UK Liberty

Ministry of Truth again (allegedly) and unanswered questions

Posted in ID Cards, politicians on liberty by ukliberty on April 9, 2008

The Ideal Government:

I dont really get this. An eyewitness made a contempory note of Meg Hillier telling the Home Affairs Select cttee

The National Identity Register, essentially, will be a secure database; …hack-proof, not connected to the Internet…not be accessible online; any links with any other agency will be down encrypted links.

I understand the officials present were passing notes to try to get her back on message. What appears in the official record is is

The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will
be down encrypted links.

In short, probably best not to claim it’s hack-proof, Meg, because there is no such thing.

Also that it has to be online in some form, otherwise no-one outside the highly secure bunker containing the database(s) will be able to access it.

The real puzzle here, though, is how the public and private sector will verify someone’s identity. Meg wasn’t much help to the Committee:

If you are an employer and someone presents to you with their passport, you would make a phone call to—

Q21 Chairman: We do not need to see your passport again. We believe it is you!

Meg Hillier: But they would then check that as verification: “Is this a real passport?”, and you would get that, yes, or, no, answer.

Nor is the IPS’s brief description of the Identity Verification Service:

The identity verification service will provide a way for accredited organisations to check an individual’s identity. This means that you will have a secure and convenient way of proving your identity in a variety of situations …

  • if you are a foreign national applying for a job it could be used to confirm that the status of your visa allows you to work …

To protect your privacy, all organisations that wish to use the identity verification service will need to be accredited, and they will need your consent before they use the service to check your identity.

In common with every document, transcript or debate I have seen on this issue, there is nothing about how it will be made better, or easier, just that it will be.

Nor is there any information on how an employer becomes ‘accredited’ – what is the procedure here, how long will it take, and so on – just that an accredited employer will be able to use the service.

There is some more detail in documents like the Identity Checking Services Presentation and various action plans:

  • Visual Check – Checking whether the card photograph matches the card holder
  • Card Authentication – Checking whether the card is genuine and unaltered through the chip
  • Pin Check – A higher level of proof by entering the PIN
  • Online / Telephone Verification – Checking through temporary codes generated by the chip or shared information
  • Biometric Check – Checking whether the card holder’s fingerprints match those given during enrolment
  • Identification – Confirming identity when the card is not present
  • Information Provision – Making data available from the NIR (only in legally prescribed circumstances)

On-line or 3-way checking (using biometrics for example) should be used only where the situation justifies or requires it.

But again, nothing about how the employer will authenticate a card, or have the cardholder enter a pin, or how ‘temporary codes’ will be generated and how they will be generated and how they will be submitted online, how someone’s fingerprints will be checked, or the system for identification when the card isn’t present – again, what is the procedure, if the public Internet isn’t to be used what will be used, what equipment will the employer need to think about buying, and so on.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: