infinite ideas machine

Trust, trade or anonymity?

[After a coupla days off - hooray for Bank Holidays!]

Someone who White Rose now tell me wishes to remain anonymous (!) proposes a UK anonymity card:

"A more palatable alternative might be the UK anonymity card. Perhaps we would be persuaded to submit to a one-off secure registration process if the result gave us a card which could read and confirm our thumb print, but held no other personal information. It would just need a royal crest and text to the effect that the bearer is entitled to the service in question. It would prove you are the necessary age, or that you have a clean driving licence, but no more. The authentication is local and off-line, so it does not tell a central database who and where you are, and what you are doing. If you try to use it fraudulently or beyond the authorised limits, you are still nicked."

Meanwhile, Sarah Arnott in Computing thinks that 'ID cards for the right reason' mean:

"In the real world people can 'see' who you are. The same needs to be true in cyberspace and an obvious role for the government is to create that guaranteed online identity.

No longer is it a question of government as 'Big Brother' invading our privacy, but of it making the most of its unique position at the centre of society to provide a much-needed service.

ID cards should not be about the negative 'freedom from', but the positive 'freedom to'.

With a government-issued biometric ID card, swiped through a reader as I open my browser, I am free to buy, sell, bank, chat, pay my council tax, apply for a job - whatever it is I want to do - without having to remember a hundred passwords or retype my address a hundred times."

And Steve Bowbrick's, 'Second sight', on Guardian Online proposes an altogether different approach:

"I'd like to see Britain invest all the planned ID card budget in simpler, cheaper and more effective measures to increase trust, interdependence and transparency within our communities and institutions. The end result, though doubtless small, will surely be more useful than devoting the next 20 years of our national life to getting flawed ID cards working and preventing the bad guys from stealing the keys."

Alternatives abound, based on the growing perception that the Government's proposed ID card / NIR scheme is: (a) likely to be very unpopular - public support for ID cards is falling rapidly, and resistance is growing (see Detica's MORI poll [188 KB PDF file] 80% pro on 22/4/04 vs. PI's YouGov poll [45 KB PDF file] 61% pro on 19/5/04); (b) almost bound to be impractical and expensive, if it even works at all (biometrics ain't all they're cracked up to be, as past and current problems with the UKPS trials are showing); and (c) misconceived, misdirected* and unlikely to deliver the 'benefits' proposed by the Home Office (i.e. countering terrorism, preventing illegal working and reducing identity fraud).

*In fact, the whole exercise increasingly looks like a classic piece of misdirection, e.g. why is the National Information Register not included in the title of the Draft Bill when, in fact, it underpins the entire scheme and is the thing that requires/underlies the majority of the proposed legislation?

There is a clear agenda on the part of the Home Office to create a new 'clean' database but is this meant to enable the sort of 'joined-up' eGovernment that New Labour have promised, but just can't seem to deliver? Or is it motivated by the desire to be seen as a technological 'world leader', while meekly complying with increasingly invasive EU and US data-sharing 'requirements'?

Either way - and I'm sure there are other reasons behind this - what we could be left with, if the current proposals become law and the scheme goes ahead, is a surveillance culture in which personal privacy will count for next-to-nothing, and a society in which trust is dictated by little chips in pieces of plastic and Government database records over which we, the people, will have little to no control.

The BBC gives us back our stuff

Wednesday's Press Release, BBC Creative Archive pioneers new approach to public access rights in digital age, shows encouraging signs that this autumn the BBC are going to open up at least some of the archives that we, the license payers, have been funding for decades.

This is somewhat gratifying for me as, when I worked for BBC Digital Media Education in the late 90s, I proposed something along these lines (namely assets for schools and colleges being made available under an academic license, possibly from a bbc.ac.uk service) as a stimulus to growth and development of digital education content across the UK.

Of course, that never happened and it's unlikely that the education archives will be made available now either - especially in the light of more recent developments, i.e. the £150 million Digital Curriculum initiative.

There's still some evidence of 'Auntyish' thinking in this interview with Paula Le Dieu, Joint Director of the Creative Archive, 'Providing the Fuel for a Creative Nation':

Was it because the decision content has been paid for by the public, so should be there for the public to use?

We didn't start from that premise. We started from the premise that we had this fabulous archive and we had a requirement in our last charter, the one that we're currently operating in, that expressly asks us to open up our archive. There had always been a strong feeling that we hadn't done that as well as we could.

But I applaud whoever (Greg Dyke?) provided the final push within the Corporation to get this long-overdue process rolling, and look forward to playing with the results :)

N.B. This also looks like a bit of a triumph for the Creative Commons project, chaired by Lawrence Lessig, as it looks like access to the BBC Creative Archive will be based on the Creative Commons model. I just wonder what the lawyers at Henry Wood House will make of the license...

UPDATED 14/6/04: Rupert Goodwin's Creative Commons gives the BBC uncommon creativity covers some of the history and context and his previous article, Auntie opens her drawers, outlines some of the risks.

Oops! Another biometric cockup

John Leyden in The Register's, FBI apology for Madrid bomb fingerprint fiasco, points out the dangers of over reliance on supposedly 'infallible' biometric evidence. As it turns out, the FBI incorrectly matched a digital copy of a fingerprint found on a bag full of detonators to an Oregon lawyer - who also happened to be a Muslim convert.

This Salt Lake Tribune article reveals just how much faith the FBI had in their systems:

"Court records unsealed Tuesday showed that the Spanish authorities had raised questions about the FBI's fingerprint match to Brandon Mayfield, 37, a Portland-area lawyer. Yet FBI officials were so confident of a match they described as "100 percent", they never bothered to look at the original print while they were in Madrid on April 21 to meet with Spanish investigators."

Reading further down the article, you begin to get a sense of the sort of 'guilt by association' that might become increasingly prevalent when or if our identity records are held in a centralised database. If this sort of thing happens when the dots are being joined by 'intelligent' human agents, how many more errors will occur when it's a piece of software doing the detective work?

Too cosy by far?

The Cabinet Office announced yesterday that Ian Watmore, currently UK managing director of Accenture (formerly Andersen Consulting), will be the new head of e-government. This is, of course, after the Office of the e-Envoy is transformed into the e-Government Unit - with an attendant shift in emphasis and responsibilities [scroll down linked page]. No surprise at all to come across this, then:

"As part of this digital security infrastructure we envision that every constituent will have a highly secured, multi-purpose, government-provided electronic ID card that will serve not only for government purposes but also for online activities in the private sector - the electronic equivalent of today's ID cards [?!], passports, driver's licenses and social security cards." - p5, Accenture’s Technology Vision for Government [726 KB PDF file] (thanks, Charles)

Interesting also to note that on the same day Microsoft "also revealed it has been working with consultancy firm Accenture to offer customisable sets of software, strategies and best practices tailored to the needs of public-sector organisations".

No conspiracy, of course - just an entirely too cosy relationship between big tech, the mega-consultancies and government. It's the same old familiar names that to date have cost the British taxpayer billions in failed public-sector IT projects, and yet they just keep coming back for more...

Oh, and one final thing - over in the States it seems that Accenture are in the final running (1 of 3 companies) to be awarded the contract for George W.'s $10bn computer dragnet - unparalleled surveillance of foreigners (that's us folks!) that even the US General Accounting Office "has castigated as 'very risky', [warning] of significant management and oversight problems."

Let's just hope it's beyond them.

UPDATED 7/6/04: Martin Brampton as Devil's Advocate on Silicon.com asks Who wants government run like a business? He questions Tony Blair's claims both that Ian Watmore will play a "pivotal role ensuring that IT supports the business transformation of government" and that this will necessarily lead to "better, more efficient, public services".

But I'm not a terrorist!

"If you've nothing to hide, you've got nothing to fear" is still bugging me (I've been wearing that T-shirt again...) and this SecurityFocus article, Firm names 'statistically likely' terrorists, begins to articulate why. [The firm is called Seisint, and even a quick look at the services they offer - and how they achieve them - begins to make my blood run cold. Go ACLU!]

Given that ID cards / NIR are being proposed as a means to combat terrorism and serious crime - something Blunkett and others initially headlined, but have since been forced to downplay - and that so much (public) money is going to be spent on the project, it is inconceivable that UK Police and Intelligence services will not be allowed to use software such as that described in the article, i.e. profiling individuals based on their NIR records.

Which is where the whole "If you've nothing to hide, you've got nothing to fear" thing begins to break down:

You may have done nothing wrong... but you may well fit the profile of people who have - or who the authorities think might.

You may not knowingly mix with terrorists or criminals... but who has lived in your house before you? Or who are those mates your kid met at college? What does a terrorist look like, anyway - and do you really think they'll be carrying an ID card stamped 'Suicide Bomber'?

And if something goes wrong with the technology or database records - which, of course, it never does! - how are you going to prove that you aren't that conman / extremist / murderer?

Of course, if ID cards do come in and you're white and middle class - like me - then you probably won't ever be stopped on the street and asked for your ID. That will (has, and continues to) happen to those of us that have darker skin, or look Asian or who dress according to their faith. Just because the risk to you personally is low, do not assume that holds for everyone - just start by examining your own prejudices!

No, I'm afraid "If you've nothing to hide, you've got nothing to fear" sounds to me, at best, like the sound of people collectively burying their heads in the sand and, at worst, its nothing more than saying "I'm all right, Jack..."

...FOR NOW!

Independent advice? Not from this bunch!

Thanks to SpyBlog for (my) first heads-up on yesterday's announcement of PA Consulting being awarded the ID Card scheme "Development Partner" contract by UK Home Office, also covered by The Register, BBC News, Silicon.com and others.

Any and all of the above are more informative the less-than-forthcoming Home Office Press Release, repeated on PA Consulting's site.

The runner up - Deloitte - must be upset, especially as they were still in the running last week when The Scotsman revealed in its article, Advice on ID cards came from firm 'set to make millions', that the company had seconded one of its staff to work at the Home Office advising on the planned ID card network from September until March...

But, as John Lettice kindly pointed out to me, this is not so much about Deloitte trying to pull a fast one as the fact that "uk.gov is so addicted to getting free help from the industry that there is no way it can make a measured purchase decision about anything". Secondments are apparently common practice in UK government IT, and PA Consulting themselves have in the past 'lent' members of staff to, e.g. the eEnvoy's department.

All the big players do it, so is there any wonder that the government often displays such wild enthusiasm for 'magic bullet' IT solutions? Or that the smartcard agenda is so deeply embedded in government thinking that, ID cards or not, we are ploughing ahead with a 'chipped' future with scant regard for the long term social or financial consequences?

I'll leave you with a quote from an article written back in 2000 by the Home Office's new 'Development Partner':

"Integrating customer access is a radical proposition, but as a focus for effort it offers the promise of being one of the single most visible and effective initiatives in improving public services yet undertaken by this Government, and possibly any other since the Second World War. And it could be rolled out in the lifetime of a single Parliament. All this, and it would actually save public money. If New Labour is serious about empowering the customer of public services and of adopting radical measures to get more from less, then focusing on customer access is one of the answers." - PA Consulting Group, 'E-nable the customer to join-up government'

No agendas there, then!

UPDATED 25/5/04: a timely reminder by Philip Johnston in the Telegraph of PA Consulting's shaky track record re. the 'shambolic' start of the Criminal Records Bureau in 2002. Remember when a whole pile of kids couldn't go back to school after the summer hols because their new teachers hadn't been police checked? Thank you, PA! And (for the record) Capita, too.

Chest-sized billboard

Well, the last T-shirt seems to be working quite well - each time I have worn it out & about several people have asked me what NIR means. Interestingly, even the ones who started off pretty pro-ID cards were a lot less sure that they liked the idea, especially when they found out it would involve the Gov't keeping a big database full of their (and their loved ones') fingerprints, iris scans and photographs...

Anyhow, as it keeps on coming up, I thought that I'd have a go at countering the whole "If you've got nothing to hide, you've got nothing to fear" 'argument' with this:

(Artwork available on request)

Behind closed doors...

...or at least very expensive* ones to get through!

So Mr. Blunkett wouldn't 'face the music' last week at the LSE [read Dr. Simon Moores' review in Computer Weekly, via White Rose & Trevor Mendham's UK ID Cards blog] but now expects his colleagues - and, by implication, us - to believe that he can overcome all the technical and financial objections to the ID cards / NIR scheme in a paid-entry briefing to the very people who stand to make the most money out of it:

Home Secretary David Blunkett, has told MPs his department has been working closely with the IT industry and is to offer a seminar quashing the technical and financial impact of the scheme "once and for all."

The Home Office seminar is to be held with IT supplier, Intellect, and will take place at the Grange City Hotel, London on 24 May 2004. - 'Coalition of the unwilling: ID cards branded a faulty idea' on Contractor UK

*Today's Intellect event 'ID Cards: Next Steps' is sponsored by BT Syntegra, Sun Microsystems, Siemens Business Services Ltd & EDS and a ticket for a non-Intellect member would have set you back £464.13 - assuming members of the public could even have got one.

If Blunkett had these 'conclusive' arguments last week, then why could / did he (or a Home Office representative) not provide them to a PUBLIC meeting on the issues? If he didn't have them, then where did he get them from over the past few days?

All we are getting from the Government at present are assertions, made-up (and increasingly shaky) statistics, laughable guesstimates and a demonstration of almost unprecedented arrogance in their unwillingness to even participate in an open debate with opponents of the scheme, or even members of the electorate who express genuine concerns.

ID cards almost brought down the Australian Government in 1987 - does New Labour want to follow Blunkett and Blair over the same cliff? We shall have to see...

N.B. there are some encouraging noises being made in certain quarters of the Conservative camp, but do not forget that in 1995 Michael Howard (then Home Secretary) announced Government plans to bring forward a Green Paper setting out the various options available for a national identity card scheme - despite the fact that as recently as 1990 the Tories had said: "the government is not persuaded that the case for a voluntary identity card scheme has been made out, in terms of benefits either to the individual or the state" (HC Deb vol 146 c1302). - Charter 88 ID cards archive.

Dupe-checking and the mechanics of trust

Thanks to Irdial for clarifying the proposed use of a centralised database in his scheme, now christened ISLAND: "The centralized database of photographs held by the passport office is there only to do duplicate application checks."

Setting aside the (not irrelevant) fact that I am specifically trying to counter the Home Office's current ID card proposals - that they seem very reluctant to broadcast (e.g. correctly naming the Draft Bill!) would require the creation of a National Identity Register containing multiple biometric records for each of us - and ISLAND is tackling the UKPS biometric passport scheme, I agree that an/each issuing authority must have some way in which to check that multiple ID documents are not issued to the same person.

I further agree that such a database might be inoffensive, "...as long as no one other than the passport office has access to it and it is used for this single purpose of dupechecking." In the case of ID cards and even the UKPS database (as Irdial later points out, regarding access by the Intelligence Services) this is unlikely to remain the case.

The problem is that the (inevitable) cost and creation of just one such database and its associated checking software seems to have provided irresitible temptation for the Government to contemplate and even start to legislate for feature creep on an unprecedented scale - i.e. allowing multiple agencies access to one big database (at least partially because it will spread the cost - now there's Gov't 'efficiency savings' for you, and it *only* comes at the price of compromising every citizen's right to privacy!) and furthermore letting them do all sorts of different types of cross-checks - maybe even speculative trawls, in the case/cause of anti-terrorism, tackling serious (and not-so-serious?) crime and international intelligence - in an attempt to establish 'once and for all' a singular mechanism by which we can identify each other or, more precisely, by which 'we' can identify ourselves to 'them'.

I agree fundamentally and absolutely with what Irdial says towards the end of his posting:

"...Part of the reason it works well in the UK is that you have to have your application form and photographs signed by a current passport holder. This works very much like the PGP "web of trust" where you can sign the PGP key of someone you know so that you can vouch for the identity of someone when they present their public key to a third party.

In this way, if the initial seed population of passports are issued correctly, and the people are trustworthy, you can generate a large body of good passports because everyone swears that the persons that they are introducing to the British Passport are known to them. This sort of dis[tr]ibuted human trust is far better for people than centralized trust; it puts a high value on the British Passport, makes citizens take responsibility for the security of the system..."

If we are going to rely on technology to establish or confirm identity then we need to marry it to existing human / social methods - which have stood us in good stead for centuries, if not millennia! - in order to maintain and build real trust within our globalised Information Society. For all sorts of reasons, the spread of Information & Communication Technologies included, the link between rights and responsibilities has been eroded. We must, if we are to have massive ICT systems permeating our lives, ensure that they are designed so as to persist and promote the best values and aspirations of our culture(s) and not use them as an excuse to give in to our worst fears and paranoias.

Just because something is easy to do - as large-scale ICT increasingly is, despite past incompetence and failures - or even if it seems immediately obvious, does not make that the best way to do it! Biometric duplicate-checking (to the extent that the software is capable, i.e. NEVER infallibly) may be able to prevent multiple ID documents being issued to the same person but it cannot, even in principle, prevent the wrong person being issued with an ID document in the name of / with details taken from a person who is not already on the system.

Maybe what we need to do is redesign, strengthen and extend/propagate the mechanisms by which we can vouch for each other (a la 'PGP web of trust') in such a way that the authorities can focus their attention - both positive (i.e. support & services for the most vulnerable & isolated) and negative (e.g. surveillance and capture of criminals) - on those individuals who we, the people, EQUALLY AS INDIVIDUALS identify as being difficult to trust.

N.B. there are obvious problems with this if we (attitudinally) or the authorities (institutionally) differentiate between the 'trustability' - i.e. ability to both trust and be trusted - of different, e.g. ethnic groups or communities of interest & circumstance, but I hope and believe that there may be enough commonality and interchange between people in all walks of life - at least at the level of individuals, especially those who advocate the rights of others - to overcome the mob thinking, media-induced hysteria and Gov't / corporate FUD that currently seems to prevail.

Practically-speaking, therefore, it may be as important or effective (even necessary?) to come up with the design for an organisation that can provide and protect citizen identity as with a (demonstration of a) technological system for issuing ID documents. People form networks, too, and it is the rules that we agree in this (real) world that should determine / dictate the specification of technological rule-based systems not vice versa!

Divergent thoughts

Great! Irdial Discs is all fired up and has now outlined a(nother) web-based ID card demo using PIC cards (nice and cheap here), GPG for encryption - BUT using some form of database with facial recognition matching.

You may note that my last link is to Identix's ABIS™ system, "the industry’s first enterprise level [emphasis added] facial recognition matching platform, designed to solve the problem of large-scale facial image database search". This is, quite evidently, a non-trivial issue...

For me, though, there's a more fundamental problem with this proposal.

The system - not just the cards, although cards will be involved - that I want to demonstrate needs to challenge the whole notion of a centralised database, especially one that holds biometric records. A demonstration of the type described above is pretty much what the Government seems to be proposing, and would therefore fail (for my purposes) at the first hurdle! It is precisely the NIR that I, and others, consider to be the real problem - and probably the Home Office's real agenda.

The devil is very much in the detail when you have to design and implement 'secure' technologies, but you have to get your principles & values sorted first - so I am going to stick closer to Irdial's original (no central database) proposal in my own investigations. I hope I have explained myself clearly without giving any offense.

I'm still working on a PDF417 posting but, if folks want to read ahead, here's a paper from 3M-AiT Ltd on Using 2D Barcodes to Enhance the Security of Machine-Readable Travel Documents [543 KB PDF file] that I shall be referring to.

I'm heading out now for beers, but will sign off with a passing thought:

Any society large enough to contain strangers has developed tokens (e.g. ID documents) that need to be authenticated, to stand in (i.e. substitute) for direct knowledge and trust - but it is still only people who are meaningfully being identified. So when, in law, the record replaces the individual as the foundation of identity we shall have enslaved ourselves to a system devoid of trust, in which assertions and appearances matter more than the reality of our relationships, our bodies and our freedom.

Mistaken Identity, missing politicians

Well, that was interesting.

Yesterday's Mistaken Identity public meeting at the LSE was notable in many respects, but one of the most glaring was the complete absence of any representative from the Government - despite repeated invitations to the Home Office and requests for even 'just' a back-bencher to attend!

[N.B. David Winnick (Labour MP) was there, but in his capacity as a member of the Home Affairs Committee - he's an obvious ID cards sceptic but had to, not least because of his current role, demonstrate a degree of impartiality.]

The only inferences that can be made are that either the Government simply do not wish to engage in a full and proper debate - something they could possibly have spun later, if only they had sent someone to 'take the flak' yesterday - or that they know that they have "no singular, convincing argument" (David Cameron, Shadow Leader of the Commons) so cannot risk attending a public event where this is likely to be required by an informed audience.

Given the far-reaching implications of the proposed legislation, and to paraphrase Paul Whitehouse (former Chief Constable, Sussex Police) "the onus is on those who advocate it to prove - by evidence, not assertion - that it will be a good thing". One of the key impressions I got from the afternoon was people's frustration at how the Government keep shifting the goalposts and changing their arguments, something that makes challenging the proposals very difficult.

In security technologies and privacy legislation the devil is absolutely in the detail. Without a specific proposal, or even a clear functional specification, the Government should simply not be allowed to proceed.

Also, as Roger Smith (Director, JUSTICE) pointed out, many - if not most - of the MPs and Ministers who vote on this Bill will not be in power by the time it is fully implemented in 2012/13. This means that they cannot actually be held accountable for "changing the relation between citizen and state from servant to master" (David Cameron again, lightly paraphrased). In order to provide the appearance of being tough on crime, immigration and terrorism in time for the next General Election Blair, Blunkett et al. are willing to throw away rights that we have had for centuries and cost us (yes, us - its our money!) billions on measures that will (provably!) have little, if any, impact on the problems they are supposed to address.

There were many excellent speakers and other highlights of the afternoon, for me, included:

Simon Thomas, Plaid Cymru, pointing out the bleeding obvious (i.e. that tackling terrorism is not about identity, it's about intelligence) and how the Scottish Parliament & Welsh Assembly will not, in any case, comply with ID cards - which, along with Northern & Southern Irish constitutional issues, will make ID cards at best an English scheme. He ended on the telling point that successful Government IT implementations have doubled in the past two years... to 34%!

Interestingly, Simon also said that he had been approached by a number of technology companies when he registered an interest in the ID cards issue - despite his negative stance on it! This, and Mark Oaten's (Liberal Democrat Home Affairs spokesman) allusion to the fact that one of the Government's current technology suppliers has just seconded an employee to the Home Office, confirms my concern that at least some of the 'advice' that Blunkett and others are taking is tainted. And that 'corporate tech' is attempting to muscle the UK into a smartcard future that it simply doesn't need...

Lord (Andrew) Philips of Sudbury, Liberal Democrat peer, was particularly good - especially in his detailed grasp of the system, e.g. regarding the nonsensical restriction of the powers of the Interception of Communications Commissioner, and his realistic take on the task ahead in persuading the 80-ish% that ID cards backed by a National Identity Register are a BAD IDEA.

He referred specifically to tackling the all-too-common "If you've got nothing to hide, you've got nothing to fear" argument and, although he didn't explicitly say the phrase, his comment "We're on no-one's list now" led me to think that "If you're not on their list, you won't exist" might imply/initiate a relevant counter-argument. [Wait for the T-shirt - I'm all for slogans!]

Karen Chouhan (Director, The 1990 Trust), Shami Chakrabati (Director, Liberty) and Dr Iqbal Sacranie's representative from the Muslim Council of Britain (Khaled Anees? I'm afraid I didn't hear his introduction) made me consider how ID cards of any sort are likely to impact on black, Muslim and other ethnic communities. They, and other speakers, made the valid point that ID cards could, in fact, end up provoking terrorism. If I, a white middle-class male, am made angry by the proposals how much more so will be a person who has to endure ID card-related stop and search, or NIR-derived 'surveillance'? Even top Tories and the former Police Constable were talking in terms of ID cards creating civil disobedience...

Shami Charabarti's speech had the highest concentration of soundbites; "presumed guilty until proved innocent", "the Home Secretary is looking for a police state without the police", "license to live" and also made a number of telling points - e.g. that Home Affairs policy and agendas are dangerously populist and could leave us in constitutional 'poverty', with untold social costs - never mind the financial. She pointed out that no other Common Law country will even countenance ID cards, and that even George W. Bush has been heard to say since 9/11 that they are counter to American civil liberties. She ended with, "we are too casual with our rights to personal privacy" - a statement with which I wholeheartedly agree.

Tony Bunyan (Editor, Statewatch) spoke knowledgeably on the EU perspective and pointed out something that I think needs to be highlighted in the campaign against - that the impact of ID cards on the individual is most likely to be felt when they have to go to an enrollment centre. Not just for ID cards, of course, but for their Passport - now every 5 years, simply because the company supplying the smartcards will only guarantee the chips for 5 years' use! Hmmm, someone just doubled their profits - and Driving License - which was supposed to last you until you were 70.

If you are arguing against ID cards, I believe you have to make it personal - make people think how much this is actually going to cost them in money and time, and blow the notion that this is a voluntary scheme out of the water. Having to have an ID card in order to get a Passport or Driving License - there is no provision for otherwise in the Bill - is nothing more than backdoor compulsion. How else does Blunkett propose/expect to get his 80% uptake?

Paul Whitehouse (ex-Sussex Police, see above) made the excellent point that putting technology into the field can disable the police's ability to act in the moment - if the connection or device fails - and that it tends, over time, to erode the intelligence, observation skills and initiative of individual officers. Passing the ID card test will never - and shouldn't ever! - mean you are above suspicion, but some may treat it that way and therefore be able to commit atrocities like the Madrid bombing whilst waving their IDs gaily in the face of the authorities, AND BEING WAVED ON.

Peter Williamson (President, The Law Society) spoke eloquently on behalf of the 116,000 solicitors in England and Wales, many of whom oppose the Bill - despite the fact that some of them stand to make a significant amount of money out of litigation when people sue the Gov't for screwing up their identity. This will happen (it already has in the US with one of the UKPS trial's technology partners!) and will add massively to the true and ultimate cost of the scheme.

Most of the politicans, including David Davis (Shadow Home Secretary), asked if the £3+ billion could be spent better elsewhere - and were quick to point out that the Home Office figures are only what it will cost the Home Office, not the other authorities and organisations who will at least have to buy scanners & upgrade their infrastructure - or employers & employees who will lose (cumulative) millions of days of work to enrollment, representing £100s of millions+ off the GNP...

Ross Anderson (Cambridge University Computer Laboratory & FIPR) spoke briefly - time was running short - but very much to the point:

"ID cards will inflict great inconvenience on our citizens, without quite inconveniencing the criminals."

And I have to end with the comment of Jonathan Bamford (Assistant Information Commisioner) that the actual name of the Bill is incorrect: this is not a Draft Identity Cards Bill, it is a 'Draft ID Cards underpinned by a central register (National Identity Register) and central registry number Bill'. Bit of a mouthful, but more accurate - and less saleable to the British public.

Think, people, think...

Many thanks to Simon Davies (LSE & Privacy International) for assorted ringleading duties - and all the rest who hosted, supported and attended the event. Now, let's get down to business!

[N.B. I've added the no2id campaign site to my links on the left, go have a look.]

UPDATED 21/5/04: If you want some proper journalists' takes on the meeting, try the BBC or Silicon.com. Also, Peter Williamson's (President of The Law Society) address [29 KB PDF file] is now available on the Privacy International site, and is well worth a read.

UPDATED 24/5/04: For those who couldn't make the event, Stand's page on the Mistaken Identity meeting now contains audio files of all the speakers in MP3 and Ogg Vorbis formats.

Shift in public opinion

Privacy International have published 'A Nation Divided' [45 KB PDF file] - a poll of UK electors to determine views and opinion trends relating to the proposed National Identity Card. The poll was conducted by YouGov, who questioned a representative sample of 2,003 electors across the UK between May 11 & May 13.

It makes for interesting reading:

KEY FINDINGS

The majority say they support ID cards, but not to the extent that the
government claims.

61% of the population support compulsory identity cards. This
contrasts markedly with repeated claims by government that 80% are
in favour of its proposal.

However, the majority of respondents oppose key elements of the Draft
Identity Cards Bill.

Many people object to the legal requirement to notify government of
change of address (47% against; 41% in favour)

Most people object to the legal requirement to inform government
whenever a card is lost, stolen or damaged (45% against; 44% in
favour)

Opponents may be in the minority, but they are signalling a new Poll
Tax revolt.

28% of those opposing compulsory cards said they would take to the
streets to participate in demonstrations. This represents approximately
4.9 million people.

16% of those opposing compulsory cards said they would participate
in a "campaign of civil disobedience". This represents 2.8 million
people.

6% of those opposing compulsory cards said they would prefer to go
to prison rather than register for a card. This represents over a million
people.

Tory voters are much more likely to oppose the ID card proposals.

Nearly a quarter (24%) of Tory voters who object to compulsory ID
cards said they are prepared to take part in a “campaign of civil
disobedience”

Anyway, I'm off up to Mistaken Identity where it seems a certain Mr Blunkett will be notable by his absence! More later...

Biometrics in Human Services User Group Newsletters

No longer published, Connecticut Department of Social Services' Biometrics in Human Services User Group Newsletter [final issue] offers "a fascinating 7 year up close and personal look at biometric technology through the eyes of government users."

Written by Dave Mintie - who now writes and edits Biometric Watch - its user focus and plain language approach means that quite a number of the articles are still relevant and the complete series provides a useful source of reference on applied biometrics. The BHSUG Newsletter Index allows you to search for articles by Issue Date, Author, Title, Technology, Industry & Location.

Practical alternatives

This entry has been sitting in Draft for a while now, but - especially given this week's upcoming Missing Identity meeting - I'm becoming more and more convinced that it must be worth trying.

Back at the end of March, Irdial Discs published his No Central Biometric Database idea in reference to biometric passports, picked up in John Lettice's article on 19th April, 'Fingerprints as ID - good, bad, ugly?'. I have seen a number of subsequent references to it, but no evidence that the approach - or principle! - has been given any serious consideration by the 'powers that be'.

Simply stated, and in his own words:

"This is how you do it.

Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority.

When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database.

The digital signature of the passport photo is also downloaded.

A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.

If the signature is good, the document is genuine.
If the signature is bad, the document is a forgery."

It is an elegant and potentially far cheaper solution than Blunkett's proposed scheme that solves the specific problem of forged identity documents in a way that addresses most, if not all, of the publically-expressed goals of ID cards and a National Identity Register - without requiring a central database.

The Home Office has requested feedback on the Draft Bill, and would - I believe - have to respond to a practical demonstration of such an approach. At the very least it may smoke out some of the ulterior motives / thinking behind the NIR, and at best it may raise / provoke a (techno)logical debate that currently doesn't seem to be happening.

This sort of fits with some of the things I have been doing professionally over the past few years (e.g. CareZone, where we had to grapple with lots of the issues around smartcards and security) and is very much in line with the philosophy of virtualised (a current joint venture - site in development), so I intend to dedicate a proportion of my time in the coming weeks to trying to build, document and - hopefully! - demonstrate a working version of a biometric (i.e. facial photo) 'ID document' that uses no central database.

I should say at the outset that I am NOT a 'hands-on' programmer, but I do have a fair amount of IT skills and experience - especially in the area of conceiving and getting prototypes built. Much of what seems to be required is in the public domain and if all that comes of this is a thorough written response to the Home Office then, in my opinion, it won't have been a complete waste of time.

Any help offered would, of course, be gratefully received!

N.B. I am aware that I may well be biting off more than I can chew, but I would at this point rather fail trying than not try at all!

Have logo, will travel

Thanks to Chami.com for the excellent free FavIcon creation tool and instructions on How to display your web site logo on the address bar and in the favorites list.

[For those of you who have difficulty resolving 16 x 16 pixel images, the blob in the background is (yet) a(nother of Phil's) brain(s)...]

Fundamental principles

Thanks to White Rose for linking to Darren Andrews' cogent and elegantly-argued, 'The Case Against ID Cards: A Principled Approach'. It's so good, I just had to add it (as Freedom-Central.net) to the side bar...

Disembowelling your car

As I was driving back from Kent this evening, I couldn't get that ad where bits of a car were used to construct a choreographed sequence of events out of my head. I guess I was also linking it to some of the more complicated performance art pieces I helped create back in college (hey, Martin!), and the not-quite-subconscious knowledge that the car is due for its annual check-up...

Well, through the joys of the web and a brief Google, I now happily point you at both the UK Honda Accord ad, 'Cog' [click on the cog on the table once it comes to rest] and a clip from the 1987 short film by Swiss artists Peter Fischli and David Weiss that (probably) inspired it, 'The Way Things Go'. Available *now* at Amazon and assorted online retailers...

Is this how it goes?

Simon Davies' paper about Campaigns of Opposition to ID Card Schemes on the Privacy International site offers several insights and a superb in-depth analysis of the Australian anti-ID card campaign in the mid-80s:

"This movement, the largest in recent Australian history, forced a dissolution of the parliament, a general election, and unprecedented divisions within the Labour government."

Sounds like a good idea! Unfortunately, I somehow can't see that happening over here in the near future. One phrase in the closing paragraphs stands out for me, and cuts right to the heart of the matter:

"Trust within society would be replaced by the demand for formal identification."

In the current climate notions of trusting the government (and elements of the media) seem almost ridiculous. The arrogance and lack of principles demonstrated before, during and after the invasion of Iraq show a level of contempt for the citizenry - 1,000,000+ of whom marched to oppose the war - from a government that, despite holding a large majority in Parliament, fails to realise / acknowledge its crumbling mandate.

Tony Blair reckons he will be judged by history - I can tell him now that it'll happen a lot quicker than that!

[For crying out loud, the government are so desperate to get kids 'interested in politics' - i.e. actually voting - that they've even resorted to teaching 'citizenship' in schools. Fine, even admirable, in a healthy democracy - but a bit pathetic as a response when (young) people are turning off party politics in droves...]

But back to trust. Not only have a significant number of our leaders shown themselves to be untrustworthy (WMD anyone?), with ID cards / NIR they are demonstrating that they simply don't trust US (not the U.S. - if only!). It is terrifying that they seem to trust (a) the technology companies that stand to make untold millions out of an ID card scheme, and (b) technology itself more than the citizens that they are supposed to be serving.

In moving towards universal formal identification, the government will be further dismantling the 'human infrastructure' of society. ID cards won't ever help you get to know someone and yet, if implemented, will almost inevitably end up being used as some sort of transactional stand-in for trust - the irony being that, because they are based on technology (and therefore fallible), they are probably less trustworthy in the long run than actually getting to know a person. You know, build a relationship... have a conversation...

Tying themselves in knots

Mr Lettice's delicious 'How to fool ID card system - give a false ID, say UK gov' article in El Reg points out just how useless / ineffective / unadministrable(? you know what I mean...) ID cards will be, unless it is made compulsory to carry them or, e.g. the police get to carry portable (NIR-connected) biometric scanners.

If David Blunkett thinks that the police are going to be happy to take the flak that this fundamental change in their relationship to the general public would cause, then he is sadly mistaken. In fact, it was precisely the routine stopping of law-abiding citizens and requiring that they show their ID papers that brought the wartime scheme to an end in 1953!

As the Lord Chief Justice of the time said, "such action tends to make the public resentful of the acts of the police and inclines them to obstruct them rather than to assist them". And that was back in the far-more-respectful-of-authority 'good old days'...

Biometric fallacies

It's a few months old now, but the salient points of 'The emerging use of biometrics' in The Economist still have a bearing:

"Biometrics still do not work well enough for many applications in which they are being deployed."

UKPS biometrics trial, anyone?

"Biometrics have not yet spread beyond such niche markets, for two main reasons. The first is the unease they can inspire among users. Many people would prefer not to have to submit their eyes for scanning in order to withdraw money from a cash dispenser. The second reason is cost."

I wonder if MORI had asked 'Do you want to be fingerprinted and have your iris scanned and have both kept in a Government database?' instead of 'Would you have an ID card?' whether 80% of people would have said 'yes'?

And as for cost - £3.1 billion? And the rest...

"Governments either do not believe that the costs of biometrics still outweigh any potential benefits or, more likely, fearing more terrorism they simply do not care."

A classic knee-jerk reaction, but one that even Blunkett is having to play down these days. As the author says later in the article, "[it] is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security." N.B. for 'terrorism' read also 'illegal immigration', 'illegal working', etc.

"The oldest biometric is the one we use most frequently—a person's face. But while recognising faces is something that people can do easily, computers find it very difficult."

Recognising faces is something we are built to do (from the neurones up) but what we do is much, much more than simply recognise someone's face - we connect memories, have feelings and opinions about people and can build relationships with them over time. Computers compare pixels, measurements and database records according to fixed rules - nothing more. And only one of these provides a real basis for trust.

"It is only logical to expect biometric passports and visas to take a multibiometric approach."

Precisely because of the limits of each individual method! And they make the highly significant point also that, "...[the] other critical choice, driven by the limitations of biometric technology, is that these biometrics will be used for verification, not identification. That is because identification is simply not feasible with databases containing millions of users." [emphasis added]

There's lots more good stuff here, including a digestible run-down of the most common biometric methods - well worth a read.

What's the hurry?

Trevor Mendham at The Chestnut Tree points out today's Independent article 'Blair to push Europe Bill before election', in which it is reported that Tony Blair "...has asked ministers to give top priority to two Bills in the Queen's Speech in November for a parliamentary session that would be cut short by the election. The Bills cover the new EU treaty and David Blunkett's controversial plans for identity cards."

David Blunkett is quoted as saying - shortly after the Madrid bombing - that the cards would probably be introduced "more quickly even than we anticipated, and that is because we are living in a new world and with a new threat that we have to take account of."

Yet since the introduction of the Draft Bill, in his evidence to the Home Affairs Committee, and twice (that I have heard myself) in radio interviews Blunkett has been forced to downplay ID cards' role in combating terrorism, and illegal immigration and working - the supposed primary purposes of the scheme! There may have been a subtle shift towards identity fraud as a justification - but this is only AFTER the mainstream media seems to have swallowed at least some of Blair and Blunkett's 'no significant civil liberties objections' assertions of last month.

It is quite clear that not only do the Government not acknowledge the serious concerns of a wide range of people - including those within their own party, CESG (the Government's own Information Assurance Technical Authority, part of GCHQ), the Law Society, the British Computer Society and many others, expressed during and since their so-called 'consultation' period - but that they want to railroad the legislation through without engaging in either proper debate or a realistic assessment of the scheme - e.g. its security model (and alternatives!), the capabilities of the various technologies proposed, etc.

Surely even those in the 'if you haven't done anything wrong, you haven't got anything to fear' camp (which I refuse to believe is actually 80% of us, when asked the right question) would agree that there needs to be transparent and rigorous examination of any proposed scheme's practicalities, and free and informed debate on all of the legal and civil liberty issues.

This legislation is so flawed in principle, the scheme so misconceived in practice and both have such far-reaching implications (it'll be your kids & grandkids that feel the weight of this, folks!) that only something as momentous and controversial as the Europe Bill could possibly mask the rotten stink of its passing.

It's an Information Society, people, but that doesn't mean that the Government has a monopoly on - or even grasp of - truth and common sense. It certainly doesn't mean that they have the right to issue me with my 'one, true' identity, based on something of mine that they have (forcibly) taken from me. The choice is pretty stark - resist now, or run the risk of finding it increasingly difficult to resist this and any future Government (of ANY party or persuasion) legislation or measures with which you and your descendents might disgree.

I don't know whether to laugh or cry

Last Thursday's article in the Times, 'Long eyelashes and watery eyes thwart ID card technology' and Lucy Sheriff's take on it in El Reg report a (predicted) 7% failure rate in the iris recogniton part of the current UKPS biometric trials.

Hardly reassuring, even at this early stage of testing - but clear indication of why the Government wants multiple biometrics to be stored in the National Identity Register and on ID cards. This sort of failure rate scaled up across the population and number of identifications / authentications would seem to make for a system that was actually worse than useless!

You begin to see where the Government, like many others before them, (including myself, the first time I encountered biometrics / smartcards in systems design) may have got their security model wrong.

To get around these ridiculous failure rates, they think (or are told), why don't we put a copy of a good biometric reading on a smartcard? Its digital, therefore a perfect reproduction, and can then easily be compared with a record in the NIR - where we get impressively low failure rates - even if we can't get a good reading from the person who has presented the card to us on that particular occasion.

Wake up! You've just created a system vulnerable to (even inviting) precisely the sort of fraud you are attempting to eliminate - but just because you're using these fancy new biometrics, you think you've created a more secure system. So you promote it in ignorance - believing in the 'magic' of technology, while flying in the face of logic.

Here's how it really goes:

The minute you capture a biometric - e.g. fingerprint, iris scan, facial photograph - and make a copy of it, you are turning a 'something you are' into a 'something you (or I) have'. If, and only if, the sole copy of that record is kept safely locked up, and is accessed just to do direct comparisons with freshly-captured biometrics from people asserting to have that identity can you - WITHIN THE LIMITS OF THE TECHNOLOGY - authenticate a particular person at a particular time in a particular place.

Giving an individual a copy of his/her biometric records on a smartcard defeats the entire object of biometrics by turning something that ONLY one person can provide ('something you are') to authenticate him/herself into something that potentially anyone can provide ('something you have'). Its like handing out 'fraud tokens'... literally!

Stick with me.

So in introducing different 'modes' or 'levels' of authentication - e.g. locally to the card (no reference to NIR), card to NIR (even if local authentication fails) - you have utterly broken the reliability of your system. Someone can present a valid ID card and subvert the local biometric reader, or present a fake card at a session that they know will not reference the NIR with impunity.

Thus your system, which people have to use in their daily lives and in which they must trust completely - because it holds the key to their identity - is, in fact, creating a false sense of security.

The ultimate irony is that Blunkett and Blair seem to be driven by a need to be seen to be doing something about certain problems - terrorism, illegal immigration, etc. - but their solution is actually going to make things a whole lot worse, and not just in those areas!

And we - the citizens of the UK - are, of course, going to end up worse off than when we started with billions of pounds down the drain, stuck with a database and card system that permits criminals and terrorists to actually 'prove' they are us (while everyone has been told that this is now impossible) and allows certain authorities with sweeping remits, e.g. SOCA?, to surveil our movements and activities (even if we have done nothing wrong ourselves) to an unprecedented degree.

I'm not even getting into the fact that NIR records themselves could quite possibly get screwed up - as reported in today's piece in The Register, 'DHS and UK ID card biometric vendor in false ID lawsuit'.

So, finally, and just to explain the meaning / message of my t-shirt design [below]: I object to and oppose the creation of a National Identity Register and to the principle of putting digital biometric records into ID (smart)cards.

T-shirt anyone?

(Artwork available on request)

Hang on a minute

Dave Kebab reminded me that QinetiQ (who gave evidence to the HAC on 20th April) used to be DERA - the UK's Defence Evaluation and Research Agency. This rang a bell, and I thought I remembered some sort of flotation / privatisation cock-up a couple of years ago.

I remembered right.

Well, as it turns out the private investors (the float was abandoned) in QinetiQ are none other than the Carlyle Group, who have a 33% stake in the company. This wouldn't be the same 'ex-presidents' club' Carlyle Group that has massively profited from the 'War on Terror' would it? Oh yes it would!

Former politicians assisting a bunch of (very) private bankers ito pull off lucrative managed defense and aerospace buyouts? Forget fat cats, these guys are two-ton tigers. They won't invest just anyone's money, though - you have to be ultra-rich and connected to play in this game. That's no problem for, e.g. the Bush and Bin Laden families, of course.

I could go on, but instead - if you have a spare 45 minutes & can bear watching teeny telly on the web - here's a programme about the Group that (as they say) you won't find on CNN...

Spanner in the works?

Acording to evidence given by the Director of the Identity Cards Programme, Katherine Courtney, to the HAC on 4th May, the UKPS biometrics pilot has suffered from a few gremlins!

Old news if you read Spy Blog, I know - but I was a little surprised to hear that the much-vaunted trial is, in fact, "not about testing the robustness of biometric technology, it is instead about the customer experience, customer acceptance and the time it will take to enrol".

Huh?

Not only can't they get the capture process to work properly, but they're not even trying to find out if the underlying technology itself is up to the task! David Blunkett expects people will be "queuing up" for ID cards, and he could be right - but not for quite the reason he thinks...

Biting the bullet

After a couple of well-informed comments from wtwu at Spy Blog, I've been trying to plough further through the Home Office Publications and Consultations Archive, Hansard and HAC transcripts [see below] in an attempt to bring myself fully up to speed (going back through the whole sorry history) in time for the 19th May. I think I need more hours in the day, and a new printer cartridge...

Who are 'they' listening to?

'They' in this instance refers to the Home Affairs Committee on Identity Cards, who have published the uncorrected transcripts (i.e. neither witnesses nor Members have had the opportunity to correct the record) of oral evidence presented to them on the following dates:

11th December 2003 - Nicola Roche (Director, Identity Card Policy Unit), Katherine Courtney (Director, Identity Cards Programme), Stephen Harrison (Head, Identity Card Policy Unit, Home Office).

3rd February 2004 - Shami Chakrabarti (Director, Liberty), Simon Davies (Director, Privacy International) and Vicky Chapman (Head of Law Reform, the Law Society) then Richard Thomas (Information Commissioner) and Jonathan Bamford (Assistant Information Commissioner, Identity Cards).

10th February 2004 - Martin Hall (Director-General, Finance and Leasing Association), Gerald Vernon-Jackson (Local Government Association) and Jan Berry (Chairman, Police Federation).

24th February 2004 - Nick Kalisperas (Senior Programme Manager, ID Card Working Group, Intellect), Geoff Llewellyn (Member, ID Card Working Group, Intellect), Ross Anderson (Foundation for Information Policy Research) and Martyn Thomas (UK Computing Research Committee).

20th April 2004 - John Harrison (Edentity), Andy Jebson (Cubic Transportation Systems), Richard Haddock (LaserCard Systems Corporation) and Neil Fisher (QinetiQ).

27th April 2004 - Len Cook (Registrar General for England and Wales) and Denis Roberts (Director for Registration Services, General Register Office) then Charles Clarke (Secretary of State, Department for Education and Skills), John Hutton (Minister of State for Health) and Chris Pond (Parliamentary Under-Secretary of State, Department for Work and Pensions).

4th May 2004 - David Blunkett (Home Secretary), Desmond Browne (Minister of State for Citizenship and Immigration), Katherine Courtney (Director, Identity Cards Programme) and Stephen Harrison (Head, Identity Card Policy Unit, Home Office).

There's a lot to read here, but bits of it are really significant - e.g. its, hopefully, the primary source material for some of the articles you may have read in the Press - and reassuring(?) evidence of Parliamentary process in action. I'll leave out any comments about horses' body parts (front or rear) and let you decide...

Principles and reasoning

OK, before I get stuck in today I *highly* recommend you read John Lettice's excellent articles in The Register, Everything you never wanted to know about the UK ID card and Glitches in ID card kit frustrate Blunkett's pod people. The latter makes particular reference to Mr. Blunkett's recent 'jelly nailing' performance in front of the Home Affairs Committee:

"Blunkett's evidence does not seem to have been particularly enlightening. It was, he said, largely the media's fault that the counter-terrorism aspects of the ID scheme had been given so much attention, and he cited a Today programme interview of 14.9.2003 where he claims he said that although the ID card and the Register [the National Identity Register - let's be specific, please!] would help, they would not resolve the terrorist threat.

This latest Blunkett stance is however somewhat undermined by the alacrity with which both he and the Prime Minister have used the terror threat as a wedge to win approval for the scheme and to accelerate its introduction. Blunkett's position on the card vis a vis terrorism therefore seems to be that it is a useful weapon against terror, but when asked to explain how it will be useful against terror, he retorts that he never said it was a complete fix, and that the terror aspect had been greatly over-emphasised by the media.

As the Committee chairman testily remarked, this is a little like nailing jelly. But the serious point underlying this is that the Home Office's complete failure to nail down the specifics of what it wants, why and how it will work is vastly increasing the probability that the project will be a total catastrophe."

Following on from yesterday, when I was wondering about the figures and calculations behind the Government's £3.1bn estimate, I begin to think I would far rather hear a clear explanation of precisely what systems and approaches to digital identity the Home Office et al. have considered - and their reasons for pursuing or rejecting (aspects of) each.

[N.B. I would be very surprised to hear that any solution not involving a centralised database was up for serious consideration at any point. A NIR is about surveillance, whichever way you want to play/spin/use it - and if its not going to be used, what's the point in spending the money?]

Of course, we have the Draft Bill and Consultation Document - but these only outline what Mr Blunkett would like ID cards and a NIR to be able to do, not how they propose to achieve these goals in practice - nor, more worryingly, whether these goals are even reasonable in theory (based on past & current evidence). Before deciding policy, implementing legislation and imposing a phenomenally expensive scheme on the British public the Home Secretary should at least have to make a proper case for what he is doing.

What we have at present is mere assertion - par for the course, unfortunately, and in the context of Iraq, the 'War on Terror', etc. depressingly familiar.

Taking us into a war that many (1,000,000 marched!) did not want was bad enough. Using the same, or related, fears and excuses in an attempt to fundamentally change the relationship between citizen and State demonstrates a level of arrogance and disconnect that supercedes even Margaret Thatcher's worst efforts - e.g. "there's no such thing as society", the Poll Tax (and look where that got her). Misjudgements of this kind have the potential to twist society for generations to come and I, for one, would not like to live in a UK that treated me and my family as mindless sheep at best, and potential criminals at worst.

Mr. Blunkett, either give us a proper explanation of what EXACTLY it is you are going to do and how - or stop wasting your time and our money on pipedreams!

Where will all our money go?

So, if each ID card costs £35 (barring replacements) while we 'officially' DON'T all have to have one - unless, e.g. we want to drive a car or go on holiday - how much money will the Government raise before making it compulsory? According to Mr. Blunkett's current 'vision' it will be of the order of 80% x 60,000,000 x £35 = over £1.5 billion, crudely speaking.

Making the cards compulsory from the outset would, of course, raise the spectre of having to make the damn things free - as are, e.g. NI cards currently - which would never do! I'm sure a certain Mr. Brown would have something to say about that - hence the Home Office's 'softly, softly, makee money' approach...

Its also not clear in anything I've read yet whether these fees will form a part of, or be in addition to, the billions that this whole scheme is supposedly going to cost. We have been told for over a year now that Government estimates are £3.1 billion for a card priced at around £40 - with independant experts raising this to £5 billion, even apart from the almost inevitable overspend. See, e.g. the Foundation for Information Policy Research who brand the UK Government's ID card scheme an expensive flop.

So where are these estimates - surely the public deserve to see the figures and calculations used?

Are we 'early adopters' (bar the initial 10,000 - unless their details actually are "destroyed at the end of the trial" as promised) therefore expected to bear a huge chunk of the cost of the implementation, development and maintenance of the NIR and associated systems? Or will yet another layer of muddled-up Government bureacracy that fails to address the real problems in hand end up being funded from our overstretched taxes?

And finally, can we (the early adopters) expect to get a refund when ID cards are finally made compulsory - but if so will we have to agree, e.g. to have our tax code entered into the NIR to receive it? Beware of 'feature creep' marketed under the banner of 'convenience'...

Jobs for the boys?

Will Atos Origin, originally formed in 2000 by the merging of French (Axime + Sligos = Atos) & Dutch (Origin = Royal Philips Electronics subsidiary) IT management and services companies, who later acquired KPMG Consulting (to trade in the UK as Atos KPMG Consulting) turn out to be the soon-to-be-appointed "development partner bringing in detailed expertise from outside Government" as announced in last week's Home Office press release?

They are, after all, the ones running the current UK Passport Service Six Month Biometrics Enrolment Trial, which started only a couple of months behind schedule - an all-time record for a UK Government IT project!

Of course, their very recent acquisition of the world's leading smartcard solution provider, SchlumbergerSema (in January 2004) would make them the *obvious* choice - but could it possibly be a little arrogant of them to assert on their UK home page that:

"The increased strength and depth of our end-to-end solutions and services, coupled with our expertise in Enterprise, Financial Services, Medical Services, Public Sector, Telecom, Media and Utilities and Transport ensures that the new Atos Origin is the future of IT services in the UK." [emphasis added]

Is Atos Origin becoming so powerful that it can basically take over any company that it sees as having the potential to 'interfere' with its lucrative Public Sector contracts? Are current or future Governments likely to act (e.g. regarding anti-competitive practices) against a supplier that delivers the very core of their information infrastructure?

I'm not a great one for conspiracy theories - its hard to believe in an all-powerful, evil 'them' when greed, stupidity and untrammelled 'free' market forces seem to do just as good a job of screwing things up. The managements of the mega-consultancies, manufacturers and service companies are simply doing what comes naturally in business - i.e. keeping an eye to the bottom line - while certain politicians seem hell-bent on pissing away billions of our tax pounds, while simultaneously and systematically corrupting and undermining the fundamentals of an equal and fair Information Society.

UPDATED 5/5/04: Thanks to Trevor Mendham for pointing out the recent FT article 'Companies wary about running ID cards scheme' on his UK ID Cards blog. The article refers to concerns voiced by Capita and Serco - and mentions that Atos, EDS and Capgemini (who just last week were 'embracing a new consulting paradigm') are 'talking to the Home Office about how to build the database'!