, held by both government and private agencies, will ensure that privacy will be eroded come what may. The technologies, such as rapid and affordable DNA sequencing, proliferating and increasing cross-linked databases comprising personal information, RFID (Radio Frequency Identification), as well as improved video cameras, are or will be out there anyway, all threatening to invade privacy in various ways. (M. Tistarelli, J. Bigun, A.K. Jain, 2002) An extension of this argument is that we should not become over-obsessed with identity cards, but instead concentrate on constraining and regulating these current and emerging technologies within an overall privacy framework. On the other hand the identity card scheme as proposed by the government would, if implemented, make it harder to restrain some of these technologies and might in future encourage their deployment for surveillance and monitoring. Indeed for this reason the government has promised not to deploy some of these technologies, notably DNA fingerprinting. Unlike a straightforward biometric such as fingerprints, a DNA database could yield additional information about individuals that could be of use to third parties such as insurance companies, depending on the precise detail involved. Identity cards - unproven Yet to a large extend the public is being asked to embrace identity cards on trust, committing to the scheme before it has been proven to work. We are expected to trust that the technologies involved, notably biometric recognition, will work, before being shown to be even remotely robust enough. We are also expected to trust that the government will keep to its promise not to exploit the full potential identity cards would yield for snooping and information gathering. The government has not ruled out the use of RFID as a contactless and therefore faster alternative to swiping for reading identity cards. RFID works via small chips that can be embedded in a card, with minute antennae emitting a unique serial number over a short distance. RFID is a very appealing card reading technology and is likely to be adopted for payment cards as well. But RFID also offers the potential for surveillance through being able to monitor the location of identity cards. Guarantees that the range of RFID transmission will be kept within just a meter or two are not convincing. Already several versions of RFID have been defined, with varying ranges and costs. Low frequency systems operating in the range of 30 KHz to 500 KHz, which are the least expensive and likely to be adopted for card reading applications, do indeed operate only within a two-metre range at present. But high frequency systems in the range 850 MHz to 950 MHz will work at distances of at least 30 meters. Furthermore even low frequency RFID signals could be picked up at greater distances than two meters using highly sophisticated receiving and decoding equipment. Improving technology can always increase the distance at which signals of a given strength and frequency can be detected. Therefore privacy activists are to some extent correct to be concerned about potential exploitation of RFID information. On the other hand mobile phones also provide information about the user's location, so on this front too it could be argued that the cat is out of the bag, and that abuses can only be countered through regulation, vigilance and public awareness. In the likely event of continued terrorist activity, governments will have a strengthening case for exploiting their increasing armoury of surveillance tools, and public resistance against such action could well weaken in the event of further attacks. Who's it for It is expected that if the proposals become law, all people aged 16 or over, who are resident in the UK, will be eligible for identity cards. The card scheme will include basic personal information, a digital photo and a biometric. For most UK citizens, existing passport and driving licences will be brought into the scheme as the first stage of converting to biometric documents. In addition to these measures, all EU and foreign nationals entering the country for more than three months will have to pay for a biometric residence permit. Robustness of biometrics But a more pressing concern over identity cards lies in the robustness of biometric recognition technology, given that this is central to the government's scheme. Biometric technology was once hailed as the ultimate authentication mechanism, appearing to be foolproof given that it is supposed to be based on a unique physical or biological characteristic of an individual. But its maturation has been held up by two issues. Firstly it has to be insulated against impostors fooling the system by replaying files of the biometric signature, or by copying the characteristic in some way, for example by using a stolen fingerprint. The second problem lies with accuracy, for trials of biometric systems have failed to entirely eliminate false negatives and positives. It is possible to avoid one or the other but not both - for example you can increase the sensitivity of recognition to make it virtually impossible that the system would mistake one person for another, but at the cost of sometimes failing to identify the person at all and therefore rejecting the access control attempt. On the other hand by weakening the sensitivity, false negatives like this can be avoided, but then there is a growing chance that the system fails to distinguish between people whose biometrics happen to be quite similar, which could easily happen for example with identical twins. Biometrics on trial Recent trials of biometric techniques suggest that there is some way to go to make them robust enough for identify cards. A recent survey by IT services firm Atos Origin revealed that even iris recognition, generally accepted as the most reliable technique at present, gave some false results for disabled people, besides being slow and cumbersome. Facial recognition or fingerprints are more favoured for passports and identify cards because they are more convenient to use, but both of these have more serious flaws. Facial recognition systems sometimes failed to recognise people after some time has elapsed, because of slight changes in appearance, according to Atos Origin. Fingerprints generally give some false matches, and there have also been some problems collecting adequate data for the database. (Ashbourn, October 2000) The UK Passport Service has now begun a six-month biometric pilot to test face, iris and fingerprint capture and recognition. SchlumbergerSema is undertaking technical delivery under contract, and Mori is managing the recruitment of volunteers. During the pilot, 10,000 volunteers will have their fingerprint or iris biometrics put on cards. The trial will time how long it takes to enrol fingerprints and iris patterns, and will also examine the problems of building a database. Fingerprint and iris biometrics will be tested for one-to-many identification, and facial recognition will be tested for one-to-one verification. Customer perceptions and reactions will be assessed, issues and risks will be identified, and an outline implementation plan will be produced. The tests are taking place at four fixed sites, including a passport office (believed to be London's), as well as using mobile units. The volunteers will be representative of the UK population, and will include disabled people and those who may have difficulties enrolling. According to the Home Office, "A national ID card scheme would take advantage of the infrastructure being put in place to support these developments, significantly reducing the costs of the card." (UKBWG, 2001). Some critics of the ID scheme have argued that although the use of a biometric provides strong identification of an individual, there is nothing stopping a person presenting forged or stolen documents and registering their biometric to somebody else's identity. However, as Geoff Llewellyn, director of strategy and government relations, SchlumbergerSema explains: "The kind of process envisaged would make this type of fraud very difficult to perpetrate in the first place and very difficult to sustain over a period of time. Critically, the biometrics would effectively prevent a person from holding two identities and would thus remove most of the benefit that a fraudster would acquire from a fraudulent registration." (UKBWG, 2001) Partly because of such concerns, the US has been considering postponing its plans to require use of biometric information in the passports of European citizens who want to avoid the need for a visa. A key concern has been that the incidence of false negatives and positives is amplified as the number of people on the system increases. So while there may be an acceptably low level of mistakes when there are 1000 on the system, many more would occur when scaled up to say 40 million within a UK identify card scheme. The recognition process would have to be substantially more sensitive. The database Despite concerns over the technology, the UK Government plans to construct a national fingerprint database as part of its plan to link the identity card project with its war on crime. This would expand the current fingerprint database NAFIS (National Fingerprint Information system) comprising records just of those who have been arrested at some time, by at least five fold. It would also expose a much larger number of innocent victims to the risk of false identification from fingerprints taken at the crime scene. Such prints are naturally of varying quality, and often provide a much less reliable basis for comparison, requiring careful handling. (Wayman, J. L. 1999) At present police sometimes use such prints merely to help guide them in the right direction rather than as evidence, correlating them with previous criminal records for example. When such prints are used as search keys against a database comprising all our records, the game becomes quite different. The question arises of whether police would be allowed to correlate records of prints against other information, such as credit records or even medical history. Indeed the database issue is for many the most controversial aspect of the identity card scheme. Currently it looks like the database will comprise name, address, date of birth, gender, a digitised version of a passport photograph, probably digitised fingerprints, and possibly employment status. Once such a national database exists, it would form a convenient focal point for integrating with other databases such as those held by the Inland Revenue, and in future perhaps digitised medical records. The cost However the government appears to be trying to soften another bone of contention, the cost to its citizens, by migrating the identity card into a kind of lightweight passport. In this way it could double as ID card and passport just as happens now elsewhere in the European Union, at least for use within EU borders. Conclusion Meanwhile some solutions to the conundrum of biometric reliability are appearing. An ingenious, if over hyped, innovation from biometric software vendor Senselect, entails combining biometrics, i.e. something you are, with a PIN, i.e. something you know. Under this scheme, prints of all fingers would be taken, and access would be gained by entering a four digit PIN using appropriate fingers one at a time, for example with the thumb representing one, the index finger two, and so on. This would in principle defeat attacks based on stolen fingerprints, in the same way that chip-and-PIN payment cards reduce risk of fraud via stolen or forged cards. It also provides a means of reducing the risk of false negatives and positives by correlating the fingerprints with the PINs. However it remains to be seen whether such a scheme would prove practical and acceptable to users. It may do, but the lack of large-scale demonstrations of any scheme, and the ambivalence of several other governments to biometric-based schemes, combined with lack of consensus over the privacy issues, suggests that it is premature to rush ahead with the ID card scheme now. The recent attacks in London do not really increase the urgency, for even the government concedes that they would not have been prevented had ID cards been in place. Therefore an ID card scheme is at best part of a long-term strategy against crime and terrorism, and as such it is important to take time getting it right and waiting for the requisite technology and privacy issues to be further resolved. References M. Tistarelli, J. Bigun, A.K. Jain (Eds.). "Biometric Authentication". International ECCV 2002 Workshop Copenhagen, Denmark, June 1, 2002 Proceedings, LNCS 2359, Springer-Verlag UKBWG. (2001). "Advice on Product Selection - Biometrics for Identification and Authentication". UK Biometrics Working Group, 23 November 2001, Wayman, J. L. (1999). "Technical Testing and Evaluation of Biometric Identification Devices," in Biometrics: Personal Identification in Networked Society (A. Jain, R. Bolle, S.Pankanti, editors), Kluwer, Dordrecht, pub. 1999, pp. 345-368. Ashbourn, Julian D. M. (October 2000) "Biometrics: Advanced Identify Verification: The Complete Guide". Springer Verlag; Book and CD-ROM edition Read More