L'Ombre de l'Olivier

The Shadow of the Olive Tree

being the maunderings of an Englishman on the Côte d'Azur

04 August 2006 Blog Home : August 2006 : Permalink

Making a Hash of ID

Making a hash of information is in a compuer/cryptographic sense a good thing sometimes. And for things like ID cards good one-way hashing would seem to be a basic necessity. However an explanatin of that will have to await a later post becaus ein this post I want to look at the UK governments ID card program - which is making a hash of it in a negative sense.

Firstly as the Register points out (and noted by an Englishman's Castle), the government seems to have made decisions about what it wants the ID card scheme to do without bothering to see if they are feasible or affordable:

The House of Commons Science and Technology Committee inquiry into the thinking behind ID Cards, published today, found the government had decided what it wanted to do before it had determined if it would even work.

"In view of the potential adverse impact on large numbers of people, it is better that the scheme is late and workable than on time but flawed," the committee report said.

It recommended that the Home Office, which introduced the scheme, "extend the procurement phase to ensure that enough time is taken to gather the necessary scientific evidence and to undertake all the appropriate trials".

As if that wasn't bad enough, the committee also suggests that different parts of the government have different ideas about ID cards and that these ideas have not been joined together in a grand unified whole.

The committee even recommended a cross-government consultation as many government bodies had varying ideas about what they wanted to do with ID Cards.

Those stories last month about how the ID card scheme was going to be an IT catastrophe look to be even more believable. Rule number one for successful IT projects is to have clear goals and deliverables set out before requesting tenders and to not change siad goals and deliverables half way through. Projects that don't do this nearly always come in very late and massively over-budget and usually have the added bonus of not solving the problem the users wanted to solve.

As the committee notes this sort of behaviour, combined with a lack of technical clue and an inability to get one from industry, has led to numerous government IT cock ups in the past:

As the Home Office was lacking inhouse expertise, it was relying on industry to plug the gaps in its knowledge, but it did not conduct adequate consultation with those it would rely on to develop the system.

This lack of inhouse knowledge has been identified before as the cause of government IT failure, the Child Support Agency debacle being a case in point. As it happens, the committee was worried that the signs showed the Home Office had not taken enough notice of the accumulated wisdom of previous IT disasters, as surmised [sic - summarised?] in numerous reports over the last decade.

It was also concerned that the committees set up to guide the ID IT plans had not been "best placed to offer expert advice" because they had few experts. The Home Office also lacked an IT chief, while there was uncertainty about who at the Home Office was in charge of the project.

So with that roasting of the current implementation plans we turn our attention to Tim Worstall's post on the political and budgetary side where he highlights an odd claim from the dear leader:

"If people want to track illegal migration and organised crime in this country, you've got to have ID cards," he said. "Any other solution simply won't work.''

This is prima facie evidence of the lack of joined up thinking complained about above. Criminals and illegal migrants are the people who will have fake or stolen ID cards so unless there is clear evidence that such fakes can be quickly and reliably identified with near zero false positives (I'd say a false positive rate of 1 in a million is the upper limit), either criminals will be using their fakes/stolen cards with impunity or we will have a lot of upset innocnts or both. So far as I can tell (and I genuinely welcome evidence to the contrary) the scheme as currently envisaged will not be able to meet this goal.

The result of this mess is that the committee is remarkably skeptical of the Home offices claims of costs (£584 million a year or £10/person/year), something that is unsurprising given that the government hasn't made all its decisions about what it wants yet:

The Commons Science and Technology Committee published a report expressing incredulity that the Home Office claimed to be able to produce firm estimates of the costs of running ID cards when fundamental technical decisions were still unclear.

The Home Office has said that running costs would be £584 million a year, whereas the London School of Economics, in a controversial report, has put the total costs of setting up and running ID cards at between £10.6 billion and £19.2 billion.

There is - BTW - one area where I feel the costs have almost certainly been understated, that is the cost for the 70 (IIRC) offices where UK residents have to go and get one of these bits of plastic. Somewhere on the No2ID site, but I can't find it now, there was an estimate of the speed at which processing of IDs has to be done which gives you some basic queueing theory. The numbers work out at needing to process on average one person every two minutes or so and that has a significant effect on the amount of office space, parking space etc etc required.

Perhaps more interesting is that each person will most likely need to take a half day off work to get their ID, at an average hourly wage of £10. With 5 million renewals a year and 4 hours (£40) lost in wages (if the employer pays the employer has wasted that amount, if the employee doesn't get paid or uses up holiday time he loses it straight) that works out at a cool £200 million per year in hidden costs. Feel free to make a more accurate calculation based on actual numbers of employed people and with a more accurate average hourly wage, but I reckon that it is about right as a back of the envelope calculation. If you add that to the fact that they have to pay for the ID card - another £40 or so per punter - and add travel costs, parking costs and other expenses such as time requried in advance to gather documents, data etc. the actual cost to each person is now in the £80-£100 range or £400-500 million per year is additional costs to the UK economy.

Even if the home office is right and it costs £584 million per year to run the scheme then the loss to the UK economy is over £1 billion a year. If the home office is wrong then the loss will be more. Have you seen any claim from the government that it will save £1 billion per year somehow? And note that if figures such as the LSE ones are accurate then the actual cost per ID card will be more like £400 than £100.

To summarise. We have an IT project which is out for tender even though the precise objectives and goals have not been specified and which is managed by a group of people who have screwed up every other major IT project they have ever tried to introduce. When it works it will cost the country £1 billion a year minimum in additional overhead. It seems like an invitation for ID theft and seems to provide very little benefit to the average UK resident.

And yet Blair and co think it's a good idea?

I despise l'Escroc and Vile Pin