Devil's Advocate: Who am I?

The concept of compulsory national ID or entitlement cards (choose name as you see fit) has split public opinion. But won't they just exacerbate current problems, asks Martin Brampton…

There still seems to be a lot of talk about government issued identity cards. It seems that if enough people talk about them for long enough, everyone will fall in line to accept their general use. Quite apart from doubts about their desirability, I have been wondering how well they would really work.

Often, security systems seem to be weak and inflexible. Not long ago, I was visiting a major software vendor. As I drove up to the site, there was a security gate and a man checking everybody who entered. I told him who I was visiting but he insisted that I must produce some form of identification. Now Black Sheep Research has no system of ID cards, so what could I do? Well, I offered him my AA membership card. That seemed perfectly acceptable, so I was allowed in.

Even if something slightly more secure had been requested, it is notoriously easy to acquire a passport in the name of someone else. The procedure was fully documented in a Frederick Forsyth novel decades ago but nothing has been done to stop it. Armed with a fake passport, it is pretty easy to acquire further false documentation.

Another peculiar feature of government sponsored security is that it seems to assume that criminals behave just like ordinary people. For some time, banks have had to demand all kinds of documentation before they will open an account for a new customer. Recently, the system has been tightened with an insistence that these procedures apply even to long established customers who open a new account. Can you imagine why a money launderer who has been successfully using a bank account for years would attract attention by setting up another one?

Of course ID cards and other documents all suffer from the problem that they are hard to connect with an actual person. Signatures or photographs are supposed to do that but how often does anyone thoroughly check such things?

So a simple route for the iniquitous is the theft of ID cards, which are likely to be treated as a badge of respectability. Signatures are easily forged to an adequate standard to bypass most checks. Are photographs more of a barrier? Again, the checks are often cursory and easily fooled simply by stealing the ID card from somebody who looks at least a bit similar to the thief.

We also have to take account of the need for security systems to permit the things that are supposed to happen. Not everybody organises themselves as effectively as officialdom might wish. Any security system that relies on tokens becomes a problem when the users lose the tokens. Then, either the security system prevents what should be legitimate activity or there is a procedure to bypass the security. That is inevitably a vulnerability.

One might well take the view that reliance on an ID card actually reduces security. It is well known that we are all inclined to believe tables of figures that are neatly printed from a spreadsheet. If the figures were hand written on the back of an envelope, we might be a bit dubious. But when they are nicely laid out, it seems that we accept them without question. Much the same is liable to happen with ID cards that give an illusion of reliability.

Maybe the technically minded mention biometrics at this point. For a time, I was persuaded that might be a way to reliably identify people. But then a young Japanese researcher created a dummy finger with a fake fingerprint, using materials that cost less than £10 in total. Who knows whether a similar result can be achieved for iris scans using a special contact lens or some such device?

I suspect in our blind faith in technology we may well go to a lot of trouble and expense only to find that we are less secure than we were. The outcome may be exactly what you would expect. Law abiding people behave as they are expected to and lawbreakers don’t.

** Martin Brampton is a director and founder of Black Sheep Research (www.black-sheep-research.co.uk ), an independent consultancy providing research, writing and speaking services on a wide range of business and technology subjects. Martin was previously a director at Bloor Research, and has worked with IT as a user and analyst for over 20 years. He can be contacted at silicon@black-sheep-research.co.uk.

For past Devil's Advocate columns see the links below, or type 'Devil' into our search engine.