Is our fear of identity cards harming us?

Monday 22 February 2010 by Jonathan Goldsmith

Here is a topic to raise the blood pressure of every patriotic UK citizen. Whereas on the continent, benign democratic societies flourish with a population which carries ID cards, somehow it is thought that darkness will descend on the UK if ID cards are ever introduced.

The likely next government (Conservative) thinks they are a very bad idea, and even the limited ID measures introduced under Labour will doubtless then be scrapped. There are two of us in the office in Brussels who come from the British Isles, and we both agree that ID cards – which we have to carry here in Belgium - make life a lot easier.

Many continental bars issue ID cards to their lawyers. A growing number issue cards to their members with national bar details on one side and our CCBE details on the other. As the electronic age advances, the question arises as to whether such cards provide a solution for proving lawyers’ identity in cross-border transactions, through the electronic chip embedded in them. Some feel – particularly from the UK – that a card is not necessary, and a log-in and password will suffice. The discussion is becoming more urgent, because the European Commission is taking large-scale initiatives to resolve the question of cross-border e-identity.

The general story starts with the STORK project (if you really want to know, the name comes from the following letters: Secure idenTity acrOss boRders linKed). Their marketing brochure even uses a lawyer as an example: ‘A Portuguese university student is transferring for one year to an Austrian University; a Swedish lawyer settles and launches his business in Spain. Is there any way for them to change their addresses and interact with the public services of their host countries without losing time and energy? … STORK will facilitate this situation by enabling businesses and citizens to securely use their national electronic identities and receive services from public administrations while living or travelling in any member state.’

As a recent STORK report points out, there is a Government Gateway in the UK which individual government departments and local authorities can choose to use, but ‘none of the centrally issued citizen documents enable eID for the citizen. Passports and driving licenses do not currently have means of being read electronically over the internet… The predominant token is a user ID and password.’ STORK is at pains to point out that it does not wish to mandate any particular system which all member states must adopt: ‘The plan is to align and link systems without having to replace existing ones … enabling citizens to prove their identity and use national electronic identity systems (passwords, ID cards, PIN codes and others), not just in their home country.’

The issue has just become more relevant because the European Commission is launching a new, large project specifically aimed at establishing connections between national e-identity systems in the justice sector. This will cover not just lawyers, but also judges, notaries, prosecutors and other actors. Again, the aim is not to insist that member states install particular structures, but to ensure that users of national structures can use them also across EU borders. Some member states – for instance, Portugal, Austria and Spain – have advanced systems for e-justice, and this new project aims to open them up to cross-border use.

There is one more development to add to the mix. The Spanish Bar is leading an EU-funded initiative called PenalNet with four other EU bars (France, Hungary, Italy and Romania) to provide secure communications between criminal lawyers. This is seen as a prototype for a secure communication system between lawyers in Europe in general. They are using the CCBE card, and the standards that we have previously approved, to provide ‘the certainty that a lawyer is actually dealing with another authenticated colleague, and that the latter is the only [one] entitled to access the content received. Likewise, the system guarantees that the information exchanged cannot be modified or rejected.’

I have a question. It is notable that the UK, although sometimes participating in these initiatives, is not leading any of them. Is this because of our fear of ID cards, and of our broader fears of centralised systems and databases (since, for instance, they can be abused)? We all use credit cards – are ID cards really such a qualitative leap? And we have seen this week in the Dubai assassination case that existing UK passports can be used for nefarious purposes. The carousel of secure cross-border transactions through e-identity authentication is moving faster, and we have to jump on at some stage. What is holding us back?

Jonathan Goldsmith is the secretary general of the Council of Bars and Law Societies of Europe, which represents around a million European lawyers through its member bars and law societies

  • Printer-friendly version

More Euro blog

Comments

I already carry two

Submitted by Chris on Mon, 22/02/2010 - 09:47.

That's my driver's licence and my passport. I have to pay for both, every few years for the passport and every time I move house for the licence. Why should I pay out yet again for another piece of plastic that duplicates identity papers I already carry? If there was an initiative to replace the multiple forms of ID I already carry with one unified card, maybe I might be less hostile, but I'd still want to see proper security measures (for the database, not just the card) in place, and given the track record on government IT over the last several years I'm not exactly filled with confidence.

Biometric passports would

Submitted by Anonymous on Tue, 23/02/2010 - 00:21.

Biometric passports would have made no difference in Dubai, as any competent intelligence service - and many competent terrorists and criminals - already have the ability to forge them. Just as the Dubai passports contained substituted photographs to match the false bearer, so in the future they will contain substituted biometric-containing chips.

Whereas it's true that a national database may give some advantages to police, security and immigration services (albeit at civil liberties cost), the current ID card scheme, particularly one that isn't compulsory, will almost certainly prove a wholly ineffective and hugely expensive white elephant.

send it back it doesn't work

Submitted by DHW on Tue, 23/02/2010 - 00:54.

Oh dear.

1) the UK ID scheme really isn't like the ID schemes in other countries, primarily because it is not for our convenience
2) all those other countries first got their ID cards under less-than-liberal regimes
3) ID schemes in other countries are rather better defined than ours

To summarise: What you envisage is not what we are getting.

UK "National Identity Scheme" nothing like continental ID cards

Submitted by Andrew Watson on Tue, 23/02/2010 - 09:31.

Oh dear, where to start?

Firstly, the proposed UK "National Identity Scheme" is nothing like the simple "photo on a bit of plastic" ID cards used in many countries on the continent. The UK Scheme is all about building a highly-intrusive database (the so-called "National Identity Register"), which would actually make the Scheme illegal in countries like Germany, where they have reason to understand why the state must not be allowed to compile dossiers on every citizen. Contrary to repeated statements by Ministers, the Register would hold considerably more information than the current database of issued passports. The 50 categories of information set out in Schedule One of the Identity Cards Act 2006 include every name by which the individual has ever been known, every address worldwide where he or she has a "place of residence", his fingerprints, a unique, life-long National Identity Registration Number, his NI number, driving licence number, a bank-style PIN and a bevy of other details. However, the most dangerous records are undoubtedly the "data trail" holding complete, life-long details of every time an individual's identity card is used in an online check. Richard Thomas, the just-retired Information Commissioner has said that "the creation of this detailed data trail of individuals' activities is particularly worrying", as it builds up "a picture of an individual's card use, and a detailed picture from this of how they live their lives".

Until recently the Home Office's web site gave a couple of examples showing how card usage would be recorded. In one, "Colin", when collecting a parcel from a courier service, puts his card in a reader and enters the corresponding PIN. "Within seconds there is a positive response. This confirms that the ID card is genuine and is not registered as lost or stolen." It is left unsaid that Colin's Register entry now has a lifelong record of the event. In another example, "Wendy" wants to transfer money between two of her own bank accounts. At the branch she hands over the card and "places her finger on a biometric reader on the counter" which "sends the result for checking directly to the National Identity Register (NIR)." You can see the archived copies of these web pages, which were on the Home Office site for three years, here:

http://web.archive.org/web/20080105153037/http://www.ips.gov.uk/identity /how-idcard-daily-collecting.asp

http://web.archive.org/web/20080129150906/www.ips.gov.uk/identity/how-id card-daily-transferring.asp

Notice how the Home Office has inserted its computer into Wendy and Colin's private transactions. It would be perfectly feasible for it to decline their requests for reasons other than their identities not being validated. There is already legislation that allows SOCA to freeze the assets of those suspected (but not convicted) of crimes like drug smuggling. If Wendy were subject to such as order, it would seem logical for the ID database to stop her withdrawing her own funds from the bank. However, where should such administrative justice end? What about fathers accused of defaulting on their child maintenance? Or those with unpaid parking fines? You compare ID cards to credit cards, but when a payment terminal declines your credit card, you can always try another one, or pay with cash, but if ID cards become part of everyday life (as ministers desire), and your ID card stops working, your life would stop too. An ID card could easily become your government-issued Licence to Live, allowing government agencies to directly administer their concept of justice without recourse to the courts.

You may argue that this is speculation, and that such things could never be allowed to happen in the UK, but it's undeniable that the infrastructure envisaged by the Home Office makes these things technically possible. The UK had a system of National Registration between 1939 and 1952. When it was introduced it had just three statutory purposes, but by the time it was abolished there were 39 government agencies making use of the records. If the envisaged National Identity Scheme is introduced in the UK, this "function creep" will certainly occur again.

No-one who values the rule of law should contemplate putting this much power over the lives of individual citizens in the hands of one government department.

Project STORK and ID cards

Submitted by David Moss on Tue, 23/02/2010 - 10:49.

Mr Goldsmith makes the natural assumption that Project STORK has got something to do with national ID cards. We all make that assumption.

All except the man who is in charge of UK ID cards, James Hall, the Chief Executive of the Identity & Passport Service.

Mr Hall wrote to the Glasgow Herald on 29 November 2007 [1] to say:

"Project Stork is not about ID cards, has nothing to do with the National Identity Scheme or providing data from the National Identity Register. As with the passport database, the National Identity Register will only hold core identity information. It will not hold tax, benefit or other records or be an amalgam of existing government data."

He's the boss. He should know. Mr Goldsmith and the rest of us must be wrong.

----------

* http://www.heraldscotland.com/identity-claim-is-false-1.844439

Making life easier

Submitted by David Moss on Tue, 23/02/2010 - 11:11.

"There are two of us in the office in Brussels who come from the British Isles, and we both agree that ID cards – which we have to carry here in Belgium - make life a lot easier."

Mr Goldsmith remains silent on the question just how an ID card makes life easier.

"Making life easier" is one of the selling points the Home Office advance for UK ID cards. Meg Hillier, the so-called Identity Minister, gives three examples.

1. They will make life easier for young-looking people to get into clubs and to buy alcohol, cigarettes, glue, and so on. There are already generally accepted proof of age cards available, we don't need ID cards.

2. They will make it easier to collect parcels from the post office. That is not difficult at the moment. The government could make it difficult, of course, but for the moment it isn't.

3. ID cards will make it easier to open a bank account or get a loan. No bank has said that. Only the Home office.

With regard to 3. above, on 29 January 2009*, a representative of APACS told Ms Hillier:

"The online capabilities that we were hoping were going to be present are unlikely to be there for the foreseeable future ... I have some grave concerns as to whether we are going to get the services we want at a cost that is going to be meaningful."

And a representative of Barclaycard told her, in connection with the National Identity Service:

"We are a commercial sector. I need to think 'is there a product, a service that I can charge for and that my customers want?'. I have not witnessed any yet."

Ms Hillier cannot defend her claim that ID cards will make life easier. It just won't stand up in court. Can Mr Goldsmith defend his claim?

----------

* http://www.silicon.com/management/cio-insights/2009/01/30/banks-id-cards...

The UK Government Gateway

Submitted by David Moss on Tue, 23/02/2010 - 11:35.

"As a recent STORK report points out, there is a Government Gateway in the UK ..."

There certainly is.

And on 2 November 2008 [1], readers of the Mail on Sunday learned that:

"Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.

"The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

"An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

"The Department for Work and Pensions insisted that the system's security has not been breached, but a computer expert told The Mail on Sunday that in the wrong hands the data on the memory stick could enable hackers to access personal details of the 12million people who have registered on the system, including their passwords ...

"An expert who examined it for The Mail on Sunday said it contained confidential passwords, security software and the technical blueprint to the system known as the 'source code' ...

"This week the Information Commissioner revealed that the number of data breaches - including lost laptops and memory sticks containing sensitive personal records - had risen to 277 since the loss of 25million child benefit records was disclosed nearly a year ago."

The "key Government computer system" in question was the UK Government Gateway.

A member of staff of Atos Origin, a government contractor, had left a USB stick in a pub car park in Cannock, with the source code for the site, and logon IDs and passwords. That USB stick found its way somehow to the Mail on Sunday. They had it examined by an expert, Mr Jacques Erasmus, who confirmed to me [2] that the data on the USB stick was not encrypted:

"It's been awhile, but the memory stick was not encrypted at all (I did the investigation). No files on the stick were encrypted and all the data was easily visible, there was a password protected zip file, however the password was somewhere in a text file in another directory."

Any business, government official or private citizen must bear in mind, before entrusting their data to the UK Government Gateway, that the Mail on Sunday or others could access, or for a while could have accessed, their data. As our own Prime Minister said [3], there are no guarantees:

"It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information."

That is the service we offer to users of the UK Government gateway, British, French, Belgian, German, etc ... The risk is there that confidentiality will be breached, that what should be private will become public. Why take that risk? What is the benefit to be gained? Please see above (Tue, 23/02/2010 - 11:11).

----------

1. Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park, http://www.mailonsunday.co.uk/news/article-1082402/Tax-website-shut-memo...

2. http://dematerialisedid.com/BCSL/Hall.html#erasmus

3. http://www.dailymail.co.uk/news/article-1082467/I-make-promises-keeping-...

ePassports and security

Submitted by David Moss on Tue, 23/02/2010 - 11:56.

"... we have seen this week in the Dubai assassination case that existing UK passports can be used for nefarious purposes ..."

The attractions of biometric ePassports melt on inspection.

There is no doubt that the German passport used was an authentic ePassport issued by the Cologne authorities [1]:

"German officials on Saturday said they are examining the identity of Michael Bodenheimer, the name that appeared on a genuine German passport allegedly used in Mabhouh's.

"The authorities in the city of Cologne, where the passport was issued, began a probe, and federal authorities are now considering a move of their own.

"According to German weekly Der Spiegel, Bodenheimer, an Israeli, applied for a German passport from the Cologne authorities. Bodenheimer presented documents that proved German lineage, including his grandparents' marriage certificate. He also showed his Israeli passport that was issued to him a year earlier in Tel Aviv.

"The German passport was issued on June 18, 2009. That document was used by one of the assassination suspects in Dubai on January 19, a day before the killing.

"According to Der Spiegel, Bodenheimer does not live in Cologne, as he had claimed in his application, and no other person by that name lives there. The magazine claims a man by that name lived in Herzliya until June last year."

The Foreign Office assert that the British passports used were old-fashioned ones, with no biometrics and no chip. There is some doubt about that. On 18 February 2010, Robert Fisk wrote in the Independent [2]:

"At 3.49pm yesterday afternoon (Beirut time, 1.49pm in London), my Lebanese phone rang. It was a source – impeccable, I know him, he spoke with the authority I know he has in Abu Dhabi – to say that "'he British passports are real. They are hologram pictures with the biometric stamp. They are not forged or fake. The names were really there. If you can fake a hologram or biometric stamp, what does this mean?'"

The victim himself is said to have entered Dubai on a false passport. His 11 or 17 or 18 murderers also managed to get into the country and out again on false passports. Some of these are said to have been diplomatic passports [3]. The security services of several countries are said to be involved. They presumably will ensure that whole football teamsful of their operatives, plus substitues, coaches, physios, etc ..., can continue to cross borders with impunity, whatever devices are added to our passports.

Mr Goldsmith may care to re-examine his argument here.

----------

1. Haaretz Service and The Associated Press, 21 February 2010, http://www.haaretz.com/hasen/spages/1151260.html

2. http://www.independent.co.uk/opinion/commentators/fisk/robert-fisk-brita...

3. http://www.timesonline.co.uk/tol/news/world/middle_east/article7035509.ece

What is holding us back

Submitted by David Moss on Tue, 23/02/2010 - 16:03.

"The carousel of secure cross-border transactions through e-identity authentication is moving faster, and we have to jump on at some stage. What is holding us back?"

Oddly enough, the answers are plain.

1. Public support for the National Identity Service has fallen to below 50% [1].

2. The Home Office has failed to "sell" its scheme to its own peers in the Health department [2], the Schools department [2], the Universities department [2] and the Work and Pensions department [2].

3. They have failed to sell it to the banks [3] and the major retailers [3] in the UK. The airline industry wants nothing to do with it [2], either the carriers or the airports or the unions.

4. They have failed to sell it to Scotland [2] and Wales [2] and at least 50 English local authorities [2] have objected to the scheme.

5. More and more prospective suppliers have withdrawn their names from the candidate list [2].

6. And the ineffectuality of the Identity & Passport Service has been ... spectacular [4].

The Home Office have no product or service to offer, no suppliers to deliver it, and no market that wants it.

Which makes one wonder, Mr Goldsmith, do we really absolutely have to get on this carousel? Why?

----------

1. http://www.publicservice.co.uk/news_story.asp?id=12227

2. http://dematerialisedid.com/BCSL/Risk.html

3. http://dematerialisedid.com/BCSL/Crosby.html

4. http://dematerialisedid.com/CiF/Review.html

Identity cards

Submitted by Ian Graham on Thu, 25/02/2010 - 20:46.

Does Mr Goldsmith know why he and everybody else in Belgium is forced to carry an ID card? Answer: Because the German occupation forces made them compulsory during World War I.

Electronic population registration and surveillance

Submitted by Anonymous on Fri, 26/02/2010 - 09:51.

The author glosses over the controversy over an entirely new system of electronic population registration, which will form the basis of a system for collecting and sharing personal information throughout Europe. It is effectively one link in a new system of electronic surveillance and keeping extensive personal files.
This is reflected in the Wikipedia article about ID cards in France, which describes the change from a simple paper identity document to a new electronic identifier linked to a national electronic population database
http://en.wikipedia.org/wiki/National_identity_card_%28France%29

There have been similar arguments in Germany
http://www.thelocal.de/sci-tech/20091214-23931.html

The new ID cards are not equivalent to the old ID cards - they are part of a new centralised data-system that is intended to cross borders throughout Europe - so-called interoperability of databases - the real purpose of Project STORK

It has been argued that this forms part of a new international data system, extending beyond Europe
http://www.corbettreport.com/articles/20100109_id_cards.htm
ID cards - Intergovernmental cooperation in worldwide implementation

You should also be aware that this has been deeply controversial and has produced worldwide protest
http://news.zdnet.co.uk/itmanagement/0,1000000308,39150693,00.htm
International surveillance plan slammed
Human rights organisations from Europe, North America, Australia and Asia have sent an open letter to the International Civil Aviation Organisation (ICAO) railing against plans to create an international "identity register" that would force the inclusion of biometrics and controversial RFID tracking tags in all passports by 2015.
Among the 39 groups who put pen to paper are: Privacy International, the Foundation for Information Policy Research, the Electronic Frontier Foundation and the American Civil Liberties Union.

Many European civil liberties groups have gone further and complained that this represents part of a new authoritarian tendency within Europe, for example, the European Civil Liberties Network has said
http://www.ecln.org/ECLN-statement-on-Stockholm-Programme-April-2009-eng...
The “Stockholm Programme” sets the agenda for EU justice and home affairs and internal security policy from 2010 to 2014 and will extend militarised border controls, discriminatory immigration policies, mandatory and proactive surveillance regimes and an increasingly aggressive external security and defence policy.
The ECLN believes these policies constitute an attack on civil liberties and human rights. It calls for active civil society engagement and opposition to dangerous authoritarian tendencies within the EU.

These are the supporting members of ECLN
http://www.ecln.org/about3.html

It's the Database State

Submitted by Rob on Fri, 26/02/2010 - 09:54.

We already have identity cards: drivers licenses, passports, even work/university id cards. But we are only required to have present those in certain situations.

What the complaint is about is connecting an identity card to a database that tracks all our information, and new requirements for identity cards for transactions that they are not now required.

Great read…..the information

Submitted by Anonymous on Thu, 08/04/2010 - 14:33.

Great read…..the information is poignant very interesting please keep them coming !!
online casino
blackjack
roulette