 
|
|
In partnership with:
|
Biometrics industry must challenge governmentThe government’s answer to the HMRC data scandal seems to boil down to one thing: “biometric security”. But not as anyone with any knowledge of biometrics would understand it. Biometrics will not prevent information leaking from the mass data-sharing routes that are being built within government. Properly implemented, biometrics can be good for authentication of individual transactions. But they are not a magical form of database security, as the chancellor would have the public believe. If individuals’ records were actually locked by biometrics, this would imply asking the individual every time any of the powers that be wanted to look at the data. Technically feasible, maybe – but practically impossible. And absolutely not what the government proposes for its National Identity Scheme. As I proposed in ‘The Ethics of Biometrics’ debate at the Biometrics 2007 conference, the industry does itself no favours by permitting politicians to make unchallenged statements that portray biometrics as some sort of “magic bullet”. Former home secretary David Blunkett, the original sponsor of the identity cards legislation, still punts the line he first stated in 2004, that biometrics “will make identity theft and multiple identities impossible… not nearly impossible, impossible”. I’d be willing to bet that no-one reading this article believes this to be true. So why let this and other similarly misleading statements stand? Independent polls show public confidence falling off dramatically as people wake up to what identity cards actually mean. Any failure of the government’s identity management programme could see erosion of trust in the technologies on which it is based, with potentially disastrous consequences for the industry. No infosecurity expert believes a state-run system of this complexity will work perfectly 100% of the time for everyone. NO2ID, the UK-wide non-partisan campaign opposing the planned identity scheme, is not opposed to any technology per se. Indeed, many of our supporters work within the IT and information security sectors. Our concern lies rather in the (ab)use of particular technologies in pursuit of government surveillance and control agendas. Fingerprints or iris scans enrolled on the proposed system will give this and any future government – or those who manage to gain access, officially or otherwise – the key to all other uses of those biometrics. Put another way, we shall have to lodge copies of the very keys that we might use to secure our own information with a single government agency, to do with as it sees fit. How would you feel if instead you had to provide copies of your front door, car and safety deposit keys? The National Identity Scheme will effectively nationalise personal identity, eroding privacy and extending the surveillance state, while offering few meaningful protections and accepting no liability in return. As anyone with even a rudimentary grasp of information security knows, one need not trade off privacy for security. Trading actual personal security for supposed national security looks in the current context like a particularly raw deal. Allowing ministers to pour biometric snake-oil on troubled waters could prove to be a monumental public relations blunder. To truly demonstrate respect for my person, you’ll ensure I have meaningful control over any data derived from it. Proper protections must be built in from the ground up, not bolted on several years after the basic design has been determined – then muddied – by politicians. Ethical biometrics providers build systemic protections into their products, doing all they can to ensure their solutions will not permit abuse. It makes good commercial sense. As does challenging the unrealistic, misleading or outright untrue assertions of a government more interested in protecting its own interests than those of the citizens it serves. Phil Booth is the national coordinator of the NO2ID campaign How to dodge the red card: Dutch football fingerprint trial (Nov/Dec issue) UK government loses data on 25m Britons (20 November 2007)
|
|
