How will the identity card prevent crime?

what crimes will the identity card and biometric passport prevent? The government and high street banks are interested in introducing an ID card to fight the following crimes:

Fraud
Credit card fraud (marketed as 'identity theft')

The ID card will not stop the most common crimes reported to the police:

Vehicle Theft (theft of vehicle or property from vehicle)
Burglary (from the home)
Criminal Damage (of your home)
Common Assault

Neither will it prevent those crimes that people are most commonly worried about:

Burglary
Mugging/Robbery
Assault
Rape
Anti-social Behaviour

Figures for reported crime during 2003/2004* show which crimes you are most likely to fall victim to:

^†Note that cheque and credit card fraud does not represent the number of victims. This figure records when the cheque book/card has been stolen and subsequent reports for its repeated use. So the actual number of victims is smaller than this. Credit card fraud is loosley referred to by banks as 'identity theft'.

identity theft and fraud Banks and the government promote identity theft as being a major issue for the general public, however, police records of reported crime and the annual British Crime Survey find no need to specify identity theft under their categories of major crimes. If identity theft is such a serious issue one would expect to find this recorded in the national crime statistics, especially when crimes such as bicycle theft are considered important enough to be included. This indicates how low the risk of identity theft really is. You can view details of reported crime and the BCS report here.

Credit card fraud and forgery, are the most likely crimes that you will experience that can be loosley classed as ‘identity theft’, (see the official statistics here). Almost half of the cases reported in 2003/2004 involved stolen or counterfeit cheque and credit cards. Note that the number of incidents fell by 7% compared to the previous year.

An identity card will not protect you against misuse of your credit card details, since you give this information away every time you use the card. It can be argued that using an ID card with the credit card will prove it is not counterfeit, but this will involve having your fingers and eyes scanned whenever you use the credit card – this is simply impractical.

Much of the ‘security’ provided by biometric ID cards and passports is aimed at proving the card/passport is genuine, however, this offers no protection against a genuine card (or the ‘phished’ biometric and PIN) being used fraudulently.

how will i identify a criminal from their identity card?There will be nothing on the identity card to identify someone with a criminal record. So if a stranger comes calling at your front door, you can ask to see their ID card, but you will have no idea if they have a history of mugging, burglary, or rape.

Children should be made aware of the false sense of security around ID cards. Just because someone shows them an ID card it doesn’t mean that person can be trusted – paedophiles and child abductors will not be identifiable from their ID cards.

Criminals guilty of, or conspiring in, notorious crimes will have their identities protected and will be provided a new identity so they can live anonymously. This was demonstrated by David Blunkett, the former Home Secretary, who provided Maxine Carr (Soham murders) with a new identity to protect her privacy and anonymity.

How criminals beat biometric technology The biggest limitation of biomteric identification is that it must undergo full biometric testing to work:

test biometrics against card holder
test biometrics against card
test biometrics against database (NIR)
confirm PIN

This process is impractical in everyday life and for 90% of cases the ID card will be checked visually (as is done in France where 80% of the population has a card) and the passport by a card reader. Used in this way, biometric identification offers no more protection than current forms of ID and is at risk of low level crime, e.g. forged cards.

The greatest risk to the public is through the emergence of e-crime, where criminals take advantage of the new technology to commit fraud and identity theft. Examples of techniques used for e-crime:

phishing scams via email/internet
card skimming
cracking and sniffing

These techniques are already used by criminals and are becoming more common. The danger of biometric idenitification is that it lures the user into a false sense of security. Whilst you may believe your transactions at banks and on the internet are more secure, they are not, and it is this that the criminal exploits.

Phishing - stealing your Biometric identity over the internet Phishing occurs in a number of forms:

criminal emails you and asks you to visit an internet site
criminal emails you and asks you to contact them via email

Today this technique is used to obtain your bank details and internet PIN. The criminal sends you an email claiming to be from your bank, and asks you to go to the bank website using a link in the email. This link actually directs you to a fake site that looks like your banks internet site. You then type in your account number and PIN to enter, and the criminal records these details.

The second method the criminal emails you offering you a 'great opportunity', for example they would like to deposit money in your bank account and you will earn a commission from this. To do this you must email them you bank details.

Under government plans for e-commerce you will use your biometric identification to confirm your identity over the internet. Criminals will adapt their phishing websites to record the biometrics and PIN you enter. As a result using biometric identification will increase your risk of identity theft.

Cracking and sniffing Your biometric identity can be stolen remotely by computer in three ways:

Cracking - gaining access to your details on personal, government, and company computers
Sniffing - monitoring and recording details during communication between computers
Key-logging - recording details you type into your computer

Criminals 'crack' computer databases by defeating their security or having someone working inside the government or company using the database. This is a very great risk if the National Identity Register (NIR) is created. If criminals can gain access to the NIR they can create false identities and potentially steal the identities of millions of people. This was demonstrated in 2003 where staff employed by the New Jersey Division of Motor Vehicles (equivalent to the DVLC) created throusands of fake licences for $50-100 each.

Sniffing invloves monitoring computers used for financial transactions and biometric verification. The criminal records your biometric information as it is sent from a computer in a bank or shop to the NIR. This information is then played back to the NIR or bank and shop facilites so that it appears that you are using the biometric identification. If this record and playback method is used it will be very hard for you to prove that it was not you.

Key-logging is an old technique which installs a small program on your computer to record what you type in. Most personal computers are protected by anti-virus software which scans the key-registry to protect you from this. However, this can also be installed by your employer on your work computer without your knowledge. There is a range of quite legal commercially available software that provides this. Hence it is important not to use biometric identification from your workplace where your employer/system manager can record your details and PIN.

what happens when my identity card is stolen? When your card is stolen you will be required to report the theft at a police station before your card can be cancelled. You will be scanned so your biometrics are confirmed against the Identity Register (it is the only way you can prove you are the owner of the card).

You cannot just call the Identity and Passport Agency (IPS) and cancel the card because you can’t prove who you are over the phone; answering security questions is the (insecure) method we have already, if this could be used to cancel an ID card it would represent a major flaw in the system.

When your biometric identity is stolen by ‘phishing’, it may take days or weeks before you realise what has happened. The illusion of security surrounding the ID card system will make it very hard for you to convince others (banks/police) that you did not use the card yourself.

Once your biometrics have been compromised, any future biometric ID is also compromised. As mentioned by Jerry Fishenden of Microsoft: "Unlike other forms of information such as credit card details, iif core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones." (Readers should note that Microsoft promotes it's biometric solutions as improving 'convenience' rather than security)

Since biometric identification cannot protect us against identity theft, hi-tech crime, or the crimes we are most likely to be a victim of; it raises the question, do we really need it? This is conveniently answered by the company behind the introduction of the biometric passport at the UK Passport Agency:

“it is controversial, however, because, war years aside, this nation has coped well enough in the absence of a mechanism to establish personal identity within statistically high confidence limits”. **