Feeds

Plan B from Petty France - the other UK ID card

Or more properly, the real one?

5 things you didn’t know about cloud backup

Passports are issued under Royal Prerogative, effectively executive powers of the monarch which are exercised by Government Ministers. These powers include the right to grant and revoke passports, exercised by the Home Secretary and the Foreign Secretary.

Three years ago Parliament's Public Administration Select Committee suggested that this and other aspects of the Royal Prerogative (starting wars, that kind of stuff) be put on a more formal statutory basis, but the Department of Constitutional Affairs declined to pursue the matter, observing on passports that "successive Governments have taken the view that the non-statutory system has worked well and that change is not required."

The Government did, last year, say that it could add fingerprints to passports via the Royal Prerogative, but as all of the Passport Service's identity-related plans are going ahead with or without the ID Card Bill, clearly it's all happening under the Prerogative.

Which you might reckon stretches the legal framework well beyond breaking point. Lack of Parliamentary oversight? You ain't seen nothing yet.

It is practically impossible to justify the UK Passport Service's identity management plans as being encompassed by a Royal Prerogative intended simply to cover the granting and revoking of passports, even taking into account the requirements of new international standards. As far as biometric passports are concerned, it's been pointed out repeatedly (not least by The Register that in order to conform to ICAO standards the UK need only add a chip containing a digitised passport photograph to existing passports (which is what the Passport Service is actually doing for biometric passport phase one in this very quarter).

There is no need for a biometric database or online checking, because the thinking underlying the ICAO biometric passport standard is that it should be possible to link the bearer to the document by locally checking the bearer's biometrics against those held on the document. So long as you're confident the document isn't forged or fraudulently issued, you don't even need to keep the biometric data in a database - you could even, as some countries intend to do, just throw it away. You know the document is genuine, hence you know the person is genuine, and you don't need any other information.

Nor (we've said this a lot too) does the UK need to add fingerprints to its passports. The EU's Schengen countries are currently committed to do so, but the UK is not a Schengen country, and does not have to conform to this standard. But again, if we wish to add fingerprints in anticipation of their becoming a widespread international requirement, we could do this on the basis that the individual was matched locally against the document, and for the specific purposes of passport issue and administration we do not need to have the fingerprint data online, or even retained.

There's clearly an argument that even the Passport Office's move from document-centric to person-centric and the consequential construction of its version of the NIR steps beyond the Royal Prerogative (which covers documents, not people). The assertion, "All of those items are coming anyway, and the passport service will have to provide for them" most certainly goes many steps beyond it.

There may well be arguments that commercial demand (should such a thing really exist) for identification services from Government should be met, and we may all view it as a good idea for a database of all UK citizens' fingerprints to exist to allow for "the checking of unidentified fingerprints at scenes of crime" (which was put forward by Baroness Scotland as one of the "extra benefits" of the ID scheme). But it is by no means obvious that the Passport Service has the powers to provide these things, that it is the appropriate department to do so, or that providing them via a centralised Government identity monopoly is the sensible way to do it.

If the ID Cards Bill becomes law, then the legal framework changes. The legislation could be said to place the Passport Service's identity operations on a statutory basis, overseen by the new authority the Passport Service will become, and therefore "all of these items that are coming anyway" will be retrospectively legitimised. But if the Bill doesn't become law, and all of these items continue to come, anyway, then there will be a whole growing edifice there we should be asking a lot of hard questions about. And under the circumstances, maybe the Queen should be asking a few herself... ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.