Home Office ID Card scheme assumptions published by the DWP via FOIA request
[hat tip to Martin Rosenbaum at the BBC Open Secrets blog ]
The Department for Work and Pensions has finally published information it was withholding regarding the Identity Cards Scheme, in response to a Freedom of Information Act request by the then LibDem Home Affairs spokesman Mark Oaten MP.
DWP response to Mark Oaten MP:
- Covering letter to Mark Oaten MP (24KB)
- DWP Templates (240KB)
- Home Office working assumptions (67KB)
Essentially the DWP re-iterated their stance that even with a perfect ID card scheme, they could not see it helping out with more than £25 million a year of benefits fraud , out of a couple of billion a year, simply because most of it is people claiming false benefits and entitlements e.g. whilst working, in their real names and addresses and bank accounts.
NOTE: DWP perceive losses to identity fraud to be between £25-50m per annum, due to the nature of our business processes and recording of monetary value of fraud and error the figures are unreliable therefore DWP can only sign up to a maximum saving in this area of 25m per annum.
The Home Office Working Assumptions circa 2004 (now, of course, claimed to be out of date) are interesting.
You can see why they were so scared of publishing these at the time - these assumed process time figures are far too slow. They mean endless queues and delays for the public, which represents actual economic and social damage to the United Kingdom,.
B.2 Card take-up profile
UK population is taken as 50,000,000 after U16s have been removed. It is assumed that driving licences will form part of the family of cards from year 1 and therefore represent a card penetration of 10.6 million over 5 yearsYear 1 10%3 (5,000,000) of the population will enrol. UK Passports will represent 70% (2,400,000) of year 1 registrants. Driving licences will represent 42% (2,100,000) of year 1 registrants Foreign Nationals will represent 3% (100,000) of year 1 registrants4. Plain cards will represent 7% (350,000) of year 1 registrants
Year 2 20% (10,000,000) 0f the total population will enrol. UK Passports will represent 70% (6,900,000) of year 2 registrants. Driving licences will represent 21% (2,100,000) of year 2 registrants. Foreign National residency permits will represent 3% (300,000) of year 2 registrants.
Plain cards will represent 7% (700,000) of year 2 registrants.Year 3 20% (10,000,000) 0f the total population will enrol. UK Passports will represent 70% (6,900,000) of year 3 registrants. Driving licences will represent 21% (2,100,000) of year 3 registrants. Foreign National residency permits will represent 3% (300,000) of year 3 registrants.
Plain cards will represent 7% (700,000) of year 3 registrants.Year 4 20% (10,000,000) 0f the total population will enrol. UK Passports will represent 70% (6,900,000) of year 4 registrants. Driving licences will represent 21% (2,100,000) of year 4 registrants. Foreign National residency permits will represent 3% (300,000) of year 4 registrants.
Plain cards will represent 7% (700,000) of year 4 registrants.Year 5 20% (10,000,000) of the total population will enrol. UK Passports will represent 70% (6,900,000) of year 5 registrants. Driving licences will represent 21% (2,100,000) of year 5 registrants. Foreign National residency permits will represent 3% (300,000) of year 5 registrants.
Plain cards will represent 7% (700,000) of year 5 registrants.Year 6 10% (5,000,000) of the population will enrol. UK Passports will represent 70% (2,400,000) of year 6 registrants. Driving licences will represent 42% (2,100,000) of year 6 registrants. Foreign Nationals will represent 3% (150,000) of year 6 registrants. Plain cards will represent 7% (350,000) of year 6 registrants.
Year 7 onwards it is assumed that there will be full National coverage, and therefore new enrolments will only involve renewals, those rising to 16 years of age and Foreign Nationals entering the country for longer than 3 months.
B.3 Production Of Identity Card Upon Request
With the exception of those circumstances defined in legislation when the identity card can be requested by the user organisation, the following assumptions apply to the likelihood of a cardholder producing their identity card, or offering their biometric when asked.B.3.1 Voluntary production of card
It is assumed that 60% of the card holding population will have their identity card with them and voluntarily produce the card when requested.
That means that 40% will not
B.3.2 Voluntary Production of Biometric or Data
It is assumed that 10% of the card holding population will not have their card with them but will voluntarily offer their biometric or relevant identification information to confirm their identity.B.3.3 Refusal to Supply Card or Biometric
It is assumed that 30% of the card holding population will refuse to provide their card or voluntarily supply identity data or biometric.
Unless more than 99% of the population cooperates, the new systems can never replace the old ones, they will just mean additional complexity and expense
B.4 Process Times
These individual transaction times are all at least an order of magnitude i.e. 10 times too slow to prevent queues and mounting frustration.
If Google or even a bank ATM cash machine took this long per transaction, they would soon be out of business !
If, for example, it takes only an extra 10 seconds per passenger to check an ID Card or Passport, then that means that the last people off a Boeing 747 Jumbo jet will be delayed by about an extra one and three quarter hours !
These sort of login and identity verification times are what has led the National Health Service medical records computer systems to have their security and privacy controls circumvented, by doctors and nurses, by sharing supposedly individual login smartcards, who simply cannot wait 30 seconds or a minute before getting the information they need.
Any changes needed to reduce these delays to an acceptable level, mean more staff, more training, and more infrastructure, for whichever organisation is foolish enough to sign up to the scheme. None of these extra resources are budgeted for in the Home Office's cost estimates for the scheme.
B.4.1 Website Process
The processing time for a website interaction from moment of transmitting the data to receiving a result from the NIR is assumed to be 30 seconds
There is no way in which we would trust the security of any transmission of our personal and biometric National Identity Register data to or from a website on the internet, except from our own equipment, which the Government would, in turn, not be able to trust really belonged to us, and not some "man in the middle" attacker.
B.4.2 Call Centre Process
The processing time for a call centre interaction from moment of dialling call centre to moment of receiving a result will be assumed to be 60 seconds.B.4.3 Offline PIN check
The processing time for an offline PIN interaction from moment of inserting card into reader, to the moment a result is received is assumed to be 15 seconds.B.4.4 Online PIN Process
The processing time for an online PIN process interaction from moment of inserting card, to the moment a result is received is assumed to be 30 seconds.B.4.5 Offline Biometric Process
The processing time for an offline Biometric process interaction from moment of inserting card, to the moment a result is received is assumed to be 15 seconds.B.4.6 Online Biometric Process (with card)
The processing time for an online Biometric process interaction from moment of inserting card, to the moment a result is received is assumed to be 30 seconds.B.4.7 Online Biometric Process (without card but additional data supplied voluntarily)
The processing time for an online Biometric process with additional data supplied but without a card, from moment of inserting card, to the moment a result is received is assumed to be 60 seconds.B.4.8 Online Biometric Process (without card and no voluntary information).
The processing time for an online Biometric process without additional data supplied and without a card, from moment of placing biometric on reader, to the moment a result is received is assumed to be 15 minutes.B.4.9 Data downloading from Chip (Level One)
Data downloading from chip at level one is assumed at 10 seconds from moment card is inserted to moment data is downloaded.B.3.4.10 Data downloading from Chip (Level Two)
Data downloading from chip at level two is assumed at 20 seconds from moment card is inserted to moment data is downloaded.B.5 Verification Processes
The Verification Framework document version 0.3 is assumed to be the business process design.B.6 Data held on card and chip
The Verification Framework document version 0.3 is assumed to be the final configuration for data specification on the chip and card.B.7 NINO
Where the NINO is relevant to a user organisation they are to assume four options when considering their benefits.
Option one that the NIR number is the same as the NINO.
Option two that the NINO is on the card but not the NIR number.
Option three that the NINO is in the chip only.
Option four that the NINO is not on the card nor in the chip.B.8 Verification response
Assume that the verification process followed provides a correct positive or negative match on 100% of occasions.
Utterly unrealistic wishful thinking !
B.9 Equipment costs
All readers are assumed to cost £250
A ludicrous figure, since they will have to be custom made, solely for the UK market !
Remember that at the time, in 2004, the Home Office were still talking about combined fingerprint and iris scan and facial recognition readers !
What is still a secret or a mystery, is how many biometric readers were the Home Office assuming would be required ?
We think that any biometric readers would need to be at least as well physically armoured and tamper resistant as a bank ATM cash machine i.e. costing several thousands of pounds each, in order to reduce but not eliminate, "man in the middle" attacks on the system.
The Home Office, of course claims that these assumptions have changed, since 2004, and so they should have, but they should have been made public at the time.
These assumptions strengthen the claims that the Home Office's cost estimates for the project are deliberate underestimates. This sort of systems performance might just be acceptable for a small scale, proof of concept pilot scheme,
However, If they are really achievable at all, let alone consistently, year in, year out with current technology, these process times would represent actual damage to the economy and society of the United Kingdom, if they are to be inflicted on us millions or billions of times a year on a population of 60 million people.
Comments
Last time I encountered a nuLabourID queue (for a party conference pass last year) it was over 3 hours long. Pictures:
http://www.flickr.com/photos/guppiefish/252526939/
http://www.flickr.com/photos/guppiefish/252526975/
http://www.flickr.com/photos/guppiefish/252572668/
Posted by: Ian Brown | April 6, 2007 6:35 AM
Hi - some quick help required. There's a lot of refusenik activism going on re: Blair's id scheme. It would be very helpful to understand better what alternative proposals exist, and are desirable, concerning the formation of official identity in the uk.
Posted by: ctj | April 6, 2007 9:43 AM
@ ctj - Have you read the London School of Economics "Identity Project" report, which proposed a cheaper, less privacy threatening and more secure scheme ?
http://is2.lse.ac.uk/idcard/
Their £18 billion cost estimates of the total cost of the National Identity Register to the whole economy look more realistic than Home Office's £5.8 billion, with no idea of the costs or benefits for any other Government department or the private sector. .
The NO2ID Campaign has also produced various briefing papers
http://www.no2id.net/IDSchemes/index.php
There are also dozens of documents on the now cancelled Treasury's Plan B scheme, the Citizen Information Project,
http://www.gro.gov.uk/cip/
which might have achieved most of the alleged "e-government" benefits of the National Identity Register, without the need for biometrics or id cards.
Then there are all sorts of ID card schemes used by other countries, which do not rely on a centralised biometric snooping database like the UK proposals, but which the Government never even bothered to offer as alternatives to their fait accompli.
e.g.
Germany where a photo id card printed with banknote style anti-forgery techniques and , by law, a number which must not be used as an index on a central government databases, Your name address is registed at the local state level only.
Estonia or Belgium, which have smartcard ID schemes, again without a central biometric database, but with Digital Certificates which can be used for online web e-commerce or e-government transactions (unlike the UK scheme, which is useless online, where most of the "identity fraud" is supposed to happen)
Even the Communist Chinese police state started off down the fingerprint biometric smartcard route, but seems to have abandoned biometrics as too impractical.
Posted by: wtwu | April 6, 2007 1:28 PM
70% of 5000000 is 3,500,000, not 2,400,000. I think they actually mean 48%, which would at least let their figures add up to 100, instead of 122%.
3% is 150,000, not 100,000.
If they can't do basic arithmetic, can we trust them to run a multi-billion pound scheme?
Posted by: duncan | April 7, 2007 8:49 AM
Hey wtwu - I've just been following the ID card issue quite lazily, so thanks for the rundown.
Posted by: ctj | April 10, 2007 12:38 PM
can i see some pics of a real spy I.D.,but with out the name and stuff you know because i have a spy's survival hand book and it said"this is an alias that is not your own name .get creative. maybe your spy I.D.is Julus Caesar.okay,maybe that'sa little obvious.how about biue squirrel?
Posted by: kalynn kemiya johnson | April 12, 2007 12:50 AM