Biometrics traits (physical) are unique, it was proven that even twins have unique fingerprints, irises, retinas, shape of ears, but no major applications so far like the one the UK govrnt is trying to launch with ID cards and passports, so that will be a huge challenge with a number of security issues, a centralised DB with millions of templates, you can imagine!. So to sum up, to verify 1 ID among millions, let's say 60 million (K population) has not been yet tried, so until they finally enrol every single citizen in the UK (60 million +), we wouldnt' know, I think most major pilot projects experimenting with biometrics have not yet exceeded 25,000-50,000 samples. The whole market is still maturing, technology is still under R&D, and the hype does help from bad publicity about big brother watching, and spoofing of biometric devices. Biometrics can be secure if used effectively with the traditional authentication methods (PIN, tokens, smart cards...) Secondly, every biometric has weaknesses and strenghts, you've mentioned "unique" that's one of the criteria of any biometric, if they are not unique, they won't be used as an authentication method. The problem is that what are going to do with disabled people with no eyes, no fingers, no hands. Each biometric technique is measured using different rates, namely False Rejection Rate (probability that a biometrics fails to verify & reject a legitimate user), False Acceptance Rate (probability that a biometrics system accepts an imposter), Equal Error Rate (occurs at the decision threshold where the proportion of false rejections equals the proportion of false acceptances).
They come up with a solution, using Multi-biometrics, for example this UK ID they're trying to do will include, face recognition, 10 fingerprints, 2 irises and signature, all saved in one chipped card, so if one trait do not match or is not on record, there is always an option of using another one. Templates are being updated each time there is a successful verification, because there is the problem of ageing, as we get older, it gets harder to get good Acceptance/rejection Rates.
I agree, the main concern with ID cards will be forgery, and biometrics alone will not prevent forgery or fraud. In Holland, they used strong encryption, but apparently Dutch biometric passports have already been hacked!!. See it's how you implement the technology, biometrics work in certain applications, but for a huge project like ID cards of millions of people, umm... (not too sure) but there are advantages, but biometrics have to be used as a layer on top of (smartcards, encryption or passwords) I think here in the UK, if they try to store the data as an algorithmic encryption, it will make it impossible for even the most sophisticated fraudster to read or substitute.another thing, why do they need to store our individual data on both card and central database? until now, We don't understand why they need to do this, i think they are planning to extend the usage of the cards in future, which will be a major concern for the civil liberty groups. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves - thus still within the possession of the individual. So why has the UK decided to include a central database as well? We can understand that from a security point of view, central storage makes the most sense in an online world. But if you're also storing this on the cards themselves, that invalidates the security argument. Another concern is, will the project work? The LSE has raised concerns about this and the government does not have a strong track record here.
bottom line, USA is dictating, they want biometrics, UK governmt will be issueing biometrics passports and ID cards sooner of later, because USA is saying so, security is not a priority, they have an excuse, "we have to fight terrorism" ...