« ID card mega-database ditched
House of ID Cards collapses »

UK Government reports on changes to ID scheme

Analyst company Ovum’s web site carries a short summary of Graham Titterington’s views on the Home Office “Action Plan”:

The downgrading of the role of biometrics comes as somewhat of a surprise. There is no mention of iris recognition, apart from a brief sentence. Generally the report talks about ‘biometrics such as finger prints’. It does still contain a commitment to recording all 10 finger prints in the NIR and an increased role for a PIN, when a citizen wants to assert their identity.

Overall the proposals represent a substantial retreat from the ‘Gold standard of identity’ originally proposed. Whilst, the government is still placing heavy reliance on the role of biometrics in preventing a person from making multiple registrations in the NIR, this objective seems unlikely to be achieved without the use of iris scans.

The report does nothing to clarify the proposed use cases for the NIR or identity cards. It talks about providing a comprehensive ‘identity management service’, but does not mention charging at the point of use, nor does it mention the issue of the government accepting liability for false information. For this reason, we cannot determine system sizing estimates for the identity verification service gateway.

This entry was posted by andrew on Thursday, December 21st, 2006 at 15:07 and is filed under (In)security, Biometrics, General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “UK Government reports on changes to ID scheme”

  1. David Moss Says:
    January 6th, 2007 at 16:00

    Unfortunately, I see no evidence of a “downgrading” nor of a “substantial retreat”. Irisprints have not been excluded, as Mr Titterington admits, and facial geometry and fingerprints are still there. None of these biometrics is reliable enough to base an identity voucher scheme on, please see http://dematerialisedid.com/Biometrics.html, but our money is being wasted on deploying them anyway.
    It depends where you start from, of course, but for me the interesting point in the Strategic Action Plan was the confirmation at last that PKI is being implemented in the biometric passport scheme and will be implemented in the ID cards scheme. Until this report was published, the Home Office had, for four years, confused security with biometrics.
    This at last gives us the opportunity to measure the Home Office implementation of PKI against the standards set by GCHQ, who invented it.
    Do that measurement, perform that review, and you find that the Home Office implementation falls spectacularly below GCHQ’s standards, please see http://dematerialisedid.com/PKI.html. It fails the authentication test and the confidentiality test. It will have trouble meeting the integrity test and the availability test. It may or may not pass the non-repudiation test, but we don’t want it to pass that one anyway.

Search provided by Google

December 2006
M T W T F S S
« Nov   Jan »
 123
45678910
11121314151617
18192021222324
25262728293031