As suspected, the NuLabour Government has chosen to publish the promised Identity Register scheme Strategic Action Plan, just hours before the Christmas recess, thereby hoping that Members of Parliament will not notice it.
Strategic Action Plan for the National Identity Scheme (32 pages .pdf)
This is apparently, the "sensible plan" which was promised by the Arthur Andersen Android James Hall, now in charge of the Identity and Passport Service, in his web chat on the Number 10 Downing Street website on the 14th November 2006.
This is still not a properly detailed business plan of what the scheme is actually meant to achieve in detail, nor is it a detailed specification suitable for putting out to commercial tender.
Where does one begin with this still far too vague and handwaving a document ?
5) A person guilty of an offence under this section shall be liable, on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or to both
However, on Page 14:
Making sure only authorised people and organisations can use NIR information
41. Security-cleared IPS staff will be responsible for the running of the NIR and the authorised provision of information from it. It will be a criminal offence to tamper with the NIR, with a maximum penalty of 10 years’ imprisonment for an unauthorised disclosure of information. We will enforce these powers.
Have they not actually bothered to read the text of the Identity Cards Act ?
The 10 years imprisonment maximum penalty is under Section 29 Tampering with the Register etc.
This is so badly written, that it criminalises any Civil Servants or private sector IT consultants or sub-contractors, or anyone working for any of the 40,000 or so accredited organisations, if through no fault of their own, e.g.due to software or hardware error, they take any action or any inaction by omission,
where it makes it more difficult or impossible for such information to be retrieved in a legible form from a computer on which it is stored by the Secretary of State, or contributes to making that more difficult or impossible.
That includes otherwise legal working to rule or industrial strike action
Since these are criminal penalties, which claim worldwide scope, encompassing both UK and non-UK citizens, both in the UK and overseas, they cannot be "risk managed" by small print in commercial contracts or Software End User License Agreements etc.
This appalling Section 29 which was never debated in Parliament, due to the Government guillotines in Committee and during every other stage of the passage of the identity Cards Act, was, presumably intended as some sort of vague sanction against Denial of Service attacks, but this is irrelevant now that the Police an Justice Act has amended the Computer Misuse Act 1990, to attempt to deal with Denial of Service, again with a 10 year prison sentence.
The possible effect of this wording on Trades Union disputes etc. , was admitted by the Home Office Minister Baroness Scotland, during the Lords Report stage of the previous Identity Cards Bill 2005, but no changes to the wording of this section were made subsequently !
More on this dubious Strategic Action Plan in future blog postings.