<http://www.theregister.co.uk/2004/04/26/id_card_draft_published/print.html> The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/04/26/id_card_draft_published/ ID cards to use 'key database' of personal info By John Lettice (john.lettice@theregister.co.uk) Published Monday 26th April 2004 15:34 GMT David Blunkett today published his draft bill paving the way for a compulsory UK ID card, and reports over the weekend claimed that cabinet opposition had drawn some of the scheme's fangs, the draft suggests that it will be more extensive than expected in several key areas. According to the Sunday Times, (http://www.timesonline.co.uk/article/0,,2087-1086784,00.html) Foreign Secretary Jack Straw has secured agreement that it will never be mandatory to carry a card, that a Commons vote will be required before police can require a card's production, and that it will not be necessary to produce a card in order to obtain hospital treatment or welfare benefits. Speaking this morning however Blunkett disputed this, pointing to sections 15-18 of the draft as giving the necessary clearances. This section indeed makes provision for public services to hinge on ID cards, but specifically rules out the compulsion to carry it at all times or produce it for police. How long this will last is perhaps another matter. Blunkett is however pitching the scheme far more widely than simply as an entitlement, immigration, crime or terror control mechanism. Rather, it is intended as the cornerstone of identity and identity-management in the UK. The draft bill covers the setting up of a national identity register, which is described as "the key database of personal information which the biometric cards would link to," and envisages the creation of "a 'family' of ID cards, based on designated existing and new documents." This suggests far broader purposes than simply identifying individuals, and the Home Office announcement makes no bones about this: "ID cards will help tackle the type of serious and organised crime which depends on being able to use false identities - terrorism, drug trafficking, money laundering, fraud through ID theft, and illegal working and immigration. They will also enable people to access services more easily, and prevent access to those with no entitlement. And crucially, the cards will help people live their everyday lives more easily, giving them a watertight proof of identity for use in daily transactions and travel." The extent of the ID card's utility in dealing with false identity is at the very least somewhat slighter than Blunkett would have us believe, and its usefulness in dealing with ID fraud in commercial areas is dependent on whether or not it is used as strong ID there, and on the necessary equipment to validate the ID being present. An ID card with your fingerprints on it, for example, is of no protection to you in cases of 'cardholder not present' fraud (and it certainly useless in the Internet), and doesn't stop someone intercepting your mail and signing up for credit cards in your name. If we were just talking about a piece of government ID issued for government purposes only, then that would be OK - but here we're talking about "watertight proof of identity for use in daily transactions and travel." So we're not - Blunkett is really talking about something that will need substantially more networked checking points than something that was just 'son of passport', and about a lot more data, accessed by a lot more different government and non-government organisations, held centrally. And if it leads to more data on the card itself that can be used without further and/or biometric validation, then the cards themselves will tend to become more worth stealing. This is surely recklessly ambitious. More so because Blunkett still shows little sign of having a sound grasp of the actual capabilities of ID systems. This morning, for example, he told Today that ID cards "couldn't solve Madrid [the bombings] because nobody has biotechnology today." In the cases of both 9/11 and Madrid the attackers appear to have had valid ID, so biometric valid ID is neither here nor there, but despite having had this put to him by numerous interviewers Blunkett seems unable to stop presenting biometrics as some kind of magic. He went on to explain the situation of countries who didn't have biometric ID: "Those without biometrics will be known as the easiest touch. That's why we need to be ahead." The logic of this situation, that those countries where it is easier to obtain ID can be used by terrorists to establish valid ID which can then be used to visit and bomb the UK, seems to elude him. The Home Office does have schemes for biometric ID for non-UK passport holders in the UK, and is already fingeprinting asylum seekers and some visa applicants, but the scheme as announced today actually rules out biometrics for visitors who are staying less than three months. Which would seem to suggest that terrorists on an awayday are entirely immune to the #3.1 billion biometric checking regime. The roadmap as presented by Blunkett yesterday is as follows. Following the publication of the draft there will be "further consultation including opening up technical issues and inviting a development partner from the private sector", then a full bill will be introduced in the autumn session. Biometric passports will appear within three years, and "as we're putting this on a clean database this will not be forgeable." Foreign nationals will be brought into the scheme "as quickly as possible" and "we're hoping people will want voluntarily to renew their passport early" (not at those prices mate, so we can expect some special incentive discounts on the #73 for a passport), "so within seven years we will start to move to the position where people across the population have got an ID card." The Home Office itself today published a target of 80 per cent of the economically active population by 2013. Privacy International described the scheme as "draconian and dangerous," pointing out that the draft gave the Home Secretary wide powers to disclose identity-related information to a range of authorities, including police, Inland Revenue and Customs & Excise, can order a person to register for an ID card, and can even have them registered against their will if the necessary data is already known. A range of new offences including failure to notify of a damaged or defective card, and failure to report a change of address, is also introduced. The home Secretary (i.e. Blunkett) "has the power to make Orders to change almost every element of the proposed system." It is, says Privacy International director Simon Davies, "a disgrace to democracy." Related links: Draft bill and consultation (http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf) Privacy International release (http://www.privacyinternational.org/issues/idcard/uk/pi-id-card-4-04.html) UK public wants ID cards, and thinks we'll screw up the IT (http://www.theregister.co.uk/2004/04/22/id_cards/) Fingerprints as ID - good, bad, ugly? (http://www.theregister.co.uk/2004/04/19/biometrics/) ID cards: a guide for technically-challenged PMs (http://www.theregister.co.uk/2004/04/05/uk_id_cards/) -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'