Smart cards, ID cards, nice, nasty, inevitable?

ID cards come in two quite distinct flavours - the nasty one, where they use the cards to police you, and the nice one, which you use to establish and protect your rights and identity. Simple? Actually, I lie when I say they're distinct flavours; in reality nice isn't absolutely nice, the two bleed most horribly into one another, and what we should really be busying ourselves with is establishing clear lines of distinction then defending them.

If we don't, then ten years hence, ID as establishment of personal rights and identity will inevitably come with free, added control and monitoring. By happy coincidence, here in the UK we've recently been presented with pretty good examples of nasty, nice, the blurring between the two and how that blurring happens. The Home Office's plans for compulsory ID cards had an unfortunate accident last week, while the day afterwards the Office of the e-Envoy launched a smartcard consultation exercise. I accept that it's a little premature to categorise the e-Envoy's consultation as nice, but it is (at least at the moment) a fairly neutral presentation of the state of the art, and is soliciting comment from the standpoint that the widespread adoption of smartcards would potentially be an enabler of e-government, e-commerce and of benefit to the individual citizen.

Maybe you agree with that, maybe you don't, but you probably do agree that smartcards as extensions of credit cards, membership cards, transportation tickets and a host of other credentials systems cannot be stopped. In which case we're all better employed getting some decent shackles on the beast than wasting our time trying to shoot it.

The consultation (access to forms and framework document here) is intended to be completed by the end of October, provides a useful run-down of UK and international schemes and initiatives, and notes that "The majority of smart card initiatives abroad use the 'ID card' function as the central plank on which the scheme is based." This is significant because it's a central plank which is (largely) absent in the UK and which is subject to considerable opposition here. Various components of the Home Office's maimed ID card scheme are listed, along with one that's at least on the surface a little more free-standing.

The Home Office's smart card Application Registration Card for asylum seekers, which contains fingerprint data, is already going live, and could be said to undercut one of the objectives floated for an ID card, the proof by asylum seekers of entitlement to health service treatment. Of course equally it could be said to provide some useful perspective on a national ID card in action, because the intention behind this particular flotation was to stop people getting treatment fraudulently, which can only happen if everybody who is entitled has a card to prove that entitlement. UK health from the consumer's perspective doesn't figure in the rundown of schemes, but it's an area where there's surely an inevitability to smartcards - once the NHS gets its act together on electronic records there will be a clearer need to associate the individual with the record, and if you arrive unconscious in casualty then it would surely be a benefit for you to be carrying something that expedited this association. So you're not necessarily agin' it, depending.

Along with this live scheme, we have three under consideration, by the Drivers and Vehicle Licensing Agency, the Passport Office, and the "entitlement card" from the Home Office itself. With the general issue ID card at least stalled, we can probably expect renewed enthusiasm for the entitlement card, while we can see the ID Card scheme's genesis quite clearly in the e-Envoy's Office's run-down of the Passport Office's plans. "The Passport Office, together with the Home Office and the Drivers and Vehicle Licensing Agency, has been in discussions about developing a joint standard for identity to be incorporated into any potential scheme that may be developed in future - this demonstrates how by thinking about the use of smart cards, government departments work in unison across organisational boundaries, delivering interoperability and value for money."

On the other hand, you might reckon that last regrettable and premature piece of editorialising detracts just a tad from the document's neutrality, illustrating precisely the kind of creeping control and invasiveness which, some pages further on, the e-Envoy's Office warns we must guard against.

The Home Office saw the entitlement card piggy-backing on passports and driving licences before it had its more dramatic ID card wheeze, and we can expect plenty more piggy-backing from this and other directions in the future. DVLA cards will come, and we're surely not entirely against them, Most of us accept that we should have to prove we are qualified to be in charge of a legal and roadworthy vehicle, we're just perhaps a little concerned about what other things might be associated with the systems used to police this. And even if you don't accept it's a good thing that you have a passport, you'd be as well to be resigned to it, and to it being machine readable and (real soon now) containing biometrics according to internationally agreed standards.

Even without the blatant drive for piggy-backing the blurring between nice (or maybe just neutral) and nasty is pretty clear here, and particularly dangerous because it's something you'll end up agreeing to as well if you're not careful. You accept that in some cases it is at least necessary and possibly beneficial for you to be able to or to have to prove your identity, and that the mechanisms used for this will, inevitably, be electronic. It is eminently logical (and probably sensible as well) for interoperable standards for identity to be implemented. There - aren't you pretty much lining up with David Blunkett now?

To avoid this horror, we need to focus hard on what's wrong with the above picture - piggybacking and function-creep. This is evidenced in one sense in the Home Office's cunning plan to achieve a free national ID card by getting drivers, passport applicants and benefits agencies to pay for it, but that's pretty obvious and blatant. The DVLA provides a more difficult example of creep because it's hard to see where on the slippery slope you should make the stand.

Driving licences are surely OK, as are driving licences that make it easier to check they're not forged. Vehicle documentation? Surely OK as well, so now you've got roadworthiness and ownership information on the card too. Insurance? Well, that's a third party, but driving without insurance is illegal, and difficult to police as things currently stand. And further down the road (if you'll pardon the expression) you've got road pricing bringing with it vehicle tracking, and black box information that could and will be used against you. On that last one, the DVLA is looking at tachographs as well, which rounds out the whole automotive picture into a potential mare's nest of a privacy nightmare.

The e-Envoy's Office document seems to me to signpost how we should deal with this kind of issue, but not to signpost it nearly hard enough, and to skate over the question of control of the privacy gorilla that government is. "It is imperative that citizens' rights are upheld in an open and transparent manner inspiring confidence in the organisation(s) involved in the scheme," it says. "By facilitating the user's ability to know what data is being held about them within the scheme, the smart card may be perceived as an enhancement to that citizen's privacy and freedom instead of a threat."

It raises the question of who should own the card, user or issuer, stresses the need for data separation (safeguards against one application using the data of another on multifunction cards) and suggests a speedier Data Protection Act right of access to data held on you.

These however are not nearly enough to walk the brave talk of 'enhancement' to privacy and freedom. Putting fences between data held on the card is not enough, because data association via the network has to be dealt with as well. 'Informed' consent to such association is not good enough either, because organisations (both private and government) will obtain such associations through subterfuge or by simply making them a requirement of ownership of the card. If, that is, 'ownership' is the right word here. Nor does data separation necessarily deal adequately with function creep, or with government agencies unilaterally repurposing data it has gathered for one, accepted, reason into areas it hasn't bothered cunsulting about.

The e-Envoy's Office here confines itself to the following:

"Policy 3: To safeguard citizens' rights and guarantee data transparency, smart card schemes in government should comply with the Data Protection Act and any other relevant legislation. Personal information stored on or accessed via smart cards should be readily accessible by the card holder."

This is not, frankly, good enough. The DPA and the European legislation it stems from provide rat-catchers for when the beast has escaped, but they are broad in nature and do not specifically address the very large rat that electronic identity could become. We need specific rules governing functionality and data held, we need specific lists of things that should be worried about and examined before they are allowed to be implemented (e.g. how far the DVLA should be allowed to go, and whether or not it's a good idea for multiple commercial organisations to band together to create one credit/entitlement card), and we need, as a society, to take an essentially 'opt-in' approach, only adding functionality and/or allowing creep once we've really established it's a good idea. Requiring that functionality be specifically associated with its own business case might be useful too - this would, for example, force an entitlement card to justify and pay for itself, rather being paid for via other agencies. It'd be nice if government looked at things this way, but as it won't, keep thinking nice and nasty, keep watching, and be ready to shout foul. ®