The Light at the End of the Tunnel

I’ve grown a few more grey hairs since writing my last column, in part due to finding myself sitting on a Police working party on economic crime. Tony Blair has, this week, been extolling the virtues of identity cards and I’m typing this on a train as I head towards a meeting at the European Parliament offices to discuss this and other security matters.

Unlike the Prime Minister and Charles Clarke, I don’t believe that identity cards will deliver the kind of magic bullet against crime, terrorism and immigration that politicians imagine. I wish it could but for a number of well-worn technical and implementation reasons I believe we are investing too much faith in technologies that have yet to be proven on the scale that government envisages.

Cards, chip and pin solutions are a well-established technology with a strong business case to support them. I have, after all, a wallet full of such things and the financial services industry find them both useful and lucrative as a means of supporting transactional identity mechanisms. At the same time, we should not forget that all identity systems built-upon any technology platform have, to my knowledge and error of failure rate which is subsidised by the mass-market success of their underlying business model and which we see absorbed and written-off, as card fraud by banks credit card companies.

At the simplest level, if, like me, you have had a credit card stolen or cloned, a new one is delivered without delay and with no personal liability. But what happens if your identity card, built-upon a national database of personal information, in the way Tony Blair imagines, is stolen or cloned?

We have to assume, as with any computer system that a failure rate will be present, one example being today’s conversation with the Inland Revenue who sent me a letter telling me that they owed me the self assessment payment I had sent them. A coding error but a mistake none-the-less which is easily rectified at the end of a phone but not so easily resolved if my identity, like my postcode, is confused with someone else.

When I moved house eighteen months ago, it transpired that the Royal Mail postcode database had assigned my address not to number “2” but to “Flat 2 - number 25” and you can imagine what happens next, as Royal Mail sells the PAF database to tens of thousand of companies including the large insurers. All of a sudden, I couldn’t easily prove the existence of my house, which has been around since 1791 and it was quite possible that my residential credit record might be linked with the other address.

Given that the UK has the highest failure rate for large-scale eGovernment projects in Europe and possibly the world, we must reasonably assume that if the ID card programme is implemented according to plan, then some vital facet of the technology or process involved, will go “tits-up” in the near future. This sad fact of life has never prevented Government pursuing ambitious public-sector projects in the past and fails to register as an argument against the wide-ranging ambition of the ID card programme.

This month I was asked to visit a middle-eastern country and evaluate their progress towards the second phase of their eGovernment programme. “You can learn more from Britain’s mistakes than its successes”, I told them. “What you need is the Kalashnikov principle of electronic government.” What’s that?” they asked. “It’s simple, I replied, you need to start with projects that are robust enough to resist the interference and abuse from politicians, technologists and civil-servants without jamming.” The same could be said of plans for the UK’s own identity card programme, as there are too many interested involved, much like the National Programme for IT, NPfIT. We have to assume some level of “acceptable” failure within the system but with the implication of failure tied to the mission-critical nature of a personal identity mechanism, what constitutes acceptable, particularly if such data finds its way, through a process of replicative error into the hands of foreign governments or worse still, the Americans?

Incidentally, I heard at Westminster today that the NPfIT has revised its timetable to reflect the success of pilot projects, in order to attract greater support from the medical profession and achieve more realistic implementation goals. Alternatively, the programme has dropped a gear, delaying its spending in order to help the Chancellor plug a more immediate fiscal gap. You decide which statement is the more correct.

Although I believe that the prevalence of identity technology will usher in the existence of a more Orwellian society, I’d be prepared balance the security interests with the demands of modern existence, if I thought the safeguards were strong enough. However the sight of Tony Blair asking me to trust his judgement on this issue, in conjunction with the technical evidence is enough for me to call for a moratorium on the subject to prevent a headlong dash towards the light at the end of the tunnel, which may prove to be a train rushing towards us from the other direction!


Popular posts from this blog

Civilisational Data Mining

The Nature of Nurture?