ID cards to use 'key database' of personal info

Tue Apr 27 14:26:54 PDT 2004

<http://www.theregister.co.uk/2004/04/26/id_card_draft_published/print.html>

The Register

 Biting the hand that feeds IT

 The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL: http://www.theregister.co.uk/2004/04/26/id_card_draft_published/

ID cards to use 'key database' of personal info
By John Lettice (john.lettice at theregister.co.uk)
Published Monday 26th April 2004 15:34 GMT

David Blunkett today published his draft bill paving the way for a
compulsory UK ID card, and reports over the weekend claimed that cabinet
opposition had drawn some of the scheme's fangs, the draft suggests that it
will be more extensive than expected in several key areas.

According to the Sunday Times,
(http://www.timesonline.co.uk/article/0,,2087-1086784,00.html) Foreign
Secretary Jack Straw has secured agreement that it will never be mandatory
to carry a card, that a Commons vote will be required before police can
require a card's production, and that it will not be necessary to produce a
card in order to obtain hospital treatment or welfare benefits. Speaking
this morning however Blunkett disputed this, pointing to sections 15-18 of
the draft as giving the necessary clearances. This section indeed makes
provision for public services to hinge on ID cards, but specifically rules
out the compulsion to carry it at all times or produce it for police. How
long this will last is perhaps another matter.

Blunkett is however pitching the scheme far more widely than simply as an
entitlement, immigration, crime or terror control mechanism. Rather, it is
intended as the cornerstone of identity and identity-management in the UK.
The draft bill covers the setting up of a national identity register, which
is described as "the key database of personal information which the
biometric cards would link to," and envisages the creation of "a 'family'
of ID cards, based on designated existing and new documents."

This suggests far broader purposes than simply identifying individuals, and
the Home Office announcement makes no bones about this: "ID cards will help
tackle the type of serious and organised crime which depends on being able
to use false identities - terrorism, drug trafficking, money laundering,
fraud through ID theft, and illegal working and immigration. They will also
enable people to access services more easily, and prevent access to those
with no entitlement. And crucially, the cards will help people live their
everyday lives more easily, giving them a watertight proof of identity for
use in daily transactions and travel."

The extent of the ID card's utility in dealing with false identity is at
the very least somewhat slighter than Blunkett would have us believe, and
its usefulness in dealing with ID fraud in commercial areas is dependent on
whether or not it is used as strong ID there, and on the necessary
equipment to validate the ID being present. An ID card with your
fingerprints on it, for example, is of no protection to you in cases of
'cardholder not present' fraud (and it certainly useless in the Internet),
and doesn't stop someone intercepting your mail and signing up for credit
cards in your name. If we were just talking about a piece of government ID
issued for government purposes only, then that would be OK - but here we're
talking about "watertight proof of identity for use in daily transactions
and travel." So we're not - Blunkett is really talking about something that
will need substantially more networked checking points than something that
was just 'son of passport', and about a lot more data, accessed by a lot
more different government and non-government organisations, held centrally.
And if it leads to more data on the card itself that can be used without
further and/or biometric validation, then the cards themselves will tend to
become more worth stealing.

This is surely recklessly ambitious. More so because Blunkett still shows
little sign of having a sound grasp of the actual capabilities of ID
systems. This morning, for example, he told Today that ID cards "couldn't
solve Madrid [the bombings] because nobody has biotechnology today." In the
cases of both 9/11 and Madrid the attackers appear to have had valid ID, so
biometric valid ID is neither here nor there, but despite having had this
put to him by numerous interviewers Blunkett seems unable to stop
presenting biometrics as some kind of magic. He went on to explain the
situation of countries who didn't have biometric ID: "Those without
biometrics will be known as the easiest touch. That's why we need to be
ahead."

The logic of this situation, that those countries where it is easier to
obtain ID can be used by terrorists to establish valid ID which can then be
used to visit and bomb the UK, seems to elude him. The Home Office does
have schemes for biometric ID for non-UK passport holders in the UK, and is
already fingeprinting asylum seekers and some visa applicants, but the
scheme as announced today actually rules out biometrics for visitors who
are staying less than three months. Which would seem to suggest that
terrorists on an awayday are entirely immune to the #3.1 billion biometric
checking regime.

The roadmap as presented by Blunkett yesterday is as follows. Following the
publication of the draft there will be "further consultation including
opening up technical issues and inviting a development partner from the
private sector", then a full bill will be introduced in the autumn session.
Biometric passports will appear within three years, and "as we're putting
this on a clean database this will not be forgeable." Foreign nationals
will be brought into the scheme "as quickly as possible" and "we're hoping
people will want voluntarily to renew their passport early" (not at those
prices mate, so we can expect some special incentive discounts on the #73
for a passport), "so within seven years we will start to move to the
position where people across the population have got an ID card." The Home
Office itself today published a target of 80 per cent of the economically
active population by 2013.

Privacy International described the scheme as "draconian and dangerous,"
pointing out that the draft gave the Home Secretary wide powers to disclose
identity-related information to a range of authorities, including police,
Inland Revenue and Customs & Excise, can order a person to register for an
ID card, and can even have them registered against their will if the
necessary data is already known. A range of new offences including failure
to notify of a damaged or defective card, and failure to report a change of
address, is also introduced. The home Secretary (i.e. Blunkett) "has the
power to make Orders to change almost every element of the proposed
system." It is, says Privacy International director Simon Davies, "a
disgrace to democracy."