It is, I would suggest, an axiom of dealing with this current government that whenever they go on a major PR offensive the first thing you should do is look around for what’s being quietly snuck out the back door in the hope that no one will notice.
So, in view of today’s ‘charm’ offensive on ID cards – which, typically has been long on offensive and short on charm – it should come as no great surprise to find the sudden appearance from the bowels of the Treasury’s website, of a report by Sir James Crosby entitled, ‘Challenges and Opportunities in Identity Management‘ (pdf) which was commissioned two years ago and that there are some very good reasons why its been slipped quietly out in the hope that no one would notice.
(Correction – my first info on this was that the report itself was two year’s old, which is what appeared in the original post. My understanding is that is it is technically a new report, although how long its been sitting around in the Treasury awaiting release is not certain. However Crosby did provide a preliminary report to the Treasury a year ago and my understanding is that the ‘meat’ of the current report was already in place even then, all that’s been added since is some of the detail on how Crosby’s ideas would operate in practice. The confusion over dates has arisen here as this report has been on the ‘known but unpublished’ for quite a while, like the Gateway review that Spyblog is chasing though the Information Tribunal, as is one of several key documents that its known the government has been ‘sitting on’ for quite a while.
Suffice to say, as you’ll see, almost everything Crosby recommends has been ignored by the government’s new roll-out strategy)
As the report runs to 54 pages in full, I’ll be sticking to the recommendations in its summary section and contrasting Crosby’s recommendations which what the government actually legislated for – that’ll be more than enough to explain the Treasury’s reticence when it comes to releasing it.
The section itself, sports the title, ‘To realise the greatest economic and social benefits every aspect of an ID card scheme should be designed from the consumer’s perspective…’ which is, of course, precisely the opposite approach to that taken by the government, who designed their system entirely from the perspective of making the citizen’s identity a commodity managed by the state.
Crosby goes on to set out 10 core principles for an ID system, the contrast between which and what the government actually put in place is particularly illuminating.
1. The purpose of any scheme should be restricted to that of enabling citizens to assert their identity with ease and confidence. The scheme should set targets for the quality of assurance achieved at enrolment and verification, which should generally exceed those achieved elsewhere, and it should regularly report its performance against those targets.
Forget all the management-speak about targets, the key point here are Crosby’s vision of the purpose of ID cards – ‘enabling citizens to assert their identity with ease and confidence’ – not combating terrorism, controlling immigration, curbing fraud or any of the other spurious justifications advanced by government during recent years, and that he set’s out a ‘golden rule’. The system, above all else, should work, while its far from certain that the actual system will given the number of technical critiques published over the last couple of years which demonstrate that the technology required for recording, storing and validating biometric information is still markedly flaky and unreliable.
2. The scheme’s governance should be designed to inspire the highest level of trust among citizens. It should be operated independently of Government (say, accountable directly to Parliament) and in principle its processes and security arrangements should be subject to the approval of the Information Commissioner, who should have the power periodically to review delivery.
The actual system is operated by the Identity and Passport Service, is directly accountable to the Home Office and its processes are security arrangements are definitely not subject to the approval of the Information Commissioner.
3. As a matter of principle, the amount of data stored should be minimised. Full biometric images (other than photographs) should not be kept. Only non-unique digital representations of biometric images should be stored. Additional data accessed during enrolment and records of verification enquiries should not be retained. All data and systems should be protected by state of the art” encryption technology.
The government system includes photographs and unreliable facial biometrics, a full set of fingerprints and iris scans not to mention (by my quick count) 47 different pieces of personal information including the obvious (name, address – plus previous addresses, date of birth), serial numbers of a range of official ‘documents’ including National Insurance, Passport and Driving Licence numbers (and any immigration documents) and a audit trail that records every single occasion your data is accessed which, amongst other things, will be a complete record of where you were and what you were doing every time you’re asking to verify you identity using an ID card or Passport.
Where or not the system uses ‘state of the art’ encryption I’ve haven’t had time to check.
4. Citizens should “own” their entry on any register in the sense that it should not be possible, other than for the purposes of national security, for any such data (to include digital representations of biometrics) to leave the register without their informed consent. Verification of identity should be performed without the release of data.
Most of the information mentioned above is not only held in the system but can legally be disclosed to and recorded by third parties – including the private sector – when you use your ID card and the only legal protection you will have if any of that information gets into the wild will be the woefully inadequate (but better than nothing) Data Protection Act.
Crucially, amongst the disclosable information in the actual system is the National Identity Registration Number (NIRN), the serial number that uniquely identifies you and which can, and will, be used to tie together every single piece of information about you that the state possesses – from your tax and benefit records, to your medical records and any criminal record, to council tax payments, you entire life in digitally-recorded data, all in such a way that everything about you that is known by the state can be traced from that one number given the right systems access – or a badly secured system.
You know how you’re always being told that your medical records, and such like, won’t go on the system? Well that sort of true – they won’t go on the system because there was never a need to even think of putting them on the system, not when you can put the NIRN onto them instead and get to them that way.
And here’s the real kicker, folks – the NIRN, as I mentioned, can be legally disclosed to a third party, even those in the private sector, which means that just about every piece of information they hold on you can also be tagged with the NIRN – bank accounts, mortgage records, loan applications, supermarket loyalty cards. Any time you have to prove who you are to someone they can, quite legally as the law stands, grab your unique NIRN and once they have that and your data is tagged with it then they can easily talk to other private sector companies who hold information about you and who’ve also got your number and well… compare ‘notes’.
We’re not just talking about an all embracing, integrated state-owned data system here but the means to developing parallel systems in the private sector under minimal legal control – and that neither speculation or paranoia but a stone cold certainty because amongst the early ‘adopters’ once this system goes live with be the banks, finance companies, mortgage lenders, insurers and – of course – the credit reference agencies to whom all these other institutions ‘talk’ in order to try an find out as much as they can about you before doing business with you.
Scared? You should be… because in these systems you don’t ‘own’ your personal data, its your personal data, and whoever’s got their grubby, conniving, paws on it that’s going to ‘own’ you.
5. Enrolment processes should be different for individuals with different circumstances, and change over time so as to minimise costs and give citizens the simplest and most hassle-free experience consistent with the achievement of the published assurance targets.
Yes, they’ll be so easy that you’ll be required to attend a ‘registration centre’ where you’ll be required to turn over your biometrics, give them the basics of your life story and face an interrogation cum quiz about your own life by a resident pen-pusher in order to prove you are you, just to get the damn card and surrender your identity to the all consuming maw of the state.
6. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.
What was that today? 2017 before they expect to have us all by the short and curlies?
7. Citizens who lose cards or whose identity is compromised should be able to rely on their cards being replaced or their identity being repaired quickly and efficiently and in accordance with published service standards.
As long as cough up more cash and the state doesn’t decide that you’ve gone and lost anything on purpose, in which case you can be summarily fined.
8. Technically the scheme’s systems should be closely aligned to those of the banks (both initially and in the future) so as to utilise their investment, de-risk the scheme’s development, and assist convergence to common standards across the ID assurance systems and processes deployed internationally by banks and other national ID card schemes.
Which is, of course, more or less what will be happening although I doubt the kind of alignment Crosby had in mind ran quite as far the kind of parallel private sector data systems I mentioned a little earlier.
9. To engage consumers’ hearts and minds on the scale required, enrolment and any tokens should be provided free of charge.
Mwahahahahahahahaha… I can only imagine how this went down with the Treasury goblins.
‘He want us to do what? Give the cards out for nothing? The man’s obviously completely off his rocker?
10. The market should play a role in delivering a universal ID assurance scheme. This will improve the ease with which consumers can use the scheme and minimise costs.
Well, this is the one recommendation that the government did manage to deliver on. They’ve certainly ‘involved’ the market and the market has been all too keen to get involved what will all the big fat Crown Assured contract on offer…
…just like the one’s they got from other departments for delivering IT systems that go humongously over-budget, don’t work properly and then have to scrapped and replaced at an equally humongous cost to the public purse because the government could purchase a laptop without fucking something up somewhere along the line.
Now, having read all that, is anyone up for a game of ‘spot the difference’?
Or maybe you’d prefer to speculate on what this report might have done to the debate had it been commissioned before the Identity Cards Act passed into law.