Spy Blog - SpyBlog.org.uk

It is only right, of course, that the politics of personal information should be subject to intense scrutiny and robust argument.

This is not a debate confined to government alone, but one which now affects almost every aspect of our daily lives as citizens and consumers.

This Labour Government tries to ignore all the opposition and criticism of their pet scheme.

We all need to be able to prove who we are - quickly, easily and securely.

That is not true for most situations in modern life. We may have to prove our rights or entitlements to goods or services, but that does not mean that we always have to betray our personal details to untrustworthy strangers, bureaucrats or criminals, through the ~one size does not fit all~ centralised biometric database scheme which the Government is wasting our money on.

And it will provide us with the reassurance we need that others who occupy positions of trust in our society are who they say they are as well.

How exactly do you encode "trustworthiness" into a plastic ID Card or a centralised national database ?

That concern should make us question closely those who are charged with managing our personal information on our behalf.

And it should make us think carefully about the responsibilities they have to live up to.

Some claim that recent cases highlight the difficulty of entrusting sensitive information to anyone, let alone the state.

I will argue today that it is precisely because of public's interest in secure identity that we need more effective mechanisms for protecting identity and safeguarding personal information.

The National Identity Scheme will help deliver this.

Neither the HMRC Child Benefit Award database scandal, nor the Ministry of Defence recruitment laptop disaster would have been prevented, or ameliorated by the National Identity Scheme.

Neither of these scandals has yet been fully investigated, and no heads have rolled, except for one senior civil servant at HMRC who was immediately employed by another Government Quango for a six figure sum. Neither HMRC nor the MoD have reestablished public trust in their management and systems.

Because your name will be linked by your fingerprints to a unique entry on the National Identity Register, you will have much greater protection from identity theft - no-one will be able to impersonate you, like they can now, just by finding our your name and address and personal details.

Most so called identity theft happens online or over the phone, for which this particular ID card scheme is worse than useless.

We have listened to people's concerns.

They have listened to them, and then carried on regardless, despite the severe warnings from the world's IT Security and technical Identity Management experts.

The way in which we are designing the National Identity Register, with separate databases holding personal biographic details physically and technologically separately from biometric fingerprints and photographs, will greatly reduce the risk of unauthorised disclosures of information being used to damaging effect.

So what ? Most of the unauthorised disclosures will be through people who already have full , legal access to the combined systems, but who are stupid, lazy, under pressure or corrupt i.e. normal human beings.

There is nothing particularly more secure about using multiple physical systems to store the data, if they both provide their own sections of the data into a single report or web page.

This very web page you are reading now is composite output from at least two webservers, run by two different companies, physically in two different countries, but you as a authorised user, still have access to all of it, nevertheless.

This is in addition to existing plans for tough penalties for such disclosures - and I should make it clear that none of the databases will be online, so it won't be possible to hack into them.

A National Identity Register / ID Card Quotation to rival those of Blunkett or Clarke, in its utter, provable, stupidity.

Identity fraud costs the UK £1.7bn a year.

The Old Lie - we keep pointing out that this figure is an utter falsehood, as do any of the organisations whose guesstimates have been abused to compile it., but the Labour politicians still keep trotting it out

See Andy Burnham's "£1.7 billon identity fraud" figure is as false as the previous £1.3 billion one

Would Jean Hutchinson have been able to commit her crimes if she had been asked to give a photo and fingerprint as proof of her identity when she registered each new benefit claim? The answer is no.

A simple check against the National Identity Register would have revealed the real person's face and fingerprints.

So how exactly was she caught without any such scheme in place ?

The vast majority of benefit fraud does not involve fake identities, but simply people lying about their actual circumstances, and using their real names and addresses and bank account details.

All major high street banks are now using the IPS Passport Validation Service to carry out check to prevent money laundering.

Given the estimated billions of pounds of money laundering which they fail to detect these checks plainly do not prevent most money laundering., yet they have cost hundreds of millions of pounds to implement, at great inconvenience and expense to innocent customers.

The amount of Terrorist Finance which has been frozen or seized, would not pay for the second or third home of a Member of Parliament, let alone prevent any real terrorist campaign.

All applications are now checked before a visa is issued - and so far more than 11,000 have been identified as people previously fingerprinted in the UK as part of previous immigration cases or asylum applications.

The results of these fingerscan matches are communicated to our visa officers abroad in minutes, so that we can refuse visas.

To roll out this sort of technology on a national scale to 60 million people, would need the system to be capable of accurately checking hundreds of fingerprints per second, not one set every five minutes.

The old-fashioned stickers and paper immigration documents that can be subject to fraud will become a thing of the past.

From November this year, we will start to replace them with compulsory biometric identity cards for foreign nationals who come here to work and study.

Within three years, all new applicants arriving in the UK will be issued with a card.

Why are they assuming that all non-EU immigrants and visitors need Another Smart Card ? Many of them, e.g. from the USA or the Commonwealth, will have their own ICAO standard biometric Passports - will this Home Office system fail to interoperate with them ?

Locking people to one identity will help in our fight against human trafficking, illegal working and benefit fraud.

The first foreign national identity cards will be followed next year by the first identity cards for British citizens.

The first argument for the national identity scheme is that it will offer us better protections - as individuals and as a society.

Why are they trying to conflate and confuse the functions of an international passport belonging to a law abiding foreigner, with an internal UK ID Card scheme ?

One does not require or need to depend on the other.

The first cards will therefore be issued, from 2009, to groups where there is a compelling need for reassurance that someone is who they say they are.

Where is the National Identity Scheme Commissioner, who is supposed to provide some scrutiny of this scheme ? This person needs to be appointed immediately, if he or she is to be capable of effectively monitoring the first victims of the National Identity Register scheme at the end of 2008.

We plan to start with people working in our airports, to support the already impressive action this sector is taking to ensure the integrity of its checks and systems.

[...]

Ruth and I agree that identity cards can help to deliver a strengthened identity assurance regime - making pre-employment and security checks easier for airside workers such as baggage handlers, check-in staff, aircraft engineers, and immigration and customs officials.

By introducing identity cards for up to 200,000 airside workers as a condition of their employment in such sensitive roles, we will see how the National Identity Scheme, offering a national standard for security, can add value over and above the efforts of any one sector.

Are we seriously meant to believe that there are actually 200,000 airside workers who have not already passed far more stringent tests than the NIR and ID Card will provide ?
If not, then why not ?

How many illegal immigrants, terrorists, drug smugglers or human slave traders are currently working for the Home Office as "immigration and customs officials" ?

Will Jacqui Smith resign as Home Secretary if one such person is found to have infiltrated her own Department ?

There is a desperate need for interoperability between all the different airline and airport ID card schemes, contactless smart cards for door entry etc. but adding Yet Another Card, based on different technologies, will only make the problems of systems integration and cross certification much, much worse ! The access security problems at airports do not require a National Identity Register to solve them, only a small fraction of the money which will be wasted on duplicating the checks which are already routine.

And I am keen to take forward discussions with other groups who operate in positions of trust in our society, which could include Olympics security employees and those involved in protecting our national infrastructure, such as power stations.

Our test with each of these groups should be whether their participation in the scheme makes arrangements for checking their identity more secure - thus offering greater public reassurance - and whether it makes life easier, not just for employers, but for employees as well.

How will losing a day of productive work to be registered on the NIR, make things easier or cheaper either for employees or employers ?

Remember, the National Identity Register and/or ID Card will be in addition to all the other identity and physical access control tokens and computer logon or encryption devices which these employees will still have to use - it will add to the complexities, risks and costs,

As we move towards wider participation in the scheme, IPS will also offer a tailored service for those who work in positions of trust, who choose to have an identity card, and who wish to use that to fast-track checks on their status as part of their job.

Working with the Criminal Records Bureau, a trial conducted by IPS shows that the time taken to perform a criminal records check could be cut from 4 weeks to as little as 4 days, with extremely high levels of user satisfaction.

Requiring fingerprints to help perform Criminal records Bureau checks is an entirely separate matter from an ID register / Card scheme. Again, one does not depend on the other.

This ID Card is of no use for postal or online application, which is how the vast majority of CRB checks are done, and where the biometrics on the card or on the central register cannot be checked against the live person.

Alongside these groups, we will start to make identity cards available to young people on a purely voluntary basis in 2010.

It will be up to each young person to decide if they want one.

I believe there are clear attractions in the scheme.

It will make it easier to enrol on a course, apply for a student loan, open a bank account, or prove your age - especially as we get tougher on sales of alcohol to those under-age.

All the ID cards aimed at Yoofs for precisely these purposes, like the Connexions Card, have been utter failures. Why exactly will the vastly more expensive National ID Card be of any use to this age group either ?

The important thing for everyone on the National Identity Register is that their unique identity details are locked to one person - themselves.

No-one else can pretend to be them, and they can't pretend to be anyone else.

Provided that you are not intending to deceive people for financial or oter gain, it is still not yet ilegal to use multiple names e.g. Cherie Booth QC is also Cherie Blair, the wife of the former Prime Minister Tony Blair.

How exactly is Jacqui Smith 's scheme going to preserve this ancient right ?

And let me be clear on the Government's position on compulsion.

We have always said that there will be no requirement to carry and present a card.

That has not changed, and will not change.

And there will be no compulsion, either, in having to apply for a dedicated identity card for the purposes of proving your identity.

Your passport could also be used.

As more and more people participate and register, and as more and more people realise the benefits of participation, I want to see the scheme become universal.

At least 20% of the population is, even according to the Government's own opinion polls, completely opposed to this scheme. Tens of thousands of supporters of the cross political party NO2ID Campaign have pledged not to be forced into such a compulsory scheme. Some of them are willing to face fines or even prison, on this matter of principle.

A Universal scheme, therefore, does mean Compulsion, no matter what weasel words a Labour politicians tries to use to spin it.

We have always made clear that requiring everyone to be on the Register is a decision for the future that would need primary legislation.

The way we are now approaching the scheme will lead to a significantly quicker take-up of its benefits.

Quicker than what, and by how much ? The original milestones in the project have already been missed.

And one of the strengths of this choice is that now people will be able to get a card when they want, rather than wait until they renew their passport.

What people actually want is a cheaper Passport, and no registration on the National identity register and no ID Card.

This means that we can now aim to achieve full roll-out by 2017 - two years ahead of previous plans.

More weasel words - by 2017 the original plans were for rather more than just a roll out of ID Cards which are of no use to anyone except when dealing with Home Office monopoly "services".

What exactly, in this rapidly de-scoping project, is now classified as "full roll-out" ?

The drive for a more consumer- and market-led delivery of the scheme, and the use of passports as well as cards to roll it out more widely, will among other things, have powerful implications for the cost of the overall scheme.

Unlike any other programme I can think of in Government, we are required by law to give the latest estimate of costs to Parliament every six months.

Incredibly, the Government have proved themselves to be incapable of actally delivering even their own secretive and heavily censored Section 37 Cost Reports on time at the 6 monthly intervals which they are bound legally to do, by their own wretched Identity Cards Act 2006.

By far and away the most accurate estimate of the cost of the scheme is the one produced by IPS, which is currently negotiating the contracts and managing the procurement.

Last November's Cost Report estimated the current and projected costs of issuing passports and identity cards over the next 10 years at £5.4 billion.

When we publish our next Cost Report in May, I expect to see almost £1bn removed from the headline costs.

That is a genuine reduction in the costs of the scheme - and means that we can maintain our commitment that identity cards will cost no more that £30 when they are introduced.

How is anyone seriously meant to believe these deliberately vague 6 monthly Cost Reports ?

If Jacqui Smith really wants to convince the sceptical public that the project is running smoothly, she should publish the the OGC Gateway Reviews of the scheme, something which her Government has wasted public money on fighting against our right to see such documents, under the Freedom of Information Act.

The Government were in the High Court only earlier this week, still trying to suppress our Freedom of Information Act request, for the earl Stage Zero and pre-stage Zero Gateway Reviews of the Entitlement / ID Cards Programme, as it was known 6 years ago, under the notorious David Blunkett, the then Home Secretary.

We are also determined to realise the full benefits to national security from the national identity scheme.

In particular, the Identity Cards Act allows information to be shared with law enforcement agencies where this is necessary for national security or to counter serious crime.

This is the only area in which information will be shared.

Shared with whom, precisely ?

Is Jacqui Smith promising to amend the Identity Cards Act 2006 Section 1, or has she simply not bothered to actually read what it says ?

4) For the purposes of this Act something is necessary in the public interest if, and only if, it is--
(a) in the interests of national security;
(b) for the purposes of the prevention or detection of crime;
(c) for the purposes of the enforcement of immigration controls;
(d) for the purposes of the enforcement of prohibitions on unauthorised working or employment; or
(e) for the purpose of securing the efficient and effective provision of public services.

So is she really claiming that there will be no data sharing for the prevention or detection of non - serious crime, the enforcement of immigration controls, illegal working, or for the vague catch all "for the purpose of securing the efficient and effective provision of public services." ?

Given the propensity for function creep by bureaucrats with access to databases, we simply do not believe her.

All other organisations - whether government or business - will only be able to use the scheme to verify someone's identity if they have their prior permission.

Verification services used by large scale private sector companies, e.g. airlines or banks etc. will create their own shadow, parallel versions of National Identity Register data of their customers, simply due to the economic logic of saving whatever money the Government plans to charge them for each use of the Verification Service.

These subsets of the NIR, with their own copies of your biometric details, once verified the first time, will be stored and traded on corporate systems, outside of the control of the UK Government, probably around the world, especially for global companies like airlines or credit card companies.

It is our clear and firm intention to hold only the minimum number of details required to identify an individual.

As I have set out today, the duty of public protection and the impetus for greater citizen convenience are the two drivers for our plans for the National Identity Scheme.

It is inconceivable, indeed, that in today's world people should not have a single, simple, safe way of securing and verifying their identity.

What is inconceivable is that the Government is creating another tempting Terrorist or Foreign Intelligence Agency target, part of the Critical National Infrastructure i.e. all the eggs in one Single Point of Failure basket (multiple physical database servers notwithstanding)

The debate on identity cards evokes strong feelings - and that is only to be expected in an area of public policy which rests on the interaction of the individual and the state, and the clinching role of shared personal information in that relationship.

Writers have always found fertile ground in setting the individual and the state at odds with each other in the battleground of ideas, and the battleground of ID.

On this subject, it's apparently compulsory to mention Orwell and Huxley.

The works of these and other dystopian novelists, have not been taken as a dire warning, but as a blue print for this Government's policies.

And as anyone who has caught an episode of the current BBC1 political thriller 'The Last Enemy' will know, if there are not cock-ups to point to, then there are always plenty of conspiracies to fall back on.

The fictional cock-ups pale into insignificance compared with the real life IT disasters and Data Privacy Breaches, involving billions of pounds of public money and the personal details of tens of millions of people, which this Labour Government is directly responsible for.

'The Last Enemy' transports us to a Britain of the not-too-distant future, where personal information has become the weapon of a surveillance state against its own citizens, and where a super-database called 'TIA - Total Information Awareness' appears to fuse state of the art technology with a rather draconian reinterpretation of the art of the state.

It all makes for a good drama.

But - to turn an old adage on its head - we should never allow a good story to get in the way of the facts.

When we return to the real world after an hour or two in front of the telly, how useful are these fictions for our daily interactions as citizens with government? How much of ourselves do we recognise in these champions of individual liberty, as we pursue our own personal missions with bureaucracy to pay our tax bill or register a change of address? Very little, in all honesty - because the role that we as citizens and as consumers of government services are looking to the state to perform - and to perform quickly, securely, and at our convenience - is one of protection, verification, facilitation.

All Police Surveillance Nanny States claim that they are repressing people's freedoms for their own good.

Jacqui Smith and her Labour colleagues have broken the relationship of trust between the Government and the people, which, to be fair, had been damaged by the previous Conservative Government, but not to the same extent.

Rather than thinking of the state as an opponent of our liberties, set on thwarting our personal ambitions, in this context the role of government agencies is to defend our interests, to offer reassurance and trust, and to working in the most effective way possible to ease and to enable our lives.

That is what the role of Government agencies and the civil service used to be, before they were politicised by NuLabour apparatchiki and spin doctors at the top, and crippled with bureaucratic ineptitude and budget cuts at the lower end.

As we have said before, "Come back Sir Humphrey Appleby - you may have been a devious manipulative civil service mandarin, but at least you were a competent one", something which cannot be said of the current crop of real life politicians and apparatchiki who have destroyed the old civil service ethos.

When will this National Identity Register scheme be killed off for good, and replaced with a more humane and useful system for the real benefit of individuals, rather than for the bureaucrats and control freak politicians ?