Illegal immigration

What's to stop foreigners registering multiple times? Biometrics work on a statistical level and only have a certain (low with large databases) confidence of a positive match. Combining biometrics as you suggest has non-intuitive consequences that can cause error rates to rise, and identification (looking someone up on a database) is much harder than authentication (checking out someone is who he claims he is). Basically it boils down to a system that works well at controlling honest people, but less well at controlling dishonest ones.

Finger prints are pretty unique, good DNA samples and retina scans are even better.

The whole point of biometrics is to prevent multiple identities like this.

The error rates achievable in practise are much lower than possible in theory, by many orders of magnitude. Check out the error rates for fingerprint systems for example and you'll see error rates in the order of 1 in hundred rather than in the tens of millions. The police use time consuming methods to take and match prints that can't be done with the same accuracy at the roadside - and the proposed databases will be much larger. Iris scans likewise have a phenomenal potential for uniqueness, but in practise the error rates were so bad in one recent study that they were abandoned altogether. I gather places like Schipol airport use iris scans, but I imagine their error rates are undisclosed and they are used for authentication rather than identification, and on smaller databases.

When you talk about errors do you mean error as in not finding a match or duplicate matches?

You raise a good point about large database resulting in more dups, it's like small hash used on large quantity of data and it results in collisions even though on small set of data it all looks unique and nice, but I think biometrics is more or less getting there - you can always add extra variables like facial recognition, finger-print and iris - all together it should be pretty unique.

Say standard procedure might be just scanning finger print, as long as it is not on a stop list (which is much smaller than overall database) the person can pass, and if there is a match then more detailed investigation is done.

Right now people get life jail sentences on the basis of finger prints and partial DNA analysis, I think if that's happening then it might be okay to use such techniques for passport checking

Yeah, it's a like a hash matching, but exponentially worse than a single search when you consider the whole population being matched against the whole population, i.e using as many hashes as you have table entries, multiple times.
The scale of the combinations involved isn't intuitive - even experts get it wrong. The basics are here:
http://www.cl.cam.ac.uk/~rja14/Papers/SE-13.pdf

Combining biometrics also has non-intuitive pitfalls that can make things worse. Okay, noddy example: imagine for example you have two security guards at a bank looking out for dodgy customers. Say each one on his own gets things wrong 1 time in 10. So one guard is only wrong 1 time in 10. With two guards (looking at different areas of doginess say) working together they can now identify more dodgy people than on their own, so this seems like a successful strategy, but each can also get it wrong 1 time in 10 and this adds to the amount of false rejections. So in practise the guards will be told to stop being so picky or the system becomes unusable with two guards, and also sometimes they have conflicting results, creating a different problem. Again see that chapter for a better description. It's interesting stuff - and the The birthday theorem pops it's head in there too as it does with hashing. The statistics gets hairy (not in that Chapter though) - I still can't derive all of it.

Aside from that other things to consider are people that present a false fingerprint or iris pattern, so unsupervised biometrics are pointless, and can use techniques to produce a bad scan (stuff on eyes, fingers, etc). It's all quite labour intensive and error prone in practise, but the big killer is the population size.

I don't know the details, my understanding was that data is pretty unique, however it is possible it will be found that it is not - in this case better biometric analysers will be needed, maybe higher resolution whatever, this R&D will be stimulated because there is no other way around: it certainly beats having just paper passports.

I have to say I am pretty concerned about some DNA only evidence used in court cases that made people go to jail - this should never be sufficient to jail someone, if what you say is true then surely a lot of those convictions are unsafe?

Biometrics plus local passport ID will certainly be reliable, the problem is with foreign people who can buy new passport and then it's a problem what to do if match is found - is it true match of hash collision.

If I could decide whether to put £10 bln into ID card project or high speed railways then I certainly would not think much and cancel ID card project in a second.

Yeah, ID cards are better than paper passports, but I don't think they are being used just to replace paper passports. I believe fingerprint evidence will be cast more into doubt as databases grow, and I think a fairly recently case may indicate a cause for future concern. I'd have to look up these details though, especially on DNA evidence since it's been a while since I studied it. DNA involves a more labour intensive forensic analysis though, since it takes a while to get a result and results will be better (and better supervised) than roadside ID tests.

Well, UK has got a very large DNA database already - I think well above 1 mln, this means that growth to 60 mln won't be that big increase - not sure if 6 bln samples for all humans on this planet won't generate hash collisions, but I am sure more refined methods for DNA sampling will be found if necessary - like taking blood from vein Gattaca style

DNA tests are slow to do and are not on the current ID cards though.

Re: going from 1 million to 60 million people: 1 million people can be matched against (1 million-1) other people on a database, resulting in 5 * 10^11 pairs of combinations (e.g. if 4 people are in the room, each person could match against 3 others = 6 pairs to test). This number increases exponentially. With 60 million people there are 1.8 * 10^15 pairs of combinations. Error rates achieved with biometrics in the field are no match for these kind of numbers. They work okay for authentication purposes (i.e. you ask someone his name and match it with a biometric looked up directly with a number or name). The problem comes when you have a criminal and you have to search the database for him using a fingerprint etc. Chances are you will get a hit that you think you can rely on. But do a lot of these tests and the chances are that you will get failures at a rate that casts into doubt all the other tests that had been previously trusted.

If the database holds fingerprint, iris scan and dna along with a photo then the chances of a false positive are pretty slim.
A search for a criminal may throw up more than one possible on any one of those search criteria, but is unlikely to throw up only one and that one be wrong. Good old fashioned police work should do the rest.