India has taken a step towards provision of biometric ID Cards for all citizens.
According to The Hindu, a group of Indian ministers has approved the establishment of a Unique Identity Authority to oversee the Unique Identity Project, which seeks to provide a Unique Identity Number (UID) to all citizens.
The idea is this UID number will provide a "unique identifier" from birth to death for every Indian citizen by 2010, and will eventually be linked to photo and biometric details.
The Hindu mentioned the supposed benefits of this sort of scheme -- no need for multiple forms of ID, oh happy citizen, this will make your life much easier (and more of the usual rubbish governments spout to justify such schemes) -- without looking at the downsides.
When I read about the Indian UID scheme, it made me groan inwardly, for two reasons.
Firstly, using publically available information as a unique identifier is a recipe for fraud. No matter how hard you try to keep your number secret, it will leak, or be made available through data loss. Just ask the tens of thousands of US citizens who have had their social security numbers co-opted for fraudulent use. According to a US DHS document from last October, "identity theft is one of the fastest growing crimes in America."
"A dishonest person who has your Social Security number can use it to get other personal information about you," said the document. "Identity thieves can use your number and your good credit to apply for more credit in your name." etc, etc, etc.
It's actually far more secure to use federated identity schemes, and for privacy's sake to follow data minimisation principles.
The second reason this news made me groan is because of the plans to link this information to biometrics, and store all of the details in a centralised database. There is just no way to make this information secure -- the 'gold standard' for identity quickly becomes the most desired information for identity thieves. However, the main threat comes from simple incompetence -- look at the number of data leaks that have rocked the UK government in the last year. I believe many people are reasonably honest and try to do a good job, but -- stop the presses -- people are human, and make mistakes.
I have many more issues with centralised databases for ID Cards -- who will access that data, how will it be shared and combined with other data about the citizen -- across Europe, the world? How will the data be used in the future -- will it become illegal to hold certain viewpionts, or belong to a particular religion, for example, and will people be singled out because of this? -- the list just goes on and on.