Feeds

Plan B from Petty France - the other UK ID card

Or more properly, the real one?

Remote control for virtualized desktops

Passports are issued under Royal Prerogative, effectively executive powers of the monarch which are exercised by Government Ministers. These powers include the right to grant and revoke passports, exercised by the Home Secretary and the Foreign Secretary.

Three years ago Parliament's Public Administration Select Committee suggested that this and other aspects of the Royal Prerogative (starting wars, that kind of stuff) be put on a more formal statutory basis, but the Department of Constitutional Affairs declined to pursue the matter, observing on passports that "successive Governments have taken the view that the non-statutory system has worked well and that change is not required."

The Government did, last year, say that it could add fingerprints to passports via the Royal Prerogative, but as all of the Passport Service's identity-related plans are going ahead with or without the ID Card Bill, clearly it's all happening under the Prerogative.

Which you might reckon stretches the legal framework well beyond breaking point. Lack of Parliamentary oversight? You ain't seen nothing yet.

It is practically impossible to justify the UK Passport Service's identity management plans as being encompassed by a Royal Prerogative intended simply to cover the granting and revoking of passports, even taking into account the requirements of new international standards. As far as biometric passports are concerned, it's been pointed out repeatedly (not least by The Register that in order to conform to ICAO standards the UK need only add a chip containing a digitised passport photograph to existing passports (which is what the Passport Service is actually doing for biometric passport phase one in this very quarter).

There is no need for a biometric database or online checking, because the thinking underlying the ICAO biometric passport standard is that it should be possible to link the bearer to the document by locally checking the bearer's biometrics against those held on the document. So long as you're confident the document isn't forged or fraudulently issued, you don't even need to keep the biometric data in a database - you could even, as some countries intend to do, just throw it away. You know the document is genuine, hence you know the person is genuine, and you don't need any other information.

Nor (we've said this a lot too) does the UK need to add fingerprints to its passports. The EU's Schengen countries are currently committed to do so, but the UK is not a Schengen country, and does not have to conform to this standard. But again, if we wish to add fingerprints in anticipation of their becoming a widespread international requirement, we could do this on the basis that the individual was matched locally against the document, and for the specific purposes of passport issue and administration we do not need to have the fingerprint data online, or even retained.

There's clearly an argument that even the Passport Office's move from document-centric to person-centric and the consequential construction of its version of the NIR steps beyond the Royal Prerogative (which covers documents, not people). The assertion, "All of those items are coming anyway, and the passport service will have to provide for them" most certainly goes many steps beyond it.

There may well be arguments that commercial demand (should such a thing really exist) for identification services from Government should be met, and we may all view it as a good idea for a database of all UK citizens' fingerprints to exist to allow for "the checking of unidentified fingerprints at scenes of crime" (which was put forward by Baroness Scotland as one of the "extra benefits" of the ID scheme). But it is by no means obvious that the Passport Service has the powers to provide these things, that it is the appropriate department to do so, or that providing them via a centralised Government identity monopoly is the sensible way to do it.

If the ID Cards Bill becomes law, then the legal framework changes. The legislation could be said to place the Passport Service's identity operations on a statutory basis, overseen by the new authority the Passport Service will become, and therefore "all of these items that are coming anyway" will be retrospectively legitimised. But if the Bill doesn't become law, and all of these items continue to come, anyway, then there will be a whole growing edifice there we should be asking a lot of hard questions about. And under the circumstances, maybe the Queen should be asking a few herself... ®

Intelligent flash storage arrays

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.