A cross-party group of MPs published a report on Friday that slams the government's ID card scheme for being "poorly thought through" and warns that decisions surrounding the technology to be used have been "made behind closed doors" without enough expert guidance.
The fear of terrorism seems to have pushed the government into fast-tracking the national ID card scheme; although many other countries in Europe have ID cards, in their current form, the UK's proposals are technically inferior to schemes in Estonia, Italy, Belgium, Finland, Austria, Denmark and the Netherlands.
According to the report by the Home Affairs Select Committee, the government has not adequately looked into alternative technologies that would be more appropriate for an ID card system.
"The Home Office appears to be taking these key decisions without any external reference, technical assessment or public debate. Some choices, such as the nature of the chip, seem to follow a decision to use the passport as an identity card (and therefore follow ICAO) rather than any independent assessment of what would be most appropriate for an identity card," the report said.
Steve Price-Francis, the vice-president of biometric card specialist LaserCard Systems, gave evidence at the committee hearings in April. He welcomes the damning report because it highlights a lack of "technical assessment" by the government.
"This report hits the nail on the head. There is currently a serious risk that document security and identity verification will be subsidiary issues rather than integral to the fundamental design. The programme deserves a proper technical assessment of proven technology," said Price-Francis.
If identity verification is a "subsidiary issue", there will be doubts about the validity of the card, according to Richard Starnes, president of security industry group ISSA UK.
"What is the point of having an ID card if you can't verify that the card hasn't been tampered with or forged? It bypasses the primary purpose of the scheme," said Starnes.
However, Mike Small, director of security strategy at Computer Associates, believes there is confusion over exactly why a scheme is necessary at all. Small said it is important to distinguish between knowing who a person is and restricting what they have access to. "Everyone that committed the 9/11 terrorist attacks had valid ID cards. The issue wasn't knowing who they were, but stopping them from doing things they shouldn't be doing. Knowing who someone is, is only half the problem," said Small.