Every time that any group of independent experts with any real academic knowledge or practical business experience take a look at the Labour Government's disastrous ID Cards and centralised biometric database National Identity Register scheme, their conclusion is the same - yes, safeguarding people's individual identities from abuse by criminals etc. is important, but the Government's scheme will not do what they are claiming, and there is a significant risk that it will make things worse, at vast public expense.
The latest such group, who are Government appointed and funded, have had their report published, grudgingly and without any Government publicity:
The Panel consists of:
|John Clarke||John F Clarke is currently CIO for Nokia, having previously been Director of Group Technology & Architecture for Tesco.|
|Brian Collins||Chief Scientific Adviser, Department for Transport. Chair of the Biometrics Assurance Group. Professor of Information Systems at Cranfield University.|
|Alan Hughes||Alan Hughes is a non-Executive director of IPS. He was Chief Executive of First Direct Bank and in charge of Marketing for HSBC in the UK and Europe. He is currently a member of the Advisory Board of Leeds University Business School and a visiting lecturer at Warwick University.|
|Malcolm Mitchell||Malcolm Mitchell has served as IT Director and Director of IT Technology Strategy for Vodafone and IT Director for Research and Development at Glaxo. He currently is IT Investment and Service Management Director at BAA.|
|Peter Simpson||Peter Simpson is an independent marketing consultant, a member of the Institute of Direct Marketing Education Council and served as Commercial Director for First Direct Bank.|
|Fergie Williams||Fergie Williams has been CIO of Travelex, HSBC Europe, and Merrill Lynch HSBC.|
These are people with real experience of technically sophisticated and large scale public facing IT projects. They are of an entirely different, much higher calibre, than the inexperienced civil servants, the hand waving management consultants and unproven technology salesmen and the political apparatchiki who seem to be the proponents of the current National Identity Scheme.
This Panel does appear to have read the Top Secret Business Case for the scheme, and have also been briefed on the latest Ultra Secret Office of Government Commerce Gateway Stage 0 Review report of the Identity Cards programme, which the Home Office and the Treasury have been wasting so much public money on legal fees to delay the publication of, thereby making a mockery of the Freedom of Information Act promise of "open government".
- 13 February: The meeting focussed on the usage and benefits of the Scheme and the Panel discussed the Business Case and the potential infrastructure of the Scheme.
- 5 March: The Panel reviewed the second version of the Business Case in detail, received an overview of the Gateway 0 process and discussed the issues they were likely to raise with reviewers.
The IASP's most striking recommendation, is one which implies that despite the years of footling about and the tens of millions of pounds spent on Consultants and Civil Servants working on the scheme, fundamental issues have still not been adequately planned for.
Why would the IASP have to bother making any recommendations about Integrity and citizen protection, at this late stage, unless the current plan is totally evil or entirely absent, in this regard ?
3.7 Integrity and citizen protection
The integrity of the Scheme and trust in it are essential, yet it will never be free of errors (for example, the biometric matching services will always return some matching errors). Public trust in the Scheme will be dependent on the protections within the Scheme from misuse of personal data, and the diligence with which mistakes are corrected. It will also depend on the public's understanding of these and the Scheme's limitations.
The Panel suggests confidence in the Programme would be fostered if the Programme made clearer its commitment to protect citizens' data, stated how it will ensure this data is protected, and set out what means of redress a citizen may have if mistakes over the updating, management or disclosure of their data are made.
• The tolerance to data errors for the whole Scheme and for the needs of its users must be defined.
• Integrity must be 'designed in' to the processes and organisations that are being built, as well as the technology.
• There must be robust, well-respected ways to detect and correct errors, with the priority to protect citizens and insulate them from cost and inconvenience of errors.
Providing data integrity and proper data governance (see section 3.1 above) are dependent on one another. The Scheme must deserve the public's trust in its governance, storage and handling of personal, sensitive data, and must demonstrate and communicate why it deserves this trust.
The Scheme will be subject to data errors and errors in decisions made. It is important that the Scheme's levels of tolerance to the various probable kinds of error are defined. The Panel has not yet seen the work plan for the development and implementation of identity assurance and data management standards,policies and processes although we have been advised that this work is on schedule.
The principal external examination of the Programme's biometrics work in 2007 was done by the Biometrics Assurance Group. Their work will be covered in detail in their Annual Report2. Biometric technologies will gather momentum over the coming years and we can expect improvements in technology and a deeper understanding of the management and operation of biometric systems. To remain at the forefront of biometric matching accuracy, the solution used by the Scheme must be adaptable to both changing needs and changing technologies and should therefore adopt an aggressive technology refresh process.
Control by process, not individual or technology
Because of the Scheme's proposed use of biometrics and the relative novelty of this technology, this is a frequent target of scrutiny. However, identity verification is a process, and should not be dependent upon any one piece of data (biographic or biometric) alone. It is already difficult successfully to pretend to be someone who has a 'rich' biographical record - provided the verifying organisation does adequate checks. Care must be taken that confidentiality and integrity are supported by proper processes and policies and are not over-dependent on technology.
There are also areas of risks associated with the operation of the Scheme which the Panel suggests should receive more analysis. For example, based on the likelihood that the Scheme will aggregate a lot of valuable data, there is the risk that its trusted administrators will make improper use of this data. Again, correct design of the processes and procedures used by administrators are the preferred means of addressing this risk.
Public confidence in the Scheme will depend on knowing that, if a mistake is made, there will be swift and competent action to correct it. This needs to have protection of the citizen as its priority with the benefits of data accuracy to Government and commercial users being secondary. The importance of this in building confidence and engaging the public in the Scheme suggest that IPS should specify the framework for redress and correcting errors well in advance of the Scheme's launch.
Given the bureaucratic hell which the Government has created with all of its other inaccurate National Databases, e.g. tax, social security, criminal records, Automatic Number Plate Recognition and DNA profiles etc., it is the lack of humane, easy to use, effective, cheap, friendly mechanisms of redress for the inevitable errors and mistakes which is what really engenders fear, loathing and hatred of the National Identity Scheme and of the politicians and others who are trying to inflict it on the public.
Where are the prompt and fulsome public apologies for such mistake, made by senior officials and politicians ?
Where are the resignations with honour, of such officials and politicians when things go wrong ?
Where is the swift and generous financial compensation and free advice and counseling, for the innocent victims of such Government database "collateral damage" ?
Access to the the supposed Legal system and the Courts is not a fair, just or viable option for most people, as there is deliberately an inequality of arms. in terms of legal fees available to private individuals and the Government.