Identity Cards Bill

I put my name to this amendment and I want to follow the helpful remarks that have just been made on the subject of costs. I note that the amendment probes future annual costs, but there are important issues that we need to face right at the outset. The question of costs is intimately related to the question of security, for reasons that I shall come to. First, I have a basic question to ask the Minister right at the start of my speech. At Second Reading, she gave us an estimate of costs. Was it for the total costs that will fall on Her Majesty’s Government, the taxpayer or those who are forced to pay the fees for these services? Or was it simply the costs to the Home Office or one particular department? Have all the departmental costs been included in the estimates that have been given? Some of the costs for other departments will be very substantial. For example, the Foreign Office issues passports around the world and will have to be equipped with the apparatus to get into and deal with biometric assessment. On one occasion, I was unfortunate enough to have a passport stolen in a remote part of Venezuela and I now have a passport issued very efficiently in the embassy in Caracas. For the embassy to do that in future, it will have to have the equipment to deal with biometric assessment. Do the costs that we have been given include the costs for the Foreign Office, or for the Department of Health, which we are told will be a major user of this system? I now come to an area that is slightly painful to me. I have to declare that as the chairman of a public company I had the most unpleasant experience—the most unpleasant of my business career—of dealing with a major government IT contract that did not go very well. I shall not say more about the detail, but one of the reasons why the costs rose by a very substantial amount was that the security requirements from government were repeatedly altered and tightened. Within the past 48 hours, we have read in the newspapers that exactly the same process has been going on in the hugely important contracts to provide for the National Health Service. We have been told that they are running enormously over the original estimates and behind time because the requirements of government have repeatedly been altered. So when we turn to the question of security, we will want to know whether we are completely satisfied that the security requirements have been firmly established and are not going to be substantially altered, and what the impact on costs will be if they have to be altered. In this context, I shall make one other point about the question of charges falling on other departments. In the case of the contract to which I have referred, which never came to completion, one of the problems was that it was sponsored by one part of government and was going to be used by another. The part of government that was undertaking the work was reasonably happy with the costs that it would have to pay for the services. But the other departments that were going to come in on the whole business were increasingly unhappy about the charges that would be made to them for the use of the central service. For that reason alone it is absolutely essential that the Government tell us not only the total estimate of costs, but the impact and the anticipated charges for the departments which will have access to the system. I make another brief point about security; we shall turn later to the whole question of security. On listening to some of the speeches at Second Reading, I gained the impression that many people thought we were entering a new and marvellous era in which there was going to be a huge improvement in security. We heard many stories about the shortcomings of the present arrangements and the scope for fraud. It is true that with this kind of system some sorts of fraud will be much more difficult to execute. But, as my noble friend pointed out, there will be an enormous incentive for some organisations and some individuals to find ways of getting into the system. We know from experience that, however tight security is, brilliant individuals—often very young individuals—have an ability to hack into highly secure systems. For example, a young man living in a council house in south Wales hacked into the Pentagon’s main defence system in the United States. One can be quite certain that attempts will be made. The point I want to make about security is that one has to understand that we are no longer dealing with fingerprints in the traditional sense. I turn to the advice given by the Home Office’s chief scientific officer. We are dealing with a fingerprint translated into information based on a series of what are called algorithms, and those are digital. When we talk about a threat from getting at information in the register, we are talking about the ability to get at not only someone’s age, residence or other information of that kind, but biometric information, and it will be digital information. If one can hack into a system, not only can one extract the digital information containing the biometric material but one can probably alter it. Therefore these are central issues and—I return in a circular way to costs—I suspect that as the systems develop more and more money will have to be spent on dealing with these problems. In a very interesting article on this subject, the chief scientific adviser to the Home Office said:"““The proper application of biometric technologies is at least as important as choosing the correct technology—or mix of technologies. For example, a high quality user interface and an optimised capture environment is necessary to put the person at ease to ensure that the best image is obtained. Security issues need to be addressed so that the biometric system will not accept plastic fingers with an impressed fingerprint or a photograph of a face. Of course, the needs of the elderly and disabled have to be taken into account as well””." One begins to see the difficulties when one considers the whole question of accuracy and reliability. The chief scientific adviser, Professor Paul Wiles, finishes his article with the words:"““The key, however, will be to ensure that these are introduced in a standards-compliant system, which is secure, easily used by the vast majority of the population and in applications that provide clear benefits to the citizen, the foreign visitor and public and commercial organisations””." I do not believe that it is at all clear that those conditions can yet be met. One thing of which I am quite certain is that we need to have much more information than we have so far been given about the costs, how they have been arrived at and the assumptions on security.