UK Liberty

[hat-tip: Richard S at Ideal Government]

James Hall, chief executive of the Identity and Passport Service, has written an article for Whitehall & Westminster World.

He presents the usual arguments about the benefits of data sharing – even though only two departments, the Home Office and DWP, have proposed how they will make use of it – how ‘basic’ the information is that will be stored, and so on.

But rather than fisk the whole article, making the same counter-arguments for the second time this week, I want to look at three or four points in particular.

Here is what he says about trust and security:

The national identity scheme is being designed to meet that public expectation of improved services and joined-up government. The Identity and Passport Service (IPS) is already trusted by the public to hold securely all relevant information about their identity on our passport database.

I believe the public will trust us now to deliver a secure and reliable method of proving and verifying basic identity information.

On the other hand we see such stories as these:

“Security at the British Home Office’s Identity and Passport Service (IPS) database has been compromised [at least] four times, with individuals’ data used inappropriately by Home Office employees and contractors. A fifth breach has hit a Prison Service database.” (The Register)

“More than 700 charges of corruption were levelled against Home Office immigration staff in one year, an investigation by MPs has found.” (The Telegraph)

“An internal investigation at the Department for Work and Pensions (DWP) has found that civil servants are colluding with organised criminals to steal personal identities on “an industrial scale”.” (The Independent)

Clearly there is some level of abuse.

(More stories can be found on my data abuse page).

Security is a vital concern and the scheme must be accredited by our security authorities before it can be launched. We have also made unauthorised disclosure of information a criminal offence, attracting a sentence of up to 10 years. Any suggestion that the scheme will be intermittently insecure because it isn’t ‘closed’ and must interact with other parties is nonsense – secure systems such as worldwide payment schemes deal securely with highly-sensitive transactions worth billions of pounds every day.

In truth what we have is a number of different systems and some are more secure than others.  None are 100% secure.

Every company has traded off the benefit of using a particular system against the risk of losing money associated with it. It forms part of their cost-benefit analysis.

There are lots of problems with such systems that we don’t know about: perhaps because they aren’t reported, or because they are kept secret. See Professor Ross Anderson’s work, among others, for more information, and perhaps the Risks digest.

So there are risks associated with every system. These range from those associated with corruption, to human error, to ‘bugs’ and total system failures.

Here is a recent gem: the $32bn overdraft.

It is wrong to imply that there are no risks associated with the ID card scheme.
What are these risks, how can they be mitigated, and so on?

There has been no discussion! They want us to believe it will be secure and that staff are totally trustworthy.

But surely if we are to have a system, we need to discuss it with such risks in mind.

Then we can look at trading off the benefit of having a centralised identity register against the risks associated with it.

Another point is that banks and credit card issuers are accountable to their customers and shareholders: a customer is unlikely to stay with a bank or credit card issuer that he routinely has problems with.

But we won’t have a choice about which identity assurance system we want to subscribe to, because the Government will have a monopoly on it.

On the principle of the scheme:

In addition, the scheme will facilitate verification of that identity in a number of ways, allowing departments to confirm identity with a highly reliable source, so they can then focus on their own core functions rather than incur the duplication of effort (and cost) of weaker registration processes. It is no longer defensible in a 21st century society for people to have to establish their identity separately every time they access a different public service.

Nonsense: it is defensible if the risks of establishing identity outweigh the benefits of being able to do so.

Ultimately, we should remember that – in spite of the regular dripfeed of misleading commentary about the scheme – polls continue to show a consistent public majority in favour of the introduction of identity cards.

The proportion of people in favour varies from poll to poll but yes, people seem generally in favour of the introduction of identity cards.

On the other hand none have been asked if they’re in favour of a particular method, for instance where your identity-related information is stored locally (on your card) rather than centrally.

Another point to make about polls is that the majority of the public are consistently in favour of re-introducing the death penalty. So why doesn’t the Government propose that?

IPS is working with a number of public sector organisations to map out how to deliver the scheme in the most effective way possible, giving the public the kind of joined-up government and secure identity they have demanded. We acknowledge that there are concerns – and they will be taken seriously – but we need to have a realistic debate, not one that sensationalises those concerns, yet offers nothing in the way of practical solutions.

A realistic debate?

Something we should have had right at the beginning – something the Government has no interest in, and still has no interest in today.