Byrne puts fake ID frighteners on illegal employers

Another no-change rule change?

Top three mobile application threats

Analysis Immigration Minister Liam Byrne is to celebrate the first wave of the ID card rollout next year with a scary ad campaign threatening employers of illegal immigrants with fines of £10,000 per offence and up to two years in prison. But even by the low standards of the Home Office, "the biggest shake-up of the immigration system for 40 years" promises to be impressively toothless - if Byrne is depending on the fine income for the 2009 New Year party, he will be a disappointed man.

The substance of Byrne's "stark message" actually first appeared in the 1996 Asylum & Immigration Act, which included provision for employers of illegal immigrants to be fined if they hadn't properly checked the employee's right to work status. But as it's been tricky to prove that an employer has failed to take reasonable steps to establish right to work, fines have been virtually impossible to enforce. The 1996 Act has now been replaced by the 2006 Immigration, Asylum & Nationality Act, but this difficulty remains, and remarkably, will still remain prior to the introduction of immigrant ID cards, and beyond.

So much for Byrne's menacing ad campaign, which kicks off in mid-January in order to publicise February rule changes. "This highly visible marketing campaign will ensure employers have no excuse for breaking the rules", Byrne claims. But although the system will have changed, the excuses will remain precisely those that apply today.

The new rules permit the Borders & Immigration Agency (BIA) to levy civil penalties at varying levels of up to £10,000 per employee where adequate checks have not been carried out, while the "up to two years in prison" is the maximum penalty for prosecution under the Act. In order to levy the penalty, however, the BIA has to confirm the nature of checking that has taken place (see page 5 of the Code), and this is likely to prove a complex and difficult procedure.

Nor, after February, will it prove significantly more difficult for an employer to go through the motions than is currently the case. Say you're an employer (indeed, perhaps you are), and you need to check the status of a prospective employee - what do you do? If you've been paying attention and coming down with attacks of due diligence over the past couple of years, you'll recall that earlier this year the Borders & Immigration Agency (BIA) announced a pilot service intended to help employers check the credentials of prospective employees. This sounds like a good place to start. You'll observe that the link to the employer guide in the announcement (Note 7) is now broken. But some current, confusing, information on the checking service can however be found here (Well it could last week, but now it's gone).

The service, such as it is, consists of a checking service request form which asks you for information on the prospective employee. You're almost certainly not going to have this information (e.g. "IFB Reference No" - this is BIA-speak for Immigration Fingerprint Bureau, and ARC is Application Registration Card. The form is presuming the existence of an asylum seeker biometric ID card, meaning it's otherwise useless). Beyond that, you're thrown back on the helpline number - effectively, the pilot of the employment checking "developing service" is currently fictional, and you're on your own (although it possibly has relevance when it comes to the fabled immigrant ID card).

So try plan B. The Businesslink eligibility checker, at least has the virtue of actually existing. On the downside, not a lot about it apart from the online checker seems to work (what is it about binding information up into a PDF that they don't understand?), but the checker will do for our purposes.

A browse through (try a few options to see all of the variants) should be sufficient to confirm that we haven't exactly got a bulletproof system here. Your objective as an employer is to obtain a statutory defence against prosecution, and you can do so provided you've seen sufficient documents that you believe to be genuine. As you can see from the examples in the checker, there's quite a range of these. The various leave to remain stamps shown seem to be more recent, harder to forge ones, but (if we all briefly switch to our criminal hats) there clearly remains scope for the freelance jobbing printer. The EEA and Swiss residence permits, for example, aren't particularly complex, and it would be easy to produce a letter from the Home Office that would convince an employer. Particularly easy, given that the security fuzzing on the published example means they'll be likely to accept anything that looks vaguely plausible - good thinking, Home Office boffins.

Further, not entirely comprehensive, information on what is acceptable can be found here, in these 2004 guidance documents. These are very similar to the new guidelines, which might lead you to believe that the "biggest shake-up" does not from the employer's perspective change things significantly from 2004. You will however note that where we previously referred to a "statutory defence", the terminology is now "statutory excuse" - major revision, eh?

Without immigrant ID cards, we pretty much are still in 2004. And even with these cards, it quite possibly doesn't make a whole heap of difference. The cards won't be shipping for February, so initially will be entirely irrelevant. They might start to ship later in 2008 (they're certainly scheduled to), but if everything goes according to plan (which we can surely discount) they'll take a while to roll out, even for non-EU/EEA immigrants they'll probably never be universal, and there will always be plenty of room for forgeries and falsified papers.

And what, anyway, is it that they're going to fix? The documents listed as valid proof of right to work in the BIA guides fall into two broad categories - EU/EEA passports and residence permits, which generally provide clear proof, and a range of BIA-issued documents that may or may not provide such proof. The latter tend to be confusing and/or easily forged or falsified, and the intention is to replace most of them with the immigrant ID card. But that will still be a BIA-issued document that may or may not provide proof of right to work (depends what it says on the card), and may or may not be easily forged or falsified.

If there's a demand for forgeries, then they'll be produced provided the cost is competitive. And if the cost isn't competitive, then a forged or stolen EU passport will be cheaper. From the employer's perspective, all you need do is believe the employee and the supporting documents are genuine, so that's not your problem. And Byrne's problem? He doesn't actually have a system, and is perpetually promising that he'll have one with teeth when the next phase of ID cards rolls out. But he still won't have a system until such time as everybody in the world has an ID card. His cheque perpetually in the post, he is effectively the Bunter of Biometrics. ®

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.