Risk to abuse victims of national ID registration
An interesting correspondence is developing in the pages of the Glasgow Herald. On Wednesday 4th April the paper published a letter from Geraint Bevan saying (in part):
Risk to abuse victims of national ID registration
…
The national ID scheme will involve the creation of a national identity register, a vast database that will record the names, addresses and many more personal details about every UK resident. This database will be accessible nationwide by a host of government departments and agencies. It is also intended that access will be provided to private companies so that they can verify individuals’ details.
Anyone failing to keep their record up to date will face fines of up to £1000. They may also find that they are denied access to non-emergency health care; unable to enrol their children in school; unable to claim benefits; unable to obtain a passport or driving licence; and even unable to open a bank account or apply for credit.
For those who fear being found by an abusive ex-partner, this national identity register will present a grave risk. One need only consider the sale of information from DVLA’s driver database, or the theft of information from the Department of Work and Pensions and even the police national computer, to realise the impossibility of securing such a large system. It is inconceivable that anyone recorded on it will be able to escape being found by someone who is sufficiently determined.
…
Two days later, the paper carried a reply from Joan Ryan of the Home Office:
‘ID scaremongering’
Geraint Bevan’s scaremongering comments about identity cards are simply wrong. The Identity Cards Act strictly prohibits details such as your medical records or salary details being stored on the National Identity Register. In fact, only basic personal information necessary for identification purposes can be held. In addition, only vetted civil servants will have access to the register and not private companies as Mr Bevan states. Private organisations will only be able to request confirmation of an individual’s identity and then only with that individual’s consent.
Domestic violence is a horrific and cowardly crime that this government is committed to tackling. Mr Bevan’s statements are completely without merit and he would be advised to check his facts in the future.
Misinformed statements such as these can cause real distress for victims of this abuse.
A national identity scheme, underpinned by our unique biometric data, will provide a vital tool for law enforcement officials frustrating criminals who depend on multiple, false and stolen identities to operate.
Interestingly, Mr Bevan’s letter didn’t mention medical records or salary details at all.
Since Ms Ryan’s department is designing the proposed National Identity Register, and has consistently refused to publish details of how it plans to operate it, we’ll have to take her word for it that “Private organisations will only be able to request confirmation of an individual’s identity and then only with that individual’s consent.” However, it’s hard to see how keeping a complete record of every use of an ID card (Identity Cards Act, Schedule 1, paragraph 9) counts as holding “only basic personal information necessary for identification purposes”.
April 6th, 2007 at 11:09
Joan Ryan is a shifty little liar. the ID act gives the govt ability to record 51 facts about someone. Once you get out of the name adress, telephone number, etc. you are struggling to verify why they would want more. In any case the NI number of every citizen is supposed to be unique. So we seem to have a situation that in order to protect our unique id we have to have it wrapped in another unique number for the national database. This is by the way the same Joan Ryan who was having trouble with 20,000 or so files which had not been given to the Police if my memory serves correctly. I find this kind of self serving yes person very difficult to deal with.
April 6th, 2007 at 11:54
The NIR will be shared with Brussels, who are building a European eID database.
http://tinyurl.com/27lgv7
Brussels is now negotiating with Homeland Security to share it with the Yanks, (the reason why Michael Chertoff is in Europe) who incidentally are outsourcing to private companies the running of the RealID card currently being pushed in the US.
http://tinyurl.com/yptjtd
The idea that this data would be safe is a joke. The fact that Fraud investigation is now being handed to the Banks would mean that much of the data will need to be passed over anyway.
April 6th, 2007 at 13:43
According to Clause 4(i) of the Schedule to the Act, the Register may contain:
So, your medical records don’t need to be on the Register themselves – why duplicate the date when you’ve got a foreign key to the NHS systems? Ditto HMRC records for your salary. One quick database join and Bob’s Your Uncle.
April 6th, 2007 at 17:17
“Private organisations will only be able to request confirmation of an individual’s identity and then only with that individual’s consent.”
But this safeguard won’t mean much if your refusal to consent means you don’t get the products/services the private organisation sells. E.g. if you have to have your NIR entry checked to open a bank account, then the bank will get access to the information they requested to verify your identity. That is likely to include at minimum your NIRN, name, current address, DOB and some previous addresses. Thus banks and other financial service providers will be gaining access to this information on a regular basis.
April 6th, 2007 at 18:47
[...]
there’s an neat example of the straw man fallacy illustrated over at the NO2ID Newsblog that’s worth reading: An interesting correspondence is developing in the pages of [...]
April 7th, 2007 at 00:46
The following document is released under the terms of the Freedom of Information Act.
2007 ANNUAL PARLIAMENTARY BUSHELS AWARD
6 April 2007
(Chairman’s name redacted) presents his report on the deliberations of the Bushels Committee and is pleased to announce that this year’s winner is Joan Ryan MP, the Under-Secretary of State for Nationality at the Home Office.
“It is in the nature of the Award that the holder be unknown to most people. Let me start therefore by identifying the contribution which first brought Joan Ryan to the attention of the Committee. This was a letter to the Daily Telegraph on 11 November 2006 in which she gamely tried to defend ID cards while admitting that they didn’t prevent the Madrid railway bombings:
Ms Ryan then disappeared from the Committee’s view for two months or so until, on 12 January 2007, the Daily Telegraph carried the following report:
It is hard for most MPs to maintain this standard. Tony McNulty, for example, burst out laughing when Eddie Mair asked him on the PM programme to name any successful government IT project. And Dick Caborn looked distinctly nervous in his Newsnight interview with Jeremy Paxman, as he tried to explain that there was nothing odd about the UK’s £2bn bid for the Olympics turning into a £9bn invoice. Even Jack Straw was heard to apologise before saying on the Today programme that the ID cards scheme was there to defend the ultimate civil liberty, the right to life.
But not Ms Ryan. She makes it all seem so easy.
Schedule 1 of the Identity Cards Act lists the personal information that may be recorded on the National Identity Register (NIR). This may include your name and any other names you are known by or have been known by, your address and every other address you have lived at. Just the sort of information that would be needed, you might imagine, by a man determined to track down the partner he has abused and who is now in hiding. But you are an amateur. Whereas Ms Ryan is a professional to her fingertips. To her, the suggestion that the NIR is a threat to abuse victims is … “scaremongering”.
The Strategic Action Plan for the National Identity Scheme includes a two-page foreword, signed by Ms Ryan. She should therefore know that at para.2 of the plan it says that: “When you want to prove your identity to an accredited organisation, for example to open a bank account, they will, with your consent, be able to use the Scheme’s identity checking services”. And at para.86 of the plan it says: “[for] employers a combined ‘identity and right to work’ checking service will make it harder for foreign nationals to work illegally” and “when customers buy age-restricted goods, retailers will easily be able to establish proof of age”. The checking services provided for the banks, employers and retailers mentioned in the plan can only work if these companies have access to the NIR. And yet, according to Ms Ryan:
There are many biometrics which could be used to identify us. Some work well. Some don’t. The Home Office have considered three biometrics for the ID cards scheme – facial geometry, irisprints and fingerprints. According to the National Physical Laboratory, in their report to the Home Office, “face recognition fails to approach the required performance” (para.52c). The Home Office have dropped irisprints, at least for the moment. That leaves fingerprints. In the UKPS Biometrics Enrolment Trial, only 81% of participants could use their fingerprints to verify their identity (para.1.2.1.4). 19% of participants couldn’t. In a population of 50m UK cardholders, that implies that 9.5m people would find the biometrics on the ID card useless. And yet, according to Ms Ryan:
The Committee are unanimous in their opinion that the quotations above constitute the finest collection of bushels at Westminster today and we salute Joan Ryan MP, who hides her light under them.
[1] See Nina Steggar, comment #1 above
[2] See Andrew’s comment, and MartinB and James Hammerton, comment ##2 and 3, above
April 9th, 2007 at 08:30
We have another letter in the correspondence (published 9th April):
http://www.theherald.co.uk/features/letters/display.var.1315710.0.0.php
“What is the point of an ID card at all?”
Home Office minister Joan Ryan would be well advised to check her facts in future. Her response on Friday to Geraint Bevan’s letter (April 6) not only attempts to put words into Mr Bevan’s mouth – a classic politician’s move, to fight a “straw man” rather than the facts – but fails to address his key point.
…
April 10th, 2007 at 13:10
I have done a little digging around. Compare the pictures of Ms Ryan in The Strategic Action Plan for the National Identity Scheme
(p.4) and in her biography
and you will see one of the problems for biometrics based on facial geometry. Given her job, Under-Secretary of State for Nationality at the Home Office, and her responsibility for the ID cards scheme, this comparison would make a suitable illustration in any article concerning the reliability of biometrics.
Clicking on the link to her website, by the way, draws a blank. It may be undergoing reconstructive surgery but, for the moment, nothing.
And her majority in Enfield North is a precarious 1,920.
April 10th, 2007 at 20:59
“only vetted civil servants will have access to the register”
Oh good…
http://news.independent.co.uk/uk/politics/article447792.ece
Surely this is a different Department for Work and Pensions to the other Department for Work and Pensions that the “Strategic Action Plan” says is going to store the national identity register data.
April 11th, 2007 at 21:43
It’s obviously Joan Ryan week. Private Eye’s Called to ordure column this week, #1182, is devoted to her appearance before the European scrutiny committee.
She shouldn’t have been there. John Reid should. But he ducked out of it. And the poor unfortunate Ryan had to suffer in his stead.
She was “blotchy with stress”. “Ryan started to look a little queasy.” “Ryan’s hands were by now shaking.” “Ryan was out of her depth.” She was “almost in tears”.
One must feel sorry for her. She should do an Estelle Morris.
But that is not the point of this post.
In the end, the important point made in the Eye article is that there is nothing that the scrutiny committee can do. The government ignores them and their warnings and their advice and just presses on regardless, out of democratic control.
Backbenchers and the Committees are in the same boat as us. They can tear Joan Ryan to pieces. But it quickly becomes pointless sadism.
How do we influence the Mister Bigs? Where should our lobbying be directed to be effective?
April 12th, 2007 at 12:57
Re: ‘Joan Ryan Week’ comment. Though she isn’t overly popular with the Eye in any case, the report is accurate.
If you read the transcript for that particular meeting you will get a much fuller picture as to why they were so annoyed and not being terribly charitable.
Something that was mentioned to me a while ago – and I had to agree – was the government’s habit that they wheel out one of the girls any time they have to defend the indefensible. This pretty much proves it in spades.
This is two sins rolled into one – the government trying to avoid accountability by not having the primary culprit available, compounded by trying to rely on the committee being less hostile out of ‘gender politeness’.
April 13th, 2007 at 12:01
Johnny Mnemonic, comment #8, thank you for that Independent link, which I have added to my collection of security problems with passports and ID cards.
This collection is available to anyone requiring evidence to support their case against ePassports and ID cards.