« "loans for peerages" scandal, non-publication of RIPA Commissioners' Annual Reports and the "Wilson Doctrine" | Main | Digital Switchover (Disclosure of Information) Bill = Social Security database rape ? »

Strategic Action Plan for the National Identity Scheme - what a disappointment !

As suspected, the NuLabour Government has chosen to publish the promised Identity Register scheme Strategic Action Plan, just hours before the Christmas recess, thereby hoping that Members of Parliament will not notice it.

Strategic Action Plan for the National Identity Scheme (32 pages .pdf)

This is apparently, the "sensible plan" which was promised by the Arthur Andersen Android James Hall, now in charge of the Identity and Passport Service, in his web chat on the Number 10 Downing Street website on the 14th November 2006.


This is still not a properly detailed business plan of what the scheme is actually meant to achieve in detail, nor is it a detailed specification suitable for putting out to commercial tender.

Where does one begin with this still far too vague and handwaving a document ?

How about the Identity Cards Act 2006 Section 27 Unauthorised disclosure of information

5) A person guilty of an offence under this section shall be liable, on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or to both

However, on Page 14:

Making sure only authorised people and organisations can use NIR information

41. Security-cleared IPS staff will be responsible for the running of the NIR and the authorised provision of information from it. It will be a criminal offence to tamper with the NIR, with a maximum penalty of 10 years’ imprisonment for an unauthorised disclosure of information. We will enforce these powers.

Have they not actually bothered to read the text of the Identity Cards Act ?

The 10 years imprisonment maximum penalty is under Section 29 Tampering with the Register etc.

This is so badly written, that it criminalises any Civil Servants or private sector IT consultants or sub-contractors, or anyone working for any of the 40,000 or so accredited organisations, if through no fault of their own, e.g.due to software or hardware error, they take any action or any inaction by omission,

where it makes it more difficult or impossible for such information to be retrieved in a legible form from a computer on which it is stored by the Secretary of State, or contributes to making that more difficult or impossible.

That includes otherwise legal working to rule or industrial strike action

Since these are criminal penalties, which claim worldwide scope, encompassing both UK and non-UK citizens, both in the UK and overseas, they cannot be "risk managed" by small print in commercial contracts or Software End User License Agreements etc.

This appalling Section 29 which was never debated in Parliament, due to the Government guillotines in Committee and during every other stage of the passage of the identity Cards Act, was, presumably intended as some sort of vague sanction against Denial of Service attacks, but this is irrelevant now that the Police an Justice Act has amended the Computer Misuse Act 1990, to attempt to deal with Denial of Service, again with a 10 year prison sentence.

The possible effect of this wording on Trades Union disputes etc. , was admitted by the Home Office Minister Baroness Scotland, during the Lords Report stage of the previous Identity Cards Bill 2005, but no changes to the wording of this section were made subsequently !

More on this dubious Strategic Action Plan in future blog postings.


Does this now mean that they are going to repeal the act in its entirety and attempt to bring in a new bill, or are they going to try and amend the 2006 act with statutory instruments?

@ Jake -since it is "enabling legislation", they will certainly bring in secondary legislation.

Given this Government's previous form, they will seek to submerge and hide controversial bits of it within a mass of relatively uncontentious rules and regulations, probably running to dozens of pages of Statutory Instrument i.e. as complicated as another full Act of Parliament.

At best Parliament will get to vote on these, on a take the whole package or reject it all basis, without any chance of amendments, thereby reducing the chances of rebellions by Labour backbench MPs.

They will no doubt also try the trick of Statutory Instruments via Orders in Council, i.e. rubber stamped by the Privy Council, with no Parliamentary debate whatsoever, just as with the recent triple red tape
Treasury United Nations Measures Orders to freeze financial assets and to snoop on any financial transaction.

Perhaps we are being too cynical, and what they really mean is that, taking on board the Information Commissioner's call for the raising of the maximum penalty under the Data Protection Act from a fine to 2 years in prison, for abuse of private data, they will instead change the law to make the penalty up to 10 years in prison, for any corrupt bureaucrats or information brokers or private detectives or credit rating agencies or tabloid newspapers or paparazzi or other snoopers.


More likely is that this is just another glaring error, which, given the tens of millions of pounds spent on consultancy fees so far, is utterly scandalous.

Post a comment