Entitlement
Cards and
Identity Fraud
A report from the volunteers at Stand.org.uk
Friday, January 31, 2003
Stand is a voluntary group who seek to increase democratic involvement in the legislative process through the use of technology. In particular, we’re interested in using the Internet to place Parliament and government in touch with informed citizens who have strong opinions, and long-standing knowledge, on issues regarding the Internet, new technology and the ramifications of the digital revolution.
Part of the rôle of Stand is to provide tools for concerned individuals of every political persuasion to provide their view directly, in ways and media convenient to our current democratic process. Another is to collate the concerns en masse that we receive from unaffiliated members of the public and seek to distil them in an aggregated form that might more easily be digested by the government’s already overstretched civil service.
We were initially cautious, when the government announced a consultation on Identity (or “Entitlement”) Cards. Whilst we were rather disappointed to note that the need was felt to revisit the issue at all, there did seem to be some effort to explain the Home Office’s vision of a prospective scheme and to request, from interested parties, their opinions on what would be a large and wide-reaching project.
During the final months of the Entitlement Card consultation process, however, we became concerned that the language used to refer to the consultation was becoming increasing politicised. In particular, in a Downing Street press release dated December 11, 2002, entitled “Growing Support for Entitlement Cards”, the response to the document was prematurely described in terms that might appear to be deducing a strict mandate from the proportion of positive responses received. We strongly believe this is a misuse of the consultation process.
Moreover, we believe that the techniques (understandably) adopted by the consultation on a specialist topic such as ID cards would attract a disproportionate amount of positive attention. Vested interests — such as technology companies selling biometric equipment, personal information collators keen to obtain a simple unique identifier and software contractors eager to solicit new bids from government departments — have a compelling reason to outline their desires.
The tone of the document itself is problematic. While the neutral stance adopted by much of the early part of the work is admirable, much of the paper necessarily needs to proceed on the assumption that a card scheme is required or desirable. This is a subtle pressure on those who are approached to respond to the document. Focus groups presented with only the outline presented will struggle to provide contrary arguments. Children given the “summary for young people” will answer within the terms defined by the document itself.
Our feeling was — and this was confirmed by the large response to our website — that many voters are alarmed by the possibility of introduction of a national identity card and, rather than becoming more settled by the consultation, have grown more so.
Their concerns are not easily dismissed. The emails that were sent to us via our website and the replies that were sent to the Home Office and individual Members of Parliament were not the ill-informed, knee-jerk reactions of Luddites who refuse to enter the modern world. In the main, the respondents were technologically-aware, young, affluent voters whose understanding of the misuses of personal data and the consequences of aggregating and collating information through statutory measures had led them to adopt strongly anti-card attitudes.
Despite their strong feelings, this is a group we feel was fated to be under-represented in this consultation — both in the published paper itself and in the responses the document initially received. Many of our respondents expressed surprise that such a consultation was taking place. They were sceptical that anyone would pay attention to their contributions. This feeling was enhanced when we encouraged them to read the consultation document itself. They felt that it ignored their objections and concentrated on the positive side of the potential card régime. They felt, in sum, as though the consultation process was a sham, and that their opinions were unwanted.
We don’t believe that this is the case, for a number of reasons.
Firstly, the lengths that the government has taken to reach out the public in this case shows that there is an understanding at the highest levels that many people are concerned by the idea of a national Identity Card, however that may be presented.
Secondly, we understand that both the permanent branches of the executive and the elected officials would be cautious to introduce any proposal which insufficiently address what may turn out to be a sizeable and politically-active segment of the population. Alienation, particularly in the minutiæ of the political process, does not necessarily translate to political inaction, as past governments have learnt to their cost. Neither does alienation, as it can easily be assumed, mean ignorance.
We have deliberately adopted a strong, anti-ID card tone in this document, because we believe that these anti-ID arguments are neither addressed nor even raised within the consultation paper. All of the arguments you read here have been expressed at some point by the five thousand (and rising), tech-savvy correspondents who have taken the time to add their voice through our website.
When, for this campaign, we adopted a deliberately contrary position to the government view, we were worried that our system would be filled with “cookie-cutter” responses. On the contrary, the individuals who were inspired to write have extended and elaborated on our own positions and contributed their own. This document, as with other Stand papers, draws upon the opinions and expertise of a great many people, who share with us a deep concern about the proposals under consultation. Not every Stand correspondent shares all the views presented in this paper, nor does Stand itself intend to adopt these principles as its own, long-term credo. But, before the government can safely say that it has listened to all of the voices of the public on this matter, it must devise responses to these objections that do not simply evade or dismiss them out of hand.
We are more than happy for any of our comments in this report to be made publicly available, in any forum. We ask that, in any citation, they be attributed to Stand. This report is, as we have mentioned, a group effort, edited by Owen Blacker with a great deal of help from James Cronin, Cait Hurley, Manar Hussain, Malcolm Hutty, Tom Loosemore, Stefan Magdalinski, Danny O’Brien, Alaric Snell and Stuart Tily.
This report is released under version 1.0 of the “Attribution-ShareAlike” licence, from Creative Commons. Readers wishing to see the full version of the licence should visit Creative Commons’ website at http://creativecommons.org/.
Readers viewing a printed copy of this document should be aware that italicised and underlined text is hyperlinked in electronic copies and that further reading is available on these subjects. If no electronic version is at hand, a full copy should be available for download from our website at http://www.stand.org.uk/.
P2 Should the government consider one or more targeted schemes […]?........................ 14
Fraudulent access to services isn’t really a problem that needs solution.................... 18
P5 What should be the contents and scope of any legislation […]?................................. 21
P8 Views are invited on the development of a national population register................. 28
P13 Should a card be available […] as a more convenient travel document […]?............. 34
P22 Should a summary-only offence of identity fraud be created?................................. 43
P29 What benefits would a smartcard bring to cardholders […]?.................................... 53
P30 How could a scheme be used to help validate […] transactions?................................ 54
We are very concerned at several of the proposed components of any such scheme. Many people have quite well founded concerns about any scheme that would (inevitably) include a “Central Database” of all UK residents. Aside from the more specific issues that people have with any such scheme, it is entirely fair, reasonable and sensible that people should be concerned about potentially privacy-chilling technological advances being employed by the state. Even though the current government may not have any desire to abuse such a scheme, it is quite sensible that all citizens should be aware of — and concerned by — the potential for harm by any future more-authoritarian régime. Article 48 of the Weimar Republic’s constitution seemed like a good idea at the time, after all.
Notably, there are some disturbing issues with the composition of the proposed scheme, as well as with the basis for it and reasoning behind it, which seem replete with non sequituur logic. We have concerns regarding the security of procedures for establishing entries on the register and of links between different government systems, which would need to be carefully designed so that civil servants at the Inland Revenue had no access to any irrelevant information about individuals, such as their health records or submissions to government consultations, for example.
We note that whether the proposed scheme would meet any of the specified aims is not included as a point to be discussed at length here, but we feel it is important that we state our reservations on that subject. The consultation paper mentions — in the Executive Summary on pages seven through eleven and elsewhere — that there are several potential uses for a card and gives the impression that an ID card might bring us to some kind of panacea, where these issues are no longer problematic to society. We would like to take this opportunity to debunk such an overwhelmingly flawed proposition.
The first such suggestion, rather predictably, is that the card might help combat illegal immigration. Of course, as plenty of people will be able to enter the country without a card — not least as casual tourists —, this is largely fallacious. The perception that people would be able illegally to enter the UK and to gain employment here, having done so, is unlikely to be suppressed by the introduction of a card proving lawful residence. Not least, given that many of the kinds of people who employ illegal immigrants — individuals seeking cleaners, parts of the construction industry seeking casual labourers and so on — are not in the least bit concerned by the legality of such practices and are unlikely to request their employees’ ID cards before offering employment. Indeed, the mental image of transit vans pulling up to groups of young men waiting patiently on the kerb-side at dawn and asking for their ID cards before whisking them off to a construction site as casual labour is somewhat risible. Black markets, by their very definition, operate illegally and have operated since society first tried to regulate markets; they have little reason to be worried that another hurdle has been placed in their path. In the same fashion, unscrupulous employers just wouldn't care whether they have not checked their employees’ ID.
Despite this and in the face of all the evidence that has been presented to the Home Office on this subject, it would appear that officials are still under the illusion that an ID card scheme would actually be of some assistance in these aims. In a press release on January 23, 2003, Home Office reference 019/2003, Lord Falconer was cited:
[ID cards] could be an important tool in cracking down on illegal immigration and illegal working, reducing the pull-factor to the UK, which encourages people trafficking and associated organised criminal activities.
The preamble to the press release is even less cautious in that claim:
Entitlement Cards could help tackle identity fraud, illegal working and immigration as well as help people access services, Home Office Minister Lord Falconer, said today.
While it can always be argued that there will be some marginal benefits to some citizens, we still feel that the introduction of an ID card scheme would prove to be an expensive invasion of citizens’ privacy without realistically providing solutions to the problems the government seeks to address.
On a similar note, we are concerned that, after the introduction of an ID card scheme, employers might be deemed to be at fault, should it turn out that any of their employees were working illegally, even if the employee had presented a fake ID, for example. This would further increase bureaucratic overheads for companies and would adversely affect the operation of many small companies in particular, who have no reason to welcome even more red tape around their business. In addition, this would be particularly disturbing should the company be liable even were the cause of the infraction that the employer had been fooled by a fake ID with which they had been presented. Of course, one should also consider that it might be very simple for unscrupulous employers to claim to have seen a fake ID card in order to provide an excuse for not hiring someone on some other, less acceptable grounds.
The consultation’s authors seem to be rather concerned about the number of times we have to offer the same personal details to different bodies. We know of noone who has ever really been all that concerned at the number of times they have had to give their name and address in order to confirm their identity to services they seek to use. As people don’t tend to be very concerned about providing such information and that the privacy trade-off to an ID card scheme would be a poor compromise. We are further concerned at the somewhat potential for misuse and the chilling of individuals’ privacy rights that could be presented by the introduction of widely-used unique identifiers. We are largely unconvinced by the suggested efficiency savings that could apparently be made in the Civil Service by the use of new identifiers rather than the present combination of DVLA/DVLNI driver numbers, National Insurance numbers, passport numbers and so on.
Lord Falconer doesn’t quite seem to be able to comprehend those perfectly reasonable concerns that some people have from an ideological, civil liberties point of view. In a December 2002 public meeting about the ID card consultation, hosted by Privacy International, he said:
[The proposals] would not mean driving licence, passport and national insurance records would be merged together. What we have suggested is that there be common core personal information like your name, your address and date of birth held on the entitlement card database. Sensitive information, such as any medical information DVLA might hold about you, would stay on the DVLA’s system accessible only by DVLA. But, if you told, for example, the driving licence people about a change of address, this would be known to the passport service because they would be using the same address record. So they could send you a reminder when your passport needed renewing. This could save you the £45 premium you would pay to renew your passport over the counter when you realise it has just run out before you wanted to go away on holiday. Hardly a fundamental threat to our civil liberties. Just one small example of how you could provide a much better public service to the system.
We are disappointed that Lord Falconer, like David Blunkett, seems quite happy to belittle genuine complaints and concerns, whilst totally overlooking the issues thus being raised. The point, in his example, is plainly not that it might be a bad thing that somebody could consent to some minimal information-sharing and thus save a few bob. The issues involved aren’t that simplistic and, whilst, saving £45 and not having to remember when one’s passport expires might be vaguely useful, the questions have to be whether they’re worth the cost of several billion pounds, which could more usefully be spent on schools and hospitals, and the potential side-effects, which only start at a chilling of our freedoms, increased risks of identity theft and electoral fraud, further alienation of the disadvantaged groups in our society and potentially destructive consequences to racial harmony and social cohesion in the UK.
The consultation’s overview itself sums up many of people’s concerns quite well in paragraph six. To start:
The arguments for and against entitlement or identity cards have been made many times since the wartime scheme was abolished in 1952.
We would suggest, perhaps, that it is more the case that the Home Office has repeatedly failed to convince the public that an expensive and privacy-chilling scheme would be of any real benefit and worth the not-insubstantial cost. This is particularly the case since we seem to have managed quite well through an IRA bombing campaign on the British mainland throughout the 1980s without surrendering our privacy to an ID card scheme. This fact finally seems to have made its way through to the Home Office, at last, given the lack of mention of prevention of terrorism in the consultation paper. Unfortunately, David Blunkett apparently still has some confusion with the issue, looking at his contradictory responses to Chris Mullin MP (“I accept that it is important that we do not pretend that an entitlement card would be an overwhelming factor in combating international terrorism”) and Sir Teddy Taylor MP (“their substantial contribution to countering terrorism”) in just one speech to the House on July third, 2002.
The benefits of improving the provision of public services and reducing illegal immigration and identity fraud need to be considered alongside the arguments against a scheme.
Indeed, the benefits of any scheme do need to be weighed in the balance. We feel, however, that the Home Office is overrating the benefits of this scheme and, again, ignoring the more abstract societal and non-financial costs, in order to push through a scheme that would appear to have the bulk of its supporters employed at Queen Anne’s Gate and very little informed support elsewhere.
Paragraph six continues:
People might be concerned that a card scheme might allow the Government to link together all of the information it held on individuals.
We are, frankly, impressed that this point is mentioned at all, despite it being quite so cursorily. However, as we have mentioned elsewhere, that the current government has no intention of doing so and no malicious intent in the introduction of ID cards is no guarantee that some future government might not abuse a card scheme to its full authoritarian potential.
Richard Thomas, the Information Commissioner, shares our worries in this regard. In an interview with The Guardian in January 2003, he said he was seeking guarantees that some “future administration won’t bolt on to the infrastructure now being laid down and start to extend the scheme”. In effect, it would seem he shares the rather common view that any ID card scheme would be a reckless gamble that all future governments will be both responsible and benign. Frankly, we feel this risk is much too great to take.
If a card scheme was not secure, it could itself become the source of increased levels of fraud if cards could be forged.
The use of the word “if” in this context is immensely misleading. If the cards have any value whatsoever, then people will find ways to forge them and to acquire them dishonestly; this point is quite certain. The technology gap between governments and organised crime worldwide has narrowed to such an extent that even the most highly secure cards are available as blanks within weeks of their introduction.
One should bear in mind, also, that criminal use of fake identity documents does not necessarily involve the use of counterfeiting techniques. In 1999, a former accountant was charged in London with obtaining up to 500 passports under false identities; the scam was merely a manipulation of the primary documentation procedure.
It is worth considering some inevitable formulæ that apply across the board to black-market economies. Wherever governments, worldwide, have attempted to introduce ID cards, they have understandably always been based, at least in part, on the aim of eliminating false identity. The higher the integrity or infallibility of a card, the greater is its value to criminals and illegal immigrants. A high value card, quite naturally, attracts substantially larger investment in corruption and counterfeit activity. The equation, thus, is simple — a higher value ID document equates to greater criminal activity. Criminals and terrorists can, in reality, move much more freely, safely and confidently with several fake “official” identities than they ever could in a country using multiple forms of “low value” ID such as birth certificates, as the UK does currently. An ID card scheme will be of no great benefit in this area.
There are techniques the government could (and would, doubtless) employ to make this process more difficult for criminals, but some fraudsters are bound to succeed. An ID card that confers advantages to the holder would create an appealing target for forgers and would make identity theft far easier to pull off once a successful forgery were made, especially should cardholder biometrics be included. After all, how would someone contest an ID card with their own personal details on it but someone else’s biometrics?
We are quite convinced that the introduction of an ID card scheme, by whatever name and irrespective of whether or not it’s voluntary, targeted, compulsory or “universal”, will only serve to increase the threat of citizens suffering the trauma of discovering they’re the victim of identity fraud. It would seem we’re in good company with such an opinion; Richard Thomas, the government’s new Information Commissioner, brushed on almost exactly the same point in his interview with The Guardian on January 8, 2003.
If any future card scheme is presumed secure (which it almost certainly will be), without actually being secure (which it simply cannot be), the number of innocent people punished or victimised will be far greater than the number of criminals who escape currently. Despite what tabloid journalists might like us to believe, most people do agree with the old adage — it is much better to let a guilty man go free than to steal the liberty of a single innocent man.
The Government recognises that there are strongly held views on both sides of the argument and wishes to see these explored fully during the consultation period.
While we welcome this sentiment, the government’s other activities make it difficult to take this statement at face value. It might appear to the casual observer that the government is investing as much energy as possible into ensuring a positive reaction to this consultation.
We note with great dismay the government’s attempts to ‘soften up’ the populace with Home Office minister Lord Falconer’s questionable claims, in early December 2002 — during the consultation scheme — that most of the 1500–plus respondents were quite happy with the proposals. Lord Falconer failed, however, to point out that early respondents are more likely to be companies looking to be involved in the scheme, for example. Equally, he didn’t alert people to the fact that the consultation was still on-going and, thus, the sample from which he was drawing such a conclusion was wholly invalid. For what it’s worth, our anecdotal evidence on the subject directly contradicts this evidence and we are pleased to note that statistics gathered towards the end of the scheme would seem to confirm this and reflect an inversion in the polarity of these views. We are happy to have been able to help these voices be heard.
Going back to press release 019/2003, Lord Falconer claims that mandarins would “be considering all the 2,000 plus responses very carefully”. He cites this statistic, despite the fact that Stand’s gateway alone had enabled nearly 5000 responses to be submitted at that point, not including all the responses that must have been made by other means. On top of this, the press release is blatantly inaccurate in its claim that:
The consultation paper suggests that only the most limited basic details — name, address, date and place of birth and sex — would be stored in an entitlement card scheme, as they are currently with the Passport Service, DVLA and other Government departments separately.
This claim is in direct opposition to the information in Table 6.1 on page 72 of the consultation document, which includes such data as nationality and employment status — information that many individuals might be somewhat reluctant to share with government officials who have no direct need to know it. We cover this issue in more depth in our response to consultation point P32, below.
Indeed Lord Falconer seems to be working quite hard to ensure that the “entitlement card” scheme gains public acceptability, no matter how he must do so. In an article on vnunet.com, dated January 23, 2002, it was reported that:
Local government must keep working on identity card projects despite government proposals for a universal entitlement card, a Home Office minister has stated.
Speaking at a conference organised by IT supplier body Intellect, Lord Falconer suggested that, because entitlement cards might not in the end be rolled out, local initiatives should not be held back.
Despite statements to the contrary, the government tends to adopt a paternalistic attitude on the subject. On July 3rd, when challenged by his Parliamentary colleagues on central issues arising from the proposal, David Blunkett exclaimed, “this is degenerating into a contest with intellectual pygmies”, despite that the MPs in question were raising legitimate and erudite concerns, for which it would appear that the Home Office has no answers. Perhaps it is neither fair nor wise to assume bad faith, but the government’s record on other consultations has been abysmal.
Despite the considerable disadvantages to any potential card scheme, Lord Falconer appears, rather like his boss, not to be able to heed any naysayers and to obsess with continuing down the path the Home Office seems already to have chosen. The article continues with a quote from the minister, exhorting local government to continue with any local initiatives, just in case it becomes politically impossible to continue with a national ID card scheme:
“These projects should not be put on hold or suffer planning blight. It’s very important that we have other projects such as those in local government so that we can learn from them,” he said.
The minister insisted that the entitlement card debate should not hinder the development of other ways of identifying or authenticating the users of services.
“The reason we want them to continue is that we might not go ahead, and even if we do, the universal coverage would not be there for some years to come. That possibility should not inhibit other work,” he said.
Finally, the consultation paper, in several places, discusses the “increased threat” of identity fraud and, in paragraph seven and elsewhere, assigns a figure of £1.3 billion per annum as an estimate of the cost of identity fraud to the country. Anecdotal evidence is being used to back up relatively ‘sexy’ stories about identity fraud across the media, scaremongering the public with reports that people are having their identities stolen from websites such as eBay. Many of these stories, of course, are related to issues where ID cards would make absolutely no difference — international websites such as eBay or Amazon certainly aren’t going to demand a UK ID card before allowing a bid to be made or a sale to be completed, for example.
The concept of ID cards has never been a part of British culture. Indeed, no Common Law country has ever successfully introduced a peacetime ID card. Lord Falconer mentioned, in Privacy International’s public meeting last month, that “most people in western Europe live free and contented lives with a card in their wallet, purse or in their cupboards at home” yet, frankly, this is not the point. Most countries in Western Europe have comparable levels of identity theft and illegal working, for example, and so ID cards evidently aren’t the cure-all the Home Office seems to believe.
In addition, evidence from other European countries with ID card schemes suggests that people attending protests are disproportionately stopped by the police and their identity card details recorded. Andrew Puddephatt argued, in a 1994 article in The Guardian, that ID cards provide a “useful way of logging the details of a whole range of dissident groups”. Further, evidence from other European countries with ID card schemes does suggest that using identity cards for the purposes of “controlling immigration” gives unscrupulous police officers more power to harass members of ethnic minorities. At the time of the previous national debate on ID cards, in the mid–1990s, Liberty noted complaints on this score in Belgium, France, Germany, Spain and Turkey.
Aside from all of this, of course, one could always suggest that it might have escaped the minister’s notice that we are not “most of Western Europe”; we have a very distinct cultural identity. Many Britons would take great offence at the non sequituur that something that’s supposedly good for the rest of the EU — particularly with such a lack of evidence for this supposition — is necessarily an artefact we need to import here.
It should not be forgotten that the reason Lord Chief Justice Goddard had the opportunity to make his landmark 1952 ruling was that an individual British citizen, Clarence Willcock, challenged the continued use of the wartime ID card policy in the courts after having been fined 10 shillings for failing to produce his card on police request. Given that our culture is certainly more litigious now than it was 50 years ago, such a challenge would be even more likely today. More than this, the empowerment of citizens through the Human Rights Act 1998 would give such cases an even greater chance of success.
As we believe we demonstrate amply with this report, an ID card scheme would not only fail to meet every demand made of it, but would prove counterproductive to many of these demands and generally detrimental to society at large. Any scheme would cost a large amount of money — quite possibly both from the public coffers and the public themselves — to no real return. ID cards would be a bad idea and these proposals seem like a poor implementation.
Here we come across one of the major paradoxes in the ID card proposals. Non-universality of any scheme would, effectively, render it pointless for many of the aims the government proposes. Universality of a scheme would be both relatively difficult to attain — many people object to the intrusiveness of an ID card scheme, where the government suddenly decides citizens need to prove who they are — and undesirable, as we argue below, but also the source of many of the risks inherent to any such scheme.
The example of Electoral Registration in Northern Ireland, given in this section of the consultation paper, is a slightly different one, where universality need only apply to the Six Counties, rather than to the UK as a whole. Equally, there are some very different issues surrounding Electoral Registration — in Northern Ireland and more generally — that make that situation rather more complex.
It is worthy of note that many of the issues that would be more problematic with a nation-wide ID card scheme are not currently being experienced with the Home Office’s Immigration and Nationality Directorate (IND)’s Application Registration Card (the ARC scheme, which provides for compulsory registration and carding of asylum seekers entering the UK). Many of the issues that the ARC scheme successfully avoids, however, are problems of scale, which would be much more likely to blight any larger scheme. A card-holding scheme, particularly one involving biometric data for example, simply will not scale up to a population of 50 or 60 million people, rather than the roughly 75,000 asylum applicants (to take the Home Office’s statistics for 2001).
Furthermore, as the government mentions itself in paragraph 2.4, a nationwide ID card scheme that did not require universal submission would have all the overheads of a compulsory, universal scheme, with none of the [relatively spurious] benefits. The cost of any scheme to provide for VAT Registration, for example, would not be proportionately smaller than a scheme to cover the 50 or 60 million citizens in the UK plus non-citizen residents. It would still need much of the nationwide infrastructure, for example, but would retrieve even less of a subsidy from the cardholders in return. If taxpayers don’t warm to the idea of a “universal” scheme and take-up is low, differential implementation will cost them more; they are unlikely to find this acceptable.
In summary, we feel that many ‘targeted’ schemes could be even less desirable than a nation-wide scheme; and that neither should be adopted in the UK.
There are some important principles mentioned in this section of the consultation paper. Paragraph 2.6 mentions two that are very important — individuals should be able to choose whether or not to enter into such a scheme and individuals should be able to choose whether or not to use a voluntary ID, should they hold one, to access any given service.
The Home Office seems to be obsessed with a fallacious distinction between a “universal” scheme — where everyone must hold a card but not necessarily carry it with them — and a “compulsory” scheme. Any scheme where all UK residents must apply for, probably pay for and then possess an ID card is compulsory and the government’s attempt to spin the semantics is both patronising and derisory.
It would seem that the Home Office has, yet again, forgotten that the World War II cards were abolished because they were counterproductive to good relations between the citizenry and the state — in this instance citizens’ relations with the police. Lord Chief Justice Goddard said, in 1952, “in this country, we have always prided ourselves on the good feeling that exists between the police and the public, and such action [the compulsory ID card scheme] tends to make the public resentful of the acts of the police and inclines them to obstruct them rather than assist them.”
There is no great reason to suppose that the Lord Chief Justice would be any less right in such a judgment today. The cornerstone of our legal system is the concept of “innocent until proven guilty”. Many people consider that they should not be expected to carry identification and that doubting their ability to identify themselves without a card is a reversal of this concept — that it should be up to the state to prove if they are not who they claim to be. Indeed, this very opinion is one we have also seen expressed on several discussion boards debating the government’s consultation.
As the rich are much less likely to require access to the public services where presentation of a card is necessary, a voluntary scheme would rapidly become a compulsory scheme for the poor, creating an ‘underclass’ of individuals who need to carry the card and an ‘élite’, who never do. This would, in effect, run specifically counter to the government’s previous good work to limit and destroy social inequality in the UK, even though such an effect would quite obviously not be the government’s intention. One of the regular subscribers to the UK Crypto email list put this concept quite eloquently when they explained their thoughts:
The concept of an “entitlement card” for a group who are already seen as a socio-economic underclass has resonances of branding me with a yellow Star of David.
Again, much of the consultation paper seems to have been pitched towards a rather tabloid, populist view of a society where citizens don’t have intrinsic rights so much as ‘entitlements’, for which they need to prove some eligibility. Apart from rejecting wholeheartedly this view of our social order, we are very apprehensive at the prospect of resentment that might be caused or exacerbated by a requirement to hold and carry a government-issued ID card in order to access many popular public services upon which we, as a society, depend. We are uneasy at the cost and the intrusion into citizens’ privacy that is inevitable in the maintenance of such a scheme and whether the purported benefits would be proportionate to these reservations.
In paragraph 2.7, the consultation paper misleadingly draws an analogy between the proposed scheme and driving licences. Aside from the fact that requiring a licence for each of the population of UK drivers is a substantially smaller-scale issue than requiring ID cards for all adults resident in the UK in order to access essential public services, there is a fundamental difference. A driver’s licence — where individuals who are not automatically entitled need to pass health, vision and skills tests in order to be permitted to control a potentially-lethal machine on the public highways — is quite a different thing from an ID card, where individuals will be expected to prove their identity in order to access universal public services.
To quote Rt Hon John Redwood, MP, speaking on the BBC’s On the Record programme in June 2002:
I think there is a danger that once they’d established a toe hold with identity cards for certain purposes they’d want to go on to make them all-singing, all-dancing and the presumption might grow up that if you weren’t prepared to carry them or use them on a regular basis, there was something wrong with you. Well, I resent that implication.
So do we, as do many of our supporters.
Aside from our fundamental objections to ID card schemes at all, we are wholly unconvinced that there is any merit in expenditure on a non-universal scheme that would cost almost as much as a compulsory scheme but convey even fewer benefits. Many of the overheads of a non-universal scheme would be exactly the same as for a compulsory scheme — including the creation of administrative and registration offices around the country, with certain quantities of hardware and software therewithin.
This specific consultation point is somewhat more verbose than can really be used as a section heading in this report. For clarity, the conditions of the scheme that this point seeks to address are, effectively, that (i) the card would be mandatory for all lawful residents over a predefined age, (ii) services would make their own decision as to whether or not the card is used for access, (iii) service providers requiring presentation of the card can choose whether the card is the exclusive means of access and (iv) some services might use the Central Database, on production of some information, such as a unique identifier, rather than requiring production of the card itself.
The government’s arguments for a universal ID card scheme are flawed from the very first line. Paragraph 2.11 starts:
The main advantage of a universal scheme would be that it would ensure complete coverage.
There are always going to be people who don’t hold cards. Some won’t because they object to the card in principle and refuse to register — take, for example, the numbers of people who refused to pay the poll tax in the early 1990s. There is no way, with our Human Rights law and the protection of our Common Law in Great Britain, that the government could easily compel people to possess an ID card. Indeed, we would be greatly concerned should measures be sought to bring about such a requirement. Other individuals may have less confrontational, less deliberate reasons, such as a simple inability to pay or to get to a biometric scanner, should one be used. There will always be some individuals who are excluded.
Part of the problem with this, of course, is that an assumption of universal coverage will further marginalise those people who are not cardholders, for whatever reason. This is particularly worrisome, given that they are already likely to be excluded by society.
It is quite evident that universal registration would be no small feat. The example of the Northern Irish Electoral Roll is quite relevant here. It could be argued that electoral registration poses a greater incentive than an ID card could, particularly amongst those who have little need to access the public services requiring presentation of a card. Yet (as we discuss in more depth at consultation point P16) where the penalty for non-registration is disenfranchisement, up to 80% of first-time voters may have been omitted and, in urban wards, figures are disturbingly low. One ward has under a 60% response rate, according to the NI Electoral Office’s own statistics, and more than one constituency has up to one in five voters left off the Roll. It is difficult to see how registration for an ID card would be much more successful, particularly in urban wards and especially if it is considered expensive, unpopular or unnecessary.
Paragraph 2.12 makes the assurance that the card scheme could not dictate that service providers require the card. This is a very bureaucracy-centric statement; from the citizen’s point of view, the question is rather whether the card scheme would allow service providers to require the card. Withdrawal of services from those who cannot produce a card, even with reasonable prior notice, would seriously impact at least two major categories of at-risk groups:
1. those who are unable participate directly in such a scheme (for example, the elderly/infirm, those with severe physical or mental challenges, those without a fixed address)
2. those whose card may be prey to an abusive relationship (domestic abuse, vice etc) where the abuser may withhold the ID card as a further means of intimidation and control.
There is no evidence in the consultation paper of a strategy for addressing these practical problems.
Despite this, we believe that central government would find it very difficult not to lay pressure onto public services it controls, such as the NHS and the Inland Revenue, to make use of the card. It beggars belief that, after the investment of large sums of money, the government would not find itself under political pressure to show that the scheme was worthwhile and presenting efficiency savings, no matter how contrived.
Certainly, the production of a card should never be necessary in any emergency. Even without considering the inhumanity of withholding healthcare, for example, simply because someone has mislaid an object the size of a credit card, one has to remember that many public services are offered on the basis of reciprocal agreements with other EU members, such as E111 healthcare agreement. We are somewhat alarmed, however, by the suggestion in the tail end of paragraph 2.13 that:
A universal card scheme could still have a rôle in these cases, for example a service provider could be able to check with the card issuing authority that a card had been reported lost or stolen.
Frankly, we cannot see the point, in an emergency, in wasting time with a bureaucratic check that evidently is not considered essential paperwork, given that our 2003 society does not carry ID cards. Why require our already-overworked civil servants — especially undervalued ancillary staff in healthcare services, for example, to effect even more paperwork that is necessary?
We do not believe that the levels of fraudulent access to public services in the UK are high enough to justify the intrusion and cost of a nationwide ID card scheme. Indeed, during the debates on the “Australia Card” in the 1980s, the Australian DSS estimated that benefit overpayment by way of false identity accounts for 0.6% of overpayments, whereas non-reporting of income variation accounts for 61%. When Michael Howard suggested the introduction of an ID card here in the UK in 1995, the DSS argued against it for exactly that reason — that it would not have a noticeable effect on benefits fraud in the UK.
Another rather more tabloid concern seems to be the impact of claiming benefits by illegal immigrants. When the Joint Parliamentary Committee on the “Australia Card” considered the issue, it found that the real extent of illegal immigrants collecting government benefits was extremely low. The report described a mass data-matching episode to determine the exact number. Of more than 57,000 overstayers in New South Wales, only 22 were found in the match against Social Security files to be receiving government unemployment benefits. That is, 22 out of a state population of five million. The Department of Immigration and Ethnic Affairs (DIEA) had earlier claimed that the figure was thirty times this amount — 12.4% as opposed to 0.4% of overstayers. To quote the inquiry:
It became clear that the estimates for illegal immigrants were based on guesswork, the percentage of illegal immigrants who worked was based on guesswork, the percentage of visitors who worked illegally came from a Departmental report that was based on guesswork. […] The Committee has little difficulty in rejecting DIEA evidence as being grossly exaggerated.
We are also apprehensive about the possibility that card-requiring services themselves could find reliance on ID cards very inconvenient in some circumstances, should their network link to the Central Database be unavailable for some reason, for example. Whilst there are [questionable] gains in not re-keying service user’s personal information (and not having to train clerical staff on how to do so), reliance on an ID card system would present substantial issues in the event of a system failure affecting smartcard readers or network connectivity.
In the light of the heightened terrorist threat, the introduction of additional critical network links into the National Critical Infrastructure needs to be assessed very carefully.
Most of the supposed savings and benefits from an national ID card scheme depend on the assumption of constantly-available access to the Central Database. This represents an centralisation of risk in the National Critical Infrastructure exceeded only by the National Grid for electrical distribution.
Even if it is not currently intended, it is highly likely that future IT systems will assume the real-time availability of the Central Database. Since it is likely that the system will be designed for high availability in normal usage, it is likely that this assumption will be made, by accident if not deliberate design; furthermore, the likelihood will increase over time as the system proves itself. This may not be the government’s current intention, but it is a substantial implied risk in the project under consultation. We should therefore consider the effect of non-availability of the Central Database.
If service providers come to rely on Central Database availability to access their own records, there is a substantial risk that Central Database availability failure will result in critical failure at the service-provider level. In order to prevent this, service providers would have to continue to operate a parallel system which did not use the ID card scheme; this would surely invalidate any planned cost savings. Moreover, many non-essential service providers offer a service which does not of itself justify the considerable cost of adequate contingency planning. It would hardly be appropriate, for example to require 99.999% availability of processing of liquor-licensing applications.
Consider the cumulative financial, economic, political and social costs of all the prospective service-provider users of an ID card scheme suffering simultaneous service outage; the true cost is absolutely immense. Hostile interests — principally terrorists in the current environment, although, in the arena of Low Probability High Impact Threat Planning, neither organised crime nor hostile governments should be utterly discounted — will therefore certainly consider this an absolutely prime target for sustained attack.
There is a remarkably short list of potential targets which, if successfully attacked, would cause immediate and severe national disruption. We should not add to this list frivolously.
We therefore recommend that those agencies intimately connected with National Security be formally consulted for an impact assessment on the specific scenario of a sustained attack on the Central Database once real-time access to that database for personal identification is a commonplace design assumption in most public and private-sector IT systems.
The red herring of police identification of suspects once again crops up in paragraph 2.15. Yet again, the government cites the somewhat naïve view that a compulsory ID card would help the police identify suspects. This paragraph does, at least, acknowledge that existing powers, under the Police and Criminal Evidence Act 1984 (PACE) inter alia, seem to be wholly sufficient and that identifying suspects is not something with which police service currently seem to feel they need help. The Data Protection Registrar argued, when Michael Howard was mooting the introduction of ID cards in the mid–1990s, that, since their withdrawal in 1952, “the police have noted no reduction in their efficiency nor was identification normally an issue they found difficult to resolve”.
Paragraph 2.15 fails, though, to address the idea that criminals might take the bold step of acquiring false papers. Indeed, at least six of the hijackers involved in the September 11 attacks were carrying false Virginia DMV licences and, despite the much-vaunted security checks at DVLA (one of the agencies who would be running with an ID scheme), lauded throughout the consultation paper, only this month the BBC’s Paul Kenyon managed to acquire a driver’s licence with the name and details of David Blunkett, who is, of course, statutorily ineligible to drive, being registered blind.
We are also concerned that the government has not chosen to consult on any prospective safeguards they would wish to implement to ensure that a card scheme could not be used prejudicially against ethnic minorities and the socially excluded. In much the same way as was the case with the Metropolitan Police’s policy of stop and search, we fear that the effect of the policy could, unintentionally, be perceived as being racist or unfair, with a disproportionate effect on specific sectors of society, notably those who are already disadvantaged or socially excluded.
The experience of minority groups from France’s ex-colonies is that making an individual’s nationality readily apparent from their identification papers has tended to lead to discriminatory treatment and victimisation by the police. Whilst we are pleased to note that our police have a much better reputation for race relations, particularly recently, than might stereotypically be considered the case in many other countries, we are not alone in our concern that ID cards could become another stop and search.
Our concerns are not particularly assuaged by the welcome assurance that, should a scheme be introduced, it is not intended that powers would be sought to compel individuals to produce their ID card on request from a law enforcement officer. Whilst we would be very concerned at such powers even being sought, much less granted, these powers could always be sought in the future, should some government be less concerned at the privacy implications and the opinion of Lord Chief Justice Goddard. There is no way by which the current administration could bind future governments from making any scheme more draconian, no matter how innocuous the intent at present.
Similarly, we are only too aware that the government is somewhat reticent to make it clear that powers to demand information are being granted in various laws, preferring to obfuscate issues that may be politically rather contentious. As we saw with the Social Security Fraud Act 2001, press releases from government departments tend to use the somewhat misleading euphemism “ask” in such a context. The Act provides powers for Department for Work and Pensions officers to require third parties to provide confidential information about individuals, yet the press release consistently reads along the lines of this quote:
Under tough new powers in the Social Security Fraud Act 2001, Authorised Officers will be able to ask companies — such as banks, insurance and utility companies — for information where they have reasonable grounds for suspecting benefit fraud. The new Code of Practice will regulate the use of these powers.
It is quite clear that the requirement to provide such information is being glossed over somewhat, in favour of the implication that such a request would be up to the third party’s understanding of Data Protection legislation and individuals’ privacy rights, as is more properly the case with several other pieces of legislation.
It should be quite clear from our answers to this and the preceding point that we feel the introduction of any ID card scheme would not only be ill-advised but also a waste of considerable sums of taxpayers’ money on something of questionable value to society or the state.
The government, wisely, claims to have no intention to implement an ID card scheme under the guise of the Royal Prerogative to issue passports, thus sidestepping any requirement for legislation. It would be exceptionally reckless and, frankly, contemptible for any scheme to be steam-rolled into force by such means. It would be important, should the government decide to proceed with a scheme over the objections of so much of the British populace, that any scheme be fully debated in Parliament, so that unforeseen issues could be ironed out before implementation.
We are disturbed to note that the government deems it might be necessary to impose criminal sanctions for the failure to notify the government of a change of name or address. This is particularly the case, given that we have a Common Law right, as citizens in England and Wales, at the very least, to go by the name and address of our choosing in all aspects of our day-to-day life, irrespective of our ‘legal identity’.
To quote Nicholas Bohm, a prominent lawyer on the UK Crypto mailing list, on this subject:
As a matter of law I can use as many different names for myself as I like (think of authors and stage artistes as among those who habitually exercise this right), and give as many different addresses as I have (depending on what, in any given context, I may be impliedly asserting about the relationship between me and the address in question), provided in each case that I am not doing so fraudulently.
The ID card scheme tries to confine me to one name, and perhaps one address. It thereby either revokes the rights I previously had, or at the least obstructs my freedom to exercise them.
A comparison is drawn to the fact that it is already an offence to fail to inform DVLA of a change of address. Whilst we again feel that comparisons with driver’s licencing are somewhat facile, we also feel that such offences are already poorly enforced. Indeed, more than one of the volunteers at Stand did not even realise there was a legal requirement to inform DVLA of a change of address and have not done so on any of the seven occasions, for one, where he has moved house in the decade since he was given a provisional driver’s licence. If this is a problem the DVLA or DVLNI are trying to resolve, perhaps it might be better to ensure enforcement of the current requirements before considering imposing new ones.
We are also very disappointed that the government does not seem to consider it necessary to consult on the inclusion of criminal sanctions for unauthorised access to or misuse of individuals’ data, something we believe is worryingly typical of the way in which the Civil Service seems to address issues of individuals’ rights to privacy in the UK.
We consider that, in order to
provide any level of public confidence in any scheme, there should be far
greater punishment of such abuses of the scheme than there should be for the
relatively trivial ‘offences’ of forgetting to tell the central government that
one has moved house. As the Home Office was reminded in summer 2002, with the
badly thought-out Standing
Order to extend RIP Act section 22 powers, there are many cases where state
officials with access to sensitive data about citizens have abused that power.
There are examples of police officers abusing criminal records databases, for
example, at the website of the US cable TV channel Tech TV:
http://www.techtv.com/cybercrime/privacy/story/0,23008,3387549,00.html.
The Guardian’s special feature on the black market in personal information (which can be found on their website at http://www.guardian.co.uk/bigbrother/privacy/blackmarket/) shows how plenty of sources — among the police and the drugs squad, for example — will often provide access to restricted information, for the right price. Ex-directory telephone numbers and tax records are just the easiest and cheapest information to acquire.
Indeed, even the DVLA — one of the organisations proposed to run the ID card scheme — has admitted selling information about vehicle licence owners to private companies. An international survey of ID cards by Privacy International found claims of police abuse by way of the cards in virtually every country. Most involved people being arbitrarily detained after failure to produce their card, others involved beatings of juveniles or minorities; there were even instances of wholesale discrimination on the basis of data set out on the cards.
The consultation paper hints at another problem that would beset the introduction of an ID card scheme in the UK. Creating criminal offences in Scots Law is a reserved matter for the Scottish Parliament. Thus, Westminster would need to secure the permission of Holyrood in order to implement any scheme. This is something Westminster might not necessarily get, given the Scottish administration is acquiring a thoroughly welcome reputation for being rather more libertarian than the current government in Westminster. Whilst this is patently not a problem with the ID card scheme itself, so much as a quirk of the current constitutional arrangement with devolution to Holyrood, it would certainly be another issue that would need consideration. The consultation paper fails also to consider the viability of a mandatory ID card scheme in England and Wales after its repeal in Scotland by the Scottish Parliament.
The consultation paper mentions that it “would not be the government’s intention to make significant changes to any entitlement card scheme via secondary legislation”. Explicitly mentioned is the example of changing a voluntary or “universal” scheme into a compulsory scheme (remembering the paper’s fallacious distinction where a “universal” scheme is one where there is no legal compulsion to carry the card). We feel quite strongly that any substantial changes to the scheme — especially any addition to circumstances where it would be compulsory to use, carry or reference an ID card — should be expressly forbidden from being effected by secondary legislation. This is another point echoed by Richard Thomas, the new Information Commissioner, taking over the rôle that has been expanded since Elizabeth France’s tenure as Data Protection Commissioner.
Paragraph 2.22 moots the idea of Parliament approving an ID card scheme “without a complete description … of its potential uses”. We feel that it would be much more appropriate for the services which could require the production of an ID card to be enumerated in any primary legislation creating the scheme, in the first instance; with the power to activate the appropriate requirements being granted to the appropriate Secretaries of State by secondary legislation. This way, the extent to which citizens’ lives would be affected by the introduction into force of obligations to carry an ID card would be made clear in Parliamentary debates before the scheme were to receive Royal Assent and any more wide-ranging extension of the scheme could similarly be debated in Parliament. Whilst we would prefer that no scheme be introduced whatsoever, this might greatly ease some people’s objections to the more threateningly authoritarian aspects of an ID card scheme.
As we object to a “universal” or compulsory ID card scheme, we similarly object, in the most strenuous terms, to granting the state any powers to require that citizens possess or carry cards under any circumstances.
We believe criminal sanctions would be disproportionate and would merely create another level of bureaucracy and give the impression that the state were becoming more authoritarian, whilst further overcrowding our courtrooms with trivial cases. The options for criminal sanctions would be to gaol people for not holding an ID card — which might seem rather melodramatic and would run counter to the government’s aim of non-custodial sentences for non-violent offenders. The principle alternative would be the use of fines however we believe pecuniary penalties would be ill-advised, given that many of the people more likely not to carry an ID card are likely to be on low incomes already. We feel that such a measure could only further increase social inequality, making even more intractable the government’s laudable attempts to tackle this issue.
For similar reasons, we oppose sanctions for not carrying an ID card even when the penalty is ‘merely’ denial of service. Such sanctions would serve to exacerbate the marginalisation of some sectors of society. A measure like this would create an underclass without access to certain public services. A point we have made already, and feel we cannot stress sufficiently, is that, when public services are universal, we are concerned that the government feels it necessary to prove one’s entitlement.
The introduction of a requirement to hold an ID card could only lead to somewhat severe sanctions against innocent citizens who merely fail to comply, whilst criminals could rather more easily carry forged identification or even bypass the scheme altogether. This is another case where an ID card scheme would disadvantage the innocent, whilst having negligible effect on the guilty.
Furthermore, a coercive approach is never completely successful. While the government has clearly given some thought to how to maximise take-up of the card, there is little evidence of a strategy for dealing with those who do not obtain an ID card despite the legal obligation, such as
1. conscientious objectors;
2. the elderly/infirm;
3. those with severe mental or physical difficulties;
4. homeless people;
and other marginalised groups.
Whilst the assignment of a unique identifying number to every UK resident may seem, cursorily, somewhat disturbing and we do have misgivings over the potential for abuse of such a system by a repressive government in the future, we cannot see the point of an ID card scheme without the allocation of a unique number to every cardholder. Indeed, we’d be immensely entertained to read some technical specifications for any such scheme. Again, we wish to make clear that we are not, here, endorsing such a measure; we merely cannot fathom how a scheme could function without unique identifiers, even though we consider the scheme as a whole unwelcome and unnecessary.
As to whether or not a unique identifier should be displayed on any proposed card, we can see no reason to justify withholding it. In our view, it is important that all data held on the card or in the Central Register should be available to the subject cardholder, not least for reasons of privacy and data integrity.
From a more functional point of view, we feel many of the purported advantages of an ID card scheme would be greatly reduced if the cardholder — and other card users — did not have the ability to quote a card number when accessing services and the Central Database.
With regard to format, basing a new identifier on an existing number seems problematic. The example given is to base the new number on existing DVLA/DVLNI driver numbers. Even without the issue that many people are not drivers and do not currently have a driver number; the format of the DVLA driver number is that it includes a part of the driver’s surname. This raises the issue of regular invalidation of ID numbers due to a change of surname — on marriage or divorce, for example.
On first glance, this might seem to be a reason to avoid the use of name parts in the unique identifier. More interestingly, however, it raises the broader questions of how the system ought to deal with linking duplicate “identities” and unlinking individuals who share the same “identity”, eg due to system failure or deliberate fraud. It is disappointing that the consultation paper completely fails to address issues concerning the need for such an important system to be resilient against these inevitable types of system failure; this strengthens our plea for a longer wiser consultation.
There are other near-universal government-issued identifiers, though we also feel these are all inappropriate. The use of the NHS number scheme should definitely be avoided, as people would, understandably, be concerned about the privacy of their medical records. The use of National Insurance numbers would again raise the spectre of the number of fraudulent and duplicate NI numbers in existence. Other than those three, there aren’t any widely known, convenient, universally-held identifiers. Whilst the format of any new unique identifier is, in our opinion, largely irrelevant, we feel, thus, that a new number should be created and that it should not be based on some existing format.
The only real comments we do have regarding the format, specifically, are that numbers should not be easily guessable. One should not be able to divine someone’s number from knowledge of their surname, date of birth or other personal data. Similarly, they should include checksums, so that taking one valid identifier and altering one character would not ordinarily provide another valid identifier.
One of the problems with the introduction of a new identifier for all residents is, of course, that of function creep — the tendency of systems to evolve such that they are used for purposes for which they were not designed, that never could have been envisaged at the time of system creation. Such subsequent usage poses far greater risk than most issues that would be faced during the creation of an ID card scheme. Security features, such as subject–privacy guarantees, are immensely difficult, if not impossible, to retrofit.
The examples of identifiers in the consultation paper hint at some instances of function creep already — our National Insurance numbers are now used for rather a lot more than referencing our ‘Stamp’ and, in the same vein, US Social Security Numbers (SSNs) are very widely [mis]used. It should not be forgotten, either, that there are millions of superfluous, duplicate National Insurance numbers in existence.
In addition, to quote paragraph 2.27,
There would also be very significant and probably prohibitive costs to revise existing IT systems to use a different numbering scheme.
Even the use of some new identifier in addition to existing identifiers (NI numbers, DVLA/DVLNI driver numbers, Passport numbers, VAT Registration numbers and the like) would introduce massive costs to update countless government IT systems. Moreover, it is difficult to recall a major-scale government IT project that has been completed both on time and within budget. Whilst it would be very attractive to take the opportunity to rationalise the use of identifiers in government IT systems, we do not feel this could be an efficient use of taxpayers’ money here.
However well-intentioned this scheme may be at inception, its inherent propensity to function creep makes it extremely susceptible to future abuse.
SSNs in the US were originally created to number personal accounts for Social Security, tax collection and benefits payment. They are now used as a generic identifier. To quote the ACLU site (viz http://archive.aclu.org/library/ibpriv4.html):
Whether you've paid taxes, opened a bank account, been accepted for a credit card, joined a gym or a shopping club, or applied for a video rental card, a driver's license or a mortgage, chances are you've been asked for — and given out — your SSN. That seems innocent enough.
But because the SSN is so commonly used as an individual account number, this nine-digit code ends up being a virtual pass key to a vast amount of private, and often sensitive, information about you — your address, medical history, shopping preferences, household income, and use of prescription drugs, to name just a few.
The Internet has made the problem even more serious. More and more companies distribute SSNs through online personal locaters or look-up services — California's Senator Dianne Feinstein has testified that it took her less than three minutes to retrieve her own SSN from the Internet.
A huge online database, Lexis–Nexis, recently announced a person-locator program that made it possible to find someone's most recent two addresses, maiden names, aliases and SSN with the click of a mouse. After a slew of complaints (such a service could prove fatal for victims of domestic abuse or stalking, for example) the company stopped giving out SSNs. In an era when information is money, even worse abuses are bound to occur.
More worryingly, of course, are the worse abuses, which are bound to occur:
The proliferation of SSNs has already led to some very serious problems. Here are a few examples:
FRAUD — It was recently discovered that ten current and former SSA employees had accepted bribes from a credit fraud ring in the business of selling mothers’ maiden names to activate fraudulently obtained credit cards.
IMPROPER PRYING — Congress passed a law in 1997 making improper prying, or so-called “browsing”, a crime after an IRS employee targeted a state prosecutor he had a grudge against. The employee scrutinized the prosecutor’s tax form, which included detailed information about the day care center the prosecutor's children attended.
IDENTITY THEFT — Because of the widespread availability of SSNs, criminals are able to assume the identities of others in order to gain access to their victims’ bank and charge accounts and to steal their victims’ government benefits.
We do feel, however, that the bulk of the value in an ID card scheme, from the point of view of government information-sharing, could be created in a much cheaper project, to cross-reference unique identifiers. This would provide many of the information-sharing benefits of ID cards (though see our concerns on that issue in the next subsection), without the need for the infrastructure to issue cards, which would be complex and expensive, even without the use of biometric technologies. Given that large-scale government IT projects seem to be doomed to failure, however, we still do not consider that such a project could be either worthwhile or cost-effective.
A major issue, from the point of view of citizens’ right to privacy is government information-sharing. One should not forget that we have an absolute right to privacy, granted by Article Eight of the European Convention on Human Rights, enshrined into UK law by the Human Rights Act 1998 and assisted by the Data Protection Acts. We have a firmly held belief that any information to be shared between government departments and/or other organs of state should be both necessary and that such sharing be proportionate. The main concern that many people have, when it comes to the introduction of an ID card and a corresponding Central Database is that it smacks very much of Big Brother. A large part of such a perception of ID card schemes is the prospect that just about any state official might be able to access all the information about citizens — criminal records, education records, movements through public transport networks and so on.
Our fears are only very mildly assuaged by Lord Falconer’s claims, in Home Office press release 019/2003, that:
It is crucial to the Government that any proposed entitlement card scheme would not breach our fundamental privacy and civil liberties under our proposals. No agency outside Government would have access to any information unless the cardholder chose to allow the agency or company access. Also, Government departments or agencies would only be able to access information relevant to their own department.
Whilst the press release goes on to mention that “there would not be a single Government database containing all the information on the population currently held by separate departments”, the Home Office’s prescience is self-evidently something more of an aspiration than a statement of fact. There is no way that any Act of Parliament could prevent some future measure being brought to Royal Assent that could create such a database, once the population were more resigned to the state depleting our right to privacy.
The only way to counter this impression is to place strict limits on information-sharing — and penalties for breaking these limits. This is an area we feel the government has completely overlooked in this consultation exercise and this omission disturbs us greatly. Information-sharing is often done with the best intentions, but this does not mean that it is necessarily A Good Thing. For example, the use of NHS Guthrie cards (the neonatal blood tests performed to test for phenylketonuria) for HIV testing, combined with census data on the babies’ heritage, alleged recently to have been performed in Bedfordshire, would certainly provide very useful information to epidemiologists but would also be rather invasive of the privacy of the parents and the children involved. Such testing may well be a valuable study but, as with any sensitive data, should only be performed with the informed consent of the subjects involved.
That said, the notion of “informed consent” has been one of the most problematic aspects of the Data Protection Acts, as organisations routinely manufacture alleged consent in such diverse areas as employment contracts, bank account terms and software ‘click-through’ licenses. In this context, it is a red herring, and public confidence in the system can only be maintained by the government’s active support for the privacy of private data.
Whilst we admit that a national database would remove the need for citizens repetitively to provide the same personal information to several agencies, we do not feel this is sufficient justification for an expensive and invasive ID card system. Several somewhat dubious “practical advantages” are catalogued in the consultation paper, all of which can be debunked. For a start, the government seems to be under the illusion that the provision of unsolicited commercial mail (“spam”) is a good reason for creating a national database and that such mail might even be welcome.
The Home Office makes the rather unconvincing statement that:
A common database would be indispensable for enabling more joined-up and Internet-based delivery of public services.
We are not surprised that this statement is not backed up with any evidence, as we consider it to be a rather naïve soundbite. We feel that, if the government is interested in “enabling more joined-up and Internet-based delivery of public services”, there are plenty of other lessons that the Civil Service could do with learning from the private sector and NGOs first. There is plenty of public service delivery that could already be effected online but is not yet. In addition, many public services aren’t entirely suitable for online access in the first place or would not be cost-effective to implement online.
It is worth mentioning here that the Government Gateway, at http://www.gateway.gov.uk/, is a superb example of the kind of site that provides for excellent online delivery of public services and that the Office of the e‑Envoy‑ is also progressing several commendable initiatives in this area.
Replacing the Electoral Roll is another contentious issue. It is rather alarming that a relatively simple error by one of the thousands of civil servants who would have access to these basic data might affect the ability of someone to participate in the democratic process. We cover the problems in this area in greater detail at consultation point P16, where it is more directly relevant.
Finally, “the common database could also help deter some kinds of fraud”, apparently. As the acquisition of a driver’s licence with David Blunkett’s details and Paul Kenyon’s photograph proves, as we mentioned under consultation point P4 supra, it will always be possible to acquire fraudulent state-issued identity cards — see also our comments on more general counterfeiting elsewhere. Far from reducing fraud, the creation of a more valuable state-issued ID will only increase the attempts to obtain it illegitimately. Only immensely stupid criminals will be caught out by a national database and these are the criminals who are unlikely to prove difficult to apprehend without it.
This assumes that government technology is far in advance of that available to the general population. Instead, technology in this field is widely available and often operated by criminals with more specialist knowledge than the hard-working but generalist civil servants forced to define government IT infrastructure.
As we have already mentioned, however, the prime concerns for a national database are the potentially unwelcome prospects it could embody. For the public thoroughly to be able to evaluate such a scheme, full details would need to be made available on subjects such as what data would ever be collated therewithin, who would have access to these data, what levels of authorisation and cryptographic protection would be applied to each part of the database, what sanctions there would be for illegitimate access or misuse of the data contained within it and so on.
It is certainly worthy of note that the kind of invasive information-sharing envisaged by the Home Office is entirely at odds with the much more sensible policy at the Office of the e‑Envoy‑, where civil servants appear to be much more acquainted with the Human Rights Act 1998 and assisted by the Data Protection Acts. The Office of the e‑Envoy‑ is looking towards opt-in, user-owned and controlled data management across government departments, something we commend greatly and with which the Home Office’s ID card initiative is in direct conflict.
This chapter starts with a discussion of travel documents and driving licences; both of which exist already and would not be greatly improved by any ID card scheme. The suggested enhancements to a driving licence smartcard are, again, a little privacy-invasive and not all that useful. The paper suggests that a Passport card would be useful for travel where no visa needed to be stamped into a book (within the EU and EEA, for example). Benefits such as these, which aren’t very great, could also be gained by other means, such as the UK joining the Schengen agreement, for example. There are plenty of other ways one could explore that might make intra-European travel more simple. We believe such concerns should more properly be left for the Foreign Office to negotiate with other European governments.
These suggestions both seem a little contrived, in our opinion, as though someone has struggled to come up with easy-to-explain advantages of an ID card scheme. We have addressed each these suggestions, and some others, along with the consultation points within which they are mentioned.
One of the comments made, in the consultation paper, is that not having an ID card scheme might mean that some people might not apply for services to which they’re already entitled, if they have difficulty using the telephone or filling in forms. This seems particularly specious, particularly given there would be a need to fill in forms or use the phone even with the card and that the acquisition of a card itself is likely to involve form-filling. Furthermore, we find it unlikely that much expense would be invested in ensuring that individuals were to apply for benefits to which they were unaware they were entitled.
Another point raised in this section is that a card scheme might ease authentication for online provision of public services. We remain to be convinced that this would be particularly easily effected. Importantly, however, we find it worthy of note that authentication to check that a user is a specific person is not always important. Whilst this is less often the case for public services, this is very much the case in the private sector — to which it is envisaged that the ID card would be offered as a convenient service. Websites do not care whether a user is actually Joe Bloggs, so much as whether the user’s credit card will pay for the services or goods being ordered, that the card has not been stolen and that the point of delivery is mutually acceptable. This might substantially reduce the supposed value of an ID card to be sold as a convenient service to the private sector.
A card could also store some service entitlements electronically on a smartcard chip. This, however, would not necessarily be particularly useful either. Services are likely already to have databases (and, in any case, are likely to have further information to store than just the basic personal data held within the Central Database). Whilst we can see some small benefit to using an ID card scheme to pre-populate or cross-reference basic personal data, expanding the ID card data model to contain information about other entitlements is an immensely bad idea — a fact acknowledged elsewhere in the consultation document.
The introduction of a smartcard chip would naturally and inevitably lead to the desire to sell space on that chip, as the consultation document mentions in several places, including paragraph 3.6. The issues around smartcards are covered in more detail in our response to consultation point P29.
The paper rightly mentions that many efficiency savings would never be realised. Services would not be able to rely on exclusive use of the card for some time — at least a decade — and, even then, most services would want to be able to handle users who had mislaid their ID card or from whom it had been stolen. It seems very unlikely that any organisation is ever going to want to require exclusive use of the card, which, thus, would defeat the object of the card somewhat.
Only a cursory mention is made to one of the largest problems with the scheme — that it would create an effective ‘honeypot’ with large quantities of personal data in one place. It would be very difficult to create sufficient safeguards to ensure against abuse, even with the use of strong cryptography. This issue is exactly the same concern as was espoused by groups, including Stand, during the RIP Act debates over ‘Government Access to Keys’ (GAK), for example. Putting a large amount of ‘valuable’ data in on place is almost always a bad idea, as it creates one large target.
Whilst security on one large target is always going to be tighter than for each part of a more widely-distributed infrastructure, it does not follow that the single target is proportionately more secure than the combination of all the individual databases. Indeed, the reverse is usually the case; it is far easier to secure a distributed collection of online databases that need little or no cross-communication and each being accessed by a relatively small group of users than it is to secure one large database with many access points.
The government also seems to underestimate that “the project would be large scale and challenging with the kinds of major risks associated with any large IT project”. We note, again, that the Home Office, in particular, and the public sector more generally, are somewhat renowned for disastrous IT projects. We have little confidence that an ID card project — which would be a substantially larger project than the recent Passport Service project or the IND systems upgrade — could be effected either within budget or on time, much less both. What’s more, all the parts of the project that could make it more useful would increase both the cost and the likelihood of failure. On these grounds alone, it is very difficult to recommend that any sum of taxpayers’ money, let alone £1.5 billion, be spent on this project.
From the point of view of the voluntary sector and NGOs, it is difficult to see any benefit that an ID card scheme could give us whatsoever. Voluntary organisations and NGOs are much more likely to try to save the little money they have than spend it on buying smartcard space from the government or investing in hardware such as card-readers and computer upgrades to handle interfacing with an ID card scheme’s Central Database.
We are mildly concerned at the introduction of yet another ‘sexy’ issue that the ID card can ‘solve’, in the guise of identity fraud. We are highly sceptical about the government’s claims, in the consultation paper, that identity fraud costs the UK economy £1.3 billion per annum. Indeed, Equifax estimate the cost of all fraud at £1.2 bn for the year 2001, only a small proportion of which can reasonably be described as identity fraud. We would be quite interested to know how the Home Office arrived at their estimate.
That said, most of the paper’s arguments in this regard fall apart quite quickly when one realises that the more useful an ID card becomes, the more likely it is that it will successfully be forged, thus making it a less accurate proof of identity. Not only this but, as is mentioned in paragraph 3.11, many companies are disinterested in spending time and money on identity checks, when it is far simpler to write off an acceptable level of fraud. Again, we do not feel that any advantages gained from the scheme could counterbalance the large amount of investment that would be required in order to establish it.
It is, of course, worth remembering to examine cases from other EU member states. To quote a case-study mentioned in Charter 88’s parliamentary briefing from the mid–1990s:
In Sweden, a 23 year old woman received a letter from the welfare authorities stating that her three year old was to be taken into care. Her name and national registration number had been falsely used by a registered heroin addict and given to the police, hospitals and social welfare authorities. No one had ever questioned the use of Annika Andersson’s particulars since the ID number was correct.
This is hardly the only example one can give of where a national ID scheme, far from preventing identity fraud, has been the very vehicle for it..
In a similar fashion as to how the consultation paper’s arguments regarding identity fraud dissolve on close examination, there are some highly fatuous claims made elsewhere as to the omnipotence of an ID card scheme. For example, contrary to Home Office belief, an ID card would make next to no difference to Internet fraud, which most often involves the use of stolen credit card numbers. Proof of identity isn’t generally what online retailers are interested in as much as the integrity of the credit card number. As we mentioned earlier, Amazon and eBay aren’t worried about whether the person making an order is actually Joe Bloggs but rather that Visa will pay them for it. Whilst the benefits to companies of requesting customers’ ID cards seem unclear, doing so would present a not-inconsiderable overhead and the government has no power to compel companies to take action. As a result, we feel that little of the private sector is likely to make use of a card scheme.
If the intention were to be to compel, this would raise two questions for international traders. In part, how would the government be able to enforce the use of ID cards without running into free-trade issues. If such an overhead were only to apply to British companies, however, this would raise issues about the competitiveness of the British local and export markets.
Again, we feel it important to mention that we believe putting too much stock into one form of identity is a particularly bad idea, especially as we believe it will even be counterproductive in the effort to reduce fraud. As we have mentioned before, how would someone contest an ID card with their own personal details on it but someone else’s biometrics?
We are very sceptical that the introduction of “entitlement cards” will make it any easier for lawful residents, including non-British citizens, to gain entitlement to public services. We believe that there are many ways in which lawful immigrants could find it easier to get access to services, but the introduction of what would, effectively, become an internal passport for groups such as these is not one of them.
We also feel that the introduction of an ID card would have a negligible effect on illegal working. Despite the somewhat punitive provisions of the Asylum and Immigration Act 1996, there will always be some unscrupulous employers who are not interested or concerned in whether or not their employees are working legally. This black market will continue to thrive, despite the introduction of ID cards. Indeed, we believe the only effect on the black market will be the creation of a demand for fake ID cards. For similar reasons, we are also uncomfortable with the more heavy-handed measures that were introduced into the Nationality, Immigration and Asylum Act 2002, which, again, we feel only served to increase the problems faced by those already excluded from society, rather than making it more difficult for those who are not entitled to such help.
The consultation paper itself accepts that this is the case. Paragraph 3.20 highlights that “a card scheme on its own could not be wholly effective in bringing illegal working to an end”. We feel that cases involving “unscrupulous employers colluding with illegal workers” are a much greater issue and will be wholly unaffected by the introduction of an ID card scheme.
To quote Rt Hon John Redwood, MP, again speaking to On the Record, last June:
When it comes to illegal working, we have a National Insurance system. Everyone who works in this country is meant to have a National Insurance number, we know that some people don't, they break the rules on National Insurance, both employers and employees, those same people would doubtless break the rules. If they had to show an identity card, how would it solve the problem, because the problem is one of enforcement, not of a system.
In our opinion, a better solution to the ‘problem’ of illegal working and the very real issues experienced by asylum seekers and other legitimate immigrants to the UK would be a less aggressive immigration and asylum policy and better contradiction of the xenophobic reportage of the issue in the tabloid press. An ID card that will become very lucrative to fake and will, in effect, become an internal passport is more likely to increase the problems experienced by immigrants entering the UK, allowing greater exploitation by the criminals behind people trafficking.
That new immigrants to the UK would not immediately possess a card requires that employers would have to be given a period of grace, where they are not expected to verify the ID cards of their new employees. Such a period of grace, however, will make any requirement to prove one’s identity and entitlement to work in the UK substantially less efficient and less worthwhile.
Moreover, granting the ability for employers to check the “entitlement card” database — which would be necessary for the functioning of such a requirement — would mean that, in effect, anyone in the UK would need to be able to check up on people’s details in the Central Database. We feel this is unacceptably invasive of individual’s privacy.
In addition, as is described in paragraph 3.18,
The need to determine eligibility to work could complicate the process of applying for an entitlement card, as it would require specific expertise in interpreting the immigration rules.
Given the overwhelming complexity of this subject and the problems already experienced by the DVLA/DVLNI, Passport Service and the IND, we feel this can only add even greater risk to the success of any ID card scheme introduced with this purpose in mind.
Another suggestion made in the consultation is that non-permanent residents would be given an ID card with a validity period less than the normal ten years. This, however, means that their card would explicitly label them as being different from permanent residents. We feel that increasing the stigma attached to immigration to the UK in this way is probably not the best of ideas.
Quoting from the consultation paper again,
Adding an additional step to the process of hiring overseas workers … might make the UK less attractive to … other EEA nationals and have an adverse effect [on] the economy.
Aside from the risk of European treaty issues, we are very concerned at the risk to the economy and the regressive nature of such an imposition, given that
Small businesses in particular might be disproportionately affected.
Whilst some non-British citizens would indeed already be carrying an ID card when moving to a new job at a small company, we do not feel that this is a useful burden to be imposing on any businesses, least of all small businesses.
We believe that it is a mendacious fallacy to characterise the introduction of a mandatory identity document as a “more convenient” form of travel document. The question presupposes the introduction of the ID card envisaged, and claims that if a person had such a card it would be more convenient to use it to travel abroad than to apply for a passport. However, as we do not yet have such an ID card, the question should be phrased “Would it be more convenient to force everybody to obtain such a document, rather than just those who wish to travel?”
For the potential holders of such ID cards, the answer is clearly in the negative; obtaining such a document would certainly be no more convenient than obtaining a passport. Indeed, it would be substantially harder, should the biometric identification portions of this proposal be implemented) Nor could an ID card be reasonably considered “a more convenient travel document” just because the inconvenience is also imposed on those who don’t want or need a passport.
We believe that usurping the rôle of commercial Proof of Age card schemes currently available would be an unwelcome intervention into the market. If, as it mentions, the government has welcomed the development of these schemes, we believe the government has no reason to arrogate them.
Equally, we agree with all the reservations expressed in the second half of paragraph 3.24:
Parents might be reluctant to apply for (and pay for) an entitlement card that was more expensive than a straightforward proof of age card. […] Young people might be reluctant to carry a ‘valuable’ entitlement card (such as a passport card) to gain entry to places where it might be lost or stolen, such as pubs and clubs.
In addition, we believe that making an “entitlement card” become the de facto proof of age scheme in the UK will only increase the amount of forged cards in existence. One does not need to spend much time watching American television to notice the stereotype that many older US teenagers carry fake IDs in order to be served alcohol in or gain entry to bars. As the IDs that are usually demanded in bars are DMV drivers’ licences, these are the faked IDs that teens tend to carry.
The government yet again floats the naïve and fallacious idea that ID cards would be some kind of cure-all for the police. Despite the fact that all the countries with prevalent ID card schemes also suffer from the kinds of crimes listed in paragraph 3.25, the government seems to be under the illusion that criminals, who already seem to have no real problems acquiring fake DVLA licences and fake passports, will find the introduction of an ID card some real imposition that will deter them from pretending to be who they are not. Identity fraud, money laundering and organised crime — whether or not it is associated with people trafficking and illegal working — will not be greatly threatened by an ID card scheme.
In addition, as has frequently been stated, from as long ago as Lord Chief Justice Goddard’s summation in 1952, the police do not find that their problems stem from identification of suspects. Law enforcement agencies (LEAs) already have several powers to demand identity, not least under PACE, and most criminals really aren’t stupid enough to carry their ID card with them whilst committing their crimes.
Furthermore, as the government is not, currently, planning to introduce powers to enable the police to compel individuals to provide their ID card on request, there is little reason to think that people would necessary carry the card or offer it to a law enforcement office on request.
Foreigners with a known history of terrorism can be expected to apply for their ID card in an assumed name; those too stupid to do so are not likely to be a genuine threat anyway. One of the lessons we can learn from September 11 is that a much more serious threat is posed by those who have no known history of terrorist activity; in which case, the prospective terrorist can apply for and obtain an ID card with impunity. ID cards clearly do not provide some magic solution to the problem of determining criminal intent in advance of action.
We also feel that the administrative costs of keying personal info into custody systems are, again, probably not a significant overhead when compared with the expense of the scheme and the more abstract costs, such as the intrusion into individuals’ privacy.
The subject of biometric identifiers we cover in much greater detail at consultation point P28. It is worthy of note, however that:
Most offenders are already known to the police and their own biometric databases of fingerprints and DNA are much more sophisticated than anything envisaged for an entitlement card scheme.
Another very important point is raised in that same paragraph (3.29), however. Giving access to the Central Database to LEAs such as Customs & Excise, the police and the intelligence services would be likely to sound the death knell of any scheme:
The thought that the police might have access to [biometric] information might cause public unease and lead to a lack of confidence in the overall entitlement card scheme.
The only circumstances in which it might be acceptable for any access to be granted to the Central Register for LEAs would be in the investigation of serious crimes, governed by a judicial warrant, on a case-by-case basis. We still believe, however, that this would reduce public confidence and increase cynicism surrounding the ID card programme. It is important to remember that for the most serious crimes, especially terrorism, prevention depends upon determining the criminal intention of the suspect; the experience of September 11 shows us that, whether identity documents are obtained by terrorists in real names or assumed ones, this is no help at all in alerting the authorities to the existence of some criminal intent.
The consultation suggests that an ID card scheme could help with drawing up and maintaining the Electoral Roll. We consider that such integration would only serve to overcomplicate the process of electoral registration, particularly where some UK citizens are entitled to vote in more than one local council, for example. Additionally, the privacy issues, related to the recent decision in the case of R vs City of Wakefield Metropolitan Council & another ex parte Robertson (dated November 16, 2001) preventing commercial use of the Electoral Roll, may well have implications in such interactions with an ID card scheme, especially if holding an ID card were ever to become a prerequisite for voting.
On that issue, it is worthy of note that there is currently no small controversy over the introduction of a requirement to present state-issued identity before being able to vote in Northern Ireland at present. Under the Elections (Northern Ireland) Act 1985, voters have had to prove their identity. In order to vote in future Northern Irish elections, however, electors will need to present one of a list of acceptable photographic IDs, viz a British or Irish passport, a DVLNI licence, a Translink Senior Smartpass or an “Electoral Identity Card”. These provisions were introduced under the Electoral Fraud (Northern Ireland) Act 2002.
It has been reported, for example, that, according to census figures, almost 200,000 people have been omitted from the Electoral Roll. It is being claimed that as many as 80% of first-time voters may have been disenfranchised and, in more than one urban constituency (where electoral registration is bound to be more complex, due to a more transient population) up to one in five voters may have been left off the Roll. According to the NI Electoral Office, one ward in a different urban constituency (Botanic ward in Belfast South) only had a 58.40% response rate. As well as being concerned at the number of voters now disenfranchised, we watch with interest to see if the Electoral Office are even able to discover the impact of forged identity documents on personation at the next elections. We do hope, also, that function creep (see point P7) does not become an issue with the Northern Ireland Electoral Identity Card.
Another suggestion aired is that showing an ID card could help make it easier to cast a vote at a polling station other than the one designated to the elector. We believe that allowing electors to vote at other polling stations would dramatically increase the risk of electoral fraud and should be avoided, irrespective of any ID card scheme. We believe also that allowing telephone voting, with an ID card, or using the ID card to “increase confidence in the security of voting by post” will both serve merely to make the process of authentication and prevention of coercion much more complex and increase the risk of electoral fraud. Many of the problems with postal voting are related to the ease of filling in the application forms, which will not be made much more difficult by the inclusion of an extra number. Furthermore, the use of ID cards as an electoral identifier would facilitate the misuse of the process by any unscrupulous local politicians, who could, hypothetically, keep lists of ID card numbers on file, making it far easier to disenfranchise voters by repetitious applications for fraudulent postal votes. We do not believe that these ideas would meet the stated aim of widening voter participation and are very concerned at the increased risk of fraud that may result.
The inclusion of private medical data on a smartcard that would be accessed routinely (and compulsorily, by law) by many organisations with no critical need to obtain those data can be predicted to be a major cause of public refusal to participate. Whilst it may sound enticing that those with serious medical conditions carry a smartcard detailing their needs, this is easily dealt with by existing schemes, such as the DIABCARD for diabetics, or at least by extending voluntary schemes. To create legal compulsion for sufferers to produce a card to their employer detailing their medical data (albeit under the guise of an identity check) could create severe medical problems for those who refuse the opportunity of diagnosis rather than submit to such a scheme, quite apart from the ethical objections.
While legal proscription of access might be an effective constraint upon government agencies, unscrupulous private employers will undoubtedly obtain and use smartcard readers, even were this to be made unlawful, leading to a significant and unnecessary rise in discrimination. The only way once could prevent this is for medical data to be held on entirely separate, specialised card, possession of which would be wholly voluntary, so that the holder may always deny ownership of a card — and thus plausibly deny suffering the medical complaint — were some wrongful demand to produce their card to be imposed by someone with neither right nor reason to know.
Voluntary schemes, such as the Donor Card and ‘diabetic bracelets’, deserve government support. Mandatory schemes risk people’s lives and public health, as well as being unethical and a blow for essential personal privacy.
We are unconvinced by many of the government’s assertions in this chapter of the consultation paper. We do not feel that many of the government’s efforts in this area would be overly successful and some would even be counterproductive. We note with disappointment that, yet again, the government seems to be considering moves which would further disadvantage innocent, law-abiding citizens whilst having a minimal effect against criminals, who can afford, for example, to acquire fake breeder documents — birth certificates, driver’s licences etc — and fraudulently to concoct convincing biographies.
We believe that the government’s aims are designed in order to be seen to be doing something about a crime of which the popular awareness is rising. We do not agree with the public’s perception, largely manufactured by the tabloid press, that there is a massive rise in the incidence of identity fraud and are very resistant to the idea that one of the best solutions to this perception is to throw £1.5 bn at an ID card scheme.
We are also very hostile to the idea that companies such as Experian and Equifax, which are renowned for their privacy-inhibiting habits, should have a greater opportunity to intrude into the lives of the general public.
We feel that further information-sharing gateways between DVLA, DVLNI, the Passport Service, the Electoral Register, NI records and civil registers would be yet another measure that would be chilling to individuals’ privacy and, thus, should be resisted in all but exceptional cases.
Richard Norton-Taylor put these concerns well, in an article he wrote for The Guardian, printed on September 21, 2002:
As the government moves steadily towards introducing data-matching — the exchange of our personal information between public bodies without our consent — it is worth considering the words of Sir Nicholas Browne-Wilkinson. As long ago as 1990, Sir Nicholas, then a senior High Court judge, now a law lord, warned: “If the information obtained by the police, the Inland Revenue, the social security services, the health service and other agencies were to be gathered together in one file, the freedom of the individual would be gravely at risk. The dossier of private information is the badge of the totalitarian state.”
Eight years later, Elizabeth France, then Data Protection Registrar, now the Information Commissioner, echoed these fears: “Wholesale data-matching exercises are a major invasion of the private lives of people to whom no suspicion of any wrongdoing attaches.”
Later in the same article, he asserts:
Ministers cling to the old argument that the innocent have nothing to fear. The Information Commissioner’s annual report this year revealed it had received almost 10,000 complaints about the handling of personal data. In one case, a man received demands from the Child Support Agency about a child who was not his. The Department of Work and Pensions had allocated his national insurance number to both him and the real father.
Similarly, an audit of the Police National Computer found that 65% of its records contained errors. And in 1999, 214 cases involving abuse by staff of the Benefits Agency were investigated. The Passport Agency and the Driver and Vehicle Licencing Agency (DVLA) want to combine their databases on the grounds that it will make it easier to order a new driving licence or passport. Yet the failings of computer databases in one of these agencies led to more than 500,000 people waiting for passports in early summer 1999, while the DVLA has admitted selling information about vehicle licence owners to private companies.
One point we would like to make however, is that we are much more impressed with the final bullet-point of suggestions in paragraph 4.9. The scoping studies mentioned — to create a public sector analogue to the CIFAS database and the HUNTER service and to develop registers of stolen identity documents and of instances of identity fraud — are all much more sensible measures. We believe they would all be both more efficacious and less privacy-intrusive than most of the other proposals in the consultation.
Another way in which the government could reduce the risk of individuals suffering the trauma and destruction of identity fraud would be to sponsor a media campaign advising people how to avoid some of the more common ways in which people become the victims of identity theft. Several relatively simple steps people could take would make it much less likely that they would have their identity stolen, such as destroying bank statements and credit card bills, rather than disposing of them with their regular household waste. Basic messages such as these could reduce the risk of people enduring the stress and pain of identity theft.
Our comments on the use of biometrics, elsewhere in this report, also apply here. We feel most of the advantages the government perceives could be obtained from the suggestions in Chapter Five are somewhat illusory and do not have a sound basis in fact.
As we have mentioned in our response to the previous consultation point, there are measures that the government could take in order to reduce the risk of issuing inaccurate passports and drivers’ licences. It strikes us that analogues to the CIFAS and HUNTER services would be a very sensible place to start, as would registers of stolen identity documents. Tightening up on existing procedures is likely to prove much less expensive and much more valuable than pie-in-the-sky ID card schemes that would fail to meet even the most unambitious of targets.
On a slightly different note, we were astounded by some of the claims in Jeff Goodell’s article “How to Fake a Passport” in the New York Times Magazine, dated February 10, 2002. One of the most disconcerting allegations reads:
When it comes to stolen passports, the situation gets even more complex. To begin with, not every country shares information about stolen passports with us. And even when they are reported, there is a time lag between when the passports are stolen and when they are reported stolen. In the Massoud case, Belgian authorities sent out a fax on the break-in in The Hague [at the Belgian Embassy; November 11, 1999] six days after the burglary; the alert about the Strasbourg theft [Belgian consulate; June 26, 1999] didn't go out until almost six weeks after the break-in. In theory, the passport numbers should have been entered into databases immediately — most people sophisticated enough to travel on a blank stolen passport know it needs to be used quickly. However, one antifraud investigator in the State Department says he was not aware of these stolen-passport numbers until “the middle of the summer” — nearly a year after the passports were stolen.
The article continues:
The closer you look, the scarier it gets. One example: Alain Boucar [director of the antifraud unit for the Belgian federal police] says that his database lists the numbers of 24,851 blank stolen Italian passports. Jim Hesse, a chief intelligence officer for the INS, says that the United States Lookout system lists about 6000. Why the discrepancy? Are there 18,000 stolen blank Italian passports drifting around out there that the United States doesn’t know about? Or is Boucar’s database wrong? Boucar insists that his numbers are accurate; Hesse trusts his. The only people who really know for sure are the Italians. “We do not discuss stolen passports,” a spokesman at the Italian Embassy in Washington says.
Understandably, we are concerned that similar problems might beset British agencies, both with stolen British documents and a lack of information about foreign stolen documents.
Further information from Jeff Goodell’s article regards the new design for Belgian passports, replete with security features to help counter forgeries:
Alain Boucar is extraordinarily proud of Belgium’s new high-tech passport. Flipping through one and pointing out its many security features, he's as giddy as a new father showing off his child: “It’s a very beautiful design, don't you think?” he says, holding it up to the light.
Indeed it is. Thanks largely to this new passport, which Boucar helped design and which was introduced last March, M’s [forgery] business probably isn’t quite as breezy today as it was last year. By all accounts, it's one of the most secure passports in the world. On the first page there’s a graphic illustrating five key security features, including a laser-cut pinhole image of the passport holder, a watermark of King Albert II and an optically variable image of Belgium (which changes from green to blue depending on the viewing angle). “Most border-control officers have one minute or less to look at a passport and determine if it is genuine,” Boucar says. “With this, at least they know what they’re looking for.”
This new passport is a triumph for Belgium and a sign that it is taking its problems with passport fraud seriously. Even if characters like M get their hands on blank versions of this passport, because of features like a digitized photo they will be much more difficult to fill in convincingly. Other countries, including the United States, are similarly upgrading their passports.
Whilst we are unconvinced of the need for an ID card scheme or a passport card, we do think that the Passport Agency could benefit from spending some time investigating how a more secure British passport might better be designed.
Although the Data Protection Acts provide some exceptions for government use, it is in the private sector that more serious problems tend to arise. The Data Protection principle that personal data should be used only for the purpose supplied ought to be honoured by public and private sector bodies.
Limited access to Central Database records on a case-by-case basis should be permitted on a judicial warrant for a specific purpose as an overriding interest. Broader access is not only unwarranted but will undermine confidence in the system, leading to public rejection and, ultimately, the corruption of data through public failure to participate, both actively, by providing false data, and passively, by failing to keep it current. In this way, broad access to the Central Database is the enemy of its use as an effective tool of law enforcement.
Private sector access would almost certainly be unacceptable, in our opinion. Both these views would, of course, depend on more information as to the nature of the information-sharing. We comment on public sector information-sharing in a little more detail at point P23 in the next chapter and the points made there also apply here.
As we mentioned earlier, however, the notion of “informed consent” has been one of the most problematic aspects of the Data Protection Acts, as organisations routinely manufacture alleged consent in such diverse areas as employment contracts, bank account terms and software ‘click-through’ licenses. In this context, it is a red herring, and public confidence in the system can only be maintained by the government's active support for the privacy of private data.
Such a service would be a very substantial subcontract, with interesting privacy implications. We are concerned at the nature of the agreements that might be made, particularly given the government’s recent record on hiding politically sensitive information behind the rather spurious veil of commercial sensitivity, as seen in the negotiations on PPP for the London Underground, for example. One point on which we would be particularly uncomfortable would be any immunity from commercial penalties, should any breach of individual data-subjects’ rights be discovered.
Most of our other concerns in this area have been covered elsewhere in this report, notably on the subjects of information-sharing and criminal sanctions for illegal use of the personal data held in these databases.
Insofar as identity fraud consists of obtaining goods, services or pecuniary advantage by deception, then there are existing and entirely satisfactory offences already available to the police. Insofar as the prospective offence relates simply to the prospect of obtaining an ID card in multiple names, we see no benefit in an unnecessary criminalisation of activity which in itself has legitimate actions, such as providing an assumed name to a locksmith for fear of their dishonesty or celebrities checking into a hotel under assumed names to avoid the tabloids.
There is a case for providing increased training and resources to LEAs to enforce existing offences and especially means to help protect the victims of identity theft as they struggle to rebuild their credit histories. The government’s attention would be better concentrated in this area.
It is important to remember that we have a Common Law right, in England, Wales and Northern Ireland, to use the name of our choosing for whatever context. We find it hard to believe that such a summary-only offence is anything more than recognition that this proposal is so inherently unpopular that only the threat of criminal sanction will gain compliance with what is basically an administrative measure. It has been estimated that 12 million people in the UK routinely use a name other than the one on their birth certificate.
To quote http://www.adviceguide.org.uk/, the Citizens’ Advice Bureaux website:
If you wish to be known by a different name you can change your name at any time, provided you do not intend to deceive or defraud another person. There is no legal procedure to follow in order to change a name. You simply start using the new name. You can change your forename or surname, add names or rearrange your existing names.
Although there is no legal way to change a name, you may want evidence that you have changed your name […]. However, you cannot change details on your birth certificate, except in limited circumstances.
[…]
A letter from a responsible person, such as a GP, solicitor, minister, priest or MP, will often be enough evidence that you have changed your name. The letter should state that the person has known you in both names and that the change of name is to be used for all purposes.
Not only this but, in Scotland, the Common Law right is even stronger. Lest the Home Office need reminding, there are no formalities whatsoever associated with changing one’s name under Scots Law. To quote http://www.adviceguide.org.uk/ once again:
If you wish to be known by a different name you can change your name(s) (forenames or surnames) at any time, provided you do not intend to deceive or defraud. Once you have decided to change your name, you can use the new name for all purposes. However, you will need to produce evidence that you have changed your name for most official purposes.
Once you have used your new name for two years you can officially record the change of name with the Registrar General. There is no legal requirement to record a change of name but it is often advisable to do so, particularly for legal purposes, such as inheritance. In some cases it would not be in a your interest to have the change recorded, for example, in the case of domestic violence. A change of name is recorded on a public register and anyone, for example a violent ex-partner, would have access to the change of name.
Perhaps the most widespread use of pseudonymous identities would be with online discussion fora. Such personalities tend to be regarded as expressions of creativity and diversity; they are generally thought of as not less innocuous than playground nicknames. Particularly given the international nature of the Internet and its online communities, the government cannot have considered the difficulty implicit in policing the use of alternative names online.
We are mildly concerned at the privacy implications of an effective merger of the Passport Service with one or both of DVLA and DVLNI. Such information-sharing would breach the principle behind the OECD’s Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (http://www.olis.oecd.org/horizontal/oecdacts.nsf/linkto/C(80)58). Whilst paragraph 10 of those Guidelines does allow for disclosure “by the authority of law”, such a violation of the Use Limitation Principle is patently against the spirit of the principle.
We believe a family of cards based on a similar design need not necessarily be overly confusing, though it would presumably make the process of training staff — and the public — on how to recognise the cards a lot more expensive. We feel it might be advisable to avoid such costs, if at all possible.
We feel that a significant number of 16 and 17 year olds holding ID cards might pose a marginal risk to the increased incidence of forged proof-of-age or ID cards or faked ages on ID cards. We don’t think the difference will be significant, however. Our main objection to this consultation point is that it would be likely to increase the possession of an ID card to which we object for other reasons.
Depending on the government’s definition of the term “young people”, we are uncertain as to whether we would have any views on the subject that the government might consider useful. We are glad, however, to have helped spread the word about the consultation, such that more young people may have participated and offered their opinions.
We are mildly concerned at the cost of requiring ID cards for all long-term foreign residents in the UK, as well as the ethics and the potential views of foreign governments and the residents themselves. We would be particularly concerned should foreign nationals be refused entry, refused extensions to visas, gaoled or deported, should they refuse to acquire or to carry an ID card, for some reason.
We feel quite strongly that, whilst some foreign residents would be unfazed by the scheme, being familiar with ID cards in their countries of origin, that the scheme could only serve to make the UK a less attractive place for foreign nationals to work and settle lawfully. We feel the scheme might be perceived as particularly inhibitive to immigrations — short- or long-term — from English-speaking countries such as Commonwealth members and the United States, all of which share many of our perceptions of freedom and many of which have rejected substantially similar schemes within the last few years. Given that such immigrants form the overwhelming majority of the numbers seeking ingress into the UK, for obvious reasons, we feel this could have a very damaging effect on the economy. We can think of no way in which the could make the scheme be perceived as anything other than that which it is and, as such, we can think of no suggestions on how this effect might be mitigated.
The notion presented in the consultation paper that successful asylum seekers could be presented with an ID card, on surrender of their ARC is faintly kitsch. The suggestion of crosschecks to ensure the biometrics (should any be used in the ID card scheme; qvb) correspond is quite sensible and . We still hold, however, strong reservations about both schemes.
On a similar note, we are rather uncomfortable with the ‘them and us’ feel of the suggestions in paragraph 5.16. We are not of the opinion that the UK is in need of some visible symbol of ‘Britishness’, as could be espoused by cards within the scheme to which foreign nationals would not be entitled. At the same time, we feel that ensuring all foreign nationals had to possess a card that marked them out as not–British might enhance the xenophobia prevalent in some sections of British society and exacerbate racial tensions across Great Britain — and possibly even sectarian tensions in Northern Ireland as well.
We shouldn’t underestimate the impact that an ID card scheme could have on racism in the UK, either. Several of the Home Office’s advisors on race — including Maxie Hayles, chair of the Birmingham Racial Attacks Monitoring Unit, Prof Gus John, the Society of Black Lawyers and the Joint Council for the Welfare of Immigrants (JCWI) — have made similar comments. To quote Tauhid Pasha, legal policy and information director for the JCWI: “The cards could be used against anyone who looks a bit different or anyone who looks like their immigration status is in doubt. Essentially that will be black people and ethnic minorities”. Even racially–neutral policies can have a disproportionate impact on different communities. It is popularly accepted, for example, that young black men in expensive cars were much more likely to be pulled over as part of the Metropolitan Police’s stop and search policy; exactly the same effect would likely apply with requests for the production of an ID card. There are several other groups who might have a tendency to mistrust our law enforcement agencies and the introduction of an ID card scheme can only undermine to efforts to build confidence in these communities.
Several developed nations have been accused of conducting discriminatory practices using ID cards. The government of Japan has come under fire from the United Nations Human Rights Committee for this practice. The Committee had expressed concern that Japan had passed a law requiring foreign residents to carry identification cards at all times. The 18-member panel examined human rights issues in Japan in accordance with the 1966 International Covenant on Civil and Political Rights, which Japan ratified in 1979. “The Alien Registration Law”, the Committee complained in its report, “is not consistent with the covenant”.
Ironically, the Parliaments of several European states, including France and the Netherlands, have accepted a law introducing the obligation to identify oneself in numerous situations including, for instance, at work, at football stadiums, on public transport and in banks. While the card is voluntary in name, it is in effect a compulsory instrument that will be carried at all times by Dutch citizens. Moreover, foreigners can always be asked to identify themselves to authorities at any moment and in any circumstance. French police have been accused of overzealous use of the ID card against blacks and, particularly, against Algerians. Greek authorities have been accused of using data on religion on its card to discriminate against people who are not Greek Orthodox.
If it were absolutely necessary to have an ID card scheme, with a different card format for foreign nationals resident in the UK, as the consultation paper suggests, despite Lord Falconer’s somewhat misleading suggestions at the public meeting, hosted by Privacy International in December 2002 that “there will be no special card which singles someone out as a foreign visitor”, we feel any differences should be kept as discreet as possible. Given that, in order to gain entry to the UK from any country except the Republic of Ireland foreign nationals will need to have been in possession of a valid ID of some description (and given that neither the Republic nor the UK are currently parties to the Schengen agreement), we see little benefit in mandating that foreign nationals resident here be required to hold an ID card at all.
We are mildly concerned that increasing such biographical checks might well further distance those who already feel excluded from society. The homeless, in particular, would be particularly likely to suffer disproportionately from any increase in the rigidity in the procedures for issuing passports or driving licences (and, thus, any ID card). Whilst biographical information of the kind mentioned is more difficult to counterfeit, it is still not beyond the means of criminals, which would render the effort somewhat moot.
As mentioned earlier, we feel that further information-sharing gateways between DVLA, DVLNI, the Passport Service, the Electoral Register, NI records and civil registers would be yet another measure that would be chilling to individuals’ privacy and, thus, should be resisted in all but exceptional cases. We believe, in this instance in particular, that such information gateways would be in conflict with the provisions of the Data Protection Acts and the Human Rights Act 1998. It is worthy of comment that the provisions of the Regulation of Investigatory Powers Act are currently subject to some debate on similar grounds.
We further feel that the concept of tracking every change of address, within the remit of an ID card scheme, is not only intrusive in feel but also would present an overhead that could prove prohibitive. Many young professionals and particularly students in Further and Higher Education are renowned for moving abode very frequently. Similarly, private tenants — those non-homeowners not in council housing — might find such a requirement very onerous. Also, we are again concerned at the exclusion of the homeless in this regard.
We feel that an ID card would be a document of comparable worth to a passport (if that) and, as such, the checks made on an individual’s identity before issuing an ID card should be no more arduous than those made before issuing a passport. We are not of the opinion that the government could do very much to effect ‘tighter’ confirmation when it comes to issuing passports.
We are overwhelmingly opposed to the use of biometric identifiers in any government-based mandatory scheme, be it the ARC, be it passports, be it drivers’ licences or — most importantly — be it an ID card scheme for a population the size of the UK’s. A full list of all our reasons and justifications would certainly overwhelm the rest of this report, so we have tried to be brief in this point.
The government sets itself, in paragraph 5.21, three standards that much be met before it would be comfortable with implementing a biometric scheme with the ID card. These three standards are that the biometric technology or technologies in question:
1. would be sufficiently mature and reliable;
2. could be implemented at a cost which justified the benefits; and
3. were acceptable to members of the public.
We feel that none of these conditions could be met, now or in the foreseeable future. As the technologies the government has identified as being of most interest to it are limited to three — iris scanning, fingerprinting and facial recognition — we shall attempt to restrict our debunking of the lure of biometrics to these three technologies.
Many educated observers, including the general consensus of opinion on the email list UK Crypto, consider biometrics still to be inadequate, too immature, too unreliable and too privacy-invasive for use with something such as a nationwide, compulsory ID card scheme, such as the one proposed in the consultation document. We agree with this determination quite fervently.
There are specific problems with each of the three suggested technologies, so we’ve briefly examined them, in order.
It is worthy of note that the implication of some of the Home Office’s statements seem to give the impression that it might be the favoured option. It is, for example, the only technology mentioned explicitly in the press release 019/2003.
Iris scanning is certainly the most promising of all the technologies suggested in the consultation, particularly as even genetically-identical twins have distinct iris patterns, but still has technical disadvantages, as well — it requires a certain level of lighting and co-operative subjects, for example.
Iris scanning technologies are known to have specific issues with individuals of certain heritages. In particular, iris scanners often have great difficulty differentiating between individuals of all the races who tend to have dark eyes — most racial groups except for Caucasians. Given that one of the supposed purposes of an ID card scheme would be to combat illegal working and to aid checks on immigration, we are somewhat surprised that the Home Office would seem to favour a technology with known weaknesses in the area of race, particularly as we are certain the government would want to avoid any claims that there were racial problems built into any system.
It is worth bearing in mind, also, that the technology behind iris scanning is patented to Dr John Daugman, OBE, of Cambridge University and licensed exclusively to Iridian Technologies Inc, registered in the US and Switzerland, and sold under the tradename IrisCode®. This would, of course, mean that the use of such technologies could potentially incur a greater level of cost than other biometrics.
Fingerprinting has recently
suffered the worst press of any biometric technologies. In May 2002, the
well-respected US cryptographer Bruce Schneier alerted the world to the discoveries
of Japanese researcher Tsutomu Matsumoto, who used ingredients one could buy
in most supermarkets or chemist’s to create a finger that fooled fingerprint
detectors 80% of the time. Matsumoto tried these attacks against eleven
commercially available fingerprint biometric systems, and was able to reliably
fool all of them. Not only could he create these forged fingerprints from real
fingers but also from fingerprints left on glass. More information about these
studies can be found in Schneier’s monthly Crypto-Gram newsletter, archived at
http://www.counterpane.com/crypto-gram-0205.html#5
Not only does fingerprinting not work, but it is also a highly selective technology. There are groups for whom fingerprints are particularly unreliable, notably manual workers and the elderly — two groups who make up, between them, a very large proportion of the British population and who are disproportionately likely to rely on access to the very public services the Home Office is proposing might require the presentation of an ID card.
Facial recognition software is renowned for not being particularly effective. There are reports that a recent study in Tampa, Florida, failed to recognise a single face it was seeking, whilst pulling up several false positive matches — many of which were blatantly inaccurate, such as matches for the wrong gender or with significant differences in age or weight. In a report on the study, Barry Steinhardt, associate director of the ACLU said:
Face recognition is all hype and no action […]. Potentially powerful surveillance systems like face recognition need to be examined closely before they are deployed, and the first question to ask is whether the system will actually improve our safety. The experience of the Tampa Police Department confirms that this technology doesn’t deliver.
Facial recognition software is easily tripped up by changes in hairstyle or facial hair, by aging, weight gain or loss and by simple disguises. A study by the US Department of Defense found very high error rates even under ideal conditions, where the subject is staring directly into the camera under bright lights. The study found very high rates of both false positives (wrongly matching innocent individuals with the records of personæ non gratæ, as it were) and false negatives (failing to catch people known to be in the database). Several other US government agencies, including their Immigration and Naturalization Service, have abandoned use 0f the technology after unsuccessful tests.
Roger Clarke, a well-respected IT consultant and erstwhile senior Information Systems academic at the Australian National University pointed out in a May 2002 presentation to the University of Hong Kong that “not one person has been correctly identified by face recognition technology in public places”.
Indeed, we don’t need to look quite so far afield for evidence of the failure of facial recognition technologies. We can simply visit the experience in the London Borough of Newham, where facial recognition has been being trialled by the Borough and the Metropolitan Police for the last five years. To quote one of many articles on the subject, some of which is taken from Jeffrey Rosen’s October 2001 New York Times Magazine article:
Has it caught criminals? The most often cited success of facial recognition is the London borough of Newham, where a system of over 200 cameras using Visionics Corp’s face recognition technology is credited with a significant drop in crime since 1998, a statistic trumpeted by Visionics.
What is left out is that face-recognition has not resulted in a single arrest, nor do the people who run the system even know who is in the database. Not that it matters; the deterrent lies with the signs posted throughout Newham, telling criminals that cameras are watching and that they (the police) know who they are, where they live and what crimes they have committed.
Of course, “it’s not true”, Newham’s monitoring chief readily admitted.
Finally, to debunk the government’s evidence from its trials and its experiences with the ARC, it is certainly worthy of note that biometrics systems suffer greatly from issues of scale. Whilst many trial schemes have shown promising results when tested against a sample size of a few hundred or a few thousand, there is no biometric scheme that can successfully scale up to a population the size of a few million, let alone the 50 to 75 million individuals in the UK. Given that any scheme adopted by the UK is likely to be the model for any Europe-wide scheme that may be proposed in the near future, this would be even more of an issue, as nothing would be able to handle the hundreds of millions of citizens in the EU.
It is quite clear to anyone who takes more than a passing interest in the subject of biometrics that the only groups claiming that the technologies are mature enough for widespread use are manufacturers of the technologies — who have a commercial imperative to get their product to market as soon as possible — and officials of various states who seem to want to introduce schemes such as the one proposed in this consultation paper. Just about any academic who has devoted any real quantity of time to evaluating biometric technologies is more than willing to advise that, despite these claims, the technologies are just not yet mature enough for large-scale deployment in programmes to handle populations of the size of the UK’s.
We are greatly concerned at the cost of supplying biometric scanners — of whichever kind — to all relevant public services. A biometric on the ID card would, necessarily, require scanners to be provided to public services using the card, which would suggest furnishing many agencies — police forces, Customs & Excise, immigration officers, outlets of the NHS and the Department for Work and Pensions — with handheld scanners. Whilst this would, in part, facilitate the registration of individuals who were housebound or in sparsely populated areas, as they could then be visited by registration officials with a handheld scanner, we feel the authoritarian overtones of such a scheme are worth bearing in mind.
Whilst the use of biometric technologies would certainly increase — quite substantially — the cost of any ID card scheme, this is not the weakness of such technologies with which we are the most well-acquainted. As a result, we have concentrated on the other vulnerabilities of the Home Office proposals. We a longer consultation period available and greater resources at our disposal, we believe we could invalidate this aspect of the proposals as well. Given that we have not done so, however, suffice it to write that we believe a full cost–benefit analysis would be required before the use of biometric technologies could be advised; no matter which technology and no matter how mature.
Overall, we feel that biometric technologies are perceived as intrusive and sinister by the general public. The use of biometric technologies in science fiction dystopia films and novels certainly does no favours to public acceptance of the technologies involved. Even films and novels where the ethos of the society that is depicted is less blatantly draconian, there are disturbing overtones to some of the uses to which biometrics are put, an example of which we have given below, in the subsection on iris scanning.
We are also rather concerned that the government might try to steamroller its way over legitimate objections to the use of biometric technologies by exploiting favourable coverage in the tabloid press, for example.
Going back to the issue of science fiction and the rôle it plays in the public’s limited knowledge about biometric technologies, take the recent film Minority Report, for example, based on a short story by the author Philip K Dick. Eye scanning — it’s not mentioned whether it is iris- or retina–based — plays a prominent part in the storyline and the culture of the fictional future. Whilst some people might not have a problem with the use of biometrically-guaranteed identity, for example, for access control to sensitive areas within buildings, some people would certainly object to being advertised at in quite the way that is depicted in the film.
More to the point, however, is the somewhat unsettling issues around evading the biometrics. One of the characters in the film’s underworld is blind — with no eyes at all — thus successfully being able to avoid any eye scans. Much more chilling, however, is an aspect of the storyline that reflects the sobriquet sometimes given to biometric technology, of “amputationware”. The lead character, whilst on the run from the police, visits the stereotype of a ‘back-street’ doctor to have his eyeballs replaced by those from a cadaver and carries his own eyes with him in a bag, so that he might still make use of his own identity, in order to gain access to his office in the police station.
Whilst one would hope that iris-scanners would be able to tell between live eyeballs and dead, the public’s opinion of emerging technologies is mainly shaped by what one can see and read in the media and portrayals like these of biometric technologies will certainly not help with the public acceptance of those tools. Being unusual is rarely good for a reputation and whilst familiarity may breed contempt, unfamiliarity breeds fear. Such fear may well lead to citizens being so uncomfortable with the technologies involved that they refuse to participate in the biometric component of an ID card scheme. With eyes being such a sensitive part of the human body, it is not difficult to anticipate the effect of a little even-slightly inaccurate tabloid reportage.
Fingerprinting may well seem like it would be the most acceptable technology, if only because it’s something with which most people are going to be at least cursorily familiar. It’s the oldest biometric technology to be widely used and it’s one that features in many crime dramas — in literature, film, plays and on television.
That familiarity, however, is a large part of the problem. Deeply engrained into the public’s psyche is the concept that being fingerprinted intrinsically means criminality. To quote one of the subscribers to the UK Crypto email list, “For the elderly and somewhat confused ladies in my family, who have never been convicted of any crime, an iris scan or fingerprint will cause them a large amount of distress”. Any scheme to take fingerprint scans from the whole UK population is going to imply suspicion of criminal action or intent — unfairly, of course, but the implication will still be felt worryingly widely. Many people may well outright refuse to allow themselves to be fingerprinted.
Facial recognition, in particular, comes with distinct acceptability problems. As there is now software such as Indextix’s FaceIt® on the market, which can be bolted onto a CCTV system to allow the identification of an individual facial-geometry profile from a crowd, it can be perceived to have much more Orwellian overtones. While facial recognition can certainly be used to protect private information, it can just as easily be used to invade privacy by taking pictures of individuals’ when they are entirely unaware of the presence of any camera. As with many developing technologies, the potential of facial recognition comes with drawbacks.
There are three main objections to facial recognition schemes, from the point of view of user acceptability. To quote from a report by the International Biometric Group: (the full report is available at http://www.ibgweb.com/reports/public/reports/facial-scan_perceptions.html)
1. Many people simply don't like having their picture taken, much less having to look at their own low-resolution image on a computer screen or terminal. Both men and women expressed reservations, suggesting that the cameras being used were low quality (they were actually high quality), insisting on wearing hats if being photographed, looking for mirrors etc. In contrast to finger scan testing, where all subjects used the devices in spite of whatever slight reservations they may have had, some subjects in the face geometry testing simply refused to use the technology.
2. Despite its use in everyday life as our primary means of recognition, the face (as opposed to a signature or fingerprint) is not traditionally interpreted as an authentication mechanism. The face is almost too personal a part of the body to think of its being “scanned”, broken into grids or axes, or having prominent features made note of.
3. On the topic of intrusiveness, most vendors suggest that facial scan is the least intrusive technology. In terms of ease-of-use, this is probably true — looking at a camera and holding still momentarily is not a demanding task. However, if intrusiveness is defined is a different way, facial scan may be among the most intrusive technologies. Aside from voice, which is largely incapable of executing one-to-many searches (where the subject's identity is not known), face is the only commonly used biometric which does not require cooperative subjects. A hidden camera could, indeed, take your picture, and perform one-to-many identification, without your knowledge. Of course, such one-to-many identification is not inherently problematic — there are situations where it is beneficial (surveillance of embassies or military sites).
User perceptions of face recognition relate directly to how people view themselves as unique individuals. As such, the issue of user acceptance must be carefully weighed in facial scan projects, as it will have a significant impact on the project's success.
A very interesting and persuasive essay about the use of facial recognition technologies can be found at http://dlis.gseis.ucla.edu/people/pagre/bar-code.html, written by Phil Agre, associate professor of information studies at UCLA.
The use of biometric technologies in an ID card scheme would not only reduce the likelihood of its successful use — introducing problems into the mix, such as those we have detailed above and, more seriously, unforeseen issues, the consequences of which cannot be estimated — but also there would be the dilemma that some individuals will refuse to allow their biometric to be sampled. We cannot see how this issue could be anything other than insoluble. Apart from the fact that many of people’s concerns about biometric technologies are entirely well-founded, we have a Common Law right to refuse to participate and compulsion to participate in the scheme would certainly be a breach of the principles behind the Human Rights Act 1998.
On a related note, some of the figures in the section “How a card might be used”, on pages 56 through 59 of the consultation document, seem to be implying that members of the public might be expected to have biometric scanners — iris scanners, fingerprint scanners or facial recognition software and a webcam — installed on their home PCs in order to access public services online. We feel we must opine that we think this idea is, for the foreseeable future, at least, risible. Consumer resistance to additional complications in making purchases could only be multiplied by passing the costs for such greater complexity onto the consumers themselves.
Again, we have concerns regarding the sensitivity of individuals’ data on any smartcard chip, particularly where use or management of the chip might be contracted out to or shared with the private sector. We are extremely apprehensive, for example, at the potential for breaches of individual privacy, should access to the chip be given to supermarkets, for use as a loyalty card. At the moment, we are unsure that there are many convincing arguments for using a chip, rather than a bi-dimensional barcode or OCR-able or magnetic text, to ensure the machine-legibility of data on the card.
We are concerned at the prospect of users being required to learn another PIN, especially one they cannot change — as we doubt much facility could be made, in convenient places, to change their ID card’s PIN — merely in order to access government services to which there is a universal right. People have a tendency to be unhappy devising or learning PINs and passwords. As a result, individuals are likely to choose a obvious PIN and carry it with their card. This hardly bodes well for the increased security of transactions so guaranteed.
We do not feel that there is a great need better to validate public sector transactions in this way. As we have discussed elsewhere, the big problem with benefit fraud tends to be over-claiming benefits and dishonest declarations of circumstances, neither of which would be affected by the introduction of an ID card.
Private sector transactions, on the other hand, rarely require authentication of identity, so much as a guarantee that some means of payment will be honoured and is legitimate. Again, neither of these proofs can be effected by an ID card — they’re guarantees between a retailer and a bank, on the whole, not between a retailed and state-guaranteed individual. As a result, we do not feel that an ID card will be a great boon in validating transactions, public sector or private and any attempt to establish this as an enforceable standard would be seen as a significant barrier to free trade.
Whilst a digital certificate on a smartcard would be of minimal use, at present, to cardholder-not-present transactions — for which a digital certificate would be of most use — this has the potential to seem quite useful, meaning that every UK resident would hold a digital certificate. Given that very few people currently possess smartcard readers (and we doubt this will change in the immediate future, even were such a government-sponsored scheme to be introduced), we believe this would just increase the cost of any ID card scheme to somewhat dubious advantage. We believe that any government–associated attempt thus to motivate e‑commerce would do much more harm than good.
However, we are not of the opinion that e‑commerce needs such a ‘shot in the arm’. It is our view that the e‑commerce sector is showing healthier growth than much of the rest of the economy. We disagree with the idea that digital certificates are a necessary precursor for e‑commerce. This a myth, whose chief proponents appear to be a combination of governments and certificate infrastructure vendors. The latter’s interest would be obvious; the former would, thus, seem to be based on the inappropriate extrapolation that one cannot sell books online without knowing the customer’s tax status, just because government’s experience in collecting taxes and handing out benefits happens to be where this supposition is true.
The government’s record with IT projects, on a major scale, is worse than abysmal. Not only would a mandatory, nationwide digital certificate programme mean that the majority of the current technical élite would shun the scheme, having little or no trust in it, but also that any future attempt to build such a scheme would suffer from the failure — or even success — of this one. See, for example, how the widespread adoption of Minitel in France, which one might have thought would lead to greater trust in electronic means of communication, was in fact accompanied by a delay in French adoption of Internet technologies for the bulk of the 1990s.
Another reason why a government-sponsored, nationwide digital certificate scheme would be shunned by the technical élite, of course, is that digital certificates are only useful when one can be certain that only the certificate-holder has access to the secretkey portion. It is rather implausible to suggest that a government agency would issue digital certificates to every citizen in the country and not keep a copy of each one, in case of loss or theft, for example. One of the prime concerns espoused over the ‘Government Access to Keys’ (GAK) provisions of the Regulation of Investigatory Powers Act 2000 was that, were any signature keys to be seized under these powers, the authenticity of any documents signed by the keys would instantly be in doubt.
Whilst any government agency with access to RIP-seized keys would doubtless treat them with care, there would always remain the possibility that people other than the original keyholder would have access to the document-signing properties intrinsic to them. One must recall, of course, that not everyone who would have such access is entirely honest — as we demonstrated in our response to consultation point P5, no-one should ever be considered beyond reproach; there are plenty of examples of officials abusing their powers and selling information in their custody. Should this happen with a digital certificate — or a signature key — then the key becomes, effectively, defunct. What use a certificate that guarantees that a document could only have been signed by either me or the criminal who bought it from the government’s Certification Agency?
Any information that is held in the Central Database should be with the knowledge and consent of the individual who is the data subject; we believe quite strongly that any legislation enacting an ID card scheme should ensure that this principle is enshrined in statute. That the Central Database for an ID card scheme would, effectively, be a point of cross-reference only, would help assuage concerns about, for example, civil servants at the DVLA inadvertently gaining access to one’s medical records.
We are adamantly opposed to the inclusion in the Central Database of any data that would be deemed “sensitive data” under section 2 of the Data Protection Act 1998. We would include in the list of data too sensitive to be included, however, information such as marital status and number of children, both of which can be taken to imply the subject’s sexuality. Similarly, individuals’ employment status should be considered sensitive and not to be shared as widely as would be inevitable, should it be displayed on a card. Lessons here could be learnt from the resistance seen to answering some of the demographic questions in the Census surveys.
Experience from other European countries — Greece and Turkey in particular, but also more nearby states such as France and Belgium — shows us that certain data should definitely be excluded. The inclusion of data on cardholders’ religious affiliation has lead to problems for minorities in many states — indeed had it not been for the meticulous labelling of religious affiliation in Central Europe in the late 19th and early 20th centuries, Nazi Germany could not have been anywhere near so efficient in its genocidal Final Solution.
More relevant to a British ID card scheme, though, would be the inclusion of data on the cardholders’ nationality, mentioned explicitly in the consultation document in several points, notably in the run-up to point P26. The experience of minority groups from France’s ex-colonies — easily identified under France’s Carte d’Identité scheme, as the cartes are coloured differently for non–French nationals — is that making an individual’s nationality readily apparent from their identification papers tends to lead to discriminatory treatment and victimisation by the police. Whilst we are pleased to note that our police have a much better reputation for race relations, particularly recently, than would stereotypically be considered the case in many other countries, we are still very concerned that ID cards could prove to be another stop and search.
From another point of view, we are uncertain why an individual’s residential address or employment status (both of which are suggested for inclusion, according to table 5.2 on page 62) should be included, particularly as both are subject to quite frequent change. Including these data on the card would require a much higher turnover of cards, which would be both inconvenient and expensive.
Moreover, we believe that an individual’s NI number and DVLA/DVLNI driver number should not be displayed on the card, given firstly that they are held in the database and secondly that so doing could increase the potential for abuse. These are, incidentally, the only data for which we feel it would not be inappropriate to hold on the chip of a smartcard or encoded into a bi-dimensional barcode without displaying the data on the card or ensuring that the individual is aware of the data’s value, as well as its nature.
Lord Falconer, in his speech to the Privacy International public meeting, in December 2002, stated that:
If we take the passport as an example you would provide the same information on the form that you do now, a couple of extra items your national insurance and driver numbers if you have them. These would be used to check that you were also registered on these databases. Checking this historical footprint, as it is called, is one of the best ways of guarding against identity fraud and follows best practice in the private sector, which has already been confronted with these problems over a long period of time.
Lord Falconer fails, however, to realise that one might make these checks and validate the historical footprint of a cardholder without displaying the other identifiers on the card. We believe that increasing the dissemination of these numbers even more widely could only increase the potential for abuse and identity theft — yet another example of an ID card scheme proving counterproductive to the stated aims.
With the investment of much time and energy, such a scheme could be administered on a countrywide basis. The cost of such administration could, however, be comparable to the cost of the decennial Census — without the economies of scale presented by visiting every house at once — as, in order to collect data from housebound individuals and to be sure that all such individuals had been captured, a large proportion of the households in the UK would need to be visited by someone with a biometric scanner, assuming the government chose to go down that avenue.
It would be particularly difficult to capture data and biometrics from physically incapacitated individuals or households in ultra-rural areas, such as large parts of Scotland, by any other means. Whilst services, such as “Meals on Wheels”, could capture one of the more difficult-to-acquire groups of individuals, there is no service that would easily manage to contact all such groups and individuals. Use of such services as a part of the “entitlement card” scheme could, of course, result in a disturbing fall in the take-up of facilities like “Meals on Wheels”, as it might undermine the trust in which service-users hold the service.
This point could much better be answered by organisations that deal more directly with such groups. We have deliberately avoided commenting further, as this area is not our forte and we hope that other groups will have responded more lucidly here.
We find it almost impossible to believe that the cost estimate of £1.3 to £3.1 billion would continue once the scheme were to be implemented. As we have mentioned, public IT projects have a nasty habit of rather elastic budgets and we are concerned that the budget would increase to an even larger sum. This is a particularly relevant concern, given that, as we mention elsewhere, the history of ID card projects elsewhere — notably in Australia and the Philippines — is that the cost estimates have risen sharply toward the implementation stage.
Unfortunately for reliable and controlled estimates of costs, IT expenditure is far from the only element that has a tendency to expand. Costs of issue, implementation and policing are all notoriously elastic and it is easy to overlook costs to business, which do not appear on the government balance sheet.
Returning to the vnunet.com article mentioned in our analysis of consultation point P1, it mentions that Richard Thomas has criticised the Home Office’s poor cost estimates:
Earlier this month, research commissioned by the Information Commissioner indicated that the entitlement card cost estimates developed by the government failed to take into account the cost that local authorities, the NHS and police would incur by integrating their systems with the new card system. The government is now looking at these figures again.
With costs running into several billions of pounds, it is difficult to conclude that taxpayers would make this a priority over other public expenditure. Whilst there are always going to be conflicting pressures on public spending, it seems likely that it could be politically difficult to justify such large expenditure on an ID card scheme when there will always be schools and hospitals to pay for.
It is difficult for the government fully to inform citizens of the less obvious potential overheads when, as we have demonstrated, the government itself, cannot at this stage, produce a reliable estimate. Should it subsequently become evident that costs were to be far higher than the government’s initial projections of £1.3 to £3.1 billion a significant drop in public support might follow.
We believe the Home Office has yet to provide a convincing cost–benefit analysis. It is, self-evidently, not for civil liberties groups and the like to prove that ID cards are unnecessary and not useful. Rather it is for the Home Office to provide a persuasive argument suggesting not only how the proposed “entitlement card” scheme would meet the stated aims, resolve the potential issues highlighted in responses such as this report and recoup the massive costs involved.
Not only this, but there have been almost successful implementations of major IT projects undertaken by the government. David Blunkett told Parliament: “I agree that it is important to recognise the past failures of Government technology systems”, yet we feel that there are many lessons still to be learnt.
We believe the Home Office has yet to prove what problem the cards are supposed to fix, where abroad have they done so and that the introduction of a mandatory ID card scheme would be the most economic solution. Are the crimes that it would help with serious enough for the huge expense and dubious effectiveness?
Due to the consultation deadline, Stand could not respond fully to this point. Stand has further comments to make on this issue should the consultation period be extended.
This section of our report is designed to deal with topics arising from the ID card paper that don’t dovetail so neatly with the consultation points themselves. These topics are in no particular order and there presence here merely indicates that we believe them worthy of comment, not that they are any more or less important than matters we have raised elsewhere.
As an aside to consultation point P6 in Chapter Two, dealing with the options for a card scheme (qv), the consultation paper mentions amending legislation to make it an offence:
To provide fake identity documents and other forms of entitlement card such as a proof of age card, which can often be passed off as genuine. Under current law, use of such cards can be illegal if they involve some form of deception, but the supply of such cards is not necessarily an offence.
To this point, we simply believe the government needs to be reminded that extending fraud legislation to deal more efficiently with fraudulent use of identity papers would not cost £1.3 to £3.1 billion and need not be in the slightest part privacy-invasive. Cynics might suggest that such a legislative change does not have a sufficiently high media salience for some of our legislators to consider it. Perhaps, combining these measures with better fraud legislation to cover identity fraud would be more newsworthy and be able to engage the interest tabloid journalists more effectively.
Along with many others, we greatly welcomed the government’s very good work in incorporating the European Convention on Human Rights into UK law by enacting the Human Rights Act 1998.
Unfortunately, while the government initially attempted to take on board the consequences of the Human Rights Act while framing legislation, they seem to have become accustomed, more recently, to making statements of compatibility with the Act that would appear to be more like subjective statements of faith, rather than objective statements of fact. One needs only look at the Anti-Terrorism, Crime and Security Act 2001 — where the Home Secretary was forced to derogate from the Article Five guarantees enshrined in the Act in order to abolish the Magna Carta right of habeas corpus — to see that Secretaries of State are quite capable of a somewhat selective interpretation of the Human Rights Act.
To remind readers, the preamble to the Anti-Terrorism, Crime and Security Bill, read:
Mr Secretary Blunkett has made
the following statement under section 19(1)(a) of the Human Rights Act 1998:
In my view the provisions of the Anti-Terrorism, Crime and Security Bill are
compatible with the Convention rights.
Whilst we are under no illusion that this increasingly-authoritarian government would fail happily and easily to exclude any measures introduced here from the purview of Article Eight, we feel that, either way, the introduction of a mandatory ID card scheme that would, in effect, require large tranches of society to carry the card on their person at all times would be a dangerous and reckless abandonment of one of this government’s major achievements.
While the Human Rights Act was a bold aspiration, it has been evident, from its inception, that the government is in two minds about how to proceed with it. We are increasingly concerned that this inconsistent approach is giving way to derogation from rights and liberties ancient and new, as the government finds it more convenient to overlook civil liberties than initiate genuine debate on the important matters affecting our society and, thus, provide the citizens of this country with the protection of their rights under Articles Five, Six, Eight, Eleven and Fourteen.
It’s a truism that you can tell a man by the company he keeps. Malaysia, Singapore and Thailand have very similar card systems. China is moving rapidly in this direction with the development of a compulsory ID database and card system.
As we wrote earlier, no Common Law country in the world has ever accepted the idea of a peacetime ID card. The Australian and New Zealand public have rejected similar proposals outright. Canada has never agreed to such a scheme. ID card proposals have always been rejected by the United States Congress. No European country has such a comprehensive or invasive card system. The nearest equivalent within the current EU members is Greece — a country that, in recent years, has been a military dictatorship and still suffers the hangover of that experience to its civil liberties. This erosion of Greek civil liberties is to the extent that the police have the power to stop individuals arbitrarily, without there being any suspicion of having committed or intending to commit any criminal offence. The Greek “Ministry of Public Order” issues cards compulsorily to all over–14s.
We are mildly concerned that there would be no Welsh on a passport card, which would seem to us to be a contravention of the principles behind the Welsh Language Act 1993, if not a direct contravention of the Act itself. We are pleased to note that drivers’ licences are currently bilingual and would hope that any ID card would also use the Welsh language in addition to English, in compliance with the Welsh Language Act and Article Ten of 1992’s European Charter for Regional or Minority Languages (ETS No 148).
We are disappointed, also, to note that, despite the protestations in paragraph 96:
The standards for passports are set internationally and would not allow the combined passport/entitlement card to be printed in a bilingual English/Welsh version. In order to retain compatibility with current UK Passport standards, it would most probably be printed in a bilingual English/French format.
that there are many passports that are not only in English and French — even Swedish passports, from another EU state, are in English and Swedish alone. Indonesian passports are in English and Bahasa. Similarly, Republic of Ireland passports are trilingual, in Gaelic, English and French. Because, as is reflected by the Welsh Language Act 1993, the Welsh language is an important part of the Welsh cultural identity. In some local authority regions is spoken by well over half the population, often as a first language; it is important that personal documents, such as birth certificates and passports should be available in either or both languages.
On a similar note, we would hope other UK minority languages could be granted comparable levels of respect by the government. The Charter also, of course, covers our other minority languages — the Scots and Irish Gaelic tongues and Ullans or Ulster–Scots, the status of the latter two also being guaranteed by the Belfast Agreement of 1998. The richness and diversity of our society in the UK is an immensely valuable part of our cultural heritage and any measure by central government that could damage that, no matter how unintentionally, should be resisted with fervour.
It is the firm belief of many people — including many of the government’s own backbenchers — that the Labour government has no mandate to introduce an ID card scheme. There was no mention of a scheme in their manifesto in either the 1997 or the 2001 General Elections and there was no reason to believe that a scheme would be proposed.
We are greatly concerned that a democratic and socialist party that proclaims the admirable key values of social justice and decency would seek to introduce a scheme that was rejected by the Conservative party of the Thatcher–Major era. As we believe we have demonstrated throughout this report, an ID card scheme would be regressive and socially divisive; not only would it fail to meet the objectives the consultation paper poses, but it would actually be counterproductive to several. It would create a new sous-élite, who would effectively be required to present the document at just about every occasion where they had cause to interface with state bodies.
We are pleased to note that every survey and poll we have read on the subject of the introduction of ID cards to Britain has been overwhelmingly opposed, despite the attempts of some to sway public opinion on the subject. This gives us hope that the government will heed the results of this consultation exercise and realise that ID cards are as unpopular now, in 2003, as they were 51 years ago when the Lord Chief Justice Goddard made his celebrated opinion.
abuse........... 8, 21, 23, 25, 30, 38, 52, 53
ACLU..................................................... See American Civil Liberties Union
Agre, Prof Phil.................................. 49
Amazon........................................ 13, 31
American Civil Liberties Union. 25, 46
Anti-Terrorism, Crime and Security Act 2001 56
Application Registration Card............. 14, 43, 44, 47
ARC See Application Registration Card
asylum................................... 14, 32, 43
Asylum and Immigration Act 1996. 31
Australia............................... 18, 53, 57
Australian National University.. 46
Department of Immigration and Ethnic Affairs 18
authoritarian............... 8, 11, 22, 47, 56
barcode........................................ 50, 52
BBC............................................... 16, 19
Bedfordshire..................................... 26
Belfast............................................... 35
Belfast Agreement............................ 57
Belgium........................... 13, 38, 39, 52
Benefits Agency................................ 38
bilingual.......................................... 57
biometrics........................ 11, 14, 16, 31, 33, 34–35, 34–35, 34, 38, 43, 44–50, 53
Birmingham Racial Attacks Monitoring Unit 43
black market............................ 8, 21, 31
Blunkett, Rt Hon David, MP................. 10, 12, 19, 27, 54, 56
Bohm, Nicholas................................ 21
Boucar, Alain................................... 39
Browne-Wilkinson, Sir Nicholas..... 37
bureaucratic................................. 9, 17
Cambridge University...................... 45
Canada.............................................. 57
CCTV.................................................. 49
Census......................................... 52, 53
Central Register.............. See database
Charter 88......................................... 31
Child Support Agency....................... 37
children................................. 25, 26, 52
China................................................ 57
CIFAS................................................ 38
Citizens’ Advice Bureaux.................. 41
Civil Service............................. 9, 21, 27
Clarke, Roger.................................... 46
Common Law......... 13, 16, 20, 41, 50, 57
Commonwealth................................. 42
compulsory........................................... 11, 14, 15, 16–20, 19, 22–23, 43, 54, 57
construction....................................... 8
cost................................... 10, 14, 15, 16, 18, 24, 30, 34, 42, 45, 47, 50, 53–54, 53, 56
counterfeit.............................. See fake
counterproductive....... 14, 15, 18, 31, 37
Creative Commons.............................. 3
credit reference agencies...................... See Equifax, Experian
criminal............................................... 11, 20–21, 22, 23, 26, 34, 35, 40, 41, 48, 57
crypto................................................ 27
Crypto-Gram..................................... 46
Customs & Excise........................ 34, 47
Data Protection Acts............................. 20, 26, 28, 40, 44, 52, 55
Data Protection Commissioner............. See France, Dame Elizabeth
database........................ 8, 9, 16, 18–19, 23, 26–27, 29, 30, 32, 34, 40, 51–52
Daugman, Dr John, OBE................... 45
Department for Work and Pensions..... 20, 38, 47
Department of Defense (US).............. 46
Department of Immigration and Ethnic Affairs See Australia
Departments of Motor Vehicles (US).... See United States
DIABCARD........................................ 36
digital certificate....................... 50–51
disadvantage.............................. 23, 37
discrimination................................. 43
disproportionate.................... 19, 22, 43
divorce.............................................. 24
DMV........................ See United States:
............ Departments of Motor Vehicles
Donor Card........................................ 36
driver’s
licencing................................. 9,
12, 15, 19, 21, 23, 24, 27,
29, 32, 33, 34, 35, 37, 38, 40, 42, 44, 51, 52
DVLA................. See driver’s licencing
DVLNI............... See driver’s licencing
E111................................................... 17
eBay............................................. 13, 31
e-commerce.................................. 13, 31
education.......................................... 44
election............................................. 58
Elections (Northern Ireland) Act 1985 35
Electoral Fraud (Northern Ireland) Act 2002 35
Electoral Identity Card..................... 35
Electoral Roll........ 14, 17, 27, 35, 37, 44
employment....................... 8, 26, 40, 52
Equifax........................................ 30, 37
Europe
Charter for Regional or Minority Languages 57
E111................................................ 17
European Convention.............. 26, 56
European Economic Area........ 29, 33
European Union. 13, 17, 29, 31, 47, 57
ex parte Robertson. See Robertson case
Experian........................................... 37
FaceIt®............................................. 49
Facial recognition....................... 46, 49
fake....................................................... 9, 11, 19, 32, 33, 34, 35, 37, 44, 46, 56
Falconer of Thoroton, Lord, QC.............. 9, 10, 12, 13, 26, 44, 52
fallacy............................................... 33
Feinstein, Senator Dianne (California) 25
fingerprint...................... 46, 48, 49, 50
Florida.............................................. 46
foreign nationals............ 42–44, 42, 44
France (country).............. 13, 43, 51, 52
France, Dame Elizabeth.............. 22, 37
fraud...................................... 10, 11, 13, 18, 20, 24, 25, 27, 30–31, 34, 35, 39, 50, 56
function creep....................... 24–25, 35
Gaelic................................................ 57
GAK.... See Government Access to Keys
Germany.................................. 8, 13, 52
Goddard, Lord Chief Justice.................. 14, 15, 20, 34
Goodell, Jeff................................. 38, 39
Government Access to Keys......... 30, 51
government IT projects 24, 25, 30, 51, 54
Greece.................................... 43, 52, 57
Ministry of Public Order............... 57
Guardian (newspaper).......................... See The Guardian
Guthrie cards.................................... 26
habeas corpus................................... 56
Hayles, Maxie................................... 43
healthcare......................................... 17
Hesse, Jim......................................... 39
High Court........................................ 37
HIV testing....................................... 26
Holyrood............................................ 22
Home Office........ 9, 10, 12, 13, 14, 15, 21, 26, 27, 28, 30, 31, 41, 43, 45, 46, 47, 53, 54
Immigration and Nationality Directorate 14, 30, 32
Howard, Rt Hon Michael, MP....... 18, 19
Human Rights................. 16, 26, 43, 56
Human Rights Act 1998....................... 14, 26, 28, 44, 50, 56
HUNTER........................................... 38
identifier................... 16, 23–26, 25, 52
identity fraud....................................... 9, 10, 11–12, 13, 30–31, 37–41, 52, 53, 56
illegal immigrants.................. 8, 11, 18
illegal working....... 9, 13, 31–33, 34, 45
immigration. 8, 9, 10, 31–33, 43, 45, 47
Immigration and Naturalization Service (US) See United States
IND............................. See
Home Office:
Immigration and Nationality Directorate
Indextix............................................ 49
Indonesia.......................................... 57
Information Commissioner.................. See Thomas, Richard
information-sharing........................... 10, 25, 26, 28, 37–38, 40, 42, 44
Inland Revenue....................... 8, 17, 37
INS.......................... See United States:
Immigration and Naturalization Service
International Biometric Group........ 49
intrusion................................ 15, 18, 34
invasive..................... 26, 29, 32, 56, 57
Ireland................................... 14, 44, 57
North............. See Northern Ireland
Iridian Technologies Inc.................. 45
iris scanning.............................. 45, 48
IrisCode®.......................................... 45
IRS........................... See United States
....................... Inland Revenue Service
Italy.................................................. 39
Japan........................................... 43, 46
John, Prof Gus................................... 43
Joint Council for the Welfare of Immigrants 43
judicial warrant......................... 34, 40
Kenyon, Paul............................... 19, 27
languages..... See minority languages
law enforcement agencies 34–35, 40, 41
LEAs.... See law enforcement agencies
Lexis–Nexis...................................... 25
Liberty............................................... 13
local government................... 12, 13, 53
London
Borough of Newham...................... 46
Metropolitan Police............ 19, 43, 46
Underground................................. 40
Magna Carta..................................... 56
Malaysia........................................... 57
mandate............................................ 58
manifesto.......................................... 58
marginalise................................ 16, 23
marital status.................................. 52
marriage........................................... 24
Matsumoto, Tsutomu........................ 46
Meals on Wheels............................... 53
medical....................... 24, 25, 35, 36, 51
Metropolitan Police........... See London
Ministry of Public Order (Greece).... 57
Minitel.............................................. 51
minority languages......................... 57
misuse................................... 21, 24, 27
money laundering................ 30–31, 34
Mullin, Chris, MP............................. 10
National Health Service.. 24, 37, 47, 53
National Insurance.............................. 9, 24, 32, 37, 42, 44, 52
Nationality, Immigration and Asylum Act 2002 32
Netherlands..................................... 43
New South Wales........... See Australia
New York Times Magazine.......... 38, 46
New Zealand..................................... 57
Newham (London Borough)............. 46
Non-governmental organisations 27, 30
Northern Ireland........ 14, 17, 35, 43, 57
NI Electoral Identity Card................. See Electoral Identity Card
NI Electoral Office................... 17, 35
Norton-Taylor, Richard................... 37
OECD.................... See
Organisation for
Economic Cooperation and Development
Office of the e‑Envoy 27, 28
On the Record............................... 16, 32
optical character recognition........... 50
Organisation for Economic Cooperation and Development 42
Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data............................................... 42
organised crime.................. 9, 11, 19, 34
Orwellian.......................................... 49
Parliament See Westminster, Holyrood
Pasha, Tauhid.................................. 43
passport................................................ 9, 11, 20, 24, 29, 33, 35, 38–39, 40, 44, 52, 57
Passport Agency................................... 9, 12, 30, 32, 37, 38, 39, 40, 42, 44
penalties................................ 22, 26, 40
people trafficking............................... 9
Philippines....................................... 53
PIN.................................................... 50
police.......................... 14, 15, 19–20, 19, 21, 34–35, 37, 39, 40, 43, 46, 47, 52, 53, 57
Police and Criminal Evidence Act 1984 19, 34
Police National Computer................ 38
poll tax.............................................. 16
privacy.................................................. 8, 9, 10, 15, 20, 21, 23, 24, 26, 29, 32, 34,.. 35, 36, 37, 38, 40, 42, 44, 49, 50, 55, 56
Privacy International.. 9, 13, 21, 44, 52
private sector........................................ 27, 29, 31, 37–38, 40, 50, 52
private tenants................................. 44
proof of age............................. 33, 42, 56
public services............................ 10, 15, 17, 18, 23, 27, 29–30, 29, 31, 40, 46, 47, 50
Public–Private Partnership............ 40
Puddephatt, Andrew......................... 13
R vs City of Wakefield Metropolitan Council & another ex parte Robertson See Robertson case
racism.................................... 19, 43, 45
red herring............................ 19, 26, 40
Redwood, Rt Hon John, MP.......... 16, 32
register............................ See database
Regulation of Investigatory Powers
RIP (Communications Data: Additional Public Authorities) Order 2002 21
RIP Act 2000....................... 30, 44, 51
Republic of Ireland........... See Ireland
Robertson case.................................. 35
Rosen, Jeffrey................................... 46
Royal Prerogative............................. 20
sanctions............. 20–21, 22–23, 27, 40
Schengen..................................... 29, 44
Schneier, Bruce................................ 46
Scotland................................. 41, 53, 57
Scots Law.................................. 22, 41
Scottish Parliament.... See Holyrood
sensitive data.............................. 21, 52
September 11.......................... 19, 34, 35
sexuality........................................... 52
Singapore.......................................... 57
Six Counties...... See Northern Ireland
smartcard............................................. 18, 29, 30, 35–36, 35, 36, 50–51, 52
Social Security....................... 18, 25, 37
Social Security Fraud Act 2001........ 20
Social Security Number (US)............... See United States
Society of Black Lawyers................... 43
Spain................................................. 13
spam................................................. 27
SSA........................... See United States
......................... Social Security Agency
SSN.......................... See United States
....................... Social Security Number
Steinhardt, Barry............................. 46
stop and search...................... 19, 43, 52
students............................................ 44
surname........................................... 23
Sweden......................................... 31, 57
Switzerland...................................... 45
tabloid............................................... 41
Tampa (Florida)................................ 46
Taylor, Sir Teddy, MP........................ 10
terrorism............... 10, 11, 18–19, 34, 35
Thailand........................................... 57
The Guardian..................... 11, 13, 21, 37
Thomas, Richard................... 11, 22, 53
Turkey......................................... 13, 52
UCLA..................................................... See University of California: Los Angeles
UK Crypto.......................... 15, 21, 45, 48
Ullans....................... See Ulster–Scots
Ulster–Scots..................................... 57
unauthorised access......................... 21
unique identifying number See identifier
unique personal number See identifier
United Nations................................. 43
International Covenant on Civil and Political Rights 43
United States................... 39, 42, 45, 57
Congress........................................ 25
Departments of Motor Vehicles 19, 33
Immigration and Naturalization Service 39, 46
Inland Revenue Service................ 25
Social Security Agency................. 25
Social Security Number.......... 24, 25
universality................................ 13, 14
University of California: Los Angeles 49
unsolicited commercial email See spam
Value Added Tax.................... See VAT
VAT.............................................. 14, 24
Virginia............................................ 19
Visionics........................................... 46
voluntary........ 11, 15–16, 22, 30, 36, 43
Weimar Republic............................... 8
Welsh................................................ 57
Welsh Language Act 1993............. 57
Westminster............................... 22, 26
Willcock, Clarence............................ 14
xenophobia....................................... 43
young people..................................... 42
