Feeds

The Great 'standalone' ID card Swindle

What it really meant, what you'll really get

  • alert
  • submit to reddit

High performance access to file storage

The real decision

Despite all this the Home Office really is acting on an issue that was covered by the Home Affairs Committee enquiry, but it's not an issue of form or packaging - it's about standards and deadlines. The Committee expressed its doubts here as follows: "The type of card to be used is a decision of the same order of importance as the architecture of the database, since it has consequences for issues such as how the card will be used and the number of readers and the infrastructure needed... Some choices, such as the nature of the chip, seem to follow a decision to use the passport as an identity card (and therefore follow ICAO) rather than an independent assessment of what would be the most appropriate for an identity card."

The Committee here is concerned about what it perceived as a close coupling of the ICAO international passport standard to the ID card, and this concern is not entirely surprising, given that our having to implement the passport changes was an early Blunkett justification for going ahead with ID cards as well. But the needs of the two kinds of document differ.

ICAO requires a facial image as biometric, with fingerprint as an optional second biometric, while practicalities and technology dictate that fingerprint is the most viable biometric for a national ID card. ICAO also recommends a contactless chip to be used for storage of the biometric data, so following ICAO would to an extent dictate the nature of the readers to be used. US tests of this technology for its own biometric passports are already highlighting security holes (Bruce Schneier explains why it's a thoroughly bad idea here), and there should clearly be questions about the sense of using it in a system with readers deployed in very large numbers.

The Home Office appears not yet to have decided on the chip and reader technology to be used by ID cards, but by decoupling passports and ID, the latter will "not necessarily be based on ICAO standards" (Home Office response to Home Affairs). But: "There are efficiency savings in collecting biometrics to a single common standard for multiple documents, which may mean that we will use widely-agreed international standards." The decoupling, however, allows it much more flexibility than would otherwise be the case.

The US deadline for requiring biometric passports has been subject to some postponements, and may be postponed again if the US continues to run into problems with its own passports, but the Home Office needs to try to meet it when it actually arrives, so one of the advantages of decoupling ID cards is that passports can move faster. The response to Home Affairs, for example, says: "The United Kingdom Passport Service will start to issue passports with a facial image held in a chip from late 2005 onwards." This sounds ambitious, but if it happened then the UK would just about meet an autumn 2005 deadline.

Europe recently added fingerprint as the second compulsory biometric identifier for European standard passports, but these will become mandatory after three years, as opposed to the 18 months for facial, and it's not therefore so urgent to include them in the earlier passports. Fingerprints can however be collected at the same time as the facial image for the passport, so the government will be able to start building on its database as soon as it implements chipped passports.

The first passports will surely ship without having an ID card issued "alongside" it. Which sounds pretty much like the situation you could have reasonably anticipated prior to the Home Office announcement. There are also reasons why it may not be sensible to push ahead with the specification and implementation of the ID card itself too quickly. Having dealt with passports, Europe's Justice and Home Affairs Council now intends to look at standards for European ID cards, so there will be standards from Europe to take account of within a few years.

But the point is not what shape, size or pretty colour you'd like the bit of plastic to be, or when you get it; the point is that the Home Office gets your biometric details onto its databases as soon as possible so that it can match you against them. If passports can be put out sooner, well, that data can be collected sooner too.

Is it or isn't it?

If we're to be entirely accurate we should note that the Home Office is giving itself the flexibility to decouple cards from passports, rather than irrevocably splitting the two. They, and other identity documents, may show some divergence in the short term, but in the longer term the drive to "use widely-agreed international standards" will exert a pull in the opposite direction. At the moment, however, the change of plans leaves a legal question dangling - could you still use your new style passport as an identity card?

No, that is not a silly question. Allow us to explain. Depending on the chip technology and the readers used for the ID card system, it may not be physically possible for a passport to be used with it, but it could still be perfectly feasible for the passport to be an identity card-type document, which could be verified by other means. The passport could contain all of the information necessary for it to be 'an ID card inside', and it could be legally designated as such by the Home Secretary. The draft ID scheme bill currently gives the Home Secretary the power to designate a wide range of existing documents as legal identity documents, and these are listed as:

  • a passport identity card (valid for travel and issued to British citizens);
  • a driving licence photocard;
  • a residence permit card for foreign nationals;
  • a special residence permit (or 'registration certificate') card for European Economic Area (EEA) nationals;
  • a 'plain' identity card available for those who do not qualify for or do not wish to have one of the other cards.

This section of the draft bill treats identity cards as a "family" of compatible documents, the underlying thinking being that existing classes of document could be upgraded and co-opted, ultimately adding up into a pervasive, universal ID scheme with the last one, the 'plain' card, being brought in to swat the last few holdouts. But if the government is now pushing the notion of a separate ID card to the forefront, the thinking, and this section of the bill, should surely change. Although the Home Affairs Committee report notes this section, the Home Office's response does not appear to cover it. So will, as per plan A, the passport be an identity document, or won't it?

You could ask the same question about the driving licence. Currently, the licence itself is considered sufficient for you to establish your identity when challenged, but once you can use an identity card to establish your identity, will it still be? And if it is (which it should be, because a driving licence system that isn't verifiable against the NIR isn't going to do anything towards weeding out dubious licences from the database), then to what extent is it a more general identity document? There's more than a little of angels and pinheads to these questions, but they perhaps serve to illustrate the pie in the sky nature of the 'standalone ID card' notion. You currently have many differing identity documents of differing strength. Once you have a 'standalone' ID card, you still will, and at the moment it looks rather like the government is making a pig's ear of defining a coherent framework to tie them all together. ®

* We have a legal query. The raw material for consultation documents, the responses, is according to Cabinet Office guidelines retained, and made available for scrutiny on demand. The Cabinet Office (we asked about this) makes some huffing noises about preserving the confidentiality of individuals who may not have understood that their names might be made public, but it strikes us that rules is rules, so tough if that's what we want to know. But it isn't what we want to know at this juncture. The latest ID card consultation document tells us that: "People tend to be motivated to write in because they are opposed to the proposals under consultation", the point here appearing to be that the views of these people (who by definition are going to know something about the subject in hand) should be discounted, while surveys and focus groups (of people who turn out to know stuff-all about the subject in hand) provide a more valid gauge of public opinion. Well OK, if you say so. But if the outcome of a "public consultation" is to be determined via surveys and focus groups, then all of the source material for these should be available for public scrutiny, right? So thank you for the "executive summary", Mr Blunkett, but we would now like to see all the raw data for the surveys used to produce the consultation summary document, and all of the videos, transcripts and notes from the focus groups. We trust this request is in order under Cabinet Office guidelines.

Related stories

Blunkett sets out store on compulsory ID cards
Everything you never wanted to know about the UK ID card
Blunkett poised to open ID scheme offensive tomorrow
Home Office seeks spin doctor to sell cuddly ID card brand
UK ID cards to be issued with first biometric passports
Biometric gear to be deployed in hospitals and GPs' surgeries
UK gov pilots passenger tracking in fight against terror
Tag, track, watch, analyse - UK goes mad on crime and terror IT

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.