Kim Cameron does a speedy summary of the main points in a recent paper on the perils of the ID card initiative, published by the London School of Economics. Kim notes too that, whilst we are all busy, we should make time to read it. I’d encourage the same, but to give you a clue on what you’ll come across when you flip through its 117 pages, here’s a line from the summary
[ID cards] are too complex, tehnically unsafe, overly prescriptive [and] lack a foundation of public trust and confidence.
You can deduce, then, that they’re not fans. They go on to say that the scheme is a “potential danger to the public interest.”
When I posted on ID cards a couple of weeks ago, I drew a couple of comments. One said that there was no reason that a new Prime Minister would want such a project on his CV. Perhaps the mystery commenter knows something that I don’t, or has contacts in Birmingham who are experts in postal voting, but I wasn’t expecting a change in PM this time round. The ID card bill may have been shelved for a while, but I don’t suppose that the delay will be used to rework it into a new shape that might address the concerns raised in the LSE (or any other report).
I know several folks working on the ID card project. I knew one more until yesterday, but they’ve moved on. The ones I know are at the very top end of my list of clever, practical people. They’re not Tefal foreheads who will cover only the conceptual stuff, but folks filled with common sense and high competence in delivery. They are, though, only a minority in the whole team perhaps.
Dan also wondered, in response to my question on how a search for any given biometric would be presented, that perhaps there’d be a PIN number to go with the card – you put the card in, type the PIN number, it scans your biometric, goes to the main system, fetches the biometric linked to that PIN number and then checks yours against the master record. Nice and simple I supposed. Of course, the PIN number is actually the ID number, so there’d be no need to type it in (assuming that there is space for 100 million plus variations, it will be a big number, and it will be printed on the card) – so inserting the card would automatically send a message to the big server in the sky to download the scan to compare yours with. Alternatively, the scan could be stored in the card and then compared with your own. Either approach would mean that the search for uniquess would have to be carried out when the card was issued – something that lengthens the issuance process but at least means that later interactions with the card would be quick. Having the scan on the card doesn’t deal with the possibility of someone cracking how to produce cards, or alter the data on them. So perhaps Dan’s approach is a good way of doing it?
I’m still not convinced that I want to spend £5.5bn on it though.