Andy Burnham's response to Lynne Jones' letter of 12 March
Lynne Jones MP
House of Commons
IDENTITY CARD SCHEME
Thank you for your letter of 12th March 2006. I wanted to address some of the points that you made in your letter.
The plans to link the issue of passports and identity cards have a long history. It has been made explicit in consultation documents and proposed legislation, both before and after the general election. This should, therefore, not come as a surprise to anyone. Thus, your claim that the Government has acted by sleight of hand remains unfair. I am happy to summarise the history here:
In July 2002 the Government issued its first consultation document about a card scheme and one of the options canvassed was for a universal scheme linked to passports.
In November 2003, the Government announced the decision in principle to introduce identity cards and it was then made clear that there would be a two stage scheme and, in the initial stage, as well as introducing a voluntary plain identity card for those who do not have a passport, we would link the issue of identity cards to the issue of more secure passports. “Identity Cards: the Next Steps”, the policy document published in November 2003 (Cm 6020), which you have made clear in parliamentary questions that you have read, states at paragraph 16 (ii) that: -
“Linking more secure passports…to the scheme on a compulsory basis so that they will be acceptable forms of identity card. By linking the card scheme to widely held identity documents, most people will get a card conveniently and automatically as they renew an existing document”
In April 2004 we published the draft Identity Cards Bill and the same word “must” was included in subsection (2) of Clause 5 as we are now debating. We were again very clear that in the first stage of the identity cards scheme there should be no possibility of obtaining a designated document, such as a passport, without an identity card. Paragraph 2.17 of the consultation paper on the draft Identity Cards Bill published in April 2004 (Cm 6178) said that: -
“Once a document such as a passport has been designated as an ID card, this will be the only form in which it will be available – i.e. there will be no “non-ID card” variants. It would undermine confidence in the system if there were to be identity documents available on demand at different levels of security.”
In November 2004 we introduced the first Identity Cards Bill which was agreed by the House of Commons and passed at Second Reading by the House of Lords in March 2005. The same provision requiring applicants for passports or other designated documents to obtain an identity card was included in that Bill.
In May 2005 this Bill was re-introduced and, yet again, we made it absolutely clear that, once designated, obtaining a passport would also mean being issued with an identity card.
I do not accept your suggestion that Ministers have given a misleading impression in relation to the biometrics to be used in the Identity Cards Scheme. There can be no doubt that biometrics for travel documents will become a standard feature in the future, and the United States has already made clear that all countries wishing to continue to take part in their Visa Waiver program need to issue biometric passports to their citizens.
I accept that there is no requirement upon this country to incorporate the 13 biometrics into passports. However, the Government is not introducing biometrics simply because it is being forced to do so because of international commitments. The fact is that utilising multiple biometrics will not only increase the security of the identity cards scheme, but will also mean that the scheme is more inclusive. Those individuals who have difficulty in providing one sort of biometric may well be able to provide another.
I would like to make it clear that the Government does not plan to store more biometrics on the passport document than is required by international standards. However, these standards do not specify what information what information should be recorded on the database as part of the issuing process. The UK Passport Service has always recorded more information on its database than appears on the passport itself. The passport database records details of the names and place of birth of the applicant’s parents for example. I am sure that you will agree that the Government should take all reasonable and cost effective steps to prevent individuals from applying unlawfully for passports in false names. Independent and reputable experts have stated that the recording of only two fingerprints would be insufficient to guard against this type of identity fraud. This is the reason for recording all ten fingerprints. This approach is entirely consistent with international standards as these relate only to the data that is recorded on the document itself.
One of the leading existing biometric systems already in operation for the travelling public is the United States “US VISIT” system, which currently requires all visitors to the United States to enrol 2 index fingerprints on arrival. However, it was announced by the United States Secretary of Homeland Security in evidence to the Senate Committee on Commerce, Science and Transportation on 19th July 2005 that in the future, first-time visitors to the United States will be enrolled in the US VISIT system by submitting ten fingerprints, even though subsequent entries to the US will continue to require a two fingerprint scan for verification.
In addition NIST (National Institute of Standards and Technology) is trialling iris technology in the US. The technology has been deployed in several pilot projects including screening of frequent travellers at several U.S. airports and is sponsored by the Homeland Security Department.
My Rt Honourable Friend, the Home Secretary has responded to your point regarding the use of biometrics in other countries in a written response to your Parliamentary Question. In addition, the use of multiple biometrics has been accepted in principle in the International Civil Aviation Organisation (ICAO) Blueprint for machine readable travel documents which has been accepted by the 188 ICAO contracting states and includes the face as the primary mandatory biometric and iris or fingerprints as secondary and optional biometrics.
Indeed, it is interesting to note the opinions of participants in the UK Passport Service biometric enrolment trial on this issue, especially as that trial was intended as a test of the enrolment process and participant reaction to it, rather than a test of technology. After enrolling 13 biometrics, participants were asked questions about their experience and biometrics in general. The overall conclusions were that:
1) the majority of participants were ‘not very’ or ‘not at all’ concerned about having their biometrics recorded prior to enrolment
2) across all three biometrics, the vast majority found their expectations either met or bettered
3) across all three biometrics, the number of participants ‘fairly’ or ‘very’ concerned about having their biometrics taken dropped after participation, and dropped dramatically in the case of the visually impaired.
4) over 80% of the participants were either in favour or strongly in favour of the recording of facial image, fingerprint and iris biometrics being adopted for passport purposes.
While there are certainly issues in the trial that will be used to inform the approach taken by the Identity Cards Programme, the overall conclusion regarding the participant experience was very positive. Interestingly, when asked if they saw biometrics as “an infringement of civil liberties”, a very large majority disagreed. Furthermore, 92% felt they would prevent identity fraud and 83% felt they would prevent illegal immigration and illegal working.
On the issue of the use of a central database as part of the Scheme, I am happy that you concede that central databases have been used both in the United Kingdom and abroad to hold identity information to enable governments or the private sector to provide services to individuals. The concept is not new and the personal information held on the National Identity Register will be far less extensive than what is held on many central databases today, yet will be collated and recorded in a more secure and reliable manner than occurs at present.
You question whether there are “live central databases with an audit trail” in existence. Of course, the vast majority of people use such databases frequently and as a matter of course when they use a credit or debit card. Such databases hold extensive audit logs of transactions and a great deal more sensitive personal information about an individual than the National Identity Register is intended to record. Additionally, most national registers, passport databases or national insurance databases are “live central databases with audit trails” as they must make changes to an individual’s entry and record the details behind that change in an audit log. Indeed, many central databases around the world deal with far more complex issues such as judging entitlement or financial transactions than the confirmation of a piece of information that would be held on the National Identity Register.
The audit log proposed for the Identity Cards Scheme is being maintained as a safeguard to the individual. It allows an individual to check where and when information has been verified or provided to an organisation and will also ensure that any complaints about inappropriate checks against the Register can be investigated.
However, your claim that the audit log will be “extensive” misinterprets the scheme’s purposes. It is envisaged that Identity Cards will be used when it is necessary to verify identity. That is not an every day occurrence for the majority of people while the use of credit cards and mobile phones – the use of which is fully logged as shown in itemised bills and statements - occurs daily. However, situations where verification of identity is required tend to involve important transactions which could be open to abuse. Hence, the audit log is important to keep record of such occasions.
There are also legislative safeguards which oversee the provision of information from the ‘audit log’. The Bill ensures that provision of information without consent will be properly regulated and subject to independent oversight. Unauthorised disclosure of information from the Register is a criminal offence under clause 29 of the Bill.
Complementing the legislative protection, the accreditation process provides specific safeguards. The Identity Cards Agency will be accrediting user organisations based on the type of information they are requesting provision of, as well as a justification of why they are requesting it. We will also reserve the right to audit any user organisation processes to ensure they remain compliant with a sanction for those who are misusing information being the removal of accreditation and other subsequent enforcement measures including criminal prosecution where appropriate.
Surprisingly, the implication behind your statement would be that the individual should not be able to use a system where they can verify their identity electronically. Instead, although a reliable electronic source would be in place, people should continue to use less reliable paper documents such as utility bills that can be easily forged. Furthermore, you imply that such people should not be able to review records of when they have verified their identity, in a way that they would review transactions in their bank account. That simply cannot be right.
I stand by my view that your statements that the Identity Cards Scheme will make identity fraud worse are misinformed. As I stated to you in my reply to a Parliamentary Question, a range of security risk assessments have been undertaken on issues such as the physical, logical, procedural, personnel and systems aspects of the Identity Card Scheme. Such assessments have been conducted by specialised security experts, including a number from the Communications Electronic Security Group. Thus, while I happy to listen to the comments of others, the advice from experts that have actually examined our intended approach does not corroborate them. With relation to the specific issue of biometrics in this context, I would once more refer you to the operation of programmes such as US Visit that use biometrics on a central database. Studies conducted by the US National Institute of Standards & Technology have demonstrated the accuracy of that system. The Government accepts that biometrics are not a panacea but they do have the ability to improve our level of identity assurance significantly. Indeed, contrary to your claims, work by acknowledged biometric experts at NIST, the UK National Physical Laboratory and Germany’s BSI demonstrates, that produced results with regard to the accuracy of biometric matching and stability of biometrics are consistent with the needs of the Identity Cards Scheme.
On the issue of costs, my letter at no time stated or implied that passport holders would subsidise the costs of the Identity Cards Scheme. What was stated was that the cost of implementing identity cards would be higher if it were not linked with the issue of passports. The issue of passports and identity cards require similar processes and procedures. Issuing these documents together will create efficiencies and achieve economies of scale that will lead to the most cost-effective way to deliver both programmes. In addition, by linking the issue of Identity Cards to passports and immigration documents, the Agency will be better able to manage demand, as information is available relating to the volume of these documents that are issued.
I would refute your suggestion that the Home Office is ‘making up the scheme as they go along’. Although the high level policy decisions in relation to Identity Cards have been taken, it is reasonable in my view for the detailed decisions of the Scheme to be made at the appropriate time as the work of the Programme progresses. It is unreasonable to expect that final decisions on all the finer details of the scheme to have been decided some years before the first ID Cards are issued or indeed even before the primary legislation is in place. We should also not constrain potential suppliers by specifying in detail how components of the scheme should work. This would run counter to all the best procurement advice.
However, although final decisions have not yet been taken, the business case contains detailed assumptions relating to all aspects of the scheme which we believe to be accurate. KPMG agreed that the assumptions in the business case were robust and appropriate for this stage of the programme’s development. I do not believe it would be appropriate to release details of the assumptions in the business case as it could prejudice the Department’s ability to obtain value for money in the forthcoming procurement phase.
Your letter also raises a number of points concerning answers to Parliamentary Questions. I will attempt to deal with each of these in turn. While it is correct that no final decisions have been made in relation to the number of enrolment centres that will be required to support the Identity Cards Scheme, detailed assumptions have been made on this issue and they are included within the business case. We cannot however release information concerning the assumptions included within the business case for the reasons which I have already mentioned.
In relation to the points you make regarding an automatic replacement of Identity Cards, I am afraid that you have conflated two separate issues which has led you to misunderstand the points that various Home Office Ministers have made. With respect to PQ 138663 answered by my Honourable Friend Beverley Hughes, the answer stated that the validity period of an ID Card was expected to be 10 years. However the answer went on to state that it might be necessary to replace the card after a period of 5 years as it was not then certain whether the chip technology would last for 10 years. It was on that basis that a free replacement card would be issued and this was the assumption set out in Command paper 6020. However, we are now advised that chip technology with a validity of 10 years is feasible, therefore the issue of a free replacement card should no longer apply.
The PQ asked by you (6179) on 28th June 2005 asked whether a free replacement card would be issued once the validity period had expired. This question resulted from your misunderstanding of the assumption made in Command paper 6020, and I hope that I have now clarified this issue satisfactorily. It has never been the intention to issue a free ID card once the validity of the old one had expired. As with passports, it is expected that ID Cards will have a validity period of 10 years and individuals may renew the ID card once it has expired, but naturally, as is the case with passports at present, individuals will have to pay a fee to do so.
It is indeed correct that no final decisions have been made in relation to the fees that may be charged for lost, stolen or damaged cards. However, detailed assumptions on this matter have been included within the business case but it would not be appropriate to make those assumptions public at this time.
It is also correct that no detailed plans or cost estimates have been undertaken in relation to possible exemptions when the Identity Card Scheme becomes compulsory. I do not accept your reasoning that the lack of detailed plans and cost estimates indicates that the Home Office are ‘making the scheme up as they go along’. Ministers have consistently stated that ID Cards will begin to be issued in 2008, and there is no planned date for when they might become compulsory. It is not unreasonable therefore in my view for there to be no detailed plans concerning possible cost exemptions for a compulsory scheme that may well be some way in the future.
In relation to the figure of £584 million estimated annual running costs for issuing Passports and Identity Cards to British Citizens, and your point in relation to the benefits of the scheme, assumptions underlying the Identity Card Scheme are regularly refined. However, as I said in my reply to your PQ in which you asked what changes have been made to the scheme since the estimate was calculated, the changes that have been approved since then have had no overall upward impact on this figure. This applies both to revisions to the costs or the impact of any further work to the benefits of the Scheme. In addition, following an amendment agreed to in the House of Commons, the Identity Cards Bill will now require estimated figures to be given in a report to be laid before Parliament every six months. These figures will take account of both the refined cost estimates and quantified benefits of the Identity Card Scheme.
With reference to consultation, the Home Office has consulted widely throughout the gestation of the proposal and the current requirement setting phase. Indeed, on top of the initial consultation process, it has put formal structures in place to ensure the voice of truly acknowledged expertise is heard within the programme.
The Government’s Biometrics Assurance Group, chaired by the Government’s Chief Scientist and consisting of internationally eminent specialists in biometrics and related technologies reviews the biometric elements in the Scheme.
An Independent Assurance Panel covers project management, finance, procurement and the other aspects of the Programme not covered by the Biometric Assurance Group. This is chaired by Alan Hughes, a former Chief Executive of First Direct Bank. The Chair of the Independent Assurance Panel also serves as a non-executive member of the Identity Cards Programme Board.
Furthermore, the scheme’s development is also scrutinised by the Principal Users Group (PUG) and the Private Sector Users Group (PSUG) which represent the opinions of public and private sector organisations who will make use of the scheme. There are over 50 organisations involved in these forums.
There is continuing dialogue between law enforcement agencies and the Identity Cards Programme to ensure that their requirements are considered as the Scheme develops as well as co-operation with acknowledged experts in the field of fraud prevention and security. As you are aware, the Communications Electronics Security Group is involved in this work.
All of this consultation is in addition to the work that has been carried out with Intellect. While any advice that emerges from market sounding conducted with Intellect is viewed in the light of other research and advice, it is important to gain input about what is possible from firms that have practical experience in the area. Indeed, if the Government’s proposals were considered not feasible, I have no doubt that Intellect would not hesitate to say so. Indeed, the Office of Government Commerce strongly recommends that market sounding takes place with industry suppliers in advance of large procurement process. If it were not to take place, the Government could be considered to be negligent. I can only say that we are listening to the experts at OGC and are working to follow their advice.
In consideration of all of these measures, I cannot accept your claim that “[the Government] has not talked properly to the industry about their requirements and whether they are realistic” is well founded.
With reference to your comments on revealing a cost breakdown, it is interesting that your letter touches on the very reason why it is important that cost breakdowns are not revealed. As you state, companies will wish to compete for the contract. That competition will be around providing the best value for money considering both price and service levels. To reveal what the Government is prepared to spend removes an important element of what drives the competition between bidders to provide the best solution at the lowest price possible, not just the price that the Government may be prepared to spend.
Some of your other points on this topic appear to demonstrate a misunderstanding of how large procurement processes work. As you state, companies regularly announce contract values but naturally, this can only occur after they have signed the contract, not before the procurement process has commenced as they will not have signed a contract with a value to announce.
Furthermore, while you point out that the price of biometric equipment can be found online, this analysis fails to consider that such prices are for individual, off-the-shelf products. The contracts signed with suppliers as part of the procurement process will need to meet the specific requirements of the Identity Cards Scheme and thus neither the final price nor the product specification will be directly comparable to off-the-shelf products available on the internet. Thus, costings based on products found on the internet would be a knowingly inaccurate representation of the Scheme to the public and to potential bidders.
With reference to your points on witness protection, the Home Office has developed plans on how to deal with such cases in consultation with experts in this area including the police. This work indicates that there is no threat posed to such individuals by the Identity Cards Scheme and that their needs can be accommodated with the Scheme’s operations. However, as I am sure you are aware, the details of such plans or consultations cannot be revealed as the release of such information would jeopardise the effectiveness of such arrangements. Clause 27 of the Bill relates to this issue.
However, I can address one point. Your letter appears to contend that organisations can perform “lookups” on the system without an individual’s consent. This is not correct. The Government has made clear on several occasions in both Houses of Parliament that such organisations will not have direct access to browse the National Identity Register. Instead, they will be able to apply to be provided with specific information for limited purposes. They will need to submit a request for approval over a secure system and this request will be reviewed against established criteria before the information could be provided. Thus, your scenario of a “coerced policeman” is being addressed within that framework in addition to all the other protections police forces would have in place to avoid such situations from taking place. As has been made clear on a number of occasions, the ‘audit log’ will record details of all occasions when information has been requested from the register. This will naturally include details of who requested the information. It is my view therefore, that this will act as a deterrent against any unlawful attempts to obtain information from the National Identity Register.
Finally, with reference to the letter from your constituent, Mr. Andrew Hawker, I can confirm that he is a regular correspondent to the Identity Cards Programme, having written to officials over ten times. Answers to his points on calculation of benefits and cost breakdowns have been provided in previous letters. My officials will ensure that Mr. Hawker receives a further reply to any additional points he has made.