12 March 2006
Click here for details of an open letter to
Home Office Minister, Andy Burnham, prior to the consideration of Lords Amendments on 13
March 2006 and for a copy of his response of 16 March.
07 July 2005
When MPs were first asked to vote on the Identity Card
Bill earlier this year, I voted against the proposals at the Third Reading on 10
February 2005. The Bill then fell because of the General Election. A virtually
identical Bill has now been re-introduced and, in my view, the new Bill is just as
seriously flawed as the old one.
I voted against the Bill at Second Reading on 28 June
(click here for a link
to my speech) and I explain some of my concerns below.
It is very important that today's terrible events in
London do not prevent these issues from being examined thoroughly and calmly.
Costs of the National Identity Register (NIR)
Office says that the cost of complying with international requirements for biometric
passports will account for 70% of the cost of implementing and running the NIR. However, the London School of Economics has
produced a report that finds that the UK Passport Service (UKPS) figures are
insufficient to run the NIR and only cover basics like putting a chip in the passport,
placing a biometric on the chip, making the necessary changes to their current database
for these processes to occur and secure home delivery.
Other countries are not going down this route (see below). The proposed NIR is not comparable to the current
UKPS database which only holds the details we give when we apply for a passport and is not
altered (e.g. when the passport is used or checked as is proposed under the ID cards
scheme) for the 10 year validity period. Instead
it will be an active database with an audit trail on each of us (a key concern of the
Information Commissioner) and, with the 51 data-types outlined in the Bill, it will need
constant maintenance and high level security.
In response to
PQs asking for more details of the Governments cost estimates on running the NIR, we
are told that it would be inappropriate to release this information in advance of
procurement. However, MPs and Peers have only
been asking for a general breakdown of the £584m per year cost given in the Regulatory
Impact Assessment and not a detailed breakdown of the Governments business
plan. Given the genuine concerns about
cost of the NIR and the fact the London
School of Economics put the cost at between £10.6bn and £19.2bn over 10 years (as
opposed to the Government figure of £5.8bn), at the very least, we should be told what
proportion of the Government £584m per year figure relates to the NIR.
Government criticisms of the
A model from
UK public-sector IT analyst, Kable,
formed the basis of the London School of Economics costings. However, Charles Clarke
and other Home Office Ministers have sought to undermine the LSE report and have
pronounced on the figures as "fabricated". The only specific criticism the
Home Secretary made when asked how he could justify this accusation was that the LSE
academics had made an erroneous assumption that the cards need renewing every five years,
stating: "This doubles the cost right off,". However, his own department
answered a Parliamentary Question (PQ) I asked on this issue 18 months ago: "We
expect the validity period of the card to be 10 years," said the then home office
minister, Beverley Hughes. "However, in order to ensure that the cards are reliable
it may be necessary to replace them after five years."
The full text of the PQ is as follows:
10 Dec 2003 : Column 497W
Lynne Jones: To ask the Secretary of State for the
Home Department for what period of time he proposes that identity cards should remain
Beverley Hughes: We expect the validity period of
the card to be 10 years.
However, in order to ensure that the cards, which
incorporate technology features such as a microchip function, are reliable, it may be
necessary to replace the cards after five years.
The costs estimates which my right hon. Friend the Home
Secretary set out in Command Paper 6020 were based on the assumption that this automatic
replacement card would be provided free of charge.
The scheme would also include an allowance for having a
lifetime card validity period for those who have been in retirement for some time.
Foreign nationals coming to the United Kingdom for more
than three months would be issued with a card valid for up to five years depending on the
conditions of their clearance. For foreign nationals granted permanent residence the
validity period for their cards would be on the same basis as that for British citizens.
Will the technology work?
No scheme on this scale has been undertaken anywhere in the world. Smaller and less ambitious schemes have encountered
substantial technological and operational problems that are likely to be amplified in a
large-scale national system. The use and
storage of biometrics on the NIR creates particular concerns because this technology has
never been used on such a scale (the article below covers this
issue in more detail). The Government has
undertaken no research with the specific aim of testing the biometric technology to be
used in the proposed scheme, as yet only an enrolment
trial by the UKPS has been carried out.
International requirements for passports
We can have
biometrics on smart cards to comply with international requirements on travel documents
but they do not have to be centrally held on a database.
The European Commissions Data Protection Working Party in their
publication Working Document on Biometrics looked
at whether biometric information should be kept on smart cards and retained by the
individual or whether it was acceptable to store the information on a centralised
database. The House of Commons Library note on
states that the Working Partys clear preference is for the former as it believes
centralized storage presents an increased risk of data misuse.
The London School of Economics
coverage of the LSE Report has been on its criticism of the Government's figures on the
cost of the scheme. However, the LSE also provides an alternative
blueprint to the Government's scheme and this significant proposal has received
insufficient attention. The LSE gives the Government an alternative that will be
much cheaper and more resilient.
The LSE alternative ID card would also give
citizens far more control over who can access data about them, and hence would be more
likely to win positive public and industry support.
recently announced it would be having new biometric passports. But their biometrics will follow the EC Working
Partys preference and so will have no centralised database (every passport will
include two index-fingerprints as well as facial biometrics). It is noteworthy that, even without a database, the
cost of these passports is now reported to have more than doubled to 59 euros rather than
the 23 originally cited. Nevertheless this is
still, at £40, far less than £67 our Government wants to charge for UK biometric
passports (up £25 on the current cost of £42).
Australia public rejection and
In 1987 in the
face of mass public protests, after initially high public support for the scheme, the
Australian Government scrapped their ID card proposal.
On June 29 2005, Australian Associated Press reported that, in the wake of
the UK debate:
Australian Attorney-General Philip Ruddock has stated that Australia
will not introduce a national identification card because of the fear of identity theft by
criminals and that such a scheme could actually compromise Australians' security: "We
haven't supported an approach where all personal information is centralised on one
database and a single form of identification is used
Such an approach could actually increase the risk of identity fraud because
only one document would need to be counterfeited to establish an identity."
Radio Frequency Identification (RFID)
RFID tagging is a form of automatic identification and data capture,
widely used for example, in animal tagging, where data stored on a tag is transferred via
a radio frequency link. The principle is
similar to the more familiar bar-code, however, RFID has the ability to store large
amounts of data and to read many tags simultaneously.
Following a PQ from Alan Simpson, the Home Office confirmed that it
was considering including RFID technology in the ID card. "No decisions have been
taken yet on the chip technology for ID cards", the Home Office said.
Given the way that peace protestors at RAF Fairford, including my constituent, Brenda
Burrell, were repeatedly searched to the point of harassment under the Terrorism Act 2000
during the Iraq war, I am concerned that we could end up with a situation where RFID
technology could, amonst other things, be used by Police to record the details of those
present at demonstrations without their knowledge.
31 May 2005
ID CARDS SCHEME - FLAWED IN PRINCIPLE AND IN PRACTICE
reintroducing the Identity Cards Bill, the Government is again expecting MPs to take
decisions on a matter that will fundamentally change the relationship between the citizen
and the state without basic questions about the workings of the scheme or the
justification of the spiralling costs (currently up to £5.8billion) being answered.
been no proper tests of the biometric technology to be used for ID cards, just some
preliminary data from the UK Passport Service biometric enrolment trial published on the
same day as the Bill. The trial was designed
primarily to record customer experience and attitude to the scanning process itself, which
takes about 8 minutes. However the trial also
involved verification of each scan electronic facial image, iris scan and
fingerprint. For the facial biometric, the
success rate was 69%, fingerprints gave a success rate of 81% and iris scans 96% (less for
disabled people in each case). Success rates
for iris scans were lower for black people and those over 59.
96% success rate for the iris scan, this means that for every 100 scans there will be 4
false matches. On a database of 50 million,
this would mean each persons scan would match 2 million other records, making it
impossible to stop someone claiming multiple identities, the whole point of having ID
cards. The accuracy of the system will be
greatly improved by using more than one biometric identifier and that is why ministers
have now announced that all three forms of biometric will be incorporated on the identity
card/passport. Even with a system as accurate
as 99.9%, which would be fine for a relatively small database eg for criminal records, for
a 48 million (all those 16 and over) population there would still be 48,000 false matches!
and accuracy questions remain. All that the
proposed identity card can guarantee is that the holder is the person whose biometrics are
on the card and even then only if the persons actual fingerprints/iris/facial
characteristics are scanned to check they are the same as on the card or the same as that
held on the central database - in which case carrying the card is irrelevant! Such a system would not prevent people from getting
multiple cards under different names. As
explained above, the limited accuracy for biometric systems, combined with the sheer
number of people to be identified means that any extra fraudulent identities will be
completely swamped by the number of false matches on the database. Having three biometrics will substantially reduce
but not eliminate this problem. However this triples the size of the database and
massively increases the cost of installation and maintenance and of things going
wrong. The largest iris scanning system
currently in use has only 30,000 records.
theres the issue of the security of the database itself. Hackers who got access to the database could cause
their proposals, ministers cite 80% public support from a Mori poll. In a climate of tabloid fear about terrorism and
immigration, this response is not surprising. Once
people have to start queuing up to be scanned and then pay (on Government estimates,
probably an under-estimate) £93 for the privilege, perhaps they will be less keen. Enthusiasm would no doubt also wane once people
realise that they could be fined £1000 for failing to notify a change of address or they
could receive a penalty of up to £2,500 for failure to attend an appointment for a
fingerprint or iris scan. This fine can be repeated for every subsequent failure
Government originally put the cost of biometric passports at £415 million per annum by
200809 but in the space of only a few months this has risen to £584 million because
of the need to record, match and store three types of biometric information. I have tabled parliamentary questions seeking more
information about these costs, which experts have queried. Although
it will be necessary to meet international requirements for biometric passports (requiring
facial identity and fingerprints) these do not require the same accessibility to the
massive database that is behind the Governments identity card scheme. The Governments record on big IT projects
gives no confidence that the scheme will be introduced on time or to budget. The National Audit Office have highlighted the
serious shortages of public sector staff with the necessary project and programme
are yet to be made on the number and location
of centres where biometric information may be collected but Charles Clarke has indicated
there could be around 70 such centres. Feasibility and cost issues are yet to be thoroughly evaluated. For example, it is not known what the price tag
would be on the 4,500 card readers that would be required at Jobcentres let alone
all the other places validation will be required (GPs surgeries, hospitals, employers, the
list is endless). Even if identity cards were
a good idea, which I doubt, the Government
just havent done the necessary work to find out.
will not assist in reducing the number of people employed illegally in the UK. Many illegal immigrant workers are employed (and
exploited) with the employers full knowledge that they do not have employment rights
in this country. Asylum seekers are already
issued with identity cards - Application Registration Cards that contain photographs and
fingerprints and other personal details. And
the claims that ID cards would help to combat organised crime and terrorism are clearly
aside, there are crucial issues of principle at stake.
The amount of information stored about us could grow and grow without us
necessarily knowing. Already the proposal is
to be able to track the occasions our identity is checked on the database, giving the
Government access to our movements. There is
also a worry that data held on us could be accessible to other states. Press reports tell us that Michael Chertoff, the
newly appointed US Secretary for Homeland Security, has already had talks with the Home
Secretary, Charles Clarke, and the Transport Secretary, Alistair Darling, to discuss the
aim of the UK and the US getting the same technology to ensure compatibility in screening
Any measure which gives another state direct access to a database of
information about UK citizens compromises our democratic control and would be completely
unacceptable. If the plans were to go ahead,
we must ensure that we have a system that is not directly accessible by other states.
people are getting hung up on the issue of compulsion to either register or carry the
cards, as though it not being compulsory represents some kind of concession or respect for
civil liberties. This is a red herring. Even if the power in Clause 6 of the Bill to make
it compulsory to register is not given the necessary approvalby Parliament, there will be
compulsion through the back door as we wont be able to do everyday things, like go
to the doctor, claim benefits, get a job etc without being on the database and having our
identity checked. Because the scheme is based
on a biometric database, we could be subject to database checks whether we carry a piece
of plastic or not, as we all carry our biometric details on us at all times! The existence of the database will encourage a
culture of suspicion leading to random checks and people who look or sound
different will always be disproportionately affected.
being the solution to problems of security, criminality and fair access to public
services, identity cards offer a single point of failure.
The ID card would be seen as infallible and relied on too strongly so the
benefit of the doubt is given on the presentation of the card. This would create a false sense of security and
create more opportunities for organised crime and terrorism.
very minimum, I can see no good reason for spending billions on introducing ID cards
without far more work on the technology and a proper cost-benefits appraisal being carried
out. If, as I have reason to believe, such
work is a long way off, now is not the time to expect MPs to have to vote on this issue.
In July 2002 the Government started consulting on proposals for what
they then called an 'entitlement' card.
we have a Home Office Identity
Card Bill. The Government has said that the Governments proposed Identity Card
scheme is intended to combat identity theft, fraud and illegal migration. It is also claimed that it would help to combat
terrorism, although there is little hard evidence for this.
have serious reservations about such a scheme, and feel the following questions need to be
How much information would be stored on these cards?
How many different agencies would have access to this
Once established, would the amount of information stored
about us grow and grow?
Given the disastrous history of major government IT
projects, what are the chances of successfully delivering a secure system which works?
It seems inevitable that such a scheme would eventually
become compulsory; would people really be in favour of an Identity Card that they had to
carry at all times?
that the proposed Identity Card can guarantee is that the holder is the person whose
biometrics are on the card. According to Simon
Davies, an expert in information systems at the London School of Economics, such a system
would not prevent people from getting multiple cards under different names. The problem is that there is limited accuracy for
biometric systems, such as iris recognition systems; and this combined with the sheer
number of people to be identified will mean that any extra fraudulent identities will be
completely swamped by the number of false matches on the database (this point is raised in
an article in the New Scientist, 21
In my view ID cards will not help deal with
criminality and I cannot see how they will help combat the black market in low-paid
labour. I feel
that an Identity Card scheme could simply give us a false sense of security, and in my
view the enormous sums required to set up a scheme, estimated at some £3 billion, could
be far better spent on other things, such as hospitals, education and the alleviation of
Citizen's Advice briefing on ID cards
ID Cards Bill, Second Reading, 20 December 2004
The introduction of ID cards has four
- cutting illegal immigration and working;
- fighting terrorism and organised crime;
- reducing identity fraud;
- improving the delivery of public services.
Citizens Advice has
concerns that the Government have not shown how the proposed scheme will achieve any of
these objectives, nor has it commissioned nearly enough research and risk assessment on
the dangers of the system failing under the weight of administrative burden, cost and poor
In addition, although
some of the central functions seem clear and consistent, there have been enough changes in
the proposals to justify some of the arguments that the Government is not clear about what
it wants and that widespread concerns about rather different future usage (so called
function creep) have not been prevented by the Bill.
We also believe that
there ought to be an onus on the Government to show how they will deal with the large
number of technical, financial and administrative challenges which such a scheme would
have to overcome. In its response to the Fourth Report from the Home Affairs Committee and
on the face of the Bill the Government has plainly failed to provide any clear plan or
strategy for dealing with these challenges.
Cost to the nation
There are serious doubts
as to whether this project is deliverable on budget and, were revised cost estimates to
significantly rise, whether it would deliver value for money. The hidden and additional
costs of administrative problems and of dealing with issues around non-compliance and
database management are too significant to merit the Bills successful progress to
Cost to the consumer
If citizens living in
poverty are to be able to afford to participate in this scheme there needs to be a clear
and fair charging regime. The Government has so far failed to make any undertakings about
easing the burden for the financially excluded, and we share a level of scepticism about
the figures that have been bandied about. If an equitable exemption and subsidy system
were to be devised (not only for initial fees, but also subsequent transactions) this
would inevitably have an impact on the overall cost.
IT problems and complexity
Citizens Advice deals
with millions of problems every year in which citizens have suffered detriment from the
failure of IT administrative systems dealing with benefits and many other public services.
We are very concerned that there have been no public risk assessments of the types of
technical glitches to which all large IT projects are invariably prone, as evidenced by
our clients experiences of IT in the NHS and the benefits and tax credits systems.
No risk assessment has
taken place on potential rates of deliberate or accidental non-compliance and of the
effect of the Secretary of State enforcing his right to remove someones ID card
without replacing it. Nor of the projected permeation of the scheme into those parts of
the hardest to reach population, including people with itinerant,
counterculture or chaotic lifestyles, and those with mental health or mental capacity
problems which have proved so elusive to other statutory schemes (the Census, benefit
take-up, passports, tax, NI numbers and so on).
Detailed assessments of
the propensity of this system to incentivise black market activities, and of the displaced
costs of dealing with significant numbers of newly flushed-out people working
around the edges of legality have not been conducted. The use of biometric data will form
a significant disincentive, for example, to those who have ever been involved in
anti-social and criminal activity.
The Government is asking for an awful
lot if it believes that this Bill should be passed when it has said nothing about the vast
array of administrative problems which Citizens Advice, from its dealings with many
analogous systems, and many others organisations have identified as being inevitable.
Entry requirements, accuracy of data
input, changes in circumstance and protocols for lost, damaged, mislaid and stolen ID
cards are all central issues which require examination in advance of the commitment to
proceed with the scheme. Virtually all countries with ID cards report that their loss or
damage causes immense problems. Up to five per cent of cards are lost, stolen or damaged
each year, and the result can be denial of service and benefits, and, in the broadest
sense, loss of identity.
There exists a paradox in the
replacement of cards. The replacement of a high security, high integrity card involves
significant administrative involvement. Documents must be presented in person to an
official. Cards must be processed centrally. This process can take some weeks. However, a
low value card can be replaced in a lesser time, but its loss poses security threats
because of the risk of fraud and misuse. People who lose a wallet full of cards quickly
understand the misfortune and inconvenience that can result. A single ID card when lost or
stolen can have precisely the same impact in a persons life.
The EU has expressed
concern that the wide scale use of biometrics circumvents data protection legislation and:
"substantially increases the risk of the data being used in a manner that was
disproportionate to, or incompatible with, the original purposes for which they were
One of the things that concerns many
people about ID Cards is "function creep". Even if it is not technically
compulsory to carry them, the cards will become so essential to everyday life that there
may develop a de facto compulsion to carry. If this is either the implicit intention of
the Bill or a recognised and designed possibility, there ought to be primary
legislation and parliamentary scrutiny on the matter.
Crime and Human Rights
The success of ID cards as a means of
fighting crime or illegal immigration will depend on discretionary checking procedures,
which might disproportionately target minorities.
However, we do have longstanding
concerns over the use of stolen identities in criminal activity, to obtain goods or
services by deception. Currently, the use of a false identity or the adoption of another
persons identity is not a criminal offence unless it can be proved that there was
some conspiracy to commit a criminal act or fraud, or that a criminal act or fraud took
place. We consider that there is a case for a new offence in this area, but this would be
better carried out within the framework of the Law Commission proposals on fraud so that
the implications are properly considered.
Citizens Advice do not believe that
the Government have begun to answer enough of the questions that have been raised about
the feasibility, cost and administration of Identity Cards to support the passage of this
Bill at this stage.
back to top