I don’t often pull stuff out of the comments boxes, but the following response from Nigel Sedgwick, to a recent piece of mine on government IT cost overruns (specifically on the NHS electronic patient record system) and how this is likely to relate to the National Identity Register and ID cards, is worth bringing out into the light of day:
Concerning costs of the National Identity Scheme (NIdS), you might like to look here: Technical Aspects of the National identity Card, and particularly at slides 34 and 35. [Somewhat technically minded people might also find useful, the rest of the presentation.]
There is the issue of setting up the whole scheme, including enroling the whole adult population. This should be separated from the costs of using the scheme for any particular purpose beyond those arising from registration (ie checking identity for any particular purpose). This is because there is no compelling need to use the NIdS for any particular purpose. It should, surely, only be used for each particular purpose if the use offers benefits to that particular community (or provider and users), and hence offer reduced cost, improved benefit or both (a point the original posting seems to miss).
It is thus unreasonable to lump in all costs of possible particular uses with the initial cost of setting up the scheme and registering the adult population (though both of those should be considered together, at least initially).
This is somewhat different from the NHS computer system, where it certainly is the case that the initial costs should include the cost of transferring all existing records (paper and computer) to the new system. On the NHS system, the £20billion actually comes out at around £340 per person in the UK. Although I think that cost per head should be lower, it does not strike me as totally unreasonable, given that (as you say) the largest portion is the data transfer from legacy systems including manual records. However, I do agree that this costs should have been in the original budget. More fool those (would that be Parliament) for not checking the budget properly prior to approval. [But we have that on the NIdS too. Why did they approve it without a proper budget?]
Back to the NIdS, there is no equivalent to the transfer of legacy data that is not included, at least in the costs I give on slide 35. That is because, substantially, there is no legacy data that is required for any purpose beyond the initial registration (which I assume could have a reference number typed in, or scanned in for non-UK reference documents, within the allocated 1/12 of a working day’s effort by a registration clerk).
I hope this all helps with the truth.
Best regards
Okay, in the interests of complete transpareny lets get the matter of the provenence of Nigel’s comments out the way straight from off by quoting from this memorandum submitted to the Home Affairs Select Committee in January 2004…
INFORMATION ON THE AUTHOR‘S [Nigel] TECHNICAL BACKGROUND
2. My technical experience spans 29 years since graduating from Imperial College in Physics (BSc, ARCS in 1974); I also have a degree in Computer Science (MTech, Brunel 1980). I am a member of: the Institution of Electrical Engineers, the British Computer Society and the Institute of Acoustics. I work on pattern matching and digital signal processing, through my personal trading company (Cambridge Algorithmica Limited), undertaking technical consultancy and contract research and development. This work is principally in the fields of biometrics, automatic speech recognition and data modems. Much of my work has been for the UK Government, and is of a highly technical nature. In the field of biometrics, I personally have worked on speaker verification/identification, dynamic (hand-written) signature verification and multi-modal biometric combination.
3. In the middle of last year, I was appointed to the British Standards Institute Committee IST/44 on Biometric Standards, in the capacity of Principal UK Expert.
To be scrupulously fair, Nigel has not made any effort at all to conceal his identity and/or background, he is what he is, a technical consultant who has worked for the UK government in the field of biometrics. His personal trading company, Cambridge Algorithmica, is not on the current list of suppliers who’ve expressed a formal interest in tendering for contracts relating to ID cards and NIR. Whether he might have an indirect personal interest, either as a external consultant to one or more of the companies who have expressed an interest or, on the other side of the fence, as a consultant working for the government on technical evaluations of tenders/equipment, I can’t say nor do I think that matters either; Nigel’s track record has been consistantly in favour of ID cards and the NIR throughout, and from long before there was any prospect of contracts being put on the table, so any personal gain that might accrue from their introduction in incidental to his support for the system.
Having read through Nigel’s presentation I hope he won’t mind me saying that he comes over as being a bit of good old-fashioned boffin – and as a techie myself that’s not a term I consider perjorative. Technically his work seems pretty sound even allowing for the usual room for legitimate scientific dispute about some of his conclusions, however like many boffins his main flaw is not his technical ability but his tendency to base his arguments on how things should be rather than how things are actually likely to turn out, a criticism that he will have heard before from John Lettice of The Register – this being the classic boffin flaw*.
*As to why ‘boffins’ are prone to this kind of error in thinking, the answer is simply that that’s pretty much what they’re trained to do from the outset. It’s a function of scientific methodology – most scientific experimentation begins with the construction of idealised scenarios in which the researcher attempts, whether by technical means or use of assumptions and constants, to control and minimise the impact of as many variables as possible in order that they may manipulate the one or two factors which actually interest them and which should then, hypothetically, provide them with the answer they’re looking for.Scientists are, quite literally, taught to deal in ideal situations, which tends to colour their thinking even in dealing with complex real world systems that defy such simplifications.
The problem I have with Nigel’s comments, as you might expect, lies in these statements:
There is the issue of setting up the whole scheme, including enroling the whole adult population. This should be separated from the costs of using the scheme for any particular purpose beyond those arising from registration (ie checking identity for any particular purpose). This is because there is no compelling need to use the NIdS for any particular purpose. It should, surely, only be used for each particular purpose if the use offers benefits to that particular community (or provider and users), and hence offer reduced cost, improved benefit or both (a point the original posting seems to miss).
It is thus unreasonable to lump in all costs of possible particular uses with the initial cost of setting up the scheme and registering the adult population (though both of those should be considered together, at least initially).
Nigel thinks its unreasonable and unfair to consider, at this stage, the likely full costs of a fully-loaded system, which would include not only the costs of the NIR system but the on-costs of linked to it the many public sector information systems that will be hooked up to make use of identity verification – I don’t.
The difference in outlook here is one that is very much based on our differing technical backgrounds – his looks primarily to be in research and development, mine, from my days working in IT, is in data processing, data control and systems administration – he deals with how things should work, I deal in how they actually work in practice and the two are very different disciplines.
The single overriding factor which dictates that we consider the full costs of implementing identity verification across the public sector is the final bottom-line – however you slice it, the costs of implementing these systems will end up being borne by the taxpayer either directly, as in the purchase cost of the ID cards themselves or in increased charges for some goverment services, or indirectly through taxation and/or cuts in services to release funds to pay for implementing these systems. Remember, the promise made to the Treasury was that this system would be ‘self-financing’, although it was never specified fully quite what self-financing would actually mean.
One aspect of the self-financing nature of the project is obvious – we’ll be required to pay for the ID cards themselves, but even if we allow for the government’s stated figures and projected costs actually being somewhere in the right ballpark – which is far from certain in itself – the income generated from the sale of ID cards thermselves with come nowhere near to covering the costs of upgrading other systems to connect to and link in with the identity verification services that the system will provide.
We know, for example, that the DVLA will make extensive use of identity verification – how? Because this is build directly into the legislation.
This will almost certainly require extensive upgrades to the DVLA’s IT systems for starters – costs that aren’t included in the publicly stated costs of NIR. Remember its not just the DVLA’s database that needs to up upgrades but all the systems that use that database and, like the NHS system, there will be massive legacy data issues to deal with when the two systems are linked – unless the government plans to force all drivers to reapply for new licences and rebuild the DVLA’s records from scratch.
All that has to be paid for, one way or another, either by a hike in the price of a driving licence or through general taxation (or a combination of both). Yes, there may be efficiency savings in the long run, but to what extent these will offset the upfront costs of implementation is entirely unclear and uncertain.
At least, one could argue, agencies like the DVLA and Criminal Records Bureau, which will also be a heavy user of identity verification, have some direct means of recouping their costs, even if it does mean increasng the price of a driving licence or criminal records certificate – but what about those agencies that don’t directly charge for their services, like HM Revenues and Customs and the Department for Work and Pensions, which deals with welfare benefits and NI contributions. If the NIR is to remain self-financing then these agencies will have to pay not only for the costs of upgrading their systems to connect to NIR and carry out indentity checks but also, presumably, for the verification services they use out of their own budgets, which are, of course, funded by the taxpayer.
And again, as with the DVLA, these agencies will be required to deal with massive upgrade and legacy data issues – for example, Britain has a working-age population of around 30 million people and a total adult population of around 47 million people… and, currently, the National Insurance Database hold 73 million ‘live’ entries.
Okay so some of that discrepancy between NI numbers and adult population can be accounted for in terms of ex-pats who have an NI number but who live and work overseas, and some of the records will relate to migrant workers who, having worked in the UK at some time in the recent past, have wither returned to their home country or moved on to work elsewhere, so one can quite reasonably expect there to be some discrepancy between the number of ID cards in circulation – if they become mandatory – and the number of live NI records on file. Whether 26 million is a reasonable level is another matter entirely, which I suspect will mean another massive exercise in sorting out legacy records and data cleansing.
The National Identity Register is not a stand-alone system, nor was it ever intended to be, why is why the question of what it will cost, across the board, to implement its use across the public sector is all too relevant to the wider debate on this issue.
In actual fact, verifying the identity of individuals is, in most respects, the least important of the NIRs functions within the public sector – the real prize for government is not the ability to verify the identity of its citizens but the ability to link together it many information systems into a single meta-system in which near enough every piece of personal information its holds about UK citizens can be connected and cross-referenced – tax records, benefit records, immigration and nationality records, driving licence records, criminal records, medical records, council tax records, social services records, education records – the whole damn show.
As for what this will all cost in the long run – who knows for sure. Certainly much more than than the figures the government have quoted and probably much more than even the LSE’s estimated costs.
NIR will extend into near enough every facet of the citizen’s dealing with government, central and local, and beyond. Going back to Nigel’s idealised scenario, one of the clear and obvious differences between the system he scoped out fro his presentation and the system that the government are looking to put in place lies in the amount of information revealed to those using identity verification services. Nigel appears to be proposing a zero knowledge-based system in which the only information revealed to the end user is a yes/no answer to the question of whether an individual is who they purport to be. The actual system that the govenrment are putting in place will reveal far more information than that, if one judges how it will function from the list of information that the law will allow the system to disclose and, crucially, one thing it will disclose is individual National Identity Registration Numbers, with no restictions on their recording and use by third parties, particularly private sector businesses, other than the wholly inadequate provisions of the Data Protection Act.
The inevitable consequence of this will be the development of parallal meta-systems within the private sector, the most obvious of which will be that which will spring up in the financial services industry – NIR provides the one missing element necessary for private businesses to construct these systems, the unique, individual registration number from which one can easily and reliably connect all manner of personal information together and all, more or less, outside of any legal or governmental controls. If one understands the potential of these private systems then one also understands that the ‘benefits’ of reliable ID checking are nothing to the private sector when compared to the potential offered by being able to reliably connect together all manner of personal data held across numerous private sector systems into detailed and reliable individual profiles. The serious money to be made out of NIR lies not in the government’s identity verification services but in the harvesting and mining of data held in the private sector to construct detailed individual profiles for sale to financial instutions, marketing companies and just about anyone else who might pay for such information.
There is more to the government’s obvious economies of truth when it comes to the full scale and scope of what NIR makes possible than simply how much it will all cost, only when one does understand this in full do the real civil liberities implications become clear – the public might just buy into the idea of the Police and Security Services having access to the kind of detailed profile information that NIR makes possible, but not the idea Tesco, Sainsburys and ASDA will also be able to pull of much the same kind of thing.
To give Nigel some deserved credit here, his presentation does put forward the one acceptable form that a nationa identity system could take, give or take some quibbling over the exact contents of the register itself, that of a zero knowledge based system which verifies identity without revealing personal information to the end user – but then that’s not what we’re getting.
What we’re getting, instead, is a massively expensive uber-system in which the benefit to individual citizens is the least consideration.
Interesting post Unity.
I am particularly chilled by this:
“The serious money to be made out of NIR lies not in the government
The ‘fault’ in Nigel’s line is very much conditioned by his professional background. Like most R&D techs he concentrates on questions of feasibility, ‘how do we create this system?’ to the exclusion of asking ‘why are we building this system?’ and even ‘should we be building this system?’.
Techs tend to think systematically and not politically, which is where we differ, although I can appreciate his arguments.
From a purely technical/systems standpoint and in terms of efficiency, there are many potential benefits that could accrue from an ID system, although these have never been adequately spelled out be government for fear of the political consequences. To do so would expose the full extent to which this system will penetrate people’s lives.