Select Committee on Home Affairs Written Evidence


6.  Memorandum submitted by Computer Sciences Corporation (CSC)

1.  INTRODUCTION

  1.1  There are numerous government ID systems implemented world wide that are using smart card and biometric technology, including:

    —  Denmark tax returns (with voice recognition, pin number access).

    —  US Department of Defence Common Access Card—with photo, biometrics (fingerprint), and smart card chip.

    —  Malaysia's national ID (Government Multi-Purpose Card)—with photo, biometrics (fingerprint) and smart card chip.

    —  Spain's social security card—with biometrics and smart card chip.

    —  Netherlands' "Privium" automated border crossing system—with photo, biometrics (iris) and smart card chip.

    —  Brunei's national ID—with photo, biometrics (fingerprint) and smart card chip.

  1.2  CSC has implemented high volume, secure smart card applications internationally, and would be delighted to arrange educational visits for members of the Committee.

2.  PRACTICAL ISSUES INVOLVED IN THE ID DATABASE AND BIOMETRIC IDENTIFIERS

  2.1  If ID cards are to realise benefits quickly for the government, CSC recommend that a "Central Utility function" is developed which provides a mechanism for accessing public services via three core channels:

    —  Self Service (initially over the web, but not excluding the future use of other technologies).

    —  Assisted service at an agency front desk.

    —  Assisted service via the phone.

  2.2  The "Central Utility" will act as a secure information and communication hub that will interface to a variety of front end systems (web agency, front desk support, and call centre support) and across multiple back end systems (benefits, health, DVLA and so on) along with third party systems such as payment systems.

  2.3  The objective of the Central Utility is to allow customers, both individual and business, to access public services in a seamless manner through one point of contact, rather than interacting with multiple organisations such as the Benefits Agency, DVLA or the NHS.

  2.4  The Central Utility will make use of a central data store, which retains the secure personal data for each customer registered within the system. This central store will, over time, reduce the need for individual agencies to store their own copies of shared customer data.

  2.5  The cost of such a "Central Utility" will be entirely dependent on the design of the system. However, a central utility will be an order of magnitude less expensive than different card production and issuing facilities, perhaps with different card specifications, resident in different government agencies (eg DVLA, NHS, Benefits Agency etc).

2.6  ID Database

  2.7  In terms of database access, card production would be done at secure centres, by appointment. Thereafter there will be a limited number of applications where the database is accessed, the comparison will be between the citizen and the card.

  2.8  Technically the system will be able to handle large volumes, as personal verification against the database will be relatively infrequent (for comparison, how often is a birth certificate, marriage licence or passport produced now?). Also the volume of comparisons between card and citizen will depend on the data stored on the card (for example, if the current address has to be kept up to date).

  2.9  Specialist companies known to CSC produce cards, readers and locking mechanisms. CSC' usually engages these companies and project manages them as the prime contractor.

2.10  Biometric Identifiers

  2.11  A biometric template is locked onto the smart card by the issuing authority. The smart card prevents modifications of its memory by anyone who is not correctly authenticated by the issuing authority.

  2.12  Smart cards are very tamper resistant, and as such are often the most secure link in the whole security chain of an application. The card is effectively a small computer, and, if tampering is detected, the card will cease to function.

3.  OPERATIONAL USE OF ID CARDS IN ESTABLISHING IDENTITY, ACCESSING PUBLIC SERVICES AND TACKLING ILLEGAL IMMIGRATION, CRIME AND TERRORISM

3.1  Establishing Identity

  3.2  Any security system is only as good as its enrolment process. If someone presents stolen or fraudulent identity information, such as a stolen or counterfeit passport, at the time of enrolment and card issuance, then this impostor could potentially be given a valid ID card.

  3.3  An enrolment process that captures biometric information would be able to ensure that only one ID is issued to an individual by determining if the same applicant had previously enrolled with a different name.

  3.4  Each ID system should provide cardholders with a process to report lost or stolen cards so that system information can be updated.

  3.5  If the card includes a biometric, it will not be able to be used at biometric stations by anyone but the rightful owner.

  3.6  For example, in the Danish Tax system implemented by CSC, the card is read and a PIN code is keyed in.

  3.7  Perhaps more effective, would be the recording, on the card, of the date and time of the last connection to the central database.

  3.8  For example, using smart card technology, it would be possible for a police officer to record immediately in the card when a speeding ticket is issued. This information could include a note of "judgement or payment pending" until the next time the card connects to the central database and gets an update. It would also be possible to note in the smart card the last time the card was on line with its issuer.

  3.9  A smart card based system can improve privacy, help speed identity validation processes and still be very secure. The example above does not require the police officer to access the central database but the information stored on the card helps validate the logic of the processes done in the field

3.10  Accessing Public Services

  3.11  Smart card technology could result in a complete transformation in the way the general public accesses government services. An ID card will help reduce data entry and form filling when a citizen applies to use a government service.

  3.12  Services will be identified in line with the e-Strategy of each government agency. However, likely services to be provided using identity cards are passports, car tax, grants and benefits, health, education and family based services.

  3.13  However, any system of identity cards introduced in the UK must strike a positive note, enabling the general public to better access "public services" and enabling the government to provide these services more efficiently. The largest potential barrier to efficiency is duplication.

  3.14  If smart cards are to realise benefits quickly for the government, it is essential that individual service providers like the DVLA or the NHS don't all go off to develop their own identity registration, authentication and personal data management of their smart card data content.

  3.15  CSC recommend that a "central utility function" is developed which will be responsible for the specification of, procurement and implementation of all aspects relating to the technical infrastructure required to provide customers with the ability to access services they are entitled to.

4.  ISSUES TO BE ADDRESSED IN THE LONGER TERM, INCLUDING COMPULSION AND COSTS

4.1  Compulsion

  4.2  Benefits will accrue from these systems as the number of people using them increase. It will be easier for citizens to get their Drivers Licences, Child benefit, with an ID card rather than without.

4.3  Cost

  4.4  CSC notes that the deployment of smart card technology in other countries has resulted in cost savings and extra convenience. in the Danish Tax system implemented by CSC the technology has saved time and therefore cost, both within the Tax Authority and in saving citizens' time. Some two thirds of the tax returns are right when issued to the citizens for checking.

  4.5  Home Office officials to date have only been able to confirm the broad range of costs involved in implementing an ID card for the UK. CSC suggest that cost estimates will become clearer once the following matters have been taken into account.

    —  The degree to which biometrics are included in the ID card solution.

    —  Prioritisation between provision of public services and prevention of crime and terrorism..

    —  Acceptance of a "Central Utility" principle for the whole card issuance and processing system.

    —  Which agencies will be providing their services through the card "Central Utility" and when.

5.  ABOUT CSC

  5.1  Established in 1959, CSC is one of the world's leading consulting and information technology services firms. With almost 90,000 employees in locations worldwide and annual revenues of £7.2 billion (28/03/03) CSC is headquartered in El Segundo, California.

  5.2  The UK division, based in Aldershot, Hampshire was founded in 1967 and has grown rapidly, both through acquisition and IT outsourcing deals, to become one of the largest divisions, accounting for around 14% of CSC's global revenue.

  5.3  Employing almost 10,000 people at more than 100 sites across the UK, CSC has annual revenues of around £1 billion and predicted to be the 3rd largest IT services companies and the second largest IT outsourcing provider in the UK this year. Its customers are drawn from all major industry and government sectors. Visit www.csc.com/uk for more information.

December 2003





 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2004
Prepared 30 July 2004