The draft bill can be downloaded from the Home Office.
General
I am opposed to the proposal to introduce a national identity card on both principled and practical grounds. Analyses of other countries with ID cards in place show no proven benefits in terms of cutting fraud, reducing crime or tackling terrorism and there have frequently been examples of forged identity cards as well as evidence that they have had a negative effect on community relations.
In particular I believe that ID cards should not be introduced without significant privacy laws safeguarding their use. The UK does not have a written constitution. Every other country that has a system of compulsory identity cards also has a written constitution that safeguards privacy. As the relationship between the state and the citizen is not properly defined in UK law it is too easy for the government to expand the uses of the card and lower the safeguards on data sharing. This is demonstrated in the Draft Bill as the Secretary of State reserves powers to change or add to the provisions and many of the new offences will be prosecuted as a civil matter by the Secretary of State, who will also decides on appeals against the penalties he imposes . These powers should not be introduced without adequate safeguards.
I do not agree with the stated benefits of the proposed cards. For example, systems are already in place to prevent illegal immigration and working. Employers are already obliged to request identification and entrants to the country are obliged to give fingerprints for the purposes of the Application Registration Card (ARC). If unscrupulous employers do not ask for existing documentation and the Home Office does not enforce existing laws I refute the suggestion that an ID card will have any impact on this situation.
The faith in biometric data is also alarming. The leading U.S. biometric system was cracked by a group of Japanese students within a term in 2003 but the proposal encourages total faith in the ID card and associated biometric data. If the card is trusted too much, and used as a gateway to a multitude of public services and entitlements, the market in forgeries will be high. I suggest that having to provide multiple forms of ID is a barrier to ID fraud, a single card makes it easier.
Concerning the specifics of the draft bill, I consider the fines of £1000 for failure to notify the Secretary of State of any change in their details held on the register (Clause 12) excessive. Moving house, for example, is a very stressful and expensive event and updating one's entry on a national database is unlikely to be a top priority. In addition the idea that you could be a victim of a crime and yet be considered a criminal for forgetting to mention that your ID card has been stolen along with your wallet, keys etc is ludicrous.
Overall I feel that potential fees for individuals are excessive. Fees can be charged for registration, modification, issue of cards etc. suggesting significant ongoing costs to every card holder, in particular those who need to update their details regularly such as students or tenants changing address. As the government is claiming that ID cards will prevent significant benefit abuse I propose that these savings should be used to finance the cards rather than the individuals who have no choice but to register.
I also feel that the financial penalties are targeted, incorrectly, at cardholders instead of those managing the scheme. There should be strict penalties in place for the government and any corporation involved in the scheme in cases where individuals are inconvenienced by faulty ID cards or if their data is disclosed without correct authorisation. There should also be stringent safeguards in place to prevent private companies using any of the data for any purpose outwith the management of the ID card scheme.
Specifics
1) proposals for a National Identity Register as set out in Clauses 1-3 of the draft Bill (paragraph 2.12);
Clause 1(1)
As the system relies heavily on a largely untested (on this scale) combination of new technologies, this amounts to a blank cheque to the suppliers. The Bill should provide a mechanism to quickly and easily suspend or terminate this duty in the event of spiraling costs, persistent security problems, or any other unforeseen circumstances. This should mirror the requirements for extending the scope - a draft of the order laid before Parliament and approved by a resolution of each house.
Clause 1(4g)
Holding "numbers allocated for identification purposes and about the documents to which they relate" appears to require the holding of keys into other databases. This is a huge loophole - any information not covered by this bill could be held in a separate database. It is very common to tie databases together with keys such as this, making them act as one. This could completely defeat all of the safeguards discussed in the consultation document. This makes most of the Bill irrelevant as these other databases are not included in it's scope - it is possible that such a link could even be used to create a second database (which would fall outside the scope of this Bill) with a mirror of the tightly guarded access log.
Clause 3(2c)
Remove the word "appropriate" to make sure an individual has the right to record (where practical) a response to disputed information in the database. Subjectively filtering information before entering it into a database can pollute future statistical analysis.
2) proposals for the issue of ID cards and designation of existing documents as ID cards as set out in Clauses 4, 5, 8-10, 12 and 37 of the draft Bill (paragraph 2.23);
Clause 5 (5a)
Expenses should be paid in advance to cover the cost of travel required under the act. Otherwise this is a hidden cost which could be burdensome for some once the cards become compulsory. Expenses paid for jury duty could provide a model for this.
Clause 37 (1)
Charging fees to amend an entry will stop some people sending in modifications. Fees to confirm information will reduce the accuracy of information even further.
Fees for disclosing information, coupled with the requirement to check the register (by new employers, banks, etc.) amount to an inefficiently collected tax - the actual cost of querying a database is negligible.
Fees could be used to manage the database load and reduce police/security services "fishing expeditions" by charging a small flat rate for each record searched and returned. This would encourage efficient use of the database through more tightly defined queries, and should discourage abuse of statistics - 60 million records will hold a vast number of highly improbable coincidences.
3) data sharing of information that needs to be checked in order to issue identity cards as set out in Clause 11 of the draft Bill (paragraph 2.32);
Clause 11 (2)
"appears to a designated documents authority" seems to require information to be released even when it may not exist. A statement saying the information requested does not exist should be a permitted response.
4) disclosure of information from the National Identity Register without consent for the prevention and investigation of crime and on grounds of national security as set out in Clauses 20-24 of the draft Bill and also on the options for oversight in clauses 25-26 (paragraph 2.39);
Clause 26 (4d)
This should be removed. Publication should not be withheld to avoid embarrassing a public authority - the previous reasons for withholding (national security, prevention and detection of crime, or the economic well-being of the UK) are sufficient.
The National Identity Scheme Commissioner is powerless, but the register is too open to abuse to be run without strong independent oversight.
Empower the comissioner to require the Secretary of State to financially compensate individuals whose records are inappropriately disclosed. If the disclosure is made by a third party then the associated contracts and agreements should include a mechanism for reclaiming these amounts. This should apply irrespective of circumstances unlike clause 29 (3) where ignorance is a defense.
In the event of serious failings in the operation of the register, The Commissioner should be required to recommend the suspension of the register by presenting the appropriate order directly to Parliament (as explained above).
5) criminal offences and civil penalties relating to identity cards as set out in Clauses 27-36 of the draft Bill (paragraph 2.45);
Clause 27 (3c)
I can not see any justification for this offence, as existing theft and fraud laws seem to cover the real crimes. Good Samaritans found with someone else's card should not be required to make an excuse. At the very least proof of intent to fraudulently use or supply for fraudulent use should be required to make this an offence.
6) wider identity fraud issues as set out in Clauses 27-28 of the draft Bill (paragraph 2.50);
7) the power to set a date when it would become a compulsory requirement to register as set out in Clauses 6-7 of the draft Bill (paragraph 2.58);
A public consultation should be required before the draft order for compulsory registration is laid before parliament. The current consultation is happening before the specifics (or even basic identification technology) of the system are known - prior responses will be largely outdated by then.
8) the power as set out in Clauses 15-19 of the draft Bill to make Regulations on the use of a card, where existing powers relating to the service concerned are not adequate, including views on the provision described in paragraph 2.64 and how it may be enforced (paragraph 2.71);
These clauses create a framework for future regulation to require ID checks without public consultation. I believe very few people really understand the amount of information which can be gleaned through the database of these checks. Each individual check will seem reasonable, but the cumulative information is very powerful. Unfortunately individuals are unable to see even their own access records, so are unlikely to realise how invasive the technology really is. This is why the role of the Commissioner must be strengthened, or the oversight board given powers in the bill.
9) proposals on the application of the draft Identity Cards Bill and the use of identity cards in Scotland, Wales and Northern Ireland (paragraph 2.78); </p>
10) options for a governance structure for the identity cards scheme (paragraph 3.11).
Governance requirements should be written into the Bill as they are an integral part of the system. The governance body should be completely independent of the operation of the system (i.e. not part of the Home office) as that would be incompatible with it's oversight role. The body should be required to conduct regular independent audits of the system in general and its security in particular.
Other comments
It is unclear exactly what the proposed identity cards are intended to achieve. Without a clear idea of the goals of the project, it seems highly unlikely that it will provide any significant return on the massive investment required. The case for identity cards has not been proven - the previous consultation sited in the forward regarded entitlement cards, and the accompanying vague references to terrorism do not form a coherent argument.
The bill places an obligation to implement the system on the Secretary of State and it would be naive to expect the suppliers not to understand and abuse this. The bill should require the Secretary of State to suspend or even terminate the Bill subject to parliamentary approval if key goals are not met. This should help to keep suppliers focused on the key requirements of the project, improve the governments negotiating position, and provide a quick emergency release for the straight jacket the Bill will place on the Secretary of State.
The concentration of information in a single database will inevitably lead to security breaches. The proposals should include compensation for an individual whose information has been disclosed inappropriately.
The Bill seems to place too much faith in the integrity of the system. It will both contain and make mistakes. If there is too much faith in the system then false-positives could have serious consequences, if there is too little then the system is worthless. The more faith in the system, the higher the value of a successful attack against it's security, so the more of a target it will be to sophisticated attacks. Without a full understanding of the purpose of identity cards it will be impossible to appropriately weight the security of the system. Inappropriate security reduces accuracy through either successful attacks or front-line shortcuts/workarounds (checks are skipped, etc.)
Unlike a password a biometric ID can't be changed. What happens when one is compromised?
For example, we leave our fingerprints on most things we touch - it has been repeatedly demonstrated that household equipment can be used to copy a fingerprint and fool a detector. Some people have very faint fingerprints (particularly after building work, etc.) and skin complaints such as excema can render them useless for automated verification.
