• Home
• Subjects
• Blog Roll
• Blindside
• Kable
• Advanced Search

• 

ID: outstanding questions on The Benighted Scheme

I dont really get this. An eyewitness made a contempory note of Meg Hillier telling the Home Affairs Select cttee

The National Identity Register, essentially, will be a secure database; ...hack-proof, not connected to the Internet...not be accessible online; any links with any other agency will be down encrypted links.

I understand the officials present were passing notes to try to get her back on message. What appears in the official record is is

The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will
be down encrypted links.

Why ws that toned down? If it’s not accessible online what is the use of it? Will people have to send CDs to each other? But if it is linked live to other agencies isnt that online?

Also, now we’re procuring the damn thing, do we know what will be on the card? Do we know how people authenticate the card, and what they can check?

I suspect it’s too much to try to get answers to all these questions. What would be really great is if we could get a list of all the outstanding questions about how the Benighted Scheme is supposed to work. Vey glad of any help and thoughts. Delighted to get contributions and clarifications form our loyal readers inside IPS.

Published by William Heath on 08/04/08 at 1:55pm

Comments

1. Well, as the bit that’s been taken out is “hack proof, not connected to the Internet”, the edit would seem to suggest that it will be connected to the Internet, and that they are not confident that it will be 100 per cent hack proof.

   Bit of a worry that, if you ask me…

   Reply by John Lettice  on  04/08/08  at  5:32 pm

2. "Also, now we’re procuring the damn thing, do we know what will be on the card?”

   That’s a very old-fashioned view of procurement William.  In today’s modern go-ahead public sector there’s no need to work out how something will work (or, indeed, whether it will work) before you procure it.

   Anyway, just to be helpful, I was at a presentation from IPS recently where they said that Deloitte, Ernst & Young and PA Consulting are handling all of the client-side consultancy on the project so it’s probably best to ask them.

   Reply by Dave Birch  on  04/08/08  at  10:42 pm

3. It will be a long, long, list. And it maight be a branching one, depending on which version of the scheme we are talking about.

   Highly ambitious even to contemplate answers to “all these questions”. I’d be amazed were the Home Office to give a straight coherent answer to any one question. It seems to resent even the possiblility of criticism. Here’s Meg Hillier to the Cambridge Evening News last week:
   

   The two things I would say to the N02ID campaigners are first, the act of Parliament has been passed and ID cards will be brought in. Secondly, if they have a passport I don’t know why they are worrying as they are already on the passport register - ID cards will work in a very similar way.

   Reply by  on  04/09/08  at  8:04 am

4. William I too was puzzled by that, but came to the conclusion that they mean it won’t be on the public Internet.

   I imagine they removed ‘hack proof’ because there is no such thing and Meg Hillier realised she had inadvertently misled the Committee.

   I have (at least) three outstanding questions (and subquestions): which government departments, such as the DWP, have signed up to use the scheme, what will they use it with, and how will they verify someone’s identity* for each particular use; what then will be the total cost to the public sector of using the scheme**; and if, as Meg Hillier said, “No personal data, for most of the transactions, would be revealed”, what personal data would be revealed in what particular transactions?

   * The Home Office’s Borders, Immigration and Identity Action Plan says there will be a number of ways to check someone’s identity: visually, looking at the card and its owner; checking the authenticity of the card; asking for a PIN; a ’shared secret’; or a fingerprint.

   ** It seems worth looking at the estimated cost of the NHS IT project - now approaching £20bn, but originally £5bn (some sources say £2bn!). Health Minister Lord Warner said of this, “The latter figure covered only the national contracts for the systems’ basic infrastructure and software applications”, and not the additional money needed to train staff, integrate existing systems and so on.  The DWP will need fingerprint readers if it’s going to check fingerprints, so how much will these cost, for example?

   Reply by ukliberty  on  04/09/08  at  12:37 pm

5. "William I too was puzzled by that, but came to the conclusion that they mean it won’t be on the public Internet.”

   Then how is an employer (eg, me) supposed to verify the identity of an employee?  If I can’t access the service via the Internet, will I have to install some kind of special terminal connected to the government secure intranet or similar?  That can’t be right.

   Reply by Dave Birch  on  04/09/08  at  2:21 pm

6. Dave, all the Action Plans and similar documents, committee evidence etc seem to say is along the lines of, “it will be better” (eg “This card will enable employers to help us to check identity and entitlement more easily, whether by a visual check, confirming identity through identity checking services, or accessing data on the chip directly") but not how it will be made better / made more easy.

   For example Meg Hillier said in the evidence William linked to that, “If you are an employer and someone presents to you with their passport, you would make a phone call to ... But they would then check that as verification: “Is this a real passport?”, and you would get that, yes, or, no, answer.” Not very clear!

   An Identity Checking Services Presentation says, “Visual Check - Checking whether the card photograph matches the card holder; Card Authentication - Checking whether the card is genuine and unaltered through the chip [presumably equipment is needed for that]; Pin Check - A higher level of proof by entering the PIN [this too]; Online [Oh!] / Telephone Verification – Checking through temporary codes generated by the chip or shared information [that too] ... On-line or 3-way checking (using biometrics for example) should be used only where the situation justifies or requires it.”

   (Would the prevention of illegal working justify it, I wonder?)

   The IPS website says, “The identity verification service will provide a way for accredited organisations to check an individual’s identity” but it too doesn’t say how.

   If he connects to the Identity Checking / Verification Service, how does he do so and what information will he get during that transaction?  Will he need to be ‘accredited’ and what will that involve?  Will he need to sign up to a ‘Code of Connection’?

   Who knows?

   It isn’t at all clear, to me anyway, and I’m concerned that the lack of clarity is symptomatic of a deeper problem - that they don’t know either!

   How do DWP and Council Tax staff access the CIS (because that’s what the ID scheme is based on) from their offices and homes at present? Something like a VPN? Or the ‘Government Connect Secure Extranet’?

   Reply by ukliberty  on  04/09/08  at  5:48 pm

7. "If you are an employer and someone presents to you with their passport, you would make a phone call to ... But they would then check that as verification: “Is this a real passport?”, and you would get that, yes, or, no, answer.”

   So what’s the point of an ID card in this scenario?  Someone turns up at my office claiming to be John Doe, ID number 123456.  I call up the Hillier Hotline and ask “is ID number 123456 Mr. John Doe” and they say yes.  I’ve still no idea whether it is John Doe or not and nor do they, since neither of us has any way of verifying the card or authenticating his use of it.  So you may as well save two billion quid and just issue people with numbers, not cards.

   Reply by Dave Birch  on  04/09/08  at  7:03 pm

8. "So what’s the point of an ID card in this scenario?”

   Quite.

   Reply by ukliberty  on  04/10/08  at  11:48 am

Ideal Government

Let's say what we want from e-enabled government. Let's observe government first-hand. Let's say "Wouldn't It Be Better If" (WIBBI). Become an ethnographer of bureaucracy today! It beats getting frustrated with public services.

Categories

• "What do we want?"
  • Wibbipedia/MindtheGap
  • Design: Co-creation
    • Online Maps
  • Design: user-oriented
  • Foundation of Trust
    • Identity
    • Data nitwittery
  • Save Time and Money
• Greener government IT
• Pertinent Art
• Power of Information
• Political engagement
• "Transformational Government"
• Government Procurement
• Across the Board
• Ideal Goverment - project

Comment

Anyone is free to comment. Or mail with an article if you want to be an author. I'll post it up and send you a password. This whole thing is supported by Kable.

Authors

Sign up for new articles

Copyright

Designed by...

Statistics

This page has been viewed 508558 times

Entries: 1625 | Comments: 2662 | Trackbacks: 206
Most Recent Entry: 10/08/2008 09:58 am
Most Recent Comment: 10/07/2008 12:14 am

Members: 185 | Logged in: 0 | Guests: 42
Most recent visitor: 10/08/2008 11:58 am
Most visitors ever: 443 on 10/12/2005 02:21 pm