Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • Replies 23 replies
  • Subscribers 24 subscribers
  • Views 443 views
  • Users 0 members are here
Options
You may also be interested in

Digital ID Cards in the UK

Adrian Hirst

It is being reported in the news this morning that the government is planning to introduce mandatory Digital ID cards, initially for a "right to work" purpose.

Forgoing the many legal and civil arguments for and against this; I wondered if people in the IET had opinions on the technical aspects.

Personally I am against what I have heard so far. There are no details on implementation yet, however with schemes like this that will usually not come until implementation long after parliamentary debate is over, so social debate cannot wait for full detail.

My main worry is that they have framed it as based around the smartphone. Saying it will be "like a bank card" (Lisa Nandy on Today). This seems (from admittedly vague and unsure descriptions from not-very-tech-savvy MPs) to be locking us into the duopoly of smartphone OSes, Apple's iOS and Google/Alphabet's Android. Neither is open source, and both are utterly controlled by businesses in the US. Obiovusly there are social concerns around forcing mandatory ID onto smartphones (it makes smartphones mandatory for one thing, despite the other worries about their effects. The same government is looking to ban them in schools!). But techincally how long will they be supported? How secure will they be? I suspect they will be very secure, but support will be expensive and tail-chasing after a while (5-10 years). Making the system web-based would be less secure, more open to abuse like DDoS attacks; but would unlink the system from operating systems. I doubt there will be any other variants, like a Linux-based way of providing your ID.

I am ok with many functions on my smartphone as they are optional, things I chose to do for convienence sake like banking and email. I am do not think this is the same. The mandatory nature should come with other support, be that physical cards for those that want to move away from these devices or businesses, or some other way to ensure that we are not destroying technical freedoms and future innovation by tying our entire society into 2 smartphone makers who already have immense influence and control, and whom the state have no sway over.

What are other people's thoughts? Any other technical issues you have concerns about (forgery, data breaches, verification)?

  • My Mother in Law in her early 80's has no internet, no smartphone, only a very basic mobile phone that she can basically make phone calls and texts on.

    Myself and my wife who fortunately do have power of attorney for her affairs, can step in and help. Mother in Law doesnt even have an email address. To be honest, dealing with banks, utility companies, local authority, ALL of them want you to interact online or via mobile app, first question when you say they dont have email etc, is Oh you can get one etc.

    You can get things done, but it is slow, and lots more security questions.

    Regarding digital ID Cards, apart from the cost and previous history of Government diasters in national IT program/database rollouts will take years. A previous poster indicated concept may be, dont worry about the elderly, they wont be here when it rolls out!

    Well what about all of us?? look at the systems, platforms, everything we all do today ourselves with our smartphones and fortunately we can manage, but what about rolling things forward 20, 30, 40 yars in the future and what the smartphones/tech will look like then and interaction with Gov, Giv departments etc etc and WE will be those 70,80,90 year olds! so the "problem" never ever goes away. All sorts of reasons why only having facility for smartphones, perhaps not the best. For me should be both.

    Everyone is issued a physical ID card with a chip etc that can be scanned and checked etc and has your photo on it, and you also have an option to get it downloaded onto your smartphone etc.

    Always the same Politicians etc look at the masses and never ever look or think about those in the 10-15% of the population that do not fit into the "Average" person category.

    Think it would be years away before introduction and cost will be huge.

    I have also just went through the Gov One ID App etc for Companies House verification. Was a bit fiddelly to be honest and eventually got there, but again its based on using a smart phone, although they say PC could be used. Scanning your face yes great.......................? but I need my glasses on to see instructions on my smartphone, but cant have glasses on when its then scanning my face? eventually got there. Using smartphone to scan the chip on my passport, that worked great, but I had an idea what I was doing and my son on standby if I got stuck.

    Believe doing that Companies House check by paper is a nightmare.

    As an engineer, of course welcome change etc, but only if change makes improvements and think Jury is out what "Improvement" a digital ID card will actually make.

    Regards Gareth

  • in reply to GTB
    GTB said:
    based on using a smart phone, although they say PC could be used. Scanning your face yes great.......................? but I need my glasses on to see instructions on my smartphone, but cant have glasses on when its then scanning my face? eventually got there.

    Not only that, but my wife can't stand moving imagery (people waving hands, fiddling with pens, anything distracting) and can't do that selfie thing of trying to align your face into the oval as she closes here eyes (again needing glasses). I have to hold the phone (shoulder surfing) to line it all up, say 'eye's open' and press the buttons. Frustrating and infuriating for all. There are far more variations that normality suggests - I'm just atypical...

    Had real hassles with the estate agent's know your customer software that needed a video AI 'real person' detection. I fear for those in the US with their remote proctoring of exams that require you to continuously look at the screen for the whole duration of the test and never look away. What are we coming to.

    "Brave New World" Aldous Huxley, but they don't read books now :-(

    [Used copies under a fiver (£5), from many e-sources Grimacing ]

  • To me one of the healthy things about this thread is that there are engineers here (and I'd be one of them) who are prepared to to admit that engineering doesn't always work. My day job is in systems assurance for safety critical systems, and I can almost guarantee that in any new project which involves software at some point an engineer will say the dreaded words "the software won't let that happen". Well, years and years of experience have taught us that software will let "that" (whatever unwanted behaviour it is) happen. Even if we throw huge amounts of time and effort and money at it - for example as we do with safety critical software - there's still a finite probability that it will fail. And that's fine, provided we plan for that. 

    Horizon was of course a very high profile and appalling case of this.

    Of course the problem is that no company tendering for a major government contract believes that it can admit that it's software has a finite probability of failure or error. And it does seem that there may be a lack of informed buying to ask searching questions as to how that risk is being managed - and to push back against any supplier who refuses to accept the risk exists.

    So the reason for this post is to pose the thought, can we do more to support the engineering community to be prepared to say "we've done the best we can, but we must make sure there are mitigations should the system fail". I've certainly - fortunately the last time was many years ago now - found myself having to push back hard against company commercial teams who wanted our engineering concerns brushed under the carpet, and certainly not aired to the end client, and it's a tough position to be in.

    And can we do more to spread the word that excellent engineering is not about assuming that our engineering will work, but it's about assuming that it won't work - because only then will we both try to make it better and also properly consider the consequences should that happen.  

    As a footnote,  it's interesting being an Independent Safety Assessor, you meet two types of clients. There are those who say "we think we've done everything we can, but it will be reassuring if you could look at the project as well in case we've missed anything". Those are the projects where you rarely find anything missed. Then there are those projects who say "here's the evidence, it's all tested and working, we need your report next week, don't be late". Those are the projects which tend to have really really scary things missed in them... 

    Thanks,

    Andy

Community Rules & Guidelines