WRITTEN ON November 8th, 2008 BY William Heath AND STORED IN Foundation of Trust, Identity, What do we want?

IPS this week publishd a new document called “Introducing the National Identity Scheme – How the Scheme will work and how it will benefit you”. I find it has a somewhat improved tone – it seems less prescriptive than previous communications, for example it reminds the reader of the currently voluntary nature of the scheme.

There no pretence at even-handed discussion of people’s needs; it’s a document dedicated to the uphill task of trying to sell this ill-conceived product. It does not, for example, spell out “What it will not do” eg establish the bearer’s intentions/good faith, replace the passport for travel outside Europe, by itself prove entitlement to welfare or ability to drive, or allow online log-in to services (at this stage anyway). It doesn’t tackle the fast-emerging needs of an on-line world.

Mercifully there are no phases like “There are an ever-increasing number of situations where you need to prove that you are who you say you are,” which is an improvement.

Fact is, the ID Card is applicable to real-life (ie offline, not online) situations where it is necessary to prove your identity. There are relatively few of these, and the only way they will increase is through regulation.

They give the example of Bill:

Bill is the owner of a coffee shop and has just made a job offer to Sally to start work next week. Before she can start, it is standard practice to check her identity and right to work so Bill asks Sally for evidence of both. Sally chooses to show Bill her identity card which confirms both her identity and her right to work in the UK and gives her consent for him to get her National Insurance Number from the Identity and Passport Service. Bill is pleased by this as it means he can get her payment and deductions set up quickly and right first time.

“Standard practice” is IPS-speak for an imposed regulatory hurdle. In real life Bill doesnt’t give a rat’s arse about Sally’s real identity (and in fact she’s called Nancy and trying to escape an abusive partner). He wants her to make sandwiches, keep things clean and be nice to customers. But the government wishes to obsess about her true identity and will clobber Bill unless he acts as the unpaid agent of their obsession. The ID Card system is one way he can get them off his back. In due course her abusive partner, by slipping £100 to a bent IPS employee or contractor is able to get hold of Sally aka Nancy’s up-to-date details. He checks these online using a password stolen from a BT Webwise/Phorm server. He catches up with her and, well, fill in the rest yourself.

Of course there are far more situations in which it is necessary to prove one’s entitlement (eg that one is allowed to drive or old enough to buy an age-restricted product) rather than one’s identity. But this basic distinction – after a good decade during which it has repeatedly to my knowledge been spelt out to government in various consulations – is still not clearly made here.

The irony is that when IPS takes on board and reflects the points of its critics this tends to underline that the Benighted System is a poorly-designed solution. For example IPS offers the example of 19-year-old Sita trying to buy a round of drinks. Challenged by the barman, she produces her ID card.

As she puts the card back in her purse she is relieved that she no longer has to hand over documents with her address on them to prove her age.

Yeah, right. So to buy a pint Sita has to reveal to the leering barman (who moonlights as a paedophilic illegal-immigrant drug dealer) her name and her date of birth, her citizenship, ID card number, place of birth and signature. She has to carry with her and produce in a bar full of violent binge drinkers an expensive piece of plastic which is hard to replace if she loses it, requiring another round of applications and once again going through the humiliation of being fingerprinted like a recidivist.

It’s a start to see IPS trying to think in terms of privacy benefits. But the thinking is going into the eleventh hour PR, not the original design.

It is frankly pathetic for IPS to claim the Benighted Scheme offers a privacy-friendly way to prove the simple point that Sita is over 18. This particular problem could be solved in a privacy-friendly way, eg a cheap card with just a photo, a Portman watermark and “entitled to drink” confirmation, or a high-tech thumbprint-activated photocard which shows a green light only if you are over 18 but gives no other details. Better still to get rid of the drinking age and place the responsibility on pub managers and bar staff to serve booze responsibly. This social problem is not one which the ID Scheme as proposed is well designed to solve.

It would be good if a government brochure on the subject could give clarity about how frequent an occurrence the need to prove identity really is. Much more frequent for some than for others, no doubt. But for everyone much less frequent than proving entitlement.

The document seems to suggest that the NIR is to become the consent-based delivery vehicle for “Tell us once”:

If you need to make a change to your record, for example because you have moved, you will be able to get in touch with the Identity and Passport Service and, once we have confirmed that you are the rightful
owner of that identity record, making the change will be a straightforward process. And, if you would like us to, we will use the new information to keep other public sector records up-to-date to save you time and to help ensure you get the right services in the most efficient way.

Is that how the Tellusonce team sees it? Will it be one of several ways into solving this problem, which the Blair goverment promised would be solved by 2005? Are we putting the Home Office at the heart of public services?

The IPS brochure lacks a short paragraph called “What happens if I dont want an Identity Card?”. This should say “that’s fine – no problem. You save £30 (alright – plus £25 for the fingerprinting makes £55) but forego the convenience of travel in Europe and will continue to have to identify yourself with gas bills etc, assuming these are still acceptable. So there’s no penalty or stigma as such, but it may be inconvenient.”

It does at least acknowledge in the section “What happens if I lose my card?” that people might not want a replacement.

One part I dont quite understand. It says I can log in online and check my NIR details and who has accessed the entry on the the Register recently. Hang on. Surely it is physically and logically impossible, if that is the case, to secure the NIR against other people posing as me logging on to see my record or what I have been up to recently (eg if they intercept my web traffic with a system like BT Webwise/Phorm or if they recover a file of lost Gateway passwords in a pub car park). So the Register introduces an unmanageable new risk of data loss. Who accepts liability for that, and what are the arrangements for restitution if the service is abused?

IPS says

Your information will not be passed to a private sector organisation without your consent.

But they will need to make clear that all this data will indeed be managed, processed and stored by one or more private sector organisations.

They could make the point that government is belatedly and grudgingly becoming more sensitive to the value of personal data. We’re well into the “paying lip service” stage and even in some areas doing something about it, for example putting a halt to the sale of the electoral roll.

IPS doesnt have a great track record in what it does online. Liam Byrne still hasn’t spoken to me since we shared a platform at IPPR and I pointed out that the online job applications for ID interviewers (which asked for a great deal of personal data) weren’t even encrypted.

Today it is still clumsy on the web. The ID home page emphasises its commitment to listening and to young people:

MyLifeMyID: the online community for young people to have their say about identity issues

and carries a link to the absurd “MylifemyID” site intended to engage yoot. But when the earnest young person anxiously clicks the link to find out how they can secure their identity in a convenient way while at the same time interdicting the activities of terrorists they get the message

Site off-line: The mylifemyid community has now finished. Many thanks for your contribution. We will post a notification here when the report is published.

There are still several links to this shallow and now defunct piece of work (which was rushed through in the hope of bolstering the minister’s announcement) on the Home Office and IPS sites. These are elementary errors.

This is all still far from Ideal.