WRITTEN ON July 13th, 2009 BY Sir Bonar Neville-Kingdom GCMG KCVO AND STORED IN Foundation of Trust, Identity, What do we want?

Sir Bonar writes:

The public needs to understand two things.

First is that on their own people’s identities are inherently insecure. My own identity, for example, is Sir Bonar Neville-Kingdom GCMG, KCVO. Well and good, you might say. But what if some Tom, Dick or Harry, or perhaps an immigrant, shall we say from Albania were to come to our shores and set up as a drug dealer under the identity “Sir Bonar Neville-Kingdom GCMG, KCVO”? Where would that leave matters?

If however we attach biometrics to our identities it provides a 100% secure way to verify that you are precisely who you say you are. We might need in this instance to enact legislation to make it an extra offence to puchase drugs without verifying the identity of the vendor using biometric techniques. Thus the customer would ask the impostor to prove their identity (or risk a fine) by showing an identty card and submitting their biometrics. This could be done in a Post Office, perhaps, or one of our own IPS identity verification centres. This would be a convenient way to eliminate the growing problem of identity theft in the underworld.

Did I mention that Home Office research shows that 97% of drugs offences are committed without gold-standard proof of identity at point of purchase? I feel this rather proves my point.

The second canard I wish to shoot is this absurd notion that there will be one massive central database. In fact that National Identity Register (NIR) will be made up of several databases, rather than one central database. We shall then penetrate them all, with testing.

People think we have one giant database, but nothing could be further from the truth. In fact there is one database that holds the biographic details, and quite a different one that holds the biometric details. Then there is a third, again entirely separate data store for the PKI [public key infrastructure] details. These separate databases are then connected, by wires, as it were.

Security is our utmost concern. Our internal procedures are without parallel, and much admired in other parts of the world. Indeed we had a delegation from Barbados to inspect them the other day, and are much looking forward to a return visit. Only a few hundred staff can take the entire database out of the building on removable media, and these jobs now appear to be highly sought-after.

The Home Office has a world-class encryption bureau who will protect any data that needs to be sent outside of the secure perimeter, the GSi and all memory sticks. We have a new set of procedures called Securing the Delivery Chain which checks that contractors handling sensitive or personal data meet required security standards. I have even personally written to all our existing suppliers asking whether they can assure us they are adhering to all the standards and have had to send out several reminders. I have in recent weeks met them all, often in an informal social setting such as Wimbledon or the ballet, to stress the importance we place on security. One can hardly do more.