These points are not in any sort of order but are intended to be things to think about. They are my impressions of what has been said and, hence, may be in-accurate. I welcome any reasoned correspondence on the subject, whether you agree or disagree.
- Who am I anyway? Whatever is held on the card, it does not identify me, only that the card is mine and I am who I said I was when I obtained it. It is the opposite problem of the Birth Certificate that proves that such a person exists (existed!) but not that it is me. It has always been perfectly acceptable to call yourself whatever you like so long as there is no intent to defraud. e.g. I was baptized Richard but am known as Rick, my wife uses her second forename, many people change their surnames on marriage (and not just the women). “It is a concept foreign to traditional British and Australian law, because the use of an alias has never been in itself a crime.”[7] What happens with people who use pseudonyms, many actors and authors do? Other people do for security reasons e.g. some prison officers. Children are not going to be included in the system (aged <16[2.21]) so it loses the most reliable point of identification—the point of birth, and even then, who is to say who is the father? “There is a paradox here: If people do not have reliable proof of identity, how can the new National Identity Database be reliable? If people do have reliable proof of identity, why do they need an Identity Card?”[4]. There is an organisation known as the “UK Deed Poll service” which trys to look official, but it isn't, it is a commercial organisation. If you want to make a permanent name change, you can just as easily (and more cheaply) write your own and get it witnessed.[added 14 Sep 2005]
- Not-compulsory (in theory). But you will be issued one with new passports from 2008 [2.38, 7] and also with driving licenses. 80% penetration is expected by 2013.[6] It may not be compulsory to have one, but if it affects your chances of obtaining employment, credit, health treatment or a drink in a pub then it effectively becomes so. The Home Secretary can order anyone to register or forcibly register them and at any time make it universally compulsory[2.43].
- Produce on demand. Not in the initial proposal but it could effectively become so e.g. there is already a requirement to produce a Driving License within 7 days if demanded, which could be the same thing. The police have a duty to “establish the identity” of people they arrest “on reasonable suspicion.” This should not include peaceful protest and a Pass-Law situation is unlikely to develop[3].
- Who can ask to see it? Police, Immigration officials, employers (to verify eligibility for employment—David Blunkett, Nov 2004), travel operators, PFYs in the video shop (Pimply Faced Youths). How are many of these to know whether a card was genuine without access to the electronics onboard or the Register? It is doubtful if shops would want to use it, they don’t often ask for identity to back up credit cards now, and they don’t want to scare away customers.
- Usage feature creep. Examples, that have already been quoted by two Home Secretaries, are opening a bank account, going abroad on holiday (we have passports), claiming a benefit, buying goods on credit (we have credit cards), renting a video (he cannot be serious. Charles Clarke Dec 2004.) Access to the NHS is also suggested (though doctors are unlikely to refuse treatment until you have been identified.)[5]
- Lost cards. If it becomes so essential for daily life, what happens if you lose it, or it is stolen, or it breaks (this could be common, the chips are quite vulnerable)? Countries that use them report 5% of cards are lost or stolen every year. This can have a significant effect on any person’s life, consider the impact on an elderly or disabled person. The regulations lay the onus on the card holder to replace it if any of these things occur (at their own expense), even if you are not aware that, for instance, the chip is damaged and does not work.
- What will be on the card? It seems to be certain that the card will contain a picture, name and date of birth in print, with a unique number. Employment right and validity dates are looking probable, though space is limited. The chip will have to have the biometric stuff (probably facial parameters because passports will need it[6], but iris scans and/or fingerprints seem likely options) but all sorts of things can be added there. An address is also probable as many users require proof of address—that is why passports are often not accepted as ID already.
- What won’t be on the card. Credit card details (despite a report in the Evening Standard Oct 2003); the banks won’t cooperate because it is not in their control and, in any case, there are competitors to consider. Cashless wallet won’t be on there because this will require too much write access to the card increasing the failure rate. Blood group and Organ Donor status, even though it has been suggested, because it is not accessible enough in an emergency.
- Unreliable biometrics. Facial recognition has been discredited in trials; old fashioned photo-id is little better. Fingerprints are fine for a manual check, given time, but not so good when automated. I don’t think anyone has suggested DNA yet but there would be all sorts of practical problems. “The government has categorically ruled out storing DNA records of the population on the central population database.” Des Browne Dec 2004. This is all for positive checking i.e. that you and the card match. Even there, the point of check must have the equipment necessary to generate and match the required biometrics. Negative checking (i.e. that you are not an undesirable person) has to be done against the whole database and this would be impractical for data processing reasons. Some cultures don’t like photographs, or require scarves, veils, turbans etc. Beards, glasses, contact lenses and makeup come and go, wrinkles appear over a surprisingly short time. “Even at present success rates, if each UK citizen only had their card checked once a year, four million people would be falsely accused of not being who they say they are.” Peter Lilley Jan 2005
- Queues likely. Checking ID has to be quick and reliable if it is to work and biometrics slow this down considerably. Imagine the queues to obtain the card in the first place. Consider also the situation at ferry terminals if everyone had to get out and stick their head in a machine. Add to this that the travel operators, not officials, do the outward checking because they are liable if they transport someone without valid documents. Even a 0.1% failure rate still means 1,000 false alarms per week at Heathrow.
- Worthwhile forging. If it becomes the de-facto method of identification then an ID card becomes the one item that is worth the effort to steal, fake or obtain fraudulently. No physical item can be made that cannot be copied. If biometric checking is infrequent due to the inconvenience or cost of the equipment, then incomplete forgeries would be much easier and the average retailer could not tell the difference.
- Falsly obtained. Far worse than the problem of forgery is obtaining ID using false credentials and/or corrupt issuing officials. The first comes back to “who are you?” What means of identification are you going to use to obtain the ID in the first place? The data you are most likely to want to check is just that data that you are going to be least sure of, because it is foreign for instance—and that covers the majority of the world population.
- Encryption. Clearly the data on the card will need to be encrypted else anyone could read it. But quite a lot of devices will need to be able to read it and present a subset of the information for verification so how long is the encryption going to remain unbroken?
- What will be on the database (National Identity Register). Certainly duplicate information to the card. The list suggested at the moment includes personal information (names, date and place of birth, gender, address) identifying information (photograph, fingerprint etc.), residential status (nationality, conditions and entitlement to remain), reference numbers (ID card number, possibly National Insurance Number, National Health number etc.), record history (audit trail of changes and accesses), date of death and lots more[2.18, 2.32, 6].
- Database feature creep. There is provision for unlimited extra information to be added to the database and there is very little control over it([2.18] seems to contradicts this, requiring primary leglislation but some of the allowed items are rather vague in their definition and could allow expansion and it specifically allows other reference numbers which could be pointers to alternate databases[7]). Much of the data proposed for the Register relates to immigration and is rather open ended and free format anyway so a clever implementation decision would be to have two parallel databases, with the immigration one containing more items but smaller in extent.
- Little opportunity or right to correct inaccuracies. There doesn’t seem to be any right for individual access to ALL the records held for oneself. So how do you know it is correct? And if you do get a printout, then how do you know that is all there is?[2.25] The Commission for Racial Equality has ammended the bill to allow greater access to the contents of the Register[3.10]
- Avoiding duplicate identities. To avoid duplicates, every ID that is created has to be checked against every other one previously created—a mammoth data processing task.
- Kept up to date. Fines are suggested for not informing the system of a damaged card, or when you move house and other change of circumstances [2.48]. What will this do for transient, seasonal and short contract workers, tenants, travelers, students, the homeless etc? There will alomst certainly be a charge for changing registered information. If there are errors in the information, you must correct it and the fee will apply even if it was not your fault.[7] Will accommodation addresses become popular like the useless registered addresses for companies; where does that help security? What is the position for people who need to disappear for safety reasons e.g. battered wives, prosecution witnesses [2.31]. What do you do while your card is being updated?
- Who has access to the Register? The list of people authorized is large and open to uncontrolled expansion. The Home Secretary can allow any organizations to use it including Inland Revenue & Customs and Excise.
- Will there be a National Identity Number. Yes and No. The number on the card will be the unique number of the card and a replacement will have a different number. However the database will have a unique internal number for each individual[2.26]. The advantage will be that it will not be possible to use the number as a substitute for the card (online say) which makes it a little better than the US Social Security Number which is rapidly becoming their national ID number.
- False security. If we come to rely on this single method of ID too heavily then we may miss other obvious indicators. No matter that he looks and behaves like a terrorist, his ID says that he is Fred Smith from Tooting so he must be ok!
- Benefit? Little effect on terrorism. Incoming foreigners won’t have them anyway and terrorism planning is long term, putting sleepers into place years before hand. Fully authenticated citizens (within their own jurisdiction) perpetrated both the Madrid and New York attacks. “I accept that it is important that we do not pretend that an entitlement [identity] card would be an overwhelming factor in combating international terrorism.” David Blunkett Jul 2002
- Benefit? Little effect on Immigration. Refugees often have no ID at all, sometimes deliberately. Foreigners will not have cards. Illegal immigrants go out of their way to remain inconspicuous. Gang-masters are unlikely to inspect cards before employing people at below-minimum wages. Where do you get reliable information to register people of doubtful origin? Because stop-and-search by ethnic minority tends to cause riots then it is unlikely to be used in areas where it might be most effective.[6]
- Benefit? Not for remote identity fraud. e.g. CNP (Cardholder Not Present) and internet fraud. It is less use than a credit card for this purpose as there is no identifying number to transmit. Forget chip and biometric readers on the home computer, the data path is not secure.
- Benefit? Crime prevention. If the police don’t know who did it, then what additional benefit does an identity check bring? People at the scene are already suspect so you gain very little. Only a DNA database would be effective in tying people to crime scenes. In practice, it could increase street crime as people are mugged for this potentially valuable document.
- Benefit? May be effective for NHS & DWP fraud. Most benefit fraud is not identity fraud, but people lying about their circumstances. But forged cards may not be cost effective for the sponger. The pay back (the problem, attributable to ID, amounts to perhaps £50M p.a. Charles Clarke Dec 2004) may not justify the cost (the terminals in DWP offices alone could cost £1B; Peter Lilley, Dec 2004). “benefit fraud is only a tiny part of the problem in the benefit system” David Blunkett Jul 2002.[5] The picture for Health tourism is similar.
- Cost. Both to the government (we tax-payers) and the individual, thought to be £3.1B minimum (David Blunkett Nov 2004, £5.5B Peter Lilley Jan 2005) and £35 respectively. Do we want to create an underclass that cannot afford the cost of a card? Those are the very people who would/should be claiming benefits. The cost to the individual is a type of Poll tax (unrelated to ability to pay).
- IT incompetence. The government’s record for major projects of this sort is poor. What happens to the systems if the computer or network goes down? (British Computer Society Aug 2004) “If the ID network goes down then the country stops.”[4]
- EU Nationals. What is their position, they who have right of movement, employment and residence(?)—they may have passports but they are not required to carry them at all times(?). The EU does not allow us to discriminate in many circumstances so we have to process those people as fast and accurately as our own citizens (European Courts of Justice).[7]
- Crossover problems with Irish and EU citizens. By an accident of British law, the Irish have certain privileges here, such as voting in certain elections. This is also true, to a lesser extent I think, for other EU citizens. [added 14 Sep 2005] This would not be checkable by ID card because they don’t have one.
- Privacy. There may be things on the card that I would not want everyone to know. Examples include race (it may not be obvious from my appearance), marital status, age, address and religion, even gender in some cases. There will be relatively easy cross checks with credit, NHS and Police databases, electoral roll, Inland Revenue etc. It will greatly simplify the currently black art of data mining as many of these external databases will evolve to include an National Identity Register link as a matter of convenience. Suddenly your whole history is accessible from one chain of lookups. The bringing together of all this information has a profound effect on individual privacy.
- Tracking of innocent individuals. All references to the Register will be logged (they have to be for audit purposes) so the movements of everyone will be trackable by anyone with authority to look.
- General feature creep. Almost all features of the cards and Register can be changed at any time by Order in Council by the Home Secretary. No further debate or vote in parliament is required.
References
A lot of the material here has been paraphrased from the following online sources:
- Identity Cards Bill
- Explanatory Notes
- Race Equality Impact Assessment
- UK Identity Cards—The Case Against (Trevor Mendham)
- Privacy International FAQ on UK ID Card Proposal
- Everything you never wanted to know about the UK ID Card (John Lettice)
- The National Council for Civil Liberties