Feeds

Plan B from Petty France - the other UK ID card

Or more properly, the real one?

Providing a secure and efficient Helpdesk

Passports are issued under Royal Prerogative, effectively executive powers of the monarch which are exercised by Government Ministers. These powers include the right to grant and revoke passports, exercised by the Home Secretary and the Foreign Secretary.

Three years ago Parliament's Public Administration Select Committee suggested that this and other aspects of the Royal Prerogative (starting wars, that kind of stuff) be put on a more formal statutory basis, but the Department of Constitutional Affairs declined to pursue the matter, observing on passports that "successive Governments have taken the view that the non-statutory system has worked well and that change is not required."

The Government did, last year, say that it could add fingerprints to passports via the Royal Prerogative, but as all of the Passport Service's identity-related plans are going ahead with or without the ID Card Bill, clearly it's all happening under the Prerogative.

Which you might reckon stretches the legal framework well beyond breaking point. Lack of Parliamentary oversight? You ain't seen nothing yet.

It is practically impossible to justify the UK Passport Service's identity management plans as being encompassed by a Royal Prerogative intended simply to cover the granting and revoking of passports, even taking into account the requirements of new international standards. As far as biometric passports are concerned, it's been pointed out repeatedly (not least by The Register that in order to conform to ICAO standards the UK need only add a chip containing a digitised passport photograph to existing passports (which is what the Passport Service is actually doing for biometric passport phase one in this very quarter).

There is no need for a biometric database or online checking, because the thinking underlying the ICAO biometric passport standard is that it should be possible to link the bearer to the document by locally checking the bearer's biometrics against those held on the document. So long as you're confident the document isn't forged or fraudulently issued, you don't even need to keep the biometric data in a database - you could even, as some countries intend to do, just throw it away. You know the document is genuine, hence you know the person is genuine, and you don't need any other information.

Nor (we've said this a lot too) does the UK need to add fingerprints to its passports. The EU's Schengen countries are currently committed to do so, but the UK is not a Schengen country, and does not have to conform to this standard. But again, if we wish to add fingerprints in anticipation of their becoming a widespread international requirement, we could do this on the basis that the individual was matched locally against the document, and for the specific purposes of passport issue and administration we do not need to have the fingerprint data online, or even retained.

There's clearly an argument that even the Passport Office's move from document-centric to person-centric and the consequential construction of its version of the NIR steps beyond the Royal Prerogative (which covers documents, not people). The assertion, "All of those items are coming anyway, and the passport service will have to provide for them" most certainly goes many steps beyond it.

There may well be arguments that commercial demand (should such a thing really exist) for identification services from Government should be met, and we may all view it as a good idea for a database of all UK citizens' fingerprints to exist to allow for "the checking of unidentified fingerprints at scenes of crime" (which was put forward by Baroness Scotland as one of the "extra benefits" of the ID scheme). But it is by no means obvious that the Passport Service has the powers to provide these things, that it is the appropriate department to do so, or that providing them via a centralised Government identity monopoly is the sensible way to do it.

If the ID Cards Bill becomes law, then the legal framework changes. The legislation could be said to place the Passport Service's identity operations on a statutory basis, overseen by the new authority the Passport Service will become, and therefore "all of these items that are coming anyway" will be retrospectively legitimised. But if the Bill doesn't become law, and all of these items continue to come, anyway, then there will be a whole growing edifice there we should be asking a lot of hard questions about. And under the circumstances, maybe the Queen should be asking a few herself... ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.