29 November 2005

MP reply on ID cards

A while back I emailed questions to my MP and was grumbling that she hadn't replied. Well in fairness a few days later I got a letter [why not email? I sent the questions as email. Post costs more.]. I copy here her reply

Roberta Blackman-Woods MP 18 October 2005
The simple response to your points about ... the Social Security Number in the US and the Tax File Number in Australia is very simple and that is biometrics. Arguments that it becomes easier to steal identity when one has an identity card are nonsense. It clearly makes such activity harder because identity, for the first time, will actually be linked to the person it belongs by the use of simple biometric information. The initial registration will be checked against an applicant's 'social footprint' to establish that the identity is genuine and thereafter that identity will be confirmed using the biometric information held on the card when compared to the individual.

In terms of protection and oversight there will be a scheme commissioner to supervise the functioning of the scheme, independent of the Government.

You state that biometrics are not perfect. This is true but they are certainly far more secure than any of our current methods of checking identity such as signatures, PINs, and producing utility bills. It is also worth noting that even if one aspect of the biometric information is inaccurate, there are a total of thirteen types to be held. This simply makes the scheme more secure.

response to your points about the CSA and Passport Office computer systems I would counter by Pointing out that Government departments and agencies currently operate massive databases without any problems at all such as the Police National Computer and the DVLA database.

I must confess ( am not sure I understand your final point with regards to dangers to witnesses etc so I can not respond on this count but I would point out that criminal records are not to be held on the national identity register at all.

I am sure I am not going to convince you that ID cards are a good idea but I would remind you that they are initially going to be voluntary and will not become compulsory until after another vote in Parliament at which point I, if I am still a Member, will, of course, be happy to consider the evidence of the success of the scheme to date.


Let's start picking over that.
"Arguments that it becomes easier to steal identity when one has an identity card are nonsense. It clearly makes such activity harder because identity, for the first time, will actually be linked to the person it belongs by the use of simple biometric information. "
Yes, but not really what I was getting at. The point is that there is a quite high failure rate in the biometrics and multiplying them apparently, statistically, makes it worse. Any failure, or any down time on the check back IT systems, or any false matches or negatives are gateways for criminals to exploit, and they will, but the stakes for the rest of us will be higher than now.It might also be worth mentioning that M$ think that security on ID cards is likely to be a problem. And they aren't the only ones. So do I believe an apparently ambitious supporter of the government or IT firms ... ?

And that's without thinking about the inconvenience and expense and potential legal non-entity status conferred with each failure

What else we got? Ah yes;
"protection and oversight there will be a scheme commissioner to supervise the functioning of the scheme, independent of the Government"
Superficially reassuring but in reality since the legislation would set their remits and the limitations to it and as the current data commissioner is not in favour of ID cards, I think that this is actually little reassurance.

Then there's
"computer systems I would counter by Pointing out that Government departments and agencies currently operate massive databases without any problems at all such as the Police National Computer and the DVLA database."
It's reassuring to have those successful examples but unfortunately they don't cancel out the more recent bad examples. Especially given that the ID card project is going to involve some complexity and cross departmental co-ordination.

"they are initially going to be voluntary and will not become compulsory until after another vote in Parliament" but that doesn't reassure about function creep and the little Hitlers problem. The effect of a voluntary scheme is likely to be that the cards become de facto essential and also a means of petty abuse. We would have to see which has the greater effect on the general population. Though I hope that the problems with the scheme will yet force a shelving of the idea.
For further reading check my del.icio.us tags on the matter.

2 comments:

Anonymous said...

"I would counter by Pointing out that Government departments and agencies currently operate massive databases without any problems at all such as the Police National Computer and the DVLA database."

That statement is simply untrue.

There are lots of problems with the PNC and the DVLA, ranging from inaccurate details (as documented by the Bichard Inquiry) to the breaches of confidence by authorised insiders, to the actual sale of private data to commercial companies , including those run by organised criminals.

DVLA database details sold to criminals - implications for the proposed National Identity Register

DVLA database compromised by animal rights extremists

Police National Computer data sold to newspapers - offenders only given a conditional discharge !

Met Police spy Ghazi Kassim let off too lightly

Andii said...

Thanks for those, I can't at this moment get the website to respond, here's hoping that it comes back online later, I'd like to use them in my reply.

"Spend and tax" not "tax and spend"

 I got a response from my MP which got me kind of mad. You'll see why as I reproduce it here. Apologies for the strange changes in types...