Yesterday's Committee stage debate (which continues today, and on the 23rd of November), as usual , did not get around to actually amending anything in the Bill, with the opposition Amendments either being withdrawn or voted down.
Baroness Scotland of Asthal, the Home Office Minister in the Lords, has made various promises on the floor of the Lord's Chamber, in the past , on the previous version of the Bill (e.g. on the badly worded clause 31 Tampering with the register which will criminalise lots of Civil Servants and IT contractors, for mistakes and errors beyond their control) and on the current one (promising to limit access to the Audit Trail), which have not actually yet been translated into Government amendments.
Therefore her explanations of some of the detail, which has not been made public by the Home Office needs to be
treated with extreme caution, especially her revelations about the so called "voluntary" phase of the scheme - she claims that there will be no legal duty to update your name and address changes until the Compulsory phase of
the scheme is inflicted on us by the "super-affirmative" votes in Parliament at some unspecified future date.
Baroness Scotland also managed to yet again disparage the London School of Economics Identity Project report, by referring obliquely to the fact that it did not mention a study into fingerprint accuracy by the United States National Institute of Standards and Technology (NIST)
The other Government Minister, Lord Bassam of Brighton also went through the motions, as before, but did seem , to Home Office kremlinologists like ourselves, to imply that your Home Address would not be printed on the ID Card itself, something which numerous people have suggested would be a good idea, but about which there has been no official confirmation.
The contributions by Lord Gould of Brookwood:, a professional opinion pollster seemed very NuLabour.
Some security related highlights from the debate:
Baroness Scotland of Asthal: . Amendments Nos. 10 and 12 focus on the security of the national identity register and are, in these instances, unnecessary, as I am sure Members of the Committee are aware. The fact that security of the register will be of paramount importance does not need to be set out in primary legislation. It stands to reason that that should be the case. Furthermore, the Data Protection Act -- in particular the seventh data 15 Nov 2005 : Column 989 protection principle—imposes a statutory obligation to ensure that appropriate technical measures are taken in order to secure the safety of the register.
The NIR is not physically connected to the Internet or any publicly available network. The security control procedures designed to connect the NIR to application handling and identity verification systems are among the most sophisticated currently available. Those safeguards are designed to provide a "defence in depth" and distributed security architecture, and are considered unlikely to be vulnerable to external attack while under appropriate management, audit and security operating procedures.
The content of the national identity register will never be stored in a manner that would leave it exposed to the risk of data extraction. There will be a very small number of encrypted communications links serving the database, with no direct PC access to the register. It goes without saying that the register will be developed to be a fully secure method for storing and verifying registrable facts. The scheme will not serve the purpose envisaged if it provides only a partially secure method. It is also important to note that to date there has not been a recorded security breach or compromise of a government database which is protected in the same manner as that designed to protect the national identity register.
These words by Baroness Scotland directly contradict the previous comments by her Home Office colleague Tony McNulty, who claimed during the Commons Second Reading:
- "We want people to be able to access secure websites, by means of their PIN number, so that they can adjust and change data on the register. "
Even if the centralised National Identity Register databases are nominally "secure" against outside attack, that says nothing about abuses by bribed, coerced, blackmailed or just officious and nosey authorised insiders, a point which was brought up a bit later in the debate.
It also says nothing about the security against "credential sniffing" or "man in the middle attacks" at the extremities of the system i.e. the biometric readers, or the 265 Government Departments44,000 private sector organisations which the Home Office's own Procurement Strategy Market Sounding documents. estimate will have access to the NIR.
Baroness Scotland of Asthal
The noble Lord asked about removal from the register. The Bill provides a route to compulsion through designated documents and through an order under Clause 6. A voluntary application to go on the register will lead to an entry being made. The entry will be voluntary and will stay on the register, but there will be no need to keep a card on record or to update the details unless and until it becomes compulsory for that person to register. If a number of years were to go by, it would not be necessary to give updated details in relation to addresses, moves and so forth. That would arise only when compulsion comes in.
Does this mean that the address and name change records will be just as inaccurate as existing systems during the so called "voluntary" period ?
Can NIR refuseniks change their address and/or name immediately after applying for or renewing a Passport, without having to update the centralised system ?
Lord Stoddart of Swindon: That means that if a person voluntarily puts his name on the register it will remain there permanently. He cannot voluntarily remove it. That is the point I am getting at. Is that the case?
Baroness Scotland of Asthal: I believe that it is the case. There is no need for any person who does not wish to put his name on the register to so register unless and until it becomes compulsory. If someone volunteers to put his name on the register, those details will be contained on the register, but any updating
15 Nov 2005 : Column 999
before compulsion will be nothing other than voluntarily undertaken. There will be no way of compelling that person to keep those details updated.
We will not believe this until we see it written into the legislation.
However the biometrics will remain on the system. Why can't they be removed during the "voluntary" phase ?
Lord Bassam of Brighton:
15 Nov 2005 : Column 1026
But it could also allow identity information not shown on the face of the card, such as a home address, to be provided—although again only with the consent of the cardholder.
Is this another small hint about a decision obviously made in secret, but which has not been yet made public for debate i.e. that Home Address information will not be printed on the ID Card. This has been suggested in the past, not least by ourselves in our submissions to the Home Office over the last 3 years, but until today there has been no confirmation of this.
However, this may all be just Lord Bassam's opinion, and have no relevance to what appears in the final text of the Bill.
Lord Bassam of Brighton: I do not agree with the noble Lord that it will be leaked. The leak he has just described was really rather different in nature. Obviously through the process of the procurement regime, we will ensure that the system is leak-proof. If the noble Lord seeks to make the point that it is always possible for a leak to take place, one cannot deny absolutely that such a possibility does not exist.
The Earl of Erroll: Perhaps an example that is more in line with what we are discussing here is that of
15 Nov 2005 : Column 1027
Operation Glade, where policemen were selling information taken off the police national computer to inquiry agents. They were not even locked up for doing so.
Lord Bassam of Brighton: I am grateful to the noble Earl for making the point
Since he immediately changed the topic, perhaps Lord Bassam was not quite as grateful as the peculiar Parliamentary language appears to show in text form.
In summary, perhaps to deal with the previous point put to me by the noble Lord, Lord Neill, no system that has been applied in the way we intend to apply the national identity card scheme with its security processes has failed in the manner being suggested. That is why we are confident that we can develop a robust national identity register and a safe ID card.
There is no comparable UK Government system of the scale of the NIR.
There is no similar centralised biometric ID register anywhere else in the world either.
15 Nov 2005 : Column 1046
Lord Bassam of Brighton: As we made clear in one of our earlier responses, an independent assurance panel will cover project management, finance, procurement and the other aspects of the programme not covered by the biometric assurance group. All the security features designed to protect the national identity register and supporting communications infrastructure are being developed carefully and in conjunction with GCHQ's Communications Electronics Security Group, that is the CESG, which is the UK Government's national technical authority for information assurance. There is great confidence in the body.
Lord Phillips of Sudbury: The bodies that the Minister has just enumerated -- advisory groups and so on, to which the noble Baroness referred earlier and which are chaired by some notable people -- are all off the parliamentary radar
Baroness Scotland of Asthal:
In relation to biometric performance, one of the largest scientific studies today of fingerprints, with a sample size of 6 million, was conducted by the United States National Institute of Standards and Technology using data collected in operational circumstances, rather than laboratory conditions. It showed a performance consistent with the needs of a scheme on the scale of the ID cards scheme. Although it was one of the world's leading studies into the use of biometrics, the London School of Economics overlooked it in its report, which is curious because we know how assiduous that body usually is when looking at research that may be pertinent. I am surprised that the LSE does not appear to have alighted on that study. One reason why we treat the LSE study with caution is because it is just not as rigorous as one would normally come to expect
The Home Office really do seem to have been stung by the London School of Economics report, and they seem to take delight in disparaging it.
None of the the Home Office's public documents up to the point when the LSE study was published in June cited this NIST study either !
The "sample size of 6 million" presumably refers to the NIST studies to try to evaluate / justify the US-VISIT border control system, which only uses 2 index fingers and one digital image by running the software against the 10 fingerprint Department of State (DOS) Mexican visa Border Crossing Card (BCC) data.
It is not clear how that synthetic study applies directly to the 13 biometric UK NIR and ID Card plans involving a database of over 100 million records in 20 years time (the biometric details of dead people and of temporary foreign visitors who have left the UK will also be stored on the NIR)
We do not recall any mention of Mexican migrant workers in any of the Home Office public documents or consultations.
Mexican migrants and legally authorised workers are literally at the mercy of the US Immigration bureaucracy, so they probably have to endure more intrusion and lengthier and more inconvenient enrolment procedures than would be tolerated by the UK public.
Parliament should already have had the benefit of the report by the Government's Chief Scientific Advisor Sir David King into Biometric Technology, before having to debate this Bill, but , of course, the NuLabour Home office has conveniently managed to delay the start of this long promised review so that the Committee does not even seem to have met as yet.
I say to the noble Earl, Lord Onslow, that in yesterday's demonstration you could have your details scanned, and then the system would look into the register and verify them. It was very quick; it took only a few seconds. I understand, though, that it is helpful when you actually see this working, because it all becomes much simpler. I will use my best endeavours to ensure that we have it available.
This demonstration in Portcullis House was on a trivial sized database not one with 60 million or 100 million or so records, of course it seemed to be relatively swift !