If too few companies are involved in the scheme, they can dictate costs to the government; if too many are involved the scheme will be chaotic and technologically unsound.
Here we look at the risks of involving private enterprise in the running of the identity card and biometric passport scheme for profit.
A wide range of companies stand to profit from identity cards and biometric passports. Some are big, well known companies such as British Telecommunications (BT), IBM, Siemens, Toshiba, and Fujitsu.
In April 2006, the Identity and Passport Service (IPS) published a list of companies tendering for the biometric passport and ID card project.
Companies Tendering for All Areas (potential monopoly):
- British Telecommunications (BT)
- IBM
- Siemens Business Services Ltd
- Capita
- Computershare Investor Services
- CoreStreet
- Covert Security Solutions Inc
- De La Rue Plc
- Electronic Data Systems Ltd (EDS)
- InStaffs (UK) Ltd
- Liska Biometry
- Oberthur Card Systems
- OmniPerception Ltd
- Scientific Generics Ltd
- Security Printing & Systems Ltd (SPSL)
- Thales Group
Well Known Companies Also Applying for Separate Areas:
- Symantec (Producers of Norton Antivirus)
- Fujitsu
- Toshiba
- Hitachi
- NEC
- Post Office
- Royal Mail Group
- Sharp
- Xerox
what are the Financial risks of using private companies?
The
biggest prize for any company is the database. If you control the
database then you control the government purse, and you can increase
your charges every year, e.g.:
Competition is limited as the database and software will be unique to a single company. Changing provider means transferring large amounts of data to a new database which can take months and result in disruption to the NIR. If the government tries to change provider (to reduce running costs) the potential chaos for holders of the ID card and biometric passport is huge.
Alternatively, to ensure fair competition, and keep costs down, the database should not be owned by a single company, the database and code for it would have to be ‘open-code’, i.e. accessible to any company. The problem with this is that it reduces the security of the Identity Register (NIR).
To ensure integration and smooth running of the scheme it would be necessary for individual companies to have sole rights to manufacture the identity cards, biometric passports, and supply the finger and eye-scanners.
The implementation of the scheme is caught in a catch 22 situation: use a monopoly to provide a secure system, but high on-going cost; or use many companies to introduce competition and keep costs down, but pay the price of severe technological hurdles and disruption to the user.
- maintenance charge to pay for software development, improvements to the database
- support contract, to support the system and public
- consulting charges for database upgrade (when new software is introduced)
Competition is limited as the database and software will be unique to a single company. Changing provider means transferring large amounts of data to a new database which can take months and result in disruption to the NIR. If the government tries to change provider (to reduce running costs) the potential chaos for holders of the ID card and biometric passport is huge.
Alternatively, to ensure fair competition, and keep costs down, the database should not be owned by a single company, the database and code for it would have to be ‘open-code’, i.e. accessible to any company. The problem with this is that it reduces the security of the Identity Register (NIR).
To ensure integration and smooth running of the scheme it would be necessary for individual companies to have sole rights to manufacture the identity cards, biometric passports, and supply the finger and eye-scanners.
The implementation of the scheme is caught in a catch 22 situation: use a monopoly to provide a secure system, but high on-going cost; or use many companies to introduce competition and keep costs down, but pay the price of severe technological hurdles and disruption to the user.
what are the technological risks?
The more companies involved in the scheme the
greater the problems of incompatibility (the reason the US rejected RFID technology). Finger and eye-scanners could be
offered by a range of companies; each using different software to run the
scanners. As operating systems are upgraded (e.g. Microsoft XP, Linux, Unix,
etc), the software for the scanners must be updated, and consequently the
scanner hardware. Shops and banks could find they have to upgrade their
scanners as often as they do their PCs (every 3-4 years). The cost will be
passed on to you the customer.
Constant upgrades to the system will cause compatibility and communication problems with the Identity Register. You may even find that you have to change your ID card and biometric passport as the system changes. You would expect your biometric passport and ID card to last for 10 years, but think about the PC you owned 5, 10 years ago – would this work with any of the software or hardware you have today?
Companies will claim they offer the best technology and full compatibility, this is part of the normal sales process, but problems will only show after they have won the contract and the software/hardware is installed. Demonstrations and pilot studies of software technology rarely reveal the problems associated with running the system in real life, and health risks associated with eye-scanning will not become apparent until after a number of years.
what are the risks to my privacy and identity?
The costs for the biometric
passport and ID card will increase over the years, consequently the "identity tax" you pay
will increase year on year. Pressure on the government to reduce costs will
raise the temptation to make the Identity Register available for commercial
purposes.Constant upgrades to the system will cause compatibility and communication problems with the Identity Register. You may even find that you have to change your ID card and biometric passport as the system changes. You would expect your biometric passport and ID card to last for 10 years, but think about the PC you owned 5, 10 years ago – would this work with any of the software or hardware you have today?
Companies will claim they offer the best technology and full compatibility, this is part of the normal sales process, but problems will only show after they have won the contract and the software/hardware is installed. Demonstrations and pilot studies of software technology rarely reveal the problems associated with running the system in real life, and health risks associated with eye-scanning will not become apparent until after a number of years.
Companies are very interested in the Identity Register as it will store your correct contact details and a record of where you travel, how and where you make financial transactions. Today, junk mailers and tele-salesmen get your details from the Electoral role, tomorrow they will be getting it from the Identity Register – and this time they will know more about your purchasing power and habits.
The private companies involved in the UK biometric passport and identity card will not be prevented from selling the same technology to other countries. In fact the EU intends that all European passports (e-passport/Euro-ID) will have the same format and to make bulk purchases for the technology. If all EU countries have the same technology, it only takes one break of security in any one of these countries (or companies) and the whole system is compromised. This is great danger for the biometric passport; any failure in the system will result in 100,000’s of travellers being rejected by the system and refused entry to their own countries. Any disclosure of the technology from within the companies or access to the Identity Register or SIS II will provide criminals with the ability to create operational biometric passports and id cards. This would allow organised crime to commit identity fraud on an international scale through use of the biometric passport.
what are the risks of corruption? Several well publicised incidents involving the government suggests that the biometric identity system will be open to different levels of corruption:
- July 2004, to protect the interests of private companies the government refused to supply the House of Commons Home Affairs Committee with details of the costs proposed by the private companies, claiming commercial confidentiality.
- May 2004 the former UK Managing Director of Accenture joined the Cabinet as Head of E-government. Accenture could profit from the ID card scheme. Questions must also be asked of other Cabinet ministers, M.P.s and advisors who are involved in the identity card and biometric passport schemes. When these people leave government will we find them acting as advisors to or taking positions on the boards of companies currently chasing ID card/passport contracts?
- January 2006, an investigation was opened into immigration officials offering passports to asylum seekers for sex
- Boycott the companies. Don't use their products or services, see Biometric Freedom
- Boycott companies that use their services. Notify companies that use the services/products of the offending company why you are boycotting them
- Shareholder action – if you are a shareholder and the company you are invested in is using the services of an offending company, you can use your rights to raise motions at AGMs to question doing business with the offending company.
- Private pension/investments – if you have investments in an Ethical Fund, write to the fund manager/pension provider and demand their assurance that they are not invested in these companies (the identity card/biometrics are an abuse of the European Convention on Human Rights).