Feeds

Is it a passport, an ID card, or a fiddle? A minister explains

We analyse McNulty's train of logic

SANS - Survey on application security programs

Analysis Government contributions to last week's debate on the third reading of the ID Cards Bill were largely unenlightening, with Charles Clarke in particular confining himself to reading from his flash cards ('will help to control the Big Brother state', 'ID fraud costs £1.3 billion', 'a third of terrorists use false ID'), but a couple of his minions were helpful (inadvertently, we assume) on the subjects of inevitability and finance. Do we have no choice, because the world is moving to biometric ID? And how is it that despite costing £93 for combined ID and passport and £30 for just ID, the ID card is somehow not costing us anything really?

That second one's a toughie, but Home Office Minister Andy Burnham took a stab at it. Alongside this he presented a fascinating 'proof' of how the money to fund the scheme would kind of emerge, but nevertheless wasn't available to fund the extra police the opposition says we should spend it on, because it didn't exist - or something. But life's too short - let's take the inevitability of biometrics.

Walthamstow Labour MP Neil Gerrard had moved an amendment which was intended to decouple passports and ID cards, his argument being that the initial 'voluntary' nature of the ID card was illusory, because in order to travel freely you will need a passport, a passport will be a "designated document" under the ID card scheme, and in order to get a designated document you will need to be entered on the National ID Register. Gerrard's amendment therefore sought to allow the passport applicant to choose whether or not they wished to be entered on the NIR, thus removing compulsion.

This would have broken the artificial linkage the Government has created between passports and ID cards, and left ID cards to sink or swim on their own. This would have been deeply unhelpful for a Government which desperately wants ID cards, and desperately wants everybody to believe that it's all the fault of the International Civil Aviation Authority.

The truth is however simple. Currently, ICAO wishes to establish an international standard for what it terms a biometric passport. The current requirement for this is merely for passports to include a digital image of a photo, this image to be held in a chip in the passport. So it's perfectly possible to comply with ICAO standards without forcing applicants to attend centres to be snapped by cameras with added biometric secret sauce; an ordinary picture, sent through the post if you like, would do. And, as it happens, this appears to be pretty much what the Government proposes for overseas passports. In addition, overseas passport holders will not only not be required to accept an ID card - they won't be allowed one because, not being resident in the UK, they don't qualify. So actually, while the Home Office is telling us that the decoupling of passport and ID card is impractical/impossible, the Foreign & Commonwealth Office is building that very system for British passport holders who don't live in the UK.

During the debate, Home Office Minister Tony McNulty argued the Government case as follows: "As I understand it... all parties agree on biometric passports. That is on the record. One cannot have biometric passports without the infrastructure we are talking about bringing in by 2008." [Which is, as we have already established, not true] "By infrastructure, I mean contact centres and how we capture biometrics. Everyone should agree as a starting point that that is necessary for the biometric passports on which we all agree. The argument is not about how many centres there should be; 70 may be enough with mobile facilities, but it may not be enough. That is a matter of detail that, of course, needs discussion in terms of the roll-out of biometric passports, which will happen whatever happens to the Bill tonight. That is a position with which every party in the Chamber agrees."

Spot the technique? If you argue that enrolment centres are an absolute requirement for biometric passports, then everybody who accepts that biometric passports are inevitable must also accept that the centres are inevitable. Having established this to at least his own satisfaction, McNulty begins to move on towards the inevitability of the National ID Register: "The argument, put quite fairly by my hon. Friend the Member for Walthamstow [Neil Gerrard], is about the link beyond that [passports and centres] to ID cards... unpicking the ID card from the passport would drive a coach and horses, to coin a phrase, through the entire structure of the system that we aim to produce. I freely accept that that may be what my hon. Friend the Member for Walthamstow is seeking to do, but we must not run away with the notion that we will not have biometrics if this Bill fails. The question of whether 70 contact centres will be sufficient to do the necessary biometric work will not go away, as all parties agree with biometric passports."

Note here that McNulty says the amendment would wreck "the system that we aim to produce", which is true, whereas 'the system we have to produce' would not be. Repetition of the contact centre and biometric passport refrain therefore serves as a sort of chorus to reinforce the message of inevitability, and draw the attention away from the join. On, then, with the system we aim to produce:

"My hon. Friend the Member for Walthamstow and I disagree, but my contention is that the two processes involved — in securing the biometric passport from 2008, and in registering people on the database and securing the ID card — are virtually the same. Given the facility and proximity of those two processes, it would not be fair to ask people to submit information in respect of passports and then do the same thing again some way down the line."

That's quite neat. The Government frequently argues that, given that we have to make the passport investment, we might as well go the (it claims, short and inexpensive) distance from there to ID cards. But notice that this isn't the argument McNulty uses here. He is actually treating ID cards separately from passports while simultaneously treating the two as virtually the same thing. Biometric passports are something we have to do, while ID cards were an election promise made by McNulty's and Gerrard's party. If it's to fulfil this commitment the Government actually will need people to report to the network of contact centres, and it would indeed be unfair to ask them to report twice. Of course, they only have to report twice if you accept the prior argument that they have to report the first time in order to get the biometric passport. If you don't accept this, then the truth that it's the ID scheme alone that needs the contact centres becomes perfectly clear.

McNulty might have been poised to give us more of this excellent stuff, but unhappily, he ran out of time, and the amendment went to a vote. Naturally, the Government won. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.