Stakeholder Position: IEE

 

Project risks

 

By its very nature the proposed National Identity Card System is a high risk project. 

 

This is due to:

• the sheer scale of the project, which must cater for up to 100 million data subjects
• the integration of cutting edge biometric technology with complex IT systems
• the need for usability and acceptance by all citizens.

 

The technological challenges will only be met if the systems are well engineered, using the best possible technical and scientific solutions. 

 

This expertise may reside in small high technology IT companies employing a small number of highly qualified professionals.

 

The Government does not have a good success rate in achieving large computer-based projects either on time or within budget. 

 

There is a growing consensus as to the causes of this including:

• lack of clarity in the original purpose and specification

• companies and consortia chosen to deliver the solutions which do not draw upon the best software engineering and computer science knowledge.
• unrealistic deadlines set to meet political imperatives.

Though the eGovernment Unit is leading the reform and increasing professionalism of Government IT, this needs to be implemented systemically throughout Whitehall in order to bring about the vital integration of policy and technology.

 

Cost estimates

 

The cost analysis for the project should be based on typical outcomes of other complex projects, not on stand-alone estimates that invariably assume over-optimistic development and performance achievements. 

 

It is also essential that costs allow for social and technological research, and system prototyping.  Estimates for project time, cost and performance should allow not only for development and procurement, but also for operation and ongoing support.

 

Essential requirements for a biometric identifier database

 

These include:

• establishing the identity of the person giving the biometric to a high level of assurance;
• ensuring that the stored biometric cannot be tampered with, even by organised criminals with substantial resources.
• mechanisms and compensation schemes to ameliorate damage if an individual's biometric data is compromised either by accident or as part of an identity theft. 
• ensuring that the equipment that reads the individual and compares with the stored biometric has a very low rate of both false positive and false negative errors.

Security and Integrity

 

It is inevitable that attempts will be made to access or modify the database for improper purposes.  Therefore the most stringent precautions (including the necessary legal instruments) must be put in place:

 

• to deter such activity
• to detect a potential incident as it happens
• to protect the system ‘in real time’, and
• to react to restore the integrity of the system.

 

Of equal concern are the issues of trust and risk.  Systemic failures in public sector information systems such as the working tax credits scheme have significantly degraded public confidence.

 

Whilst the lack of trust in this example is personally experienced by a ‘relatively’ small number of people, if replicated across an ID system it would have a catastrophic impact.

 

There are well articulated public concerns related to the introduction and subsequent management of an ID card system, and both social and technical issues that need to be explored.  This should include social and technological research, and rigorous prototyping with public involvement.

 

Click here to return to the Briefings menu