Better late than never:
From: Nigel Tolley [mailto:firstname.lastname@example.org]
Sent: 06 May 2004 11:24
To: email@example.com; firstname.lastname@example.org
Subject: consultation response
I do not support the national identity card scheming at all. There are
various reasons for this, but the most important one, which few people seem
to have mentioned, is this.
You cannot revoke your public key.
Think about this for a moment. Your PIN number gets stolen, and you can
change it. Your credit card number is not you. However, your fingerprints
cannot be changed, and you leave them everywhere you go. Even worse, your
face is recorded by hundreds of thousands of CCTV cameras, TV cameras, still
and digital cameras, every single place you go.
Anyone with sufficient access to the required tools and your picture could
very rapidly “become” you. And you can never revoke it, nor do anything
about it, barring radical plastic surgery – which may still not solve the
Imagine, if you will, that someone with mal-intent decided to drive you to
suicide. The simplest way would be to change someone on the watch list’s
biometric identifier to match yours. Every time you walk past a camera, you
will be flagged up. You cannot claim that you are not the person the
database says that you are, either! After all, the database is never wrong,
and the ID is never wrong either – but they have to stop you to check that,
then check it with the database, too…
Now imagine if you had an identical twin, or, out of the millions of people
in the database, one of them looks like you, perhaps uncannily so. The value
of your biometric ID card is, to almost anyone else, nothing. It won’t even
let them buy cigarettes. But to someone who looks very like you, it might be
worth quite a lot. After all, it makes them you! So organised criminal gangs
will work to match these faces with those who want them.
Of course, that is a very difficult thing to do, at the moment. Trying to
find someone your sex, age, and build is easy, but to match the face really
well? Very hard. Lots of man-hours. Until someone builds a database of
everyone, then you run a 10 second query, and get back a list of names and
addresses, sorted by closeness of match. That data could be worth a heck of
a lot to many more people than just the police.
I feel this is a fundamental flaw, a show stopper.
Even more amusing will be when Tony Blair and David Blunkett are seen, live
on video, robbing a bank. I wonder what the “biometrics will solve
everything” pundits will say then? Odds are they just wore a mask, but you
never know. It could be a burgeoning trade in radical plastic surgery, so
that you match someone else’s biometric signature.
How will the innocent party feel then?
On that happy note, I bid you goodnight.