Dishonesty, incompetence, a bit of both?

Posted in ID Cards, politicians on liberty by ukliberty on March 11, 2008

BBC:

I’m delighted to be here today to set out my views on the future of the Government’s National Identity Scheme.

I’d like to start by acknowledging the positive role that Demos has played in my thinking on this issue, particularly through the ‘FYI – For Your Information’ report published towards the end of last year.

Your work – in equal parts refreshing and challenging – is an important contribution to what I think we can all agree is a crowded, and at times heated, field of debate.

It is only right, of course, that the politics of personal information should be subject to intense scrutiny and robust argument.

This is not a debate confined to government alone, but one which now affects almost every aspect of our daily lives as citizens and consumers.

We all need to be able to prove who we are – quickly, easily and securely.

But not “day in, day out”, and sometimes we only have to because the law requires it (eg money laundering regulations), not because of a particular ‘need’, but because of a ‘want’.

And so it is essential for all of us to be able to lock our identity to ourselves and to protect its integrity.

No, sometimes it is essential to lock an identity to ourselves.

We need a way of doing so that we can trust in, and that can be trusted by others – when applying for a job, travelling abroad, or using business and government services.

Today I want to set out how the Government’s National Identity Scheme can support and extend the two main benefits of identity assurance: firstly, to protect the integrity of the information held, in the interests of both personal and national security, thus reducing the risk of fraudulent activity; and secondly, to offer the convenience of being able to quickly prove who we are when accessing services in the public or private sector.

I’ve never found it difficult to prove who I am to the satisfaction of the public or private sectors.

I have always believed in the concept of a national identity scheme.

Like some people believe in the Tooth Fairy.

Since June, I have been determined to make sure that we way we put this concept into practice is hard-headed

Are you sure?

and cost-effective, and strikes the right balance for individuals, business and government in terms of privacy, security and usability.

So it’s not ‘consumer’ oriented then, but some vague ‘balance’.

I am indebted to the work that Sir James Crosby has done through the Public- Private Forum on Identity Management, who has now presented his report to Alistair Darling and me.

Sir James has used his considerable commercial expertise to examine the benefits of the Scheme from a consumer perspective.

He makes welcome and compelling recommendations, which have helped us to re-assess the merits of the Scheme and to focus more closely on the undoubted benefits it can deliver.

I start from the premise that the National Identity Scheme is a public good.

Well of course you do.

As citizens, it will offer us a new, secure and convenient way to protect and prove our identity.

But you have not yet said the organisations that will use it nor what use they will make of it and how we will use it with them.

And it will provide us with the reassurance we need that others who occupy positions of trust in our society are who they say they are as well.

No it won’t, because the citizen will not be ‘security-accredited’ and therefore able to access the Identity Verification Service. We will continue to have to trust other people to make those checks on our behalf.

As a government, we have a duty to ensure that the National Identity Scheme supports our national security, and that it provides a robust defence against those who seek to use of false identity to mask criminal or terrorist activity.

I want as many people as possible to enjoy the public good of the identity scheme, as quickly as is practicable.

The plans I am publishing today inject a new momentum into the delivery of the scheme and its benefits.

Our plans will now provide both the protections and the convenience of the scheme more quickly than previously expected.

As the latest public attitudes analysis I am releasing today shows, public support for our proposals has remained broadly steady – at nearly 60% – even after a series of high-profile government data losses.

No, they support the principle of the introduction of identity cards, not a particular set of proposals (or indeed costs). Furthermore that leaves over 40%, or 24m UK citizens, who don’t support it.

I am convinced that our increased awareness as a nation of the dangers of data loss and identity fraud makes the case for participation in the national identity scheme more pressing, rather than less.

It doesn’t get much more personal than personal information – and we should all be concerned at the potential for information to end up in the wrong hands, or to be used for unforeseen purposes.

That’s exactly why we shouldn’t store more data than necessary in one or two databases, but keep only what is needed for a particular purpose – the very opposite of the National Register.

That concern should make us question closely those who are charged with managing our personal information on our behalf.

And it should make us think carefully about the responsibilities they have to live up to.

Some claim that recent cases highlight the difficulty of entrusting sensitive information to anyone, let alone the state.

I will argue today that it is precisely because of public’s interest in secure identity that we need more effective mechanisms for protecting identity and safeguarding personal information.

The National Identity Scheme will help deliver this.

Because your name will be linked by your fingerprints to a unique entry on the National Identity Register, you will have much greater protection from identity theft – no-one will be able to impersonate you, like they can now, just by finding our your name and address and personal details.

Well, it depends on the security check being used, doesn’t it? The Home Office’s Borders, Immigration and Identity Action Plan says there will be a number of ways to check someone’s identity: a visually, looking at the card and its owner; checking the authenticity of the card (not sure how that verifies someone’s identity, but there you go); asking for a PIN; a ‘shared secret’; or a fingerprint.

Note that all of these can be fooled, and there will undoubtedly be flaws in the system, particularly in the early days, so to say “no-one will be able to impersonate you” is a lie.

We have listened to people’s concerns.

But haven’t addressed them.

The way in which we are designing the National Identity Register, with separate databases holding personal biographic details physically and technologically separately from biometric fingerprints and photographs, will greatly reduce the risk of unauthorised disclosures of information being used to damaging effect.

Well it really does depend on what the information can be used for, doesn’t it?

This is in addition to existing plans for tough penalties for such disclosures – and I should make it clear that none of the databases will be online, so it won’t be possible to hack into them.

I think she means, they won’t be available over the public Internet (as you might expect!) – otherwise I can’t see how we can check each other’s identity.

Delivering enhanced protections and improving security.

Improving opportunities and making our lives easier.

And enshrining choice in how we access these benefits.

Waffle.

These, to me, are the issues we need to put at the heart of how we manage the national identity scheme.

Anyone who has been a victim of identity fraud – and sadly I suspect there are all too many in this room today – will be aware of the need for better protection.

Last year, according to the British Crime Survey, 2% of all adults in the UK had their identity details used without permission, up by a third from the year before.

Identity fraud costs the UK £1.7bn a year.

It might do, but not for the reasons you claim.

From individual victims of identity theft to sophisticated international operations using false identities and stolen credit cards, these are not victimless crimes.

As tax payers, we bear the cost of fraudulent benefit claims by people like Jean Hutchinson, who was jailed in January for five years for defrauding the benefits system of nearly £2.5 million.

She was caught with 180 stolen identities, built up after trawling an ex-pat newspaper for the names of people who had emigrated.

And identity theft can be personally devastating for those whose identity has been stolen and used to commit crimes, needlessly embroiling them in police inquiries or criminal proceedings.

Worse still, we have seen how the use of multiple identities is a core part of the armoury of organised criminals and terrorists to disguise their activities.

Most of the terrorists convicted in recent years have routinely used multiple passports, bank accounts and other forms of identity.

In the last two years, the stronger provisions against identity theft in the Identity Cards Act – which makes it illegal for anyone to possess false identity documents, or genuine documents belonging to someone else – have helped us to successfully prosecute 525 people for false document offences.

Alongside robust enforcement action, we need to ask what more we can do to prevent such abuses happening in the first place.

Would Jean Hutchinson have been able to commit her crimes if she had been asked to give a photo and fingerprint as proof of her identity when she registered each new benefit claim? The answer is no.

But will she be asked to give a photo and fingerprint as proof of her identity? The answer is no, apparently. Also, “there are no plans at this stage to make the delivery of particular public services dependent on the production of an identity card”, says Meg Hillier (Parliamentary Under-Secretary (Identity, Home Office).

A simple check against the National Identity Register would have revealed the real person’s face and fingerprints.

This is very odd, because you said elsewhere that “access to those biometrics will only be available to highly security cleared individuals with a whole range of other security arrangements in place as well.”

So will all benefit office staff be “highly security cleared individuals” or in fact will they only get a yes or no when they ask the system if this person is really Jean Hutchinson and she also claimed under different names?

The Identity Cards Act and the Borders Act have allowed us to introduce greater identity safeguards, and I want to pay tribute to the work that the Identity and Passport Service and the Border and Immigration Agency are doing to deliver these protections.

All major high street banks are now using the IPS Passport Validation Service to carry out check to prevent money laundering.

Because the law requires it, not because they particularly want to. They are quite happy to look after our money, believe it or not.

IPS and the BIA now provide a service to the private sector that checks job applicants’ right to work, personal identity and proof of age.

Better use of biographical and biometric data is helping to increase the number of foreign criminals that we catch and the numbers we deport.

In the last 18 months, IPS has issued ten million British passports that include a small chip containing an encrypted digital version of the holder’s personal details and photograph – the first time we have stored biometrics in this way on a passport.

So what?

This process of issuing new biometric passports – technological security backed with personal service and close scrutiny – has been established with little fuss, great efficiency, on time and within budget.

At a time when concerns about the fluidity of identity are matched by increasing international mobility, it has also been right for us to use biometrics to strengthen the verification procedures for those who wish to travel to the UK.

Britain leads the world in successful delivering biometric visas, with all those coming to the UK on a visa

ie not all foreign nationals, as she continually implies, in an attempt to appeal to base xenophobia

now required to provide a fingerprint.

Which is causing a decline in visits to the UK.

So far, more than one million biometric visas have been issued, to travellers from 135 countries around the globe.

All applications are now checked before a visa is issued – and so far more than 11,000 have been identified as people previously fingerprinted in the UK as part of previous immigration cases or asylum applications.

The results of these fingerscan matches are communicated to our visa officers abroad in minutes, so that we can refuse visas.

And we can stop suspect individuals from even getting on a plane to the UK through the e- Borders system we are introducing to count people in and out of the country and screen all passengers against immigration, customs and police watch lists.

What is the false accept rate? What is the false reject rate? What is the number of ‘goats’? (Goats are people who have biometric templates that are hard to classify).

These provide the heightened security and assurance we need in an era of increasing international travel – to ensure Britain is best placed to harness the opportunities of globalisation, while meeting the challenges it inevitably brings.

Today I am publishing our plans to deliver a robust system of identity security for our immigration system.

The old-fashioned stickers and paper immigration documents that can be subject to fraud will become a thing of the past.

From November this year, we will start to replace them with compulsory biometric identity cards for

– non-EEA –

foreign nationals who come here to work and study.

Within three years, all new applicants arriving in the UK will be issued with a card.

These cards will make it easier for employers and sponsors to check whether newcomers are entitled to be here to work and study.

Immigration and law enforcement officers will find it easier to verify people’s identity and detect abuse.

Identity cards will benefit foreign nationals who need to produce evidence of their identity and entitlement to services.

Only because they will be required to produce evidence or be turned away! What a load of waffle. Besides, you could claim that you aren’t a non-EEA foreign national, and you won’t be asked for an ID card.

Locking people to one identity will help in our fight against human trafficking, illegal working and benefit fraud.

How will they help with trafficking? How will they help illegal working? How will they work with benefit fraud, if people won’t be asked for their identity cards when they claim benefits?

The first

non-EEA

foreign national identity cards will be followed next year by the first identity cards for British citizens.

The first argument for the national identity scheme is that it will offer us better protections – as individuals and as a society.

And the first argument against that is that with its introduction there will be new vulnerabilities. There is always a trade-off.

The first cards will therefore be issued, from 2009, to groups where there is a compelling need for reassurance that someone is who they say they are.

Like students and young people? Hahahaha.

We plan to start with people working in our airports, to support the already impressive action this sector is taking to ensure the integrity of its checks and systems.

Presumably they already have ID cards, and undergo extensive security vetting, so why do they need another ID card? What’s the point?

Last December, Ruth Kelly set up an independent review of personnel security arrangements in the transport industry.

Ruth and I agree that identity cards can help to deliver a strengthened identity assurance regime – making pre-employment and security checks easier for airside workers such as baggage handlers, check-in staff, aircraft engineers, and immigration and customs officials.

By introducing identity cards for up to 200,000 airside workers as a condition of their employment in such sensitive roles,

ie it will be compulsory if you want a job. The workers aren’t happy about these plans (nor are pilots).

we will see how the National Identity Scheme, offering a national standard for security, can add value over and above the efforts of any one sector.

like the cards they will already have and presumably continue to have?

Ruth and I will shortly chair a high-level meeting with industry and workforce representatives to explore the implementation of our proposals.

And I am keen to take forward discussions with other groups who operate in positions of trust in our society, which could include Olympics security employees and those involved in protecting our national infrastructure, such as power stations.

Why don’t they already have ID cards?!

Our test with each of these groups should be whether their participation in the scheme makes arrangements for checking their identity more secure – thus offering greater public reassurance – and whether it makes life easier, not just for employers, but for employees as well.

As we move towards wider participation in the scheme, IPS will also offer a tailored service for those who work in positions of trust, who choose to have an identity card, and who wish to use that to fast-track checks on their status as part of their job.

Working with the Criminal Records Bureau, a trial conducted by IPS shows that the time taken to perform a criminal records check could be cut from 4 weeks to as little as 4 days, with extremely high levels of user satisfaction.

Alongside these groups, we will start to make identity cards available to young people on a purely voluntary basis in 2010.

As in, if you don’t volunteer you won’t be able to access particular services.

It will be up to each young person to decide if they want one.

Provided they don’t mind missing out if they choose not to have one.

I believe there are clear attractions in the scheme.

It will make it easier to enrol on a course, apply for a student loan, open a bank account,

“I asked the Home Secretary whether people would be able open bank accounts just using an ID card (which would seem an obvious benefit) and her answer was — if I’ve understood it properly — “it depends”. This seems disappointing to me: after three years and tens of million of pounds spent on management consultancy, surely a simple “yes” or “no” is not too much to expect?”

or prove your age – especially as we get tougher on sales of alcohol to those under-age.

We will begin to offer cards to anyone who wants one later in 2010 – earlier than previously planned – and three years from now we will be offering cards to millions of people.

Ie the scheme overall has been delayed.

We will co-ordinate this with the planned upgrade of the current electronic passport, to contain digital fingerprints alongside its existing digital photograph.

Even though international standards don’t require fingerprints.

I want to give people a greater degree of choice about how they access the National Identity Scheme, and speed up the timetable for their participation in it.

All new passports will begin to be entered on the National Identity Register from 2011/12, and I believe it is right that individuals should have a choice of how they represent their entry on the Register.

That could be through an identity card or a biometric passport.

Most, of course, will wish to do both, because of the added convenience of having a card.

Why is it more convenient to have an ID card and a passport, rather than just a passport?

In time, it could even be through a driving licence.

ie it will, if all goes to plan

The important thing for everyone on the National Identity Register is that their unique identity details are locked to one person – themselves.

No-one else can pretend to be them, and they can’t pretend to be anyone else.

And let me be clear on the Government’s position on compulsion.

We have always said that there will be no requirement to carry and present a card.

In that case, how on earth will it prevent people from accessing services to which they are entitled?

That has not changed, and will not change.

And there will be no compulsion, either, in having to apply for a dedicated identity card for the purposes of proving your identity.

Your passport could also be used.

All of that is waffle about straw men.

In fact the claim made by opponents is that we will be compelled to enrol on the National Register, and this is part of what they want, as she says in the sentence below this one.

As more and more people participate and register, and as more and more people realise the benefits of participation, I want to see the scheme become universal.

We have always made clear that requiring everyone to be on the Register is a decision for the future that would need primary legislation.

See?

The way we are now approaching the scheme will lead to a significantly quicker take-up of its benefits.

And one of the strengths of this choice is that now people will be able to get a card when they want, rather than wait until they renew their passport.

This means that we can now aim to achieve full roll-out by 2017 – two years ahead of previous plans.

The drive for a more consumer- and market-led delivery of the scheme, and the use of passports as well as cards to roll it out more widely, will among other things, have powerful implications for the cost of the overall scheme.

Unlike any other programme I can think of in Government, we are required by law to give the latest estimate of costs to Parliament every six months.

By far and away the most accurate estimate of the cost of the scheme is the one produced by IPS, which is currently negotiating the contracts and managing the procurement.

Last November’s Cost Report estimated the current and projected costs of issuing passports and identity cards over the next 10 years at £5.4 billion.

When we publish our next Cost Report in May, I expect to see almost £1bn removed from the headline costs.

That is a genuine reduction in the costs of the scheme – and means that we can maintain our commitment that identity cards will cost no more that £30 when they are introduced.

If the cost of the scheme has been reduced by 18%, why can’t the point-of-sale cost be reduced by the same amount?

Procurement for the scheme is currently underway.

With a three of the eight potential suppliers saying they are no longer interested. We are left with EDS, IBM, Fujitsu, CSC and Thales. This isn’t great news for the scheme.

Formal invitations to tender will go out later this month, with the process completed by the end of May.

Today’s new plan for how we will implement the National Identity Scheme reflects the priorities I have set out today – national security, public protection, convenience for the individual and cost-effectiveness.

ie convenience to the individual and cost-effectiveness are some way down the list.

It allows for the pace of introduction to be set by consumer demand, minimising the cost to the taxpayer.

In developing this plan we have benefited greatly from Sir James Crosby’s review, which has examined evolving identity management technologies and considered how the public and private sectors can work together to maximise efficiency and effectiveness.

Sir James strongly supports a universal identity scheme, including a role for identity cards, and makes a strong case for speedy and consumer-led introduction.

He also argues that wherever possible we should use the market to deliver aspects of the scheme.

I agree.

Yes, pass the buck and displace the cost.

Clearly, there are some things that commercial organisations do much better than government, and the support of key partners across the public and private sectors will be critical to our success.

Government will obviously need to retain control of the overall quality and security of the scheme, as well as the ultimate decision on whether or not to issue an official identity document to any given individual.

But the private sector will be better placed to provide services relating to enrolment, such as fingerprint biometrics and digitized photographs, and the distribution of completed identity documents.

Will the people enrolling us be “highly security cleared individuals with a whole range of other security arrangements in place as well”?

We are also determined to realise the full benefits to national security from the national identity scheme.

In particular, the Identity Cards Act allows information to be shared with law enforcement agencies where this is necessary for national security or to counter serious crime.

This is the only area in which information will be shared.

Will law enforcement agencies be allowed to go fishing?

All other organisations – whether government or business – will only be able to use the scheme to verify someone’s identity if they have their prior permission.

Unless someone acts unlawfully or there is new legislation.

Sir James rightly identifies issues of public trust and assurance as central to the integrity of the scheme.

I fully understand the sensitivities associated with the management of personal information, and we will continue to build public trust and confidence in the National Identity Scheme.

It is our clear and firm intention to hold only the minimum number of details required to identify an individual.

In that case please explain why the Identity Cards Act 2006 has much, much more than that.

As I have set out today, the duty of public protection and the impetus for greater citizen convenience are the two drivers for our plans for the National Identity Scheme.

The benefits are clear: to counter illegal immigration and illegal employment; to tackle crime and terrorism; to lessen the burden for employers and employees involved in proving identity; to improve access to the public services to which we are entitled; and to, quite simply, make life easier for all of us in the modern world.

Unsubstantiated waffle.

Managed correctly and to high standards of privacy, security and choice, it is clear to me that the use of biometric cards and passports can be an important part of the scheme that allows us as citizens to easily assert and prove our identity, and that prevents our identity from being exploited or stolen by others.

It is inconceivable, indeed, that in today’s world people should not have a single, simple, safe way of securing and verifying their identity.

No, it isn’t at all.

The debate on identity cards evokes strong feelings – and that is only to be expected in an area of public policy which rests on the interaction of the individual and the state, and the clinching role of shared personal information in that relationship.

Writers have always found fertile ground in setting the individual and the state at odds with each other in the battleground of ideas, and the battleground of ID.

On this subject, it’s apparently compulsory to mention Orwell and Huxley.

That’s because they were visionaries. As people keep saying, Nineteen Eighty-Four was a warning, not a template.

And as anyone who has caught an episode of the current BBC1 political thriller ‘The Last Enemy’ will know, if there are not cock-ups to point to, then there are always plenty of conspiracies to fall back on.

‘The Last Enemy’ transports us to a Britain of the not-too-distant future, where personal information has become the weapon of a surveillance state against its own citizens, and where a super-database called ‘TIA – Total Information Awareness’ appears to fuse state of the art technology with a rather draconian reinterpretation of the art of the state.

It all makes for a good drama.

Really? Just drama, is it? No government would ever want “total information awareness”, would it?

Stupid.

But – to turn an old adage on its head – we should never allow a good story to get in the way of the facts.

Or lies.

When we return to the real world after an hour or two in front of the telly, how useful are these fictions for our daily interactions as citizens with government? How much of ourselves do we recognise in these champions of individual liberty, as we pursue our own personal missions with bureaucracy to pay our tax bill or register a change of address? Very little, in all honesty – because the role that we as citizens and as consumers of government services are looking to the state to perform – and to perform quickly, securely, and at our convenience – is one of protection, verification, facilitation.

That’s a bit paternalist, isn’t it?

People do want those things but also we don’t want bad consequences. There are always trade-offs. The Government does not want to discuss trade-offs. It does not want to acknowledge how and why things will go wrong, whether they have gone wrong due to maliciousness or incompetence. It does not want to discuss the protections and remedies available to us. But these are also essential components of any system, particularly this one proposed by the Government.

It is dishonest for the Government to avoid talking about the disadvantages of the scheme, essentially claiming that it will be perfect. I can see why they do it – they are trying to sell it to us, after all – but they should not be doing it.

Rather than thinking of the state as an opponent of our liberties,

I’m not sure anyone does think of the state as an opponent. They think of the Government as an opponent, and this really shouldn’t be a surprise.

set on thwarting our personal ambitions, in this context the role of government agencies is to defend our interests, to offer reassurance and trust, and to working in the most effective way possible to ease and to enable our lives.

This is the argument that supports the principle of the national identity scheme.

The measures I have announced today will put this principle into practice.

Thank you.

Update

There is some irony in my typing “incompentence” in the title.

Update 2

This scheme has not been designed for the benefit of the citizen. It has been designed for the benefit of government machinery.

Worth remembering the words of Tony McNulty:

It has always been seen in terms of what this can do for the State rather than in developing the gold standard in proving identity and saying how precious your identity is to you.

3 comments