You have nothing to fear – ID cards pt4.

I suppose it had to happen… finally up pops a blogger willing to mount some sort of defence of the Government’s ID cards proposal.

Actually, I have to say this is a good thing, not just from the point of view of simply having points to debate but also becuase Monjo’s comments – assuming that’s how the author styles himself from his blog – indicate clearly how and why the Government can claim that so many of our fellow citizens seemingly support the proposed ID Cards Bill.

It’s no accident that the focal point for much of the public opposition to ID cards is the Internet, after all it’s here that you’ll find – as you’d expect – a community of technically literate authors and activists, people with the skills and experience to understand fully what the ID cards bill could really means and where this legislation could lead us in future. It’s also no accident that the vast majority not just of bloggers but of the non-aligned technical press and technical analysts are also more or less overwhelmingly against this particular bill. The only industry figures I’ve seen coming out in support of this legislation have been those with a clearly identifiable vested interest – of the members of Silicon.com‘s CIO panel, only the representatives of Newham Council and the Dorchester Hotel spoke up in favour of ID cards.

Richard Steel’s comment – he being Newham Council’s Head of ICT – is particularly revealing of public sector attitudes to this bill when he is quoted as saying:

“We badly need a national standard to link to other citizen-centric systems developments, including citizen identification and authentication, and the national ID card may as well be it.”

I’m sure that on a person level Richard is a nice guy, a fine upstanding British Citizen, but at the risk of violating Godwin’s Law the attitude he displays is one I find rather unsettling and all too reminscent of Albert Speer’s complaint of never having been adequately rewarded while Nazi Minister of Armaments for his dilligence in increasing war production – his complaint being not that he should have been rewarded as a believer in Nazi ideology merely that, as a bureaucrat and manager, he did his job very well. Richard is, I’m absolutely certain, by no means the only public servant to hold this particular viewpoint – and I can be certain having been part of conversations on the just the same topic myself, some three or so years ago.

Whatever concerns we might have about of civil rights and liberties, it is a simple fact that for many public servants and for the nation’s bureaucracy as a whole, the ID cards Bill is seen as a means to end which makes their working lives that bit easier and which enables them to do thier job just that bit more efficiently – which, in itself, is something that we all need to remember as it highlights one of the key dangers we’re facing here.

Take a good close look at the public ‘architects’ of this bill; David Blunkett, Charles Clarke and yes, Tony Blair as well. Now answer this one question…

… Do you really, seriously, believe that any one of them actually understands the full implications and potential of this piece of legislation, even allowing for the fact that Blair is, himself, a barrister?

No, me neither. Blair is well noted for his lack of technical literacy and I can’t say I think either of the other two have much of better understanding than he does. It’s not simply the Government or the Labour Party who is the ‘enemy’ here but the entire machinery of the State, the vested interests in the public and private sectors who’re pushing hard for this legislation and putting on the hard sell that its the panacea, the solution to everything from terrorism to immigration, identity theft to welfare benefits fraud.

We’re not talking conspiracy theories here and certainly not gettng into the whole business of the Bilderberg Group, Illuminati or even Freemasonry – simply a whole raft of otherwise reasonable people whi, like Speer, either cannot or will not consider the wider picture of what this legislation may really lead to in the long term.

In truth, when it comes to ID cards themselves, Monjo has an eminently defensible position. Even given the current doubts about the reliability of biometrics as it stands today the principle of everyone having an ID card which can be used to accurately verify their identity would undoubtedly have many potential and practical benefits, not least in combatting identity theft.

While no system could be considered absolutely foolproof, claims that some are making that the ID cards themselves could be easily forged or falsified don’t really hold water when you understand exactly how they would work for the simple reason that in order to produce a fake ID card would require not only the card itself but also a false entry on the National Identity Register which would be possible only by either hacking the central database or via the bribery and corruption of a public official.

A secure, and with improvements to biometric scanning, reliable Nation Identity Scheme is perfectly possible, if not right away then certainly within the next 10 to 15 years – but, and this is why the technical community is up in arms, such a system does not require the kind of intrusive all-encompassing indentity register that the Government are proposing no, even, does it need to reveal any personal data to anyone in the process. Identities can be verified using using what, in cryptography, is called a zero knowledge proof.

There is no logical reason for having a National Identity Register which contains what are, in IT terms, are a series of database keys which would allow the State to locate and unlock all manner of information about an individual let alone on which also provides, without legal restriction, a key which can be used by the provate sector to tag personal information in such a way as to allow it to be readily identified.

It’s this, and precisely, this related key infrastructure that I object to so much, that and the audit trail which allows the Government to track all requests for verification of your identity and which, therefore, makes real-time tracking of your movements and actions a real possibility.

This feature of the National Identity Register makes possible a whole range of things which would, if put into practice, create the single, most all-encompassing public surveillance system ever created – one capable of the most massive intrusions into your private life.

One Act of Parliament is not going to plunge us all into an Orwellian nightmare of state scrutiny of every aspect of our personal live, that’s true. In fact if only it were that simple as then the majority of people would see this Bill for what it really is – the biggest threat to civil liberties that we have ever faced.

It’s not a case with our rights and freedoms that it’s ‘here today and gone tomorrow’ rather we’ll see the slow and gradual erosion of freedom over time, one little piece at a time and every piece wrapped up and packaged just so, just in the right kind of terms and the right kind of language to make it all seem oh so very reasonable and rational.

Take a straightforward and very contemporary problem – how about the overpayment of £2bn in tax credits, most of which stems from ineffciencies in the tax credit system – people get overpaid due to simple human errors or, more often than not, because of a lag between their circumstances – and their income – changing and the system catching up with those changes.

Wouldn’t it solve this problem if, say for instance, the Inland Revenue could make automtic adjustments to these payments without relying on people to report changes in income by being permitted, instead, to monitor salary payments as they hit your bank account? Think of the convenience of it all, of never having to worry that they may have got a payment wrong because your salary is tracked authomatically as it reaches your bank account and all thanks to the wonders of the National Identity Register.

How many people do you think would swallow that particular argument? How many would justify just such an intrusion on the grounds that ‘you have nothing to worry about, if you’ve nothing to hide?’

What then if we apply this same idea to the matter of benefit fraud? The principle is pretty much the same – if you bank account(s) show income arriving which you’ve not declared then ergo, it must be fraud and, once again, if you’ve nothing to hide you’ve nothing to fear.

But then, people don’t just defraud the system by failing to declare income, the also do it by – for example – claiming incapacity benefit or disability benefits to which they’re not legitimately entitled.

What should we do here? I know, why not permit doctor’s working for the DSS to have access to claimant’s medical records? After all, its easily done thanks to the recording of NHS Registration numbers on the register and, yet again, if you’ve nothing to hide then you’ve nothing to fear.

Ah, but, none of this eats in to the ‘cash-in-hand’ economy does it? Except that how many of even think about the information being gathered everytime we hand over a ‘loyalty card’ at the supermarket – you think that all that’s being tracked is your points and not the complete record of everything you purchased and how much you spent?

And how many shops now ask you for your name and address details when you buy something ‘just for their records’ or so the can notify you of any ‘special offers’ which might interest you?

How far away do you think we are from those same shops saying – oh, don’t worry about giving us your details, we’ll just scan them straight off your ID card…

… and when enough shops are doing that how difficult then is it concieve of the argument that we might, just might, be able to track down people defrauding the system via the ‘black economy’ if only we could use the data that’s own their to look for ‘anomalies’ in what they’re buying and how much they’re spending.

“Mr Smith – our records show that you recieve £150 a week in benefits yet it seems that your expediture is currently running at £300 per week and we know you don;t have any loans or savings – care to explain that?”

And all because if you have nothing to hide then you have nothing to fear.

Drip. Drip. Drip…

There goes your civil rights and your freedoms and all without ever realising just how much you’re losing as it all slips slowly away – because every time the State comes back with a new suggestion for how it could use the data it can access via the National Identity Register it all seems so very reasonable, such small things, in fact just the kind of things that you have no reason to fear…

…because you’ve got nothing to hide.

Now to be fair to Monjo, he’s by no means wholly ignorant of the possibilities – why else would he note, at the end of his piece, Juvenal’s warning – Quis custodiet ipsos custodes?.

Who Guards the Guardians? If not us then, indeed, who?

I wonder if anything written here may change his mind?

  • Dave

    Has anyone considered the option of simply raising the costs to high st banks of I/d fraud so high that they, between them, take the lead in pioneering biometric identifiers onto their cards, leaving the citizen the option of adding, suitably encrypted, whatever further personal data s/he cares to – largely with the benefit of carrying a ‘one card that does all’ around with them rather than the dozens I carry today?

  • Dave

    Just to anticipate one counter, the underclass who don’t have bank accounts could very easilly be given a card (issued by the post office or whoever) once the thing had reached the tipping point where not having one left a person socially excluded.

  • Ed

    For all the talk of Orwell, what the ID card bill reminds me of most are the series of novellas written by Robert Zelazny in the early 70s and published together in the volume “My Name Is Legion”. They all deal with a society where everyone is tracked and monitored, beginning with the attempt to track every unit of currency moving throughout the world.

  • Unity

    There are numerous extrapolations of the notion of the ‘database society’ shot through SF – just think of the film version of Phil Dick’s ‘Minority Report’ and the personalised advertising horading which used retinal scans as one example.

  • “Even given the current doubts about the reliability of biometrics as it stands today the principle of everyone having an ID card which can be used to accurately verify their identity would undoubtedly have many potential and practical benefits, not least in combatting identity theft.”

    I have to disagree with both Monjo and yourself on this point.

    How exactly will the Government’s ID card scheme be of any use in “combatting identity theft” ?

    There is no such crime as “Identity Theft” or “Identity Fraud”, iit is not tracked by the Home Office through the British crime Survey or through the endless bureaucratic form filling that wastes so much police time and manpower.

    How will a biometric ID card prevent any “customer not present” credit card fraud online or over the phone ?

    How will it prevent bank detail “phishing” emails and websites ?

    How will it prevent drug addicts from being paid to rifle through people’s rubbish bags to steal unshredded credit card and bank statements ?

    The amount of Welfare Benefits fraud estimated by the Department for Work and Pensions to involve some sort of false identity is less than

  • Unity

    > “Identity Fraud” does NOT “cost the UK

  • Thanks for linking to my article. I updated it a little since your post. To clarify a few points:

    1) The “official” fraudulant identity claimant figures are going to be deliberately low.
    2) False circumstances is ~= false identity: the national database will make your circumstances and entitlements perfectly clear.
    3) I am against a means-tested welfare state and suggest a Citizen’s Basic Income (CBI)
    4) Dave: Yes. And your second proposal is closer to a “National Bank account” that every citizen must have, rather than a Personal bank account with a commercial bank.
    5) Web merchant practices were designed poorly, and most credit cards allow delivery to the non-cardholder address and there basically is very little security.
    6) My support for the National ID cards and database is part of an overall strategy of flat tax, CBI and paperless money. Massive social changes.

  • Good Post!

  • >As for the issue of ‘customer not >present’ fraud, you’re talking >about a technical problem which >in the future will, I’m sure, >lead to a technical solution.

    If you can think of one, you could be very rich. 😎

    At present the risk is just passed on to the merchant who then raises his prices to the consumer.

    >Just extrapolate here for a >moment, if you will. With ID >cards in place how long do you >think it will be before a USB >card/biometric reader hits the >market as an ‘option’ for people >who want more security for their >online transactions?

    >Not long? In fact about as long >as it take to produce a reliable >reader at a price the market will >bear… and people will buy into >such a thing, trust me on this.

    These exist now for a few tens of pounds, but Biometric Identifiers are fundamentally not suitable for remote , unsupervised, online transactions.

    I can’t even recognise my own fingerprints etc., let alone anybody else’s,. There is simply no way to guarantee that the fingerprints/iris scans/facial scans being presented are not a replay of a previous genuine session, especially over a USB bus (which can easily pass data to an extra USB device plugged into it ), connected to a Windows PC connected via the Internet. The risks from viruses, trojans, credential sniffers, false front skimming devices (as used now on Bank ATMs) etc. are totally unnaccepatable for a system which is meant to allegedly reduce “identity theft or fraud”.

    There is no way that the National Identity Register can be simply connected to the Internet, without coming under massive legitimate load and deliberate denial of service attacks.

    The security standards needed have to be far higher than for mere online credit card transactions, where the most you are risking is a few hundred pounds and where your credit card or online banking passwords can be changed if they are compromised. With the reliance of Biometric Identifiers comes inflexibility – short of major surgery, you can never change your Biometric Identifiers for the rest of you life, and even non-exact copies of your fingerprints or iris scans etc. will pass the statistical tests to allow replay and impersonation of a “customer not present” online transaction.

    >I stand by what I said, a zero >knowledge proof based ID card >system is both workable and >infinitely preferable to the >system being proposed by the >Government.

    There are dozens of different possible ID schemes which the Government could have opted for, from the German ID card system with just a Photo ID , printed to the latest banknote anti-forgery techniques, with , by law, no centralised government database, to SmartCard based ones which include Digital Certificates for online transactions, currently being issued in Sweden, Belgium, Estonia etc., even Biometric Identifier systems which make the ID card harder to forge, but which keep everything on the reasonably tamperproof card itself, but which store no personal details on a centralised database.

    None of these options have been explained or debated by the Government (they certainly have not listened to the likes of Stefan Brands on zero knowledge schemes), they have just come up with a hugely complicated and potentially repressive scheme, with some vague hope that technology will magically fix various social problems on the cheap.

    There are various discussions going on about “reasonable” alternative ID schemes which may be more feasible and less brutal than than NuLabour Government’s proposals e.g. over at Ideal Government which is contributing to the London School of Economics Identity Project, which produced an interim report which was often quoted in the debates in Parliament on the previous version of the Identity Cards Bill, and which recently came out with the revised cost guesstimate for the scheme of at least

  • Unity, the examples of freedom you give are;
    the freedom to work cash in hand
    the freedon to defraud benefits
    the freedom to defraud tax authorities

    Why should people have THESE freedoms?

  • mike smith

    People should have the right to work cash in hand and defraud the benefits system I think if theres a genuine financial need and yourself and family are going to suffer hardship or poverty as a result of not doing so, or the legitimate job you do doesn