The A to Z of ID cards
Updated: All you need to know about the most controversial IT project around
With the first ID cards issued in 2008 the government is determined to push ahead with the rollout of the controversial cards to the UK public.
The project is moving on apace, with foreign nationals issued with ID cards in November 2008 and cards due to be made compulsory for some airport workers in late 2009 - along with being made available to UK volunteers living in trial areas - ahead of their introduction for wider UK public from 2011.
But big questions remain about the benefits of the cards and the technology behind the project - never used on such a scale before - in what is one of the largest IT projects ever seen in the UK.
silicon.com has been tracking the development of the ID card project since the beginning and over the following pages we'll take you through the very latest on the project from A to Z.
How much will the cards cost? What if you don't want one? How popular are the cards proving to be? Will they really make the UK more secure?
We'll tell you everything you wanted to know about the scheme... but were afraid to ask.
Click on the links in the box to start your journey through the A to Z of ID cards...
A is for Act
The Identity Card Act received Royal Assent from the Queen on 30 March 2006. The bill had a rocky passage through the House of Commons and faced fierce opposition in the House of Lords.
In addition to the 2006 Act, secondary legislation was proposed in 2008 around procedures for issuing ID cards, including who will be eligible to receive one and how the data on the National Identity Register - the database housing ID information - will be maintained. This legislation will be put before Parliament in spring 2009.
This secondary legislation needs to be passed before the government can go ahead with plans to demand that airside workers and pilots begin using the cards from Autumn 2009.
The Identity and Passport Service (IPS), is in charge of managing the ID cards scheme.
B is for Biometrics
The ID cards project will use biometrics - unique physical characteristics - to identify card holders.
The ID cards will electronically store two fingerprints and a photograph on a built-in microchip, while the National Identity Register (NIR) will store all 10 fingerprints and a facial scan.
These details will be recorded when a person applies for a card. The original plan was to use 13 biometrics: 10 fingerprints, both irises and the face.
Government agencies and businesses can then confirm someone's identity by checking these biometrics, which the government argues will make identity fraud much harder.
Anyone trying to make a major financial transaction, for example, could have their biometric data on the card checked against the NIR. If they were not the registered cardholder this check would fail, the government claims.
However, trials of biometrics have shown that the technology is not without its problems.
It is harder to record the fingerprints of certain groups such as the elderly - and not everyone can provide them all.
As of February 2009 fingerprints and facial scans for foreign nationals were being captured at seven UK Border Agency centres, Armagh, Birmingham, Cardiff, Croydon, Glasgow, Liverpool and Sheffield.
C is for Compulsory
There are currently no plans by government for it to be compulsory for the wider general public to carry an ID card.
But avoiding getting a card or having your fingerprints and photograph stored in the National Identity Register may prove increasingly difficult as the Identity Act 2006 has left the government free to effectively turn driving licences and passports into ID cards.
This would mean that anyone applying for a passport or driving licence would have their biometric and personal information logged on the NIR.
D is for Data privacy worries
The UK's data protection watchdog has said there is no justification for storing so much personal and biometric information in the National Identity Register.
In 2005 outgoing information commissioner Richard Thomas said the extent of the information proposed to be retained in the NIR amounted to unwarranted and intrusive.
And he has warned that the ID card data could easily be linked with other initiatives such as CCTV surveillance using automatic facial recognition and the use of automatic number plate recognition systems recording vehicle movements.
He said: "Each development puts in place another component in the infrastructure of a 'surveillance society'."
There are also concerns over who would be able to access the data in the database - although there is a minimum two-year sentence for unauthorised disclosure of information from the database.
E is for Enrolment
The government hopes to help cut the projected cost of the ID cards scheme for UK citizens from £5.6bn to £4.7bn by outsourcing the collecting of biometric details to high street businesses.
The move has prompted concern from banks and security experts who said it would be almost impossible to lock the biometrics to biographical details in a secure manner if those details were recorded in a high street business.
It also means the public will face an additional cost to register their biometric details in addition to the £30 cost of the card.
F is for Foreign nationals
Foreign nationals coming to the UK were the first group to receive ID cards, with the first cards issued in November 2008.
By the end of April 2009 50,000 foreign nationals are due to have been issued with ID cards under a £319m scheme being run separately to the project for UK citizens.
Foreign students and people on a marriage visa must have a card and the government is proposing that a further four categories of foreign nationals are made to enrol for the cards.
The card is pink and blue with the royal crest on the front and will hold eight pieces of information including two fingerprints and a scan of a facial photo that will be stored on the chip.
It is printed with details of a person's name, date and place of birth, sex, nationality, a card expiry date, place and date of issue, type of permit and remarks.
G is for Government IT
Critics of the project are concerned that such an ambitious project as ID cards is unlikely to succeed, considering the poor track record the public sector has when it comes to large technology programmes.
The public's trust in the government's ability to look after our information has also slumped, following the loss of 25 million records by HM Revenue and Customs in 2007 and the spate of data loss revelations that followed.
The Identity and Passport Service (IPS) insists lessons will be learned from past IT projects but the project has already seen the shortlist of companies bidding to run the scheme dwindle to just five.
Privacy campaigners have argued the fact that there are just five suppliers left to deliver five parts of the contract means the government has little choice when picking a company to deliver the ID cards scheme.
In 2008 CSC, EDS, Fujitsu, IBM and Thales were shortlisted to bid to produce the cards, ePassports and design and run the National Identity Register - the database that will hold the individual's personal and biometric data.
In April 2009 the Home Office announced that IBM had won a £265m contract to build and run the UK Border Agency database of fingerprints and facial images taken for passports and visa applications, called the National Biometric Information Service (NBIS). The NBIS database will feed into the National Identity Register.
At the same time systems integrator CSC also won a £385m contract to upgrade the IPS application-and-enrolment systems. This will include putting in place different processing systems, and the means for people to apply for biometric passports online.
The IPS is in the process of whittling down the shortlisted companies to run the contracts, and all contracts are expected to be awarded during 2009.
The Conservative Party says it will drop the project if it is elected and Tories claim that the shrinking number of bidders for the contract reflected a lack of confidence by the private sector that ID cards have a future.
IPS says that building on the existing passport systems will help reduce risks, as will a phased approach to linking services to the scheme and developing the cards themselves.
H is for Home Office
The Home Office is the government department charged with making a success of the identity card project, even though some critics have suggested the job should be handed over to the Treasury. The Identity and Passport Service is the executive agency of the Home Office which will develop the project.
I is for Identity and Passport Service
The Identity and Passport Service (IPS) was created to bring together the Home Office ID cards programme and the UK Passport Service to issue passports and ID cards.
The agency is spending £280m setting up the ID cards scheme and £4.5bn running the scheme and providing both ID cards and ePassports to the public until 2018.
J is for Jury
silicon.com's very own CIO Jury came out against the technology behind the ID card plans, predicting it will become a "fee-fest" for suppliers.
Members of the CIO Jury warned it would be overly complex and over budget, and the potential failure rates of the biometric technology were a cause for concern.
Of the 12-strong jury, 10 said they had concerns about the robustness of the technology for use on that scale and the ability of the government to execute the scheme successfully.
K is for Kids
The NIR will only contain details of adults aged 16 and over but a national child population database called ContactPoint was launched in January 2009.
ContactPoint holds names, addresses and other personal details of every child in England up to their 18th birthday.
The database is aimed at protecting vulnerable children and the government says it will make it easy for authorities to find out who is working with a young person to deliver co-ordinated support.
L is for Legal battle
In February 2009 the government lost a four-year-long battle to block the publication of internal reviews of the ID cards project.
The two Gateway reviews, completed in 2003 and 2004, by the Office of Government Commerce (OGC) into the likely success of the ID cards scheme, were published on 20 March 2009.
The 2003 report warned of several risks of the scheme, including the perceived benefits of the project "not [being] on a scale to justify the costs" as well as the "erosion of public support for the scheme".
As part of this, the police said that proceeding with the project without any obligation for citizens to carry or produce the cards "would substantially remove the administrative savings and some of the other advantages that identity cards would offer".
Technology also featured on the OGC's list of concerns: the review described "unexpected data problems" as "an ever-present danger" and warned that poor systems architecture could lead to higher costs.
The publication of the reports was ordered by the Information Tribunal, which rejected the government's argument that they must remain confidential to protect future Gateway reviews.
The tribunal's decision came after anti-ID card campaign group No2ID member, Mark Dziecielewski, won the right to have the reviews published after his Freedom of Information request to see the reports was upheld by the information commissioner in 2006.
The commissioner's decision was supported by the Information Tribunal in 2007 following an appeal by the Office of Government Commerce. The OGC subsequently appealed the tribunal's verdict in the High Court, which in 2008 overturned the tribunal's decision to publish the reviews.
M is for Money
The Identity and Passport Service currently estimates that the passport/ID card package will cost around £93. A 10-year standalone ID card will be fixed at around £30 until 2011.
As well as the cost of the card, anyone getting one will have to pay to enrol their details on the high street.
But according to calculations by the London School of Economics the government has seriously underestimated the cost of the project.
It says the whole ID card scheme will cost up to £19.2bn over 10 years, compared to the government's estimate of £4.7bn.
N is for National Identity Register
The National Identity Register (NIR) is the heart of the ID card project. This database will hold personal identity information and biometric data for everyone who has enrolled in the scheme.
The government says that only a selection of civil servants will have direct access to the NIR.
The NIR will be classified as part of the nation's Critical National Infrastructure and protected with high security - but the scale of the database has led to concerns about the viability of the project.
O is for Opposition
Despite government research showing 55 per cent still support the idea of ID cards, opposition to the scheme continues to mount.
Pilots and unions for airside worker - the two critical groups that will be forced to carry the cards from Autumn 2009 have criticised the scheme.
Both the Conservatives and Liberal Democrats say they would scrap the scheme and the Scottish government has said it "beggars belief that the UK government is pressing ahead with its costly National Identity Scheme" in the middle of a recession.
Home Secretary Jacqui Smith insists the scheme is still popular, saying people have been asking her 'When can I get an ID card?'.
P is for Passports
ePassports, were rolled out in the UK in 2006 and were the first implementation of biometric security technology in the UK.
More than 12.5 million of the first generation biometric ePassports have been issued in the last two years.
The first generation passports contain microchips containing personal information and a digital scan of a person's photograph.
Second-generation ePassports, due to be introduced in the UK in 2011/12, will be fitted with a RFID chip containing fingerprint scans and personal details, which will feature security measures to guard the data against cloning or tampering.
Q is for Questions
The London School of Economics (LSE) has been one of the fiercest critics of the ID cards project. In 2006 it called for the project to be taken away from the Home Office and given to the Treasury.
At the time professor Ian Angell, head of the LSE's department of information systems, said: "We don't know what to believe anymore. Contradictions, guesswork and wishful thinking on the part of the Home Office make a mockery of any pretence that this scheme is based on serious reasoning."
In 2008, in response to consultation on ID cards secondary legislation, the LSE claimed that the £30 cost of a card was too high and would stop people from getting a card. It added business needed more guidance on how much it would cost to use the cards to verify identity, warning the lack of information would "severely hamper the take-up of the card by private companies".
It said that the government also needed to further clarify what data from the National Identity Register would be accessible to outside bodies.
R is for Roll out
The rolling out of ID cards to British citizens starts with workers at London City and Manchester Airport in Autumn 2009, where new workers will be forced to get a card. Cards will be introduced for other groups of "critical workers" at a later stage.
Several cities around the UK are in the running to be possible testers of the scheme, with Manchester rumoured to be one of the cities under consideration as a trial site.
From late 2009/early 2010 students will be able to apply for a card before the cards are made available to the wider UK public from 2011.
S is for Selling the cards
Since the cards are not compulsory the government hopes to instead stimulate take-up by allowing the cards to be used for everything from claiming benefits, to opening bank accounts.
But it is looking increasingly doubtful whether the cards could find a wider use, with UK payments association Apacs claiming the security features that would have made the cards useful for checking identity in large money transfers and online transactions have been stripped from the scheme.
To counter some of these criticisms over the usefulness of the card chief executive of the Identity and Passport Service James Hall recently suggested that chip and PIN functionality could be added to the cards.
The current form of providing someone's identity is to check the individual against a document - such as a utility bill.
But the IPS argues that there are a number of problems with this: utility bills can easily be altered or forged, and criminals can steal documents and use them to assume other identities. ID cards will provide a much stronger form of identity authentication, the government insists.
T is for Traceability
The National Identity Registration Number (Nirno) will no longer be written on the card or stored on the microchip following concerns that a person's day-to-day behaviour would be able to be tracked every time the card was read.
Pressure group Privacy International welcomed the removal of the Nirno, following fears it could be cross-referenced across multiple transactions - such as proof of age purchases or opening a bank account.
But it criticised the government for not deciding to remove the Nirno until 2008, five years after it first raised its concerns.
U is for U-turn
The ID cards scheme has been notable for the amount of backtracking and 180-degree turns by ministers on early ID card pledges.
Former Home Secretary Charles Clarke had said it would become compulsory to have a card if Labour won the next general election, while ministers now say the cards will never be compulsory for the majority of UK citizens.
Cards were originally planned to be issued to everyone who applied for a passport from 2010 but the government now says that people can choose whether to receive a card with their passport.
Iris scans were initially touted as a biometric that would be stored on the card but were later rejected by the government in a bid to reduce costs - a decision that has led an academic who reviewed the scheme to claim that fingerprint biometrics will "drown in false matches".
V is for Verification
In February 2009 it was revealed there was no way of reading ID cards, despite tens of thousands of cards being made available to foreign nationals since November 2008.
silicon.com revealed the fact that no police stations, border entry points or job centres have readers that can access the card's biometric chip.
The cards themselves carry biographical data, as well as facial and fingerprint scans. While some details about the holder, as well as their photo is printed on the face of the card, the cardholder's fingerprints can only be accessed by reading the chip.
The IPS recently confirmed that no readers are likely to be in place in the UK until next year, when they are introduced at UK borders.
The IPS claims there are a number of unique features that help detect forgeries, such as an engraved pattern on the back and a distinctive sound when flicked.
The identity verification service will provide a way for accredited organisations to check an individual's identity. It could be used by groups such as government agencies, banks and rental companies - any organisation that wants to check you are who you claim to be.
Organisations will be able to choose the verification method most suitable for the transaction. For higher level transactions companies will be able to check biometrics or other information by phone or online.
All organisations that want to use the identity verification service will need to be accredited and they will need the cardholder's consent before they use the service to check the cardholder's identity. There will be a charge for organisations that want to use the service - and there will also be the additional cost of installing ID card readers.
W is for Why now?
The government argues that the time is right to introduce the National Identity Scheme for a number of reasons.
It claims that it's building on the back of recent advances in biometric technology that mean it is possible to build a "truly effective and secure scheme".
It points to similar schemes around the world to show that biometrics have come of age, citing the US-Visit fingerprint checks used by US immigration at major ports, and moves across the EU to incorporate both fingerprint and facial biometrics in passports.
X is for Xenophobia
There are an estimated 430,000 illegal migrants living in the UK, and the scheme will enable employers to check the immigration status of job applicants and any visa restrictions that mean they cannot legally work in the UK. But civil liberties groups and opposition politicians have criticised the focus on immigration, warning it could fuel domestic tensions.
Privacy campaigners also claim that the government has forced the cards on foreign nationals to get the cards because they are a "soft target" and less able to defend themselves.
Y is for Yield
The Home Office says police will not be able to stop people and demand to see their ID card.
But civil rights groups No2ID and Liberty claim that clauses in the draft Borders, Immigration and Citizenship Bill, which is currently being considered by Parliament, will give officials powers to demand to inspect ID cards of most British citizens.
They say the clauses would allow state officials to demand that anybody who has entered the UK, at any time, to produce their card to prove their identity. They claim this could mean that any UK citizens who go on holiday could then be forced to produce their ID cards once they were back in the UK.
The Home Office says the clauses are simply an attempt to maintain effective immigration control by asking everyone entering the country to produce a valid identification document, adding it would not result in British citizens having to carry the cards at all times.
Z is for Zeitgeist
The prevailing mood in the UK is one of increasing caution about the threat of creeping surveillance.
The House of Lords Constitution Committee said the UK had become one of the most spied on countries in the world, with more than four million CCTV cameras and the genetic details of seven per cent of the population stored in the National DNA Database.
It suggested a raft of reforms to deal with concerns about local councils snooping on people's communications to tackle minor misdemeanours such as littering and the growth of national electronic databases.
In 2008 information commissioner Richard Thomas expressed similar fears, warning that plans by the government to create a database of all UK communications risked seeing the UK "sleepwalking into a surveillance society".
silicon.com's Steve Ranger contributed to this report