Computer systems always fail - and the national database will do so big time
The ID card project is still on track - more or less. Jacqui Smith is just the latest in a long line of Home Office ministers to sell us the benefits of ID cards, while casually informing us of the latest rise in costs or slippage in its implementation schedule. Ms Smith is also yet another Home Secretary who subscribes to the “pixie dust” school of technology: computation is a magic substance to be sprinkled over problems, that, hey presto, then vanish. Little wonder that Britain has an appalling record in government IT projects.
The ID project is one of the biggest computer systems envisaged - far more complex than the failing NHS system. And it's another disaster waiting to happen. Still the politicians naively claim there will be no problems: it will be totally secure because of biometrics. Apparently iris scans, fingerprints, face-recognition software will all work perfectly, be amazingly cheap to implement - and all foolproof. It must be true, as they've been told this by those selling the technology. Baroness Anelay of St Johns, with a group of parliamentarians, was once given a demonstration of a facial recognition system. It failed; indeed the system subsequently crashed, twice. The reason? The baroness was told her face was “too bland”.
The only property that all systems have in common is that they fail. And the bigger the system - 60 million entries on a compulsory ID card database - the greater the opportunity of failure. Systems are much like any life form: they degrade over time, they entropy. In the case of databases, the pick up errors and then build data error upon error. The DVLA in Swansea in 2006, for instance, admitted that a third of entries contained at least one error, and that the proportion was getting worse.
We've all had encounters with computer systems that get it wrong. Barclays once refused one of my transactions because they said I was accessing an account owned by a teenage girl named Ian Angell, who lived at my address and was a professor at LSE. I still had to take a morning off work to explain that a 14-year-old couldn't own an account that, according to their own records, had been open for 35 years.
And however scrupulous the managers might be, errors leak and take on a life of their own. They are sampled by other databases, known as “farming”: errors, even when corrected in the original database, live on elsewhere.
But the ID project will be different, we are told. According to the rhetoric, an ID card, one central point of reference, will be so much more efficient and beneficial than you having to prove your identity daily, by producing driving licences, gas bills and so on. Its proponents fail to see that if any of these documents is erroneous, then we don't use the one with, say, a mistake in the address to prove our identity. With the ID card, we won't have the choice. Even if the card is not compulsory, all financial systems will converge on it, and anyone without a card faces great cost and inconvenience. Just like Oyster cards on the London Underground, you're not forced, but it's so much more expensive and tiresome without one.
However, the ID card itself isn't the real problem: it's the ID register. There, each entry will eventually take on a legal status. In time, all other proofs of identity will refer back to the one entry. If the register is wrong - and remember fallible human hands will at some stage have to handle your personal information - then all other databases will be wrong too. Given the propensity of officialdom to trust the details on their computer screen, rather than the person in front of them, you will have to conform to your entry in the register - or become a non-person.
In effect, your identity won't reside in the living flesh and blood of you, but in the database. You will be separated from your identity; you will no longer own it. All your property and money will de facto belong to the database entry. You only have access to your property with the permission of the database. Paradoxically, you only agreed to register to protect yourself from “identity theft”, and instead you find yourself victim of the ultimate identity theft - the total loss of control over your identity.
Errors won't just happen by accident. It's possible to imagine that workers on the ID database will be corrupted, threatened or blackmailed into creating perfectly legal ID cards for international terrorists and criminals. Then the ID card, far from eliminating problems, will be a one-stop shop for identity fraud; foreign terrorists, illegal immigrants will be waived past all immigration checks.
At a recent Ditchley Park conference on combating organised crime, a persistent warning from the law enforcement authorities was that criminal gangs had placed “sleepers” in financial sector companies, and they were just waiting for the one big hit. The perpetrators of 80 per cent of all computer security lapses are not hackers, but employees. Cryptographic systems don't help if the criminal has been given the keys to the kingdom. Why should the ID centre be immune, especially when there will be nearly 300 government departments logging in. Furthermore, the register will be the No 1 target for every hacker on the planet: the Olympic Games of hacking.
So why is the Goverment so keen to force ID cards on us? Is it because ministers are control freaks who, having read 1984, only saw it as a wishlist. John Lennon may have been right: “Our society is run by insane people for insane objectives. I think we're being run by maniacs.” More likely, ministers have been dazzled by the myth of the perfectibility of computers.
Ian Angell is Professor of Information Systems at the London School of Economics