Robin Wilton's esoterica

Now there's a post title I never imagined I'd write...

Minding my own business in Second Life earlier, and I heard a huge commotion behind me. Turned round to see about 8 daleks doing what they do... yelling "exterminate! exterminate!" and blazing away (at each other, as it happens) with those egg-beater things. Not the loo plunger, the other one. Disregard this gibberish, obviously, if you didn't spend formative periods of your childhood cowering behind the sofa during Dr Who... .

I understand they are the creation of Fenrir Reitveld/ MechMind - and very good they are too. 

If you're ready for a mind-bending bit of real-life/Second Life crossover, have a look at this blog post. Look closely at the photo... it took me a while to make sense of everything that's going on there - but basically, there's someone in a lecture theatre at Harvard Law School, attending a lecture which is also being broadcast in Second Life, and the physical attendee is also logged in to Second Life and is sitting in the virtual lecture too. Accompanied, naturally, by a dalek.

Actually, having just had a great time speaking at an event in Rotterdam (Identity 2007, organised by the Institute for International Research), maybe I shouldn't be endorsing that last part... it would be quite unnerving to gaze out into the audience and find oneself staring a dalek in the eye-bulb. (Not the plunger or the egg-beater... the other one...)

The UK parliament's Public Accounts Committee has just published a report into its examination of the fee structure for e-passports and ID cards. You can find the full report (46 pages, pretty readable) here if you are, as they say, minded to do so.

They ask whether there isn't greater scope for reducing the cost to the citizen, given that the two credentials will contain largely the same personal information. It's a good question... but it raises another: why has it taken MPs until now to raise it in a substantive form... long after the primary legislation has gone through for both e-passports and ID cards, and precisely these concerns were raised in detail by (for instance) the original report into ID Card proposals by the London School of Economics. If you've been following this blog for a while, you'll doubtless remember the unnecessarily unpleasant tactics of the then Home Secretary, Charles Clarke, as he steamrollered the legislation through while launching shameless personal attacks on the report's authors. Here are a couple of the posts from back then:

- One on Andy Burnham's attempts to attack the author rather than the argument;

- One on Charles Clarke's refusal to publish the costings which were the basis of a KPMG report on the scheme... and so on.

This current Public Accounts Committee report raises many of the same concerns; why are the costings for the ID cards and e-passport schemes so interwoven? Why, despite that, does the over-all programme not seem to deliver the economies of scale and efficiencies of process which the PAC feel could be achieved? These are very valid questions... but for all that, the policy has already been set.

There are a couple of other interesting points in there:

First, the PAC notes (as has been pointed out on the Register and elsewhere) that the chips in the e-passports are only warrantied for a 2-year lifespan (whereas a passport lasts for 10 years). The question of who pays to replace passports with failed chips is therefore a very significant one, but one to which the PAC can't find an answer. I wonder if the original cost estimates took that point into account.

Second, the PAC report notes that although a substantial part of the cost goes to fraud prevention mechanisms, there is no supporting research evidence to indicate the cost-effectiveness of these measures. What's really worrying is that they're not just talking about the technology - though they do specifically mention the facial biometrics which will be incorporate in the credentials. They are also referring to the process-oriented parts of the system, such as the biographical checks and the interviews which form the very beginning of the 'chain of trust' on which the credentials and authentications crucially depend.

For the policy to have reached this stage without such metrics in place is extremely revealing.