Thursday, August 04, 2005

ID me #2 - your papers please

I've been thinking for a while about biometric ID cards.

It doesn't matter what biometric is chosen, there are people who simply cannot authenticate by the method chosen. A man with no eyes cannot take an iris identification test: a woman with no hands cannot take a fingerprint test. The managers among you might say "Do Both!" but let's suppose there's someone out there with no eyes and no hands, Mr Double-Hamza. He still needs to authenticate himself. How is the ID infrastructure to cope? Are people with no eyes and no hands to be issued certificates allowing them to bypass security checks? You're the security guard, I have dark sunglasses, hooks and long sleeves, and a certificate. Are you going to question my certificate? Are you going to shine a torch into my eyes to see if my retina shrinks, are you going to tug on my hooks? Of course, in reality there would only be one biometric not two, which increases the number of poeple who can't authenticate.

I can hardly conceive that anyone reading this could ever have criminal intentions, but identities will become hugely valuable commodities if ID cards become reality. Buy now!

One fundamental question is whether we see ourselves as people or as data - at the moment, we are people about who the government 'has data': some here, some there, most right and some wrong. A precept of the ID scheme is that the government will have to establish a central database of it's subjects (not even a citizen in your own country) and when there's a central database people start thinking about it as the primary source of information. You become a datum in a database, then you have to prove your identity ("authenticate as a registered user" if you like) before you can make any transactions, or pass through a barrier to a station or a stadium or school.

This is always a conceptual error. Databases (or at least useful ones) represent a subset of attributes of something real: decisions made about those real entities need to be made about their actual properties and not what might be stored in the database. A database of CDs has titles, artist, and tracks. It doesn't store when you first listened to them or why you used to listen to one of them all the time, which ones you secretly hate, any of a hundred billion other possible human attributes. The database has a few token properties which make it useful as a lookup device once you have decided what to put on, but while you are deciding what CD to play you look at the discs and decide what to play using the non-database human attibutes like who is with you, what mood you are in, what the weather is like: the valuable information is in the relationship between you and your CDs, not in the CD database.

I recognize there may be value in a imperfect implementation of a national database to the government but I don't believe that means there's any value in it for us (and it will cost us a packet). I don't really mind so much being part of a national catalogue, it's the "your papers please" aspect that bothers me, as in the title of this post. (Have you heard the Gestapo joke.. no, this isn't the time)

Of course, we'll be all right - it will be the most vulnerable in society will suffer the most difficulties with authority from ID cards - people with mental health problems or who are learning disabled, asylum seekers, Romanies, travellers, anarchists, punks, crazies, runners, serial name-changers. How can you keep track of people who don't want to be kept-track-of? How do they expect to be able to keep track of all this information anyway? You come immediately right up against inherent limitations of software - because a computer isn't always right, it just always produces the same answer.

I looked at some of the problems involving matching people before: even after the huge push to get everyone's details right you're going to need a big staff of smart people to make the decisions about who is who but now calls herself whatever, and you're going to need them forever. Computer systems never make decisions: the decisions are made in advance by the person who specifies how the computer system is going to behave, and the programmer implements these decisions in the program. When the end user types in the parameters, the little wheels whirr and click until the required answer is output by the tiny computer-things (sorry to get all technical there).

Yes, I suppose some of these are edge cases, but that's where the fun is to be had. When authentication breaks, what do we fall back on? What happens when criminals exploit that fallback? Can whole organisations be disrupted with tar on an iris scanner? Will they pay to avoid it happening again? What if it happens every week?

Also, if information can be accessed legitimately, it can and will be accessed illegitimately. How much will it cost to illicitly trace ex-wives, estranged families, absconded business partners, or hated bullies? If everyone has a tracked identity, everyone can be found, for a price.

No comments: