Thursday, November 22, 2007

Is this the end for ID cards?

Will the government's loss of data belonging to 25m people spell the end of their plans for ID cards and a database state?

I think it may.

As Gareth Crossman writes on Comment is Free:
Whenever Liberty is being interviewed about ID cards or other privacy issues, we normally expect the tired old question "surely those with nothing to hide have nothing to fear". Following the jaw-dropping admission yesterday that Revenue and Customs (HMRC) had lost the confidential information of 25 million people, I suspect we've heard it for the last time.
Listening to my fellow workers in the office today, I think this hits the nail on the head.

Already things seem to be moving. The Guardian has just posted this story:

Ministers are to look at scaling back plans for identity cards in response to the catastrophic loss of the personal information of 25 million people, including their bank records and addresses.

The information commissioner, Richard Thomas, urged ministers yesterday to review the amount of data they intend to amass on the national identity register, and Labour backbenchers previously supportive of ID cards backed his view.

Gordon Brown will come under further pressure from the thinktank Demos, which will shortly publish a report on privacy. It is expected to urge the government to reopen the debate on ID cards before pressing ahead.

1 comment:

dreamingspire said...

The “we are watching you” part of the ID Card proposals I have not heard mentioned for some time, although a seller of transaction systems (a validation enquiry on the NIR is a transaction) will naturally want to build into the system an audit trail which includes recording where the enquiry originated. But the real world network for making validation enquiries on the NIR is different from the model in the NIS, something that, after quite a few years, is apparently still being ignored by HO. Many of the validation requests will originate at computer terminals that are on networks operated by other govt depts or by Local Authorities, and it will be necessary for the systems operated by those organisations to know the result of the enquiry in digital form so that the next stage of the interaction with the citizen can continue. That means that there will have to be a complex messaging specification if the “we are tracking you” database is to capture exactly where the citizen was when the enquiry was made and exactly why the enquiry was made. Fortunately (or unfortunately, depending on your position) HO has apparently never put in place the development project to develop the technical specification, and it may not have made agreements with all the other public sector organisations to ensure that they send a message saying exactly why they are making the validation enquiry and where it physically originated (e.g. a benefit office where the citizen is asking for such and such a benefit or an LA office where a citizen is discussing a planning application). Indeed, it was just over a year ago when a Minister was reduced to describing the validation method as the use of the telephone to speak to a call centre.

It is true that in HO’s architecture diagrams there has been and still is a portal for external validation requests to come in electronically, from other public sector organisations and from accredited other organisations (e.g. banks, and maybe even the car hire company), but there has never been any published information about the interchange method.

The procurement process for all things associated with the national identity management strategy is under way and also under wraps, but Security Document World (www.securitydocumentworld.com) has a button on its Home page for “UK ID card procurement prospectus”.