stand
home  about  email

Draft Legislation on Identity Cards

A report from the volunteers at Stand.org.uk
Tuesday, July 20, 2004

Introduction

Preamble

i Stand.org.uk is a voluntary group who seek to increase democratic involvement in the legislative process through the use of technology. In particular, we're interested in using the Internet to place Parliament and government in touch with informed citizens with strong opinions and long-standing knowledge on issues regarding the Internet, new technologies and the ramifications of the digital revolution.

ii We believe that part of the rôle of Stand.org.uk is to provide tools for concerned individuals of any political persuasion to provide their view directly, in ways and media convenient to our current democratic process. Another is to collate the concerns en masse that we receive from unaffiliated members of the public and seek to distil them in an aggregated form that might more easily be digested by the government's already overstretched Civil Service.

iii We are increasingly disappointed that the Home Office is continuing to consult on the introduction of Identity Cards. During the previous consultation, we set up a portal to allow users more easily to send their comments to the Home Office. We were very proud to help over 5000 people send their comments in as responses to the consultation, both comments in favour and comments opposed to the proposals.

iv The emails that were sent to us through our website and the replies that were sent to the Home Office and individual Members of Parliament were not the ill-informed, knee-jerk reactions of Luddites who refuse to enter the modern world. In the main, the respondents were technologically-aware, affluent, young voters whose understanding of the misuses of personal data and the consequences of aggregating and collating information through statutory measures had led them to adopt strongly anti-Card attitudes.

v Despite their strong feelings, this is a group we still believe is under-represented in this consultation process — both in the published paper itself and in the responses the document initially received. Again, many of our respondents expressed surprise that such a consultation was taking place — and that one already had done — people are still sceptical that anyone would pay attention to their contributions. This feeling was enhanced when we encouraged them to read the Green Paper itself. They felt that it ignored their objections and concentrated on implementing an expensive and invasive card régime. They felt, in sum, as though the consultation process was a sham, and that their opinions were unwanted.

vi We'd like to be able to write — as we did 18 months ago — that we are unconvinced that this is the case.

vii Last year, we felt the government had reached out to the public, understanding that some of us are concerned by the proposals. Indeed, as well as our response, we put together a website to help people send their thoughts to the government. We made no strictures on the content of these messages — or their position on the issue — and provided a minimum of background information.

viii We were particularly disappointed, then, to see the Home Office spinning the figures; misleading the public, the press and Parliament, trying to denigrate the 5000 respondents who chose to get in touch through the portal we set up. We know, from subsequent conversations, that many of those individuals simply used our site out of convenience; that's why we created it, after all. We know, from subsequent conversations, that most of those individuals were profoundly disappointed to learn that the Home Office chose that, for what appear to be reasons of political expediency, the opinions of the 5000 respondents who used our site are somehow worth a fraction of the opinions of the 4000 respondents who chose Royal Mail, fax and direct email to present their thoughts rather than a portal set up by some people who wanted to help increase participation. We hope most sincerely that the Home Office will not use similar misrepresentation to manufacture support for the scheme at the end of this second consultation.

ix After this mendacity, though, we thought perhaps the Home Office might at least attempt to engage the public: find out and assuage people's concerns, try to discover if there was room for improvement in the proposed scheme. Instead, however, we've seen Queen Anne's Gate refuse to participate with anyone but their chosen few. Whilst declining the invitation of the LSE to the Mistaken Identity conference (admission free), the Home Office managed to send several members of the Entitlement Card Unit to Intellect's rather more exclusive affair (admission £175 for Intellect members). We have seen — yet again — minimal publicity for the current consultation and, except where prompted, no effort to engage with opposition arguments. Furthermore, Tony Blair has decreed, that there are no further civil liberties objections to ID cards, despite mounds of evidence to the contrary.

x Also, despite the Cabinet Office's Code of Practice on Written Consultation's guidelines to the contrary, we are unable to find a copy of the consultation paper — or even a mere summary of the Draft Bill — in any of the UK's Regional or Minority languages (as defined by the European Charter for Regional or Minority Languages); even the Welsh Assembly's website does not seem to have any mention of the scheme, despite the number of issues relating to the implementation of such a scheme in a proudly bilingual country with a devolved assembly (see our comments elsewhere in this document, in that regard). To quote paragraph 3.6 of that Code of Practice:

Consider groups who cannot access traditional written consultations or the online versions of these. It may be necessary to produce the document in different languages, including, for example, Welsh. There may be some circumstances in which written consultation is not the best way to reach your target audience.

xi Again, we have deliberately adopted a strong, anti-ID card tone in this document, because we believe that these arguments are neither addressed nor even raised within either consultation paper. This concerns us particularly because we feel it contravenes the spirit — and the letter — of the Code of Practice on Written Consultation in force during the last consultation:

Documents should, however, set out the main information and competing arguments relevant to a decision, or say where they can be found.

xii We are unapologetic about this, however. All of the arguments you read here have been expressed at some point by the thousands of tech-savvy correspondents who have taken the time to add their voice through our website or by emailing us on the subject over the last two years.

xiii This document, as with other Stand.org.uk papers, draws upon the opinions and expertise of a great many people, who share with us a deep concern about the proposals under consultation. Not every Stand.org.uk correspondent shares all the views presented in this paper, nor does Stand.org.uk necessarily intend to adopt these principles as its own, long-term credo. But, before the government can safely say that it has listened to all of the voices of the public on this matter, it must devise responses to these objections that do not simply evade or dismiss them out of hand.

xiv This report contains quotations from evidence given to the House of Commons' Home Affairs Select Committee during their prelegislative scrutiny of this issue. It should be noted that these are all uncorrected transcripts, as released by the Committee. Readers should be aware that neither witnesses nor Members have had the opportunity to correct these transcripts; they are not an approved formal record of the proceedings of the Committee.

xv We are more than happy for any of our comments in this report to be made publicly available, in any forum. We ask that, in any citation, they be attributed to Stand.org.uk. This report is, as we have mentioned, a group effort — edited by Owen Blacker with a great deal of help from Adam McGreggor and assistance and a lot of moral support from James Cronin, Cait Hurley, Manar Hussain, Malcolm Hutty, Tom Loosemore, Stefan Magdalinski, Danny O'Brien, Warren O'Keefe, Alaric Snell and Stuart Tily.

xvi This report is released under version 1.0 of the "Attribution-ShareAlike" licence, from the Creative Commons. Readers wishing to see the full version of the licence should visit Creative Commons' website at http://creativecommons.org/.

xvii Readers viewing a printed copy of this document should be aware that italicised and underlined text is hyperlinked in electronic copies and that further reading is available on these subjects. If no electronic version is at hand, a full copy should be available for download from our website at http://www.stand.org.uk/.

Broad principles of an Identity scheme

National Identity Register

1 We are fundamentally opposed to the introduction of a nationwide database of British citizens and British residents. It is entirely possible to bring in identity cards — if the government really thinks to do so would be in the public interest and supported by a majority of those who aren't apathetic, which we would contest — without a database behind it. Furthermore, doing so would dramatically reduce some of the privacy concerns associated with the scheme.

2 We are profoundly disappointed, however, to note that the Consultation Paper seems to pay no heed to such concerns — aside from two tokenistic mentions of "function creep", it would seem that the Home Office has made no effort to address these concerns whatsoever. The whole set-up of the National Identity Register seems designed to enable further functionality to be 'bolted on' at a later date, the very definition of function creep. The provisions for law enforcement and intelligence agencies to gain warrant-free access to a complete list of all government services accessed by an individual — provided by clause 20 of the Draft Bill — are utterly unacceptable; at the very least judicial oversight should be required in that regard, if such a power is necessary at all.

Biometrics

3 As we have mentioned before, we are also wholly opposed to the use of biometrics with any nationwide scheme — the ARC, passports, driver's licences or the National Identity Register. We do not take this angle from some Luddite mistrust of the technology involved; quite the contrary. All the volunteers of Stand.org.uk — and the overwhelming majority of our supporters — are quite familiar with the technologies involved and it is on that basis that we have no faith in the technologies involved.

4 In paragraph 5.21 of the Home Office Green Paper Entitlement Cards and Identity Fraud, published July 2002, the government set itself three standards that must be met "before deciding whether to incorporate biometric information into a scheme" — that the technology:

We contend that there is no such technology, nor will there be in the near future.

5 The three technologies with which the government seems still to be struggling are iris scanning, fingerprinting and facial recognition; all three are imperfect on at least one count. Most educated observers consider biometric technologies too inadequate, too immature, too unreliable and too privacy-invasive for such widescale use. Importantly, however, no biometric technology has ever been proven on a sample size of 75 million, let alone with lookups being compared with that whole database. We are profoundly concerned with the technological efficacy of any solution, in addition to the cost, which we believe is substantially underestimated by the Home Office.

6 The government doesn't seem to have given sufficient thought to the any of these three technologies. All three have problems — both technical and social. With regard iris scanning, which appears to be the Home Office's primus inter pares, the technology is known to have difficulty differentiating between individuals with very dark eyes — such as most of the ethnic minorities living in the UK. Also, the technology is near-impossible for the partially sighted to use. To quote Simon Davies, Director of Privacy International, from his evidence to the Home Affairs Select Committee on June 8, in answer to Q698:

I believe [that "a requirement to ensure privacy and dignity"] goes right to the heart of our discussion here. … I am legally blind, and I am prepared to tell you what that means at a personal level. … Hundreds and thousands of people like me simply will not be able to use the biometric technology in the way that a fully sighted person can. So we are talking about dignity. By way of example, Mr Chairman, I can hardly see you …. Other Committee Members would have to guide my head if you were an iris camera. I would have no hope of fixing on that iris camera. If you can imagine a public place where I am asked to identify myself through a defective part of my body, we are talking serious human dignity issues.

7 Even fully-sighted people will have problems with the technology; it requires, at the very least, good lighting levels and a co-operative subject. Our experience, having spoken with people who have taken part in the Passport Office's trial of the technologies — which we understand was delayed and reduced in scale after problems with the technologies being trialled —, lead us to understand that even in the ideal test conditions, many volunteers were required to be scanned more than once before the computer could take a successful datum.

8 We have also yet to be convinced that there will be no problems with opaque, coloured contact lenses, for example. We are very concerned by reports, in Heise Online, that German students managed to fool the iris-scanning software of exclusive licence-holders to the patent, Iridian Technologies, by holding a high-quality print of an iris in front of their eye, with a hole cut for the pupil. It strikes us as likely that, if students can fool an iris scanner with inkjet printouts on matte paper, then better-resourced fraudsters should be able to effect a similar result in a less flamboyant manner — perhaps on a contact lens?

9 Perhaps a more serious problem, from a PR point of view, however, is the acceptability of iris scanning — indeed, of any of the biometric technologies, but more on that below. That the public has minimal experience of iris scanning is both advantageous and disadvantageous to the government's plans to make use of the technology; novelty can be useful, but fear less so. The eye is one of the most sensitive parts of the body — at least psychologically — and just one incident where something goes awry and gets (inevitably) misreported in a tabloid could shatter any user compliance targets.

10 Fingerprinting, the second technology mentioned by the government, is both unreliable and inappropriate. Much of the general public immediately associates the taking of fingerprints with criminality. Whilst many may not take umbrage at the prospect, it will be particularly difficult to persuade the elderly, for example, that there is no suspicion involved. To quote one of the subscribers to the UK Crypto list again: "For the elderly and somewhat confused ladies in my family, who have never been convicted of any crime, an iris scan or fingerprint will cause them a large amount of distress."

11 In this case, however, the technology is possible even greater a weakness. We wrote, in our submission 18 months ago, about the experiments by Tsutomu Matsumoto, who fooled commercially-available fingerprint detectors a surprising 80% of the time, using only ingredients easily available to the general public. Bruce Schneier, an internationally-respected security technologist, cryptographer and author, has written at length on the subject of fingerprints and biometrics more generally; his website www.schneier.com contains several articles on the subject and we would commend it to interested readers.

12 Facial recognition is an even less reliable technology, renowned for being particularly ineffective. When the US Department of Defense studied the technology, it was found that there are very high error rates even under ideal conditions. The study found very high rates of both false positives (where an innocent individual matches against a persona non grata) and false negatives (where the system failed to detect individuals known to be in the database); several other US agencies, including their Immigration and Naturalization Service have abandoned use of the technology after unsuccessful tests. Roger Clarke, a well-respected IT consultant and erstwhile senior Information Systems academic at the Australian National University pointed out in a May 2002 presentation to the University of Hong Kong that "not one person has been correctly identified by face recognition technology in public places".

13 The two main case studies into facial recognition software are that of the police department in Tampa, Florida, and the ongoing experiment by the Metropolitan Police in the London Borough of Newham; both are unmitigated disasters for the technology. In Tampa, the system failed to recognise a single face it sought, yet managed to score several false positives — many of which were quite blatantly the wrong person, with some matching the wrong gender and some with significant age or weight differences. Barry Steinhardt, associate director of the ACLU reported on the study:

Face recognition is all hype and no action…. Potentially powerful surveillance systems like face recognition need to be examined closely before they are deployed, and the first question to ask is whether the system will actually improve our safety. The experience of the Tampa Police Department confirms that this technology doesn't deliver.

14 For a more local take on the technology, one could look to the London Borough of Newham, where the CCTV network has been connected to facial recognition software. To quote one of many articles on the subject, some of which is taken from Jeffrey Rosen's October 2001 New York Times Magazine article:

Has it caught criminals? The most often cited success of facial recognition is the London borough of Newham, where a system of over 200 cameras using Visionics Corp's face recognition technology is credited with a significant drop in crime since 1998, a statistic trumpeted by Visionics.
What is left out is that face-recognition has not resulted in a single arrest, nor do the people who run the system even know who is in the database. Not that it matters; the deterrent lies with the signs posted throughout Newham, telling criminals that cameras are watching and that they (the police) know who they are, where they live and what crimes they have committed.
Of course, "it's not true", Newham's monitoring chief readily admitted.

15 From the point of view of user-acceptance, the main issue is that many people tend to consider facial recognition technology as though they're being judged. A report by the International Biometric Group suggests that test individuals objected to having their picture taken, worrying about the quality of the picture, looking for mirrors and so on. Also, despite its use in everyday life as our primary means of recognition, people don't usually consider their face as an authentication mechanism. To quote, "the face is almost too personal a part of the body to think of its being "scanned", broken into grids or axes, or having prominent features made note of."

16 Another interesting and persuasive essay about the use of facial recognition, by Phil Agre, Associate Professor of Information Studies at UCLA, can be found online at:
http://dlis.gseis.ucla.edu/people/pagre/bar-code.html

Large-scale public IT projects

17 Even if all our concerns over the use of biometric technologies are determined to be mistaken paranoia, there are still concerns over the implementation of such a massive public IT project. Whitehall's ability to put into practice large technology projects is widely known to be lamentable; the Home Office's record on this score is abysmal, however.

18 After the fiascos at the Passport Office, the Criminal Records Bureau, the Police National Computer system we find it highly difficult to believe that the Home Office can possibly realise such an immense scheme, which will require connectivity to almost every organ of state, complex systems to extract and compare biometric identifiers, data-linkage and data-sharing with every major national system and the establishment of a new, clean database to hold information about every citizen, every permanent resident and every medium-to-long-term visitor.

Commercial confidentiality

19 We are — yet again — thoroughly dismayed, and relatively unsurprised, that the Home Office, in paragraph 1.9 of the consultation document, wishes to mask the costs of this scheme behind a cloak of "commercial confidentiality". With any large public spending project it is imperative that Parliament — and, indeed, the public — should be able properly to evaluate the detailed costs of the scheme and take a view as to whether or not the project presents proper value for money and a realistic means of solving the purported problems.

20 We do not believe that Parliament should be presented with a blank cheque to authorise the spending of over £3 billion to an unknown maximum for a scheme where it has not been proven that the objectives are attainable and where the costs of implementing such a scheme are impossible to prove. This is the first attempt to create such a sizeable, detailed and all-inclusive Register of individuals anywhere on the globe; it is impossible to guarantee that the Home Office's costs are accurate.

21 Not only this, but substantial amounts of independent research, particularly full costings by Privacy International, suggest that the Home Office's costings are low by at least a factor of two. We contend that there are many better uses for such a sum of money and that, in the first place, levying a fee on all British citizens is a regressive form of taxation, irrespective of whether or not the cost is levied by the Treasury or by some Executive Agency of the Home Office.

22 Another problem caused by the cloak of "commercial confidentiality", though, is that it makes it impossible for security experts to evaluate the minutiæ of the scheme. Without detailed information about how the scheme would work, how the infrastructure would be built and so on, it is impossible to identify any potential security hazards in the scheme.

23 Continuing our chosen metaphor, now that PA Consulting have been announced as the "Development Partner" for the ID card scheme, perhaps the cloak of commercial confidentiality could be lifted and the Home Office might deign to reveal a figure?

Mandate and public support

24 We believe that there is neither a mandate nor significant public support for the introduction of Identity Cards in the UK. It is only through sophistry and spin that the Home Office's earlier consultation did not show over 70% opposition to the government's plans. For the record, we would like to point out — yet again — that the 5070 individuals who responded to the consultation by January 31, 2003, through the Stand.org.uk portal were not signing a petition or responding in a manner comparable to a "Teletext survey".

25 Each respondent through our portal was told (and forced) to use their own words after being provided with a list of suggested issues to mention; to our understanding, almost all individuals were quite eloquent in their criticism of the proposals and — as Beverley Hughes admitted in the Commons — not all respondents were even opposed to the proposals, merely finding the site a useful conduit through which their comments could be transmitted. We were, at the time — and still are — thoroughly disappointed, but not particularly surprised, that Queen Anne's Gate evidently feels the needs to mislead both Parliament and the public over the level of opposition to Identity Cards in the UK.

26 More recently, we can point to the results of the ouGov poll, commissioned by Privacy International in May 2004, that show that, whilst the general public as a whole vaguely support ID cards — a fact we believe is due more to apathy and ignorance of the arguments against their introduction than any sustainable belief that they are in any way beneficial —, that the public are overwhelmingly opposed to some key features of the government's proposals.

27 Particularly noteworthy in the analysis of that poll are the figures relating to the depth of opposition amongst those who disagree with the proposals. Extrapolated to the population of the UK, the poll suggests that nearly five million people would be willing to take to the streets to fight the introduction of an ID scheme, nearly three million would participate in a "campaign of civil disobedience" and over a million would rather be gaoled than register for a card. It is worthy of note, we believe, that these numbers are orders of magnitude greater than the numbers engaged in the Poll Tax riot on March 31, 1990.

Transnational issues and Racial issues

28 It is frequently mentioned, including in paragraph 1.11 of the consultation document, that the government intends to introduce ID cards mandatorily for "foreign nationals coming to stay in the UK for longer than 3 months". Whilst the paragraph continues, to mention that, for EEA nationals, "this will be done in a way which is fully compatible with European law", the paper fails to note that the Single European Act completely forbids imposing any restriction on EU nationals that is not also imposed on domestic citizens. By our understanding of this statute, it is simply not possible to require that EU nationals carry an ID card at any point in time, unless British citizens are similarly required.

29 Similarly likely to be a problem is the Common Travel Area with Éire, the Isle of Man and the Channel Isles, established since the 1950s. The Irish Justice Minister, Michael McDowell, has already stated his objections to and concerns with the British government's plans. We believe that the Common Travel Area would either present difficulties with an identity card scheme or that a scheme would require that British travellers from the Republic of Ireland would be required to show proof of identity in order to enter the UK, to prove that they weren't Irish citizens (or third-country nationals) who need to hold some kind of ID card. As a result, we find it hard to believe that an ID card scheme can cohabit comfortably with the Common Travel Area. That the government did not discuss their ID card proposals with the administrations of the other states in the Common Travel Area before announcing them (as Michael McDowell mentions they did not) seems somewhat, well, undiplomatic.

30 We find it hard to believe, of course, that Customs and Excise would go to the length of stopping every traveller, of course. Experience from identity cards across Western Europe shows that individuals who aren't white are stopped substantially more than white individuals; at the time of the previous national debate on ID cards, in the mid-1990s, Liberty had noted complaints on this score in Belgium, France, Germany, Spain and Turkey. In just the same way as young black men in fast cars are substantially more likely to be stopped by the Metropolitan Police on Tower Bridge, young men of Algerian origin are eight times more likely to be asked for their identity cards by the French gendarmerie than white youths.

31 Indeed, aside from Trevor Phillips at the CRE, we are unaware of a single racial equality group who are not highly concerned by the proposed identity cards legislation. As we pointed out in our consultation response last January, several of the Home Office's advisors on raise — including Maxie Hayles of the Birmingham Racial Attacks Monitoring Unit, Professor Gus John of the Society of Black Lawyers and Tauhid Pasha of the Joint Council for the Welfare of Immigrants — have expressed concern in this regard. We quoted Tauhid Pasha: "The cards could be used against anyone who looks a bit different or anyone who looks like their immigration status is in doubt. Essentially that will be black people and ethnic minorities."

32 We are highly concerned that, by requiring foreign nationals to carry an ID card before British citizens that resident aliens will be 'marked out'. We already have problems — stoked by the tabloid press and hardly helped by the government's increasing use of inflammatory language on the subject of immigration and asylum — with hatred and violence against asylum seekers; that The War Against Terrorism is mainly perceived — rightly or wrongly — as a war against Islam increases tensions with British Moslems; many in the Six Counties of Northern Ireland identify as Irish nationals and, thus, may be required to carry ID before their Unionist neighbours and brethren.

33 All of these are tensions that may be exacerbated by the ID card proposals as they stand. At the very least the introduction of identity cards may undermine years of work by our law enforcement agencies to build confidence within our ethnic minority communities. Indeed, that's the very reason ID cards were abolished in the 1950s. To quote Lord Chief Justice Goddard contemporaneously:

In this country, we have always prided ourselves on the good feeling that exists between the police and the public, and [the compulsory ID card scheme] tends to make the public resentful of the acts of the police and inclines them to obstruct them rather than assist them.

34 We are firmly of the conviction that the spurious 'benefits' of an ID card scheme, as espoused by the government thus far, are not worth the potential increase in xenophobia and friction between the rich and diverse communities that live in Britain today, as well as between the public and the law enforcement agencies entrusted with our safety.

Abuse of the data held in the National Identity Register

35 We were very pleased to see that the Home Office is finally taking seriously the prospect of potential abuse of individuals' data on the National Identity Register. It is encouraging that, for possibly the first time, a statute imposes responsibilities on Civil Servants, as well as awarding new rights. Previously, we've seen protestations along the lines of "you can trust us!" — such as those we were given during the passage of the Regulation of Investigatory Powers Act 2000 — which we find immensely naïve and frustrating. Whilst none of us would defame the Civil Service by claiming that even the smallest proportion of mandarins would abuse the trust we put in them, it is inconceivable that everyone, out of millions of servants of the state — from Permanent Secretaries to the typing pool at the Isles of Scilly council, from a GP's secretary to the Commissioner of Police of the Metropolis — that every single person is utterly incorruptible.

36 Indeed, we only need look back to the last few days to see stories of public records being abused — as it happens, Home Office records and by one of the groups who are most trusted in their service of the state and who will be granted significant access to the National Identity Register. Within the last week, on July 16, Kable's Government Computing published a story about police misuse of the records on the Police National Computer system. Revelations from the Deputy Chair of the Police Complaints Commission, John Wadham, included cases where officers have misused the PNC to find information on a partner's estranged husband and a daughter's boyfriend; to quote Mr Wadham, "there is a perennial problem of data being sold to private detectives".

37 Our point isn't that such abuses might happen with the National Identity Register; it is that such abuses are inevitable. When the data are so valuable to so many people — as even the most banal personal details often are — it is ludicrous to suggest that noone would ever be tempted to take advantage of them. The Guardian's special feature on the black market in personal information shows how plenty of sources, including the police and the drugs squad, will often provide access to restricted information for the right price. Even the DVLA — who are almost certain to be involved in the administration of the National Identity Register — has admitted selling information about vehicle licence owners to private companies.

38 We believe that talking about two-year gaol sentences is a good start, by way of punishing abuse of the Register within organs of state, given that we appear to be starting from zero. It seems a little inequitable, though, that there is such a profound lack of parity in the possible sentencing allowed by the Draft Bill. Abuse of the National Identity Register by a state official is punishable by two years' incarceration and/or a fine; malfeasance by a civilian, however, is punishable by up to ten years in gaol and/or a fine. To us, whilst improving on the previous chastisement for abuse — a metaphorical slap on the wrist at the most —, there is still room for improvement in this regard.

Purported purposes of an ID card scheme

Prevention of Terrorism

39 Unlike the Home Secretary, who seems unable to decide whether or not ID cards will have an effect on terrorism — often within the same speech —, we are quite convinced they will not. Privacy International put together a detailed study of terrorism and identity cards and found that there is no correlation between a state having an identity card scheme and a reduction in the level of terrorism experienced by that state.

40 Whilst, since the Madrid bombings in March, the Home Office desperately tries to point out that their proposals are more hi-tech (without detailing how the technologies in question will reduce the threat terrorism) than those used in Spain, it remains the case that, of the 25 countries most adversely affected by terrorism since 1986, eighty percent have national identity cards, of which one third incorporate biometric technologies. PI's research was unable to uncover a single instance where the presence of an identity card system in the countries they studied was seen as a significant deterrent to terrorist activity.

41 Furthermore, it is still our contention that an identity card scheme might well exacerbate the problems associated with terrorists using fraudulent identities; a highly-trusted ID card, once forged, is likely to be a powerful tool of anyone seeking to act pseudonymously. Not only this, but it is also worth bearing in mind that terrorists are quite capable of plotting their carnage outside of the UK and entering with a tourist visa, a month or two before their planned atrocity; a means by which they could entirely evade the 'scrutiny' of the government's ID card proposals.

Reduction of benefits fraud

42 That identity cards will prevent benefits fraud is a misnomer. At Scrambling for Safety 7, hosted by the LSE in October last year, Richard Kitchen of the Department of Work and Pensions mentioned that only 15% of the roughly £2 billion lost annually to fraud includes an initial motive to defraud. Of this, only a small amount involves deception of identity — as opposed to deceptions of income, capital, health/ability or family circumstances.

43 The overwhelming majority of benefits fraud cases would not be ameliorated by the introduction of identity cards as almost all incidents are cases of understated income and capital — inadvertent or deliberate —, which would be wholly unaffected by the introduction of an identity card scheme. Similarly, when the Australian DSS estimated benefits overpayments, during the "Australia Card" débâcle in the 1980s, they calculated that a grand total of 0.6% of overpayments were down to false identities. Similarly, when Michael Howard suggested the introduction of an identity card scheme here in the UK in 1995, the DSS argued against it for exactly that reason — that it would not have a noticeable effect on benefits fraud in the UK.

44 Another of the more tabloid concerns regarding the benefits system is that illegal immigrants "sponge off the state". Again we may learn from the Australia Card experience, where the Joint Parliamentary Committee found that the real extent of illegal immigrants collecting government benefits was extremely low. A mass data-matching episode, to determine the exact number, showed that, from over 57,000 overstayers in the state of New South Wales, only 22 were found to be receiving unemployment benefits — out of a state population of five million. The Department of Immigration and Ethnic Affairs had "grossly overexaggerated" this figure thirtyfold; to quote the inquiry, "the estimates for illegal immigrants were based on guesswork".

Reduction of identity theft

45 Despite the Home Office's recent headline launch of their website on the matter, we have still yet to see any evidence that "more than 100,000 people are affected by identity theft in the UK each year, costing the British economy over £1.3 billion annually", to cite the Home Office's recent press release (reference 232/2004). We have yet to see any police figures on the subject or, indeed, any mention of quite which crimes are being conflated into this convenient headline. We certainly remain to be convinced that the best solution to an issue that, two years ago, most people had never heard of is to throw several billions of pounds, raised through regressive taxation, into a scheme that will eventually mandate every individual to carry an ID card.

46 Des Brown states, in press release 232/2004, "having your identity stolen is very traumatic — it can take some victims up to 300 hours to put their records and their lives straight". We don't doubt that this is the case for some victims. Assuming a stolen credit card is being counted as identity theft, which seems to us the only way a figure of £1.3 billion can be reached, then it can also take all of half an hour on the telephone.

47 To us, however, the main problem that really deserves the title identity theft or identity fraud — where someone maliciously attempts to steal an individual's identity in order to acquire their credit rating — is quite simple to deal with. It strikes us that, under the Data Protection Principles, it is the responsibility of the Credit Reference Agencies, in their rôle as Data Controllers, to ensure the accuracy of the information they store in their databases — all the more so given their entire business model is to collect these data and sell them on (or sell on the results of analyses thereof) for profit. If Credit Reference Agencies are touting incorrect information about an individual — and harming their (financial) reputation in the process, this seems like a clear-cut case of defamation and libel. If the government were truly worried about the effect of such fraud on the state of the economy, rather than wanting to be seen to 'be doing something', we contend that it would enable and assist individuals in pursuing these Agencies for the tort of defamation. We believe that with this might also provide the Credit Reference Agencies with just the incentive they need to ensure that the scale of the problem is dramatically — and rapidly — reduced.

48 One point we would like to make again, however, is that we were impressed with scoping studies mentioned in the Green Paper Entitlement Cards and Identity Fraud — to create a public sector analogue to the CIFAS database and the HUNTER service and to develop registers of stolen identity documents and of instances of identity fraud — are both very sensible-seeming measures. Tightening up on existing procedures is likely to prove much less expensive and much more valuable than pie-in-the-sky ID card schemes that would fail to meet even the most unambitious of targets. We believe they would all be both more efficacious and less privacy-intrusive than most of the other proposals in either consultation.

49 Another way in which the government could reduce the risk of individuals suffering the trauma and destruction of identity fraud would be to sponsor a media campaign advising people how to avoid some of the more common ways in which people become the victims of identity theft. Several relatively simple steps people could take would make it much less likely that they would have their identity stolen, such as destroying bank statements and credit card bills, rather than disposing of them with their regular household waste. Basic messages such as these could reduce the risk of people enduring the stress and pain of identity theft.

Countering illegal working

50 We are still highly sceptical that identity cards will have anything other than a negligible effect on illegal working. Despite increasingly punitive measures, introduced in successive enactments on the subject of immigration and asylum, there will always be unscrupulous employers who are neither interested nor concerned as to the legality of their employees; turning ourselves into "Fortress Britain" didn't dissuade the employers of illegal cockle-pickers in Whitby Bay and we don't believe it has had any real impact on illegal casual labour, for example.

51 As casual tourists will still be able to enter the country without a Card, we believe that those who wish to overstay their visa will manage to do without a problem — and that there's little that legislation can do to deter people desperate to better their prospects. As we've mentioned before, the very idea that the driver of a transit van might pull up to a group of young men waiting on the kerbside at dawn and pause to ask for their ID cards is risible. By their very definition, black markets operate illegally and have done ever since markets were first regulated; one more obstacle for such employers to evade is unlikely to keep them awake at night.

52 Despite the apparent blatancy of these arguments, Home Office ministers seem obsessed with this fallacious sophistry. From Lord Falconer, in January 2003, to Beverley Hughes in December (below), to David Blunkett himself in April, we read ministers' utterances such as:

Through identity cards, the Government is determined to put Britain at the forefront of international developments in the use of biometrics to protect our citizens from identity theft and to prevent abuse of our immigration system.
… By using biometric data, linked to a national database, we can provide a modern, secure means of confirming identity, helping us to crack down on identity fraud, immigration abuse, illegal working and organised crime.

Specific consultation points

Proposals for a National Identity Register (clauses 1–3)

53 Whilst the restriction that the scheme can only be used for the purposes set out in this section are certainly warranted, they do not quell our concerns regarding the scheme in general. The whole concept of a National Identity Register seems somewhat privacy-invasive, though, particularly given the lack of a codified privacy right that we have here in the UK. We would be much more comfortable were there the kinds of guarantees that one sees in the German constitution.

54 There are numerous problems with the seemingly-simple list of registrable facts. Some of these problems are quite fundamental — clause 1(4)(a) specifies that an individual's "identity" is registrable, but makes no attempt to define this somewhat nebulous concept.

55 Similarly, an individual's "full name" is registrable; in Common Law, though, we have no concept of a single 'official', 'real' name. As we mentioned in our submission 18 months ago, many people have several 'real' names — from the obvious (Ms Cherie Booth, QC, being the same person as Mrs Cherie Blair; Priscilla White being better known as Cilla Black) to the less obvious (a post to UK Crypto last November showed one individual subscribed to that list is widely known by at least 12 names without even deliberately seeking to use an alias). There is evidence even simpler than that, though, in that some organs of state — notably the police — are very uncomfortable with the idea that people might not use their first forename. The UK Crypto post mentioned that the subscriber's son was stopped for a minor motoring offence and produced his driver's licence in the name Calum Niall T——, yet was arrested for giving a false name to the police officer when his passenger addressed his as Niall, rather than Calum.

56 This is even more of an issue in the multilingual, Celtic countries of the UK and amongst ethnic minorities where a different alphabet might have been used to name an individual. English-speaking public servants often have trouble with the spelling of Celtic analogues to English names (is it Luc or Luke; Padrig, Padraig or Patrick; Siarl, Siarls or Charles; Tomos, Tomáis or Thomas?), or even just the homonyms that occur with the various Celtic languages (is an individual's name spelt Shaun, Sean, Séan or Siôn; Ieuan, Iwan, Euan, Ewan or Ewen?) or ethnic minority languages (is it Mohammed, Mohamed, Muhamed or Mohamet?). There is no particular reason that an individual should prefer one spelling over another — particularly given more than one might be more appropriate in different contexts —; the imposition of one standardised form by the National Identity Register would not only be churlish but also could prove rather inconvenient for individuals who have to deal with these multiple contexts.

57 Another concern we have is that the inclusion of subjects' address information in the Register could allow assumptions to be drawn over living status and pose particular problems for individuals of no fixed abode — yet again further marginalising a disadvantaged section of society. Not only this, but imposing a requirement that every individual in the UK inform the Home Office of a change of address seems particularly onerous, especially when one considers that 70% of the population of London moves every year.

58 Clause 1(5)(d) requires individuals to register "physical characteristics of his that are capable of being used for identifying him". One assumes that this is intended to mean biometric data, an issue on which we have commented already. As we suggested earlier, that these data are registrable is a problem in and of itself, but having to keep these data up to date proves even more problematic.

Proposals for the issue of ID cards… (clauses 4, 5, 8–10, 12, 37)

59 Having considered, at some level of detail, the proposals made by the government, we and a great number of our correspondents remain opposed to the issue of ID cards and remain to be convinced by the government exactly why the cards are wanted and what purpose they will serve. Furthermore, attempts to introduce identity cards by stealth, through the 'back door' — such as in clause 8(6) — which requires that every application for a Designated Document be accompanied with an application for an identity card strike us as particularly offensive.

60 Concerns must be aired over the proposal that Civil Servants and/or private company employees may require, without any safeguards or proposals to reimburse free citizens, the attendance at a registration centre, at any time or location. We believe that a sufficient number of these centres must exist — at least if the registration and initial dataset is to be accurate — and must be suitably staffed to cause as little inconvenience as possible.

61 That the Secretary of State could be empowered to require any such information as he so pleases causes grave concerns amidst our correspondents; we feel this power, from clause 5(5)(d), is far too vague and exceptional wide-stretching.

62 The biometric technologies deployed on the card — and we implore the singular; that there be only one type of card — must be uniform for all those issued. Considerable differences occur amidst the types of biometric and any change mid-project — as permitted within the proposed legislation — would cause significant and unacceptable expenditure of public funds which, we contest, would be used far more prudently than 'rescuing' another failing Home Office project.

63 We would welcome revision of the Draft Bill to specify categorically which biometric identifiers will be deployed, thus defining the programme, rather than one that could potentially alter mid-project or as the team feels appropriate. We contend that any such changes to the scheme must require full Parliamentary scrutiny — the sort that is most commonly seen through the debate of Primary Legislation. As we have mentioned elsewhere in this document, however, we do believe that each of the biometric technologies is inadequate for the purpose.

64 Again, commercial confidentiality is being deployed to prevent details being released into the public domain — in this instance with regard to the recording of data in clause 8(2) "in an encrypted form". Such absence of detail hinders independent analysis regarding such aspects. We don't object to the use of encryption per se, as we feel it's important that data-users (such as employers and service providers) should not be able to access data about an individual that is not relevant to their purpose — an individual's GP should not be able to read about that person's tax returns, for example.

65 We do believe quite strongly, however, that all the data on an individual's should be accessible to the user, with suitable, non-specialist equipment. If data are sensitive enough such that some data-users should not have access to them, such as health or tax records, they should not be on the card — indeed, we content they should not be in the National Identity Register at all.

66 Of the whole identity card scheme though, we do feel that if one part must be implemented, there is a wasted opportunity in digital certificates. Queen Anne's Gate's lack of consideration for digital certificates, such as with the Belgian example, potentially demonstrates an inherent weakness that may gravely hinder the usefulness of an identity card for users seeking to access government or private-sector services by telephone or over the Internet; of the whole principle of the identity cards proposals, this is about the only section where we would urge serious consideration of the proposals.

67 For those mandated to carry a card under the powers proposed in clause 6, we have great concerns that the onus of renewal falls on the oppressed individual, rather than the issuing authority. We note that the Home Secretary requires complete data upon renewal, but we fail to see any clause mandating the data-managing body to disclose such information already held: in this respect, our comments above concerning encryption appear more prominent.

68 Again, due to the lack of detail provided in the Draft Bill, we cannot fully envisage the stages proposed for the actual issue of the documents. Clause 10 sheds very limited light on the matter unless the Home Office itself does not yet know.  Again, on such crucial issues, the matter ought to be discussed by Parliament, in the form of proper clauses within the Bill, not just the option for the details to be decided at a later date, with poor scrutiny.

69 We believe clause 12 — concerning notification of a change of details — is far too vague and far-reaching. Would it be the case that, say, a kitchen accident that slices through one's finger, thus altering one's fingerprint biometric, must be reported to the Secretary of State? Again, we see this will fall to the Secretary of State, with no explicit permission for him to delegate these powers — surely the Home Secretary has more important things to consider than, to continue our example, kitchen accidents? Both the phrase "prescribed change of circumstances" and the specific kinds of notifiable circumstances themselves must clearly be defined in the primary legislation; our correspondents note that there is no onus on the Secretary of State to incorporate such information within the dataset.

70 The imposition of financial tariffs — essentially a poll tax — for the card causes significant concerns to us and our correspondents. A popular figure suggested has been around about the £80 mark. For some people this may represent unwelcome expenditure, for many, it's an amount beyond reach, although we do recognize the proposal for a reduced rate. Whilst levies are imposed on driver's licences and passports, neither of these is an essential document. Admittedly, some people may not need an identity card straightaway, but for the majority of the citizens within the UK, they will need to find, from somewhere, the funds to procure this item; including, we assume, those whom the Secretary of State has ordered to possess the device.

71 That a fee may be charged for informing the Secretary of State of changes in circumstance is, quite frankly, a notion we find ridiculous — and, again, some people may not be able to afford the expense of informing the Secretary of State that oil has burnt away aspects of their fingerprint; as it stands, there is a fee levied for informing of a change of data and a fine levied for not; only one of these two operations being chargeable would certainly seem an improvement. Again, from these subclauses, we feel that Queen Anne's Gate have, unfairly, with forethought and intentionally, steered people towards their preferred administration option — that of an Executive Agency.

72 A clear absence of any mention of the Data Protection Act's Subject Access fee in this section of the Bill cannot go uncommented.

Data sharing … in order to issue identity cards (clause 11)

73 Whilst we understand the principle of requiring data-sharing in order to guarantee the identity of the individual applying for (or being forced to apply for) a Card, the actual wording of clause 11 is such that we object quite strongly. As the wording currently stands, the Home Secretary can require absolutely anyone to provide just about any information about any applicant, with no requirement that the data be relevant or accurate. We would very much like to see this clause be redrafted.

Disclosure of information without consent… (clauses 20–24)

74 The clauses relating to disclosure of individuals' data from the National Identity Register without the consent — and, in some cases, knowledge — of the data subject affronts us considerably. We notice the safeguards offered to the citizen under the Regulatory of Investigative Powers (RIP) Act are not present within this Bill, again an issue of concern to us and our correspondents.

75 We believe that the Home Secretary's powers under clause 20 ought be subject to judicial review, even if such hearings were to occur in camera. Furthermore, were are unable to establish the reasoning for the Intelligence Services to be granted access to just any retained data they would like, including for example, the audit logs of when an individual's card has been accessed, which would allow someone to build up a profile of every government service used by an individual; that the Secretary of State feels it appropriate fails to convince us.

76 Similarly, we must express concerns over authorised access to the Register — apart from the access logs — by the police, even when they are investigating "crime", rather than "serious crime", under the definitions contained within RIP. That even access logs may be made available to the police by order of the Home Secretary causes concern amidst our correspondents. Additionally, similar comments may be made when considering the Commissioners of the Revenue Office and those of Customs & Excise; the powers granted under clause 20(4)(d) warrants grave concern.

77 The number of Directorates, Agencies and Bodies affiliated, reporting to and under control of Queen Anne's Gate is quite exceptional. We can envisage the potential for gross invasions, in absentia, of individuals' privacy and civil liberties within the powers proposed by clause 20(5). We feel that, as currently worded, it is far too vague; the data within the Register could, unintentionally, colour the judgement of an officer within the Prison or Probation Service, for example.

78 We observe an anomaly within the Bill regarding Social Security benefits; whilst granting disclosure to those agencies concerned with benefits in the Six Counties, we have not observed such dispensations to the Department for Work and Pensions. We note those granted to the Commissioners of Inland Revenue with regard to National Insurance aspects. We are curious as to the purpose of this apparent omission; we would certainly hope that any powers given to Organs of State regarding an identity cards scheme be done in this Bill, rather than making use of extant — and separately-regulated — powers in the Social Security Fraud Act 2001, for example.

79 Concerns must be aired having considered the disclosures permitted within this Bill, in clause 20(7)(a), under section 17(2) of the Anti-Terrorism, Crime and Security Act 2001. These pertain to just about any criminal proceeding, in any jurisdiction; we believe this grants further disclosures that are, quite simply, far too vague.

80 We also with to express caution, under the provisions of clause 20(8) that those granted disclosure may, within the scope of RIP's "serious crime", be privy to access logs, which, as we've mentioned above, provide a worryingly detailed amount of information about what an individual might have been doing and which services an individual might have been accessing.

81 The privacy-invasive nature of these access logs is difficult to overstate; it doesn't take an enormous amount of deductive powers to determine that someone who has had to present their ID card in order to access services at a clinic of genitourinary medicine might recently have suspected having contracted a sexually transmitted disease, for example.

82 Our correspondents have suggested to us, that the disclosure — of any and all data — to the Designated Documents Authorities — may cause unacceptable invasions of people's privacy, including, for example, the potential of the DVLA, on application for driver's license renewal, examining when the data subject visited his GP, via the audit trail.

83 We are uncertain of the intentions of the Home Office with regard to the offices named under clause 20(2) and aspects of delegation; we expect that these senior officers will personally be undertaking the duties given the absence, within the Bill, of authorisation for the subordinates within these organisations to exercise such functions. We note that if these officials were to undertake such rôles a prima facie offence would be committed.

84 'Fishing expeditions' or speculative examination of the database, must not be permitted within the legislative framework. A safeguard against this will offer reassurance to citizens, particularly minority groups. We believe it quite important that this be expressed explicitly within the Bill and that penalties for contravening this policy much carry a suitably onerous deterrent.

85 We are highly disturbed by the powers granted to the Secretary of State by clause 21(4). We believe that the ability to alter these parts of the Draft Bill is too far-stretching to reassure citizens that there is no direct and immediate threat to their civil liberties. That the Home Secretary can alter the structure and requirements of the National Identity Register (which, in itself, could represent technical issues) arbitrarily, without proper oversight from Parliament, concerns us quite deeply.

86 Regarding transnational, intergovernmental Identity Register data-sharing, we note there are no safeguards within the Bill to prevent such situations occurring without the knowledge and consent of the individual. The provisions of the Anti-Terrorism, Crime and Security Act do not apply to programmes, including, for example the airline passenger profiling CAPPS II plans, Sirene UK or the Schengen Information System II: we would be keen for such 'loopholes' to be covered within Primary Legislation.

87 We are a little concerned by the provisions of clause 22. Whilst part of the point of the identity card scheme appears to be to ensure that the numerous State databases on individual citizens are correct and up-to-date (though this comes to the issue of multiple names in multiple contexts, again), which we welcome as a wise side-benefit of the scheme, even though we do not support the scheme itself. We do worry, however, as it seems easy to envisage the proliferation of incorrect data occurring within the guise of correcting ancillary departmental and agency databases without the opportunity for the individual to comment and correct such mistakes.

88 Clause 24 of the Bill appears to grant further powers to the Home Secretary to be able to disclose to whichever organs of the state he feels appropriate, without the consent of the individual and without the opportunity for oversight — be it judicial, Parliamentary or otherwise. Existing mechanisms, through the RIP Act, for example, enable authorised oversight mechanisms and provide the reassurance of a senior official or independent judge's signed warrant. Stand.org.uk believes the incorporation of judicial oversight is quite important, with regard to any disclosure in the absence of the individual's consent.

Oversight (clauses 25–26)

89 Stand.org.uk believes that oversight for the proposed scheme is an essential and integral aspect of this programme. We believe that such oversight ought adequately to be funded to enable functionality, credibility, independence from the Executive and accountability to the population at large, via Parliament — particularly through the Select Committees. We are disturbed to discover that Queen Anne's Gate seem reluctant to enable proper and independent scrutiny on the face of the Draft Bill.

90 We maintain that the appointment by the Prime Minister of a Commissioner under assumed prerogative powers, as proposed within the Draft Bill, is an affront to the independence of the Commissioner, particularly when we read that the Prime Minister, within the proposed legislative framework, is entitled to suppress aspects of the annual reports. We would be keen for an independent body to make suggestions, with the Commissioner being appointed by Letters Patent.

91 Regarding the functions of the Commissioner, we feel that the Secretary of State's actions are not subject to a real level of scrutiny, merely "the exercise … of his powers". We feel the Commissioner ought be able to examine the actions of the Secretary of State should he, through no fault of his own, act outside the scope of the legislation. Additionally, we would anticipate that "under this act" covers the supplementary Orders and Secondary Legislation that the Enabling Bill will create.

92 We are also uncomfortable with the distinctions made within 25(3); we wish to express our anxiety that this clause will not permit thorough scrutiny. Firstly, we feel that the distinction between officials (who will be covered under the terms of the act) and those of advisers (be they special advisers, policy advisers or ministerial advisers) is significant and must be enshrined within the legislation. Secondly, we believe the Commissioner must be able to examine information from all departments — including their affiliated Executive Agencies, quangos, Task Forces and the like — and not just those of the Secretary of State, but the other departments that will make use of the NIR and the card. We assume that the Commissioner will be reliant on Permanent Secretaries' Certificates to ensure he has received full disclosure.

93 Recruiting the Commissioner from the Bench causes us, and the public at large, significant difficulties. Despite noble intentions to reform the Judiciary, the feeling at large — particularly after some of the criticism of Lord Hutton's recent report into the Dr David Kelly affair — seems to be, fairly or unfairly, that such Establishment figures look after themselves and 'their kind'. Also, we believe there is a certain lack of foresight here, particularly with reference to the Appellate Jurisdiction Act 1876 and the Lord Chancellor's plans for reforming the legal system and the proposed introduction of a Supreme Court, which would, almost certainly have ramifications on these Acts.

94 The very nature of the candidate, that he "holds or has held high judicial office" could immediately alienate him from younger members of the community. Not only this, but, as we have pointed out before, the conventional wisdom that retired judges make good commissioners has been shown to conflict with the kind of media exposure that the public should be able to expect from such a position. Whilst we understand that the purpose of a Commissioner is to report to Parliament, there is an important rôle to be played in assuaging public concern over the implementation of legislation; the public visibility of the Interception Commissioner, for example, Sir Swinton Thomas, has been criticised on several occasions by groups interested in issues around the Regulation of Investigatory Powers Act, as we mentioned in our response to the Home Office's consultation on the Statutory Instruments a little over a year ago.

95 The Commissioner's access to funds worries us also; again, through lack of detail. We would be content for the funding to make provision for an office and staff, receiving such public monies via the usual methods, such as the Finance Act. We must comment that it would be entirely unacceptable if the Commissioner were unable to exercise his duties through lack of funding; we would envisage measures be introduced to protect the office from such potential problems. We believe the choice of staffing the Commissioner's office should fall not to the Secretary of State, but to the Commissioner himself, with oversight courtesy of the Public Accounts Select Committee and the National Audit Office.

96 Our correspondents have noted that the Draft Bill makes no provision for the Commissioner to have such powers to enable the investigation of complaints raised by members of the public. We find this prospect highly offensive and believe this oversight must be remedied before a Bill is taken to the House. The Commissioner must be empowered to act upon complaints from the public — the data subjects — and have the resources to be able to investigate and, where necessary, bring forward criminal prosecutions where there has been negligence or unlawful activities — as detailed within clauses 29, 31 and 32 — by officials.

Most of my European counterparts, the data protection commissioners in other parts of Europe, when they do have identity cards, have the power to march in and carry out an inspection on the existing identity card systems in those countries which are less developed than those we are talking about this afternoon.

98 We welcome the addition of such powers to the Information Commissioner's rôle, to aid in the exercise of his duties. Additionally, insofar as they can function in parallel, we suggest such abilities be granted to the proposed Identity Scheme Commissioner. However, should this prove unpractical, we would implore the Information Commissioner's influence be extended rather than the creation of a further tier of Bureaucracy — at least with regard to Data Protection.

99 The independence of the Commissioner, we feel, will become a vital step in ensuring the credibility and success of the office. We believe it is important that whoever fills this position should be someone who is demonstrably independent of — and has work rarely with — the Home Office and the organisations mentioned within clause 20(2) of the Draft Bill. We note the absence of a complaints procedure regarding the Commissioner himself; although we do not envisage that many people would need to make a complaint about the Commissioner, we do believe such a process could be a matter worthy of consideration without forcing individuals to seek remedial action under the Human Rights Act or the process of judicial review.

100 An ability to review the somewhat draconian decisions made by the Secretary of State, under clause 6, by the Commissioner, would be a much welcomed step. The ability for the Commissioner to sit in a judicial capacity would be welcomed, as would the opportunity for the Commissioner to refer, perhaps through established legal practices and writs, more complex cases to the Courts, so that they might exercise the judicial function on whole.

101 Reporting is a vital element of the Commissioner's rôle; we are quite alarmed to discover that, under practically any circumstance, the Draft Bill permits much of his report to be suppressed. We welcome the notion of regular reports; we feel annually would be a suitable interval, with, of course, the option to present an interim reports or to answer questions within Parliament, should either prove necessary. Whilst we understand the desire that the new Commissioner's report be presented to the Prime Minister in the first instance, we do not believe that there is really sufficient prospect of a threat to national security pertaining to the identity card scheme that could justify the powers of redaction granted to Number Ten or even that the report should not be presented directly to Parliament, for Parliament to publish as it feels fit.

Criminal offences and civil penalties (clauses 27–36)

102 The definitions of the crimes seem overly broad — potentially, someone could be gaoled for ten years for using false ID to buy alcohol whilst underage. Whilst some might consider such a penalty just desserts, we believe it would bring a whole new level of authoritarianism to our Statute law and find the idea wholly unjustifiable.

103 We are also concerned by the apparent oversight in clause 27(3); whereas the first and second parts of clause 27 include a requirement for mens rea to be proven before an individual may be convicted of a crime, no such requirement exists in this third part. If this omission is deliberate, we oppose its inequity quite strenuously; "without reasonable excuse" is not quite the same thing. The concept of demonstrating intent is a recognised failing of the Computer Misuse Act 1990; we believe this is something to be rectified in this Draft Bill, not brought across into it.

104 That the Home Secretary can, again, alter Primary Legislation on a whim — in all but name —rears its ugly head in clause 28: we must clearly state that for the Secretary of State to alter the documents that will form "official ID", at will, without Parliamentary oversight, fails to comply with democratic concepts.

105 The omission of punitive and preventative measures to protect a scandal similar to those of the late Dr Harold Shipman — namely the issuing of death certificates, for financial gain — has not escaped comment. We are reminded of the 'zombies' in India — those who have been declared dead, by the state authorities, to the benefits of their malevolent relatives: we see no measures to prevent similar identity theft. Whilst we do not expect this to be a large-scale problem, it seems a distinct oversight, particularly when this Bill is meant to introduce measures to prevent identity theft, as well to introduce an identity card scheme.

106 Unauthorized revelations of data from the National Identity Register, by persons other that those mentioned in clause 29, is a cause for concern; it appears that, in some cases, the Computer Misuse Act will not always apply. Additionally, the failings of that Act and its age represent further problems.

107 'Tampering with the Register', clause 31, highlights an issue we have touched on already: the failings of the Computer Misuse Act which we, and our correspondents, feel is long overdue for reform, particularly given the phenomenal developments within the online and information technology industries over the last decade. We fail to have discovered the provision for a Statutory Instrument or Code of Practice that defines a "National Identity Register Computer". The anomalies between mission-critical set-ups — Air Traffic Control, for example — and the 'non-essential' Identity Register have, additionally, been commented on by concerned correspondents; some such actions are also covered by counterterrorism legislation. We look forward to reading the Home Office's proposals as to how the infrastructure should handle Denial of Service attacks — both on the Register itself and its infrastructure.

108 We would welcome the opportunity to present opinions on read-only 'tampering' of data within the National Identity Register — despite the Government's oversight of proposals in this area. Reading the Draft Bill, it would seem that hacking into the database in order simply to read someone's data, rather than to edit it, is not rendered an offence under this Draft Bill.

109 The proposed exercise of judicial powers by the Home Secretary, within clauses 33 and 34, have caused abhorrence and disgust within Stand.org.uk and our correspondents; it remains contrary to the sound Division of Powers, as well as likely falling foul of the Human Rights Act. We vehemently object to the proposal of the Secretary of State being able to increase fines for those objecting, on appeal. Should the Secretary of State find that he wishes to impose financial burdens on individual citizens, we suggest he consults Erskine May with regard to Private Bills.

110 We find the proposal for a Code of Practice regarding penalties to be a half-hearted attempt to pacify on first sight. Until such a time as Codes of Practice become legally binding upon the Home Secretary, we must insist that such duties become enshrined within primary legislation. Furthermore, the exercise of judicial functions must occur within a court, and not at Queen Anne's Gate.

Wider identity fraud issues (clauses 27–28)

111 We have dealt with the subject of identity fraud elsewhere in this document. We do have a few other comments to make, however. Our main outstanding concern regards the issue of immigration and asylum. Given Queen Anne's Gate's predilection for making it increasingly difficult for asylum seekers to enter the UK, regardless of our international obligations on the subject, it came as little surprise to us that the Home Office appears to have given no consideration to the frequent need for asylum seekers to acquire false papers in order to flee their country of residence. At the very least, we would expect to see an explicit exception made for this circumstance.

The power to set a date for compulsory registration (clauses 6–7)

112 Both our correspondents and the collective authors have considerable problems in particular with these clauses. The erosion of personal and civil liberties by this clause, including its far-reaching powers, will eventually pave the road for mandatory ID cards for all — contrary even to Cabinet Agreement, insofar as we can gather. The authoritarian aspects of these clauses could certainly invoke mass hysteria and upset community relations, particularly if a more extreme government were to be elected. We can't help but think of the sentiments expressed by Pastor Martin Niemöller.

113 We feel most strongly that introducing the card by compulsion ought to be a matter for separate legislation and not implemented by Order. If the Secretary of State wishes to require an individual group — say British Moslems, for example — to register with the card scheme, we believe it should be covered by a new Act, rather than Statutory Instrument; this would allow Parliament fully to deliberate on the issue, permitting a suitable level of scrutiny for such a profound change in the relationship between the citizen and the State.

114 We also believe that Westminster must respect the wills of the Devolved Legislatures, which will have a far greater understanding of their communities and greater expertise to act in the interests of their constituents.

115 That the Secretary of State may make Order — without recourse to appeal or judicial oversight, save those enshrined within the Human Rights Act — has implications on those unable, through no fault of their own, to register for the proposed biometric scheme, should they be impaired.

116 The proposed civil penalties strike us as extreme and unfair, particularly given the absence of an opportunity — within the framework — for appeal. The imposition of a scale of financial measures will hit those least able to afford; often those who are most reliant on the public services for which the government would like to require presentation of identity cards. We are of the opinion that persistent offences to register, when ordered, ought to be a criminal offence carrying a suitable gaol term, rather than the curious system of financial penalties set out in the Draft Bill.

117 We express concern on the report that the Secretary of State would be obliged to present to Parliament under clause 7(2)(b). We believe consultation adherent to the Cabinet Office's guidelines must occur, presenting a balanced and reasoned set of arguments, presenting all cases for the situation — and not just those favourable to the Party or Queen Anne's Gate.

118 The delegated powers, under 7(3), to any Minister of the Crown cause slight concerns for us. We feel that such demands — for individuals to be required to register for identity cards, and becoming a mere datum — must fall within the remit of the Secretary of State and not some Junior Minister from an unrelated department who, in a careerist moment, may fall victim to base tabloid populism.

119 Grave solicitude must be aired regarding the proposed deployment of the 'super-affirmative Orders'. That the procedure warrants its own terminology — and novel, imaginative, maverick and innovative thinking — causes us to have doubts and consider that the standard approach — of a separate enactment and full Parliamentary debate — would be preferable to this conceited, contemptuous of Parliament proposal.

The power to make regulations… (clauses 15–19)

120 Stand.org.uk is not, on principle, opposed to Secondary Legislation. We recognize that it can provide a useful and practical step in legislation. We object, however, to secondary legislation and regulations being deployed in instances where particular issues would benefit from full Parliamentary scrutiny.

121 Significant amounts of the Bill, as currently drafted, lack detail, forethought and a clear statement of purpose and intent. We believe that this is an unacceptable situation, particularly with regard to the details proposed. It is our conviction that this is intentional and that the Home Office would like to keep the Draft Bill light on detail so that their preferred option — putting an Executive Agency in control of the programme — ends up being the option implemented.

122 Notable concerns can be expressed throughout clauses 15–19. We see anomalies in the relationship between free citizens and those on whom the Secretary of State has imposed a requirement to register for an Identity Card. Clause 15(2) creates a clear barrier and a suspicion of guilt that any free-thinking person would find morally repugnant. We have yet to find a correspondent or organisation who finds this clause acceptable. Furthermore, it appears, on the surface, that many organisations will use this clause to require individuals, regardless of whether or not they have been required to register under clause 6, to carry identification in order to access public services — including essential services.

123 We welcome the sentiments expressed within clause 17(5), insofar that the procedures for Primary Legislation consultations are appropriately applied, given that we believe, quite firmly, such aspects ought to be enshrined within the Primary Legislation in the first instance, if at all.

124 Concerns must be aired upon examination of clause 19: we feel the measures proposed will, essentially, lead to the requirement of the Identity Card — at least in relation to public services — once the rollout of the scheme is more advanced. Furthermore, we can envisage, as a result of the powers awarded to the Home Secretary by this clause, the enactment of further legislation requiring presentation of mandatory ID cards, something we find wholly unacceptable.

125 We also believe that clause 19(2)(c) could further discriminates against those groups the Secretary of State has compelled to obtain such card, forcing those individuals to present their Identity Cards on demand, rather than, say, an alternative device that establishes (and demonstrates) their identity.

126 For clarity's sake, we have left all our comments on Devolution issues to the following section, even when they might seem more appropriate here.

Proposals on the application to devolved regions (para 2.78)

127 Dealing firstly with the powers specifically devolved in the Draft Bill; in reference to clauses 17(3) and 18(4), which requires the Devolved Governments to ensure that the person proposing "powers to make public services conditional on identity checks" or "powers to provide for checks on the Register" has taken "such steps as that person thinks fit" to ensure the public are aware of the changes and consulted about them. We are concerned that this doesn't really prescribe (or proscribe) any particular steps. We would very much like to see a reference to the Cabinet Office's Code of Practice on Written Consultation and believe it imperative that these, at the very least, be applied to draft regulations under these sections, given the lack of detail in the enabling legislation.

128 The main problem, from the Home Office's point of view, about the impact of devolution, is that the two devolved bodies that currently meet (given the suspension of the Stormont Assembly) both seem to be opposed to the implementation of any aspect of an ID cards scheme in their countries. Like us and our supporters, neither the Lib–Lab coalition in Scotland, nor the Llafur government in Wales seem to have been persuaded of the purported advantages of such a scheme; we would, of course, suggest that this is because the advantages espoused by the Home Secretary are illusory, as we have detailed in the preceding section of this document.

129 Given that the implementation of any real part of this legislation, other than requiring individuals to acquire Cards and to allow themselves to be entered onto the National Identity Register, is down to public services in devolved matters. If the Welsh NHS, Gwasanaeth Iechyd Gwladol, chooses not to require service-users to present identification documents before service provision, then it would be ultra vires for Westminster to insist otherwise. If the Scottish Parliament has decided that universities do not need to require the presentation of identity documents by their students, it is beyond the legislative competence of the UK Parliament to decide otherwise.

130 A further complication in the devolved countries is that all three are multilingual, for example, the Welsh Language Act and Article Ten of the European Charter for Regional or Minority Languages require that public administration in Wales be bilingual, including the use of Welsh. At the moment, passports are bilingual English/French — the Home Office has claimed previously is due to ICAO regulations, though we note that Irish passports are trilingual (Gaelic, English and French), Swedish passports are bilingual (English/Swedish), Indonesian passports are bilingual (English/Bahasa), that the ICAO only requires one of English or French to be on a passport and that nothing prevents a passport being trilingual on the face.

131 As more than one of the authors of this report is a Welsh-speaker, we would be very disappointed should identity cards be introduced in Wales without the Welsh language being on the face of Welsh cards. Similarly, we believe it would run counter to the spirit of the European Charter should Scottish cards not, at least, be available in Scots Gaelic and cards issued in the Six Counties not be available in Irish Gaelic and/or Ullans — the status of these languages being guaranteed also by Belfast Agreement of 1998. So long as the layout is consistent across each type of card, we do not believe this would pose insurmountable problems for monolingual government officials or policemen, for example. The richness and diversity of our society in the UK is an immensely valuable part of our cultural heritage and any measure by central government that could damage that, no matter how unintentionally, should be resisted with fervour.

132 As we mentioned in our preamble, we are also disappointed that, given that some of the potential problems with the scheme only apply to the devolved countries, this consultation was only taken in the English language. This seems, to us, to be yet another attempt by the Home Office to stifle informed debate on the subject of identity cards more generally.

133 Possibly the most serious problem with implementing identity cards across the United Kingdom, however, might be that some interpretations of the legislation could be seen as being in contravention of the 1707 Acts of Union. The Acts of Union between England and Scotland, which were an international treaty between two independent states, present restrictions to changes in the private law of Scotland; it has certainly been claimed that some of the provisions of the Identity Card scheme would change the private law of Scotland, most notably the implicit abolition of the Common Law right of an individual to use the name of their choosing in the context of their choosing, a right also held in English Common Law.

134 Another relatively obvious issue that pertains only to one of the four countries of the UK is that several agreements governing the relations between Éire and the UK regarding the Six Counties of Northern Ireland accept that residents of Ulster may choose to bear either Irish or British citizenship. Given that the Home Office is intending on phasing in the requirement to carry an identity card — European legal issues and the Ireland Act notwithstanding — for non-British citizens first, this could produce an intriguing sectarian issue in the Six Counties, where Six Counties-born Irish citizens (mostly Republican) would, theoretically, be required to possess an ID card, yet Six Counties-born British citizens (mostly Unionist) would not.

Options for a governance structure… (para 3.11)

135 Our principle concern regarding the governance of the scheme is that, regardless of which option is taken, the governance ought to be accountable and relevant to the public — we who will be subject to this new scheme. We have concerns over reliance upon judicial review, the Human Rights Act and Commissioners — a great many people are, through no fault of their own, unable to afford such remedies; legal action is expensive and financial support, particularly Legal Aid, is dwindling.

136 We would be most content for the scheme, as proposed, to be shelved; however, the consultation paper seeks comments regarding "possible governance options". It is our opinion that such a scheme ought to be implemented in a mould that brings into it accountability and true democratic processes. As we mentioned above, the Home Office's record on IT projects, we feel speaks for itself: we would not be in favour of such a scheme to occur with a project that will, despite all appearances, affect all citizens of the UK.

137 We do not feel that governing or overseeing an ID cards scheme falls within the remit of any other department, save that, perhaps of Constitutional Affairs — despite our feelings on the unconstitutionalities of the scheme. In terms of Executive Agencies, we recognise that accountability is made, via the Select Committees, to Parliament but not, on the whole, to the electorate at large. Unlike Queen Anne's Gate, we, however, fail to consider any of the Agencies already in existence adequately provided to encompass the additional burdens that this scheme will require without considerable degradation to 'normal service'.

138 Whilst a quango (or, rather, a "Non-Departmental Public Body") may be an option, in terms of accountability and exercising the duties required, such a proposal seems unsuitable. Additionally — and despite many noble intentions within government and the modernisation process — we feel the public still perceives quangos as having, historically, provided 'jobs for the boys' and 'Old School Tie' connections, and so may not provide an appropriate level of scrutiny and respect that would be required if a scheme were not to fall on its back and waste an obscene amount of public funds.

139 For reasons of accountability, we are lukewarm to the final proposal: governance by a non-ministerial department, although concerns must be expressed over potential usurpation and internecine warfare that may evolve. If we were asked to rank our preferences for the operation of the scheme, and from the four mentioned, we would express a preference of non-Ministerial Department, Executive Agency, the Home Office and finally, least favourably, non-Departmental Public Body.

140 Regardless of the option chosen, the governors must ensure that above and beyond all, the personal data held remains applicable, accurate and relevant. We are concerned that many issues have been scheduled for inclusion by Order and Secondary Legislation; we would rather such things did not occur through such undemocratic channels but, rather, through Primary Legislation, subject to the usual procedures enshrined through healthy, Parliamentary debate. We are disappointed and concerned with the proposals that enable the custodians of these Orders to define, for themselves, their methods of oversight. Such a significant issue, we feel, must take place in Parliament, and be enshrined within primary legislation. Full attention and regard to the Human Rights Act 1998, particularly Section 1 of Article 6 of the European Convention on Human Rights, is paramount, particularly when applied to the 'impartiality' clause:

In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law.

141 The cloak of 'commercial confidentiality' held over the aspects of the technical specifications limits our responses with regard to the process of enrolling individuals onto the National Identity Register and of issuing cards. Whilst we fail to be convinced of the necessity of this costly exercise, we feel it is appropriate and prudent that, broadly speaking, our concerns touch on the database specifications, authentication and data security, accuracy of data, audit trails and subject data access.

142 The enrolment process, as proposed in the draft legislation, is wholly unacceptable — the impression it gives is overwhelmingly one of a summons or the imposition of a levy. There is no mention of reimbursing those required to attend registration centres; whilst the photography and sampling biometric data may only take half an hour or so to complete (though we doubt that centres will be that efficient), many people will be required to travel to these places and, even then, it cannot be guaranteed that appointment times will be honoured. Enrolment poses even more problems for people with multiple names or who exercise their Common Law right to use the name of their choosing.

143 Until such a time as further information regarding specification of the National Identity Register is released, we feel that we cannot appropriately and fairly comment on aspects of security specifications; we would, however, welcome access to those who need it, if only those. We suspect the Home Office will decide it is impossible for only the relevant information to be made available; perhaps under the guise of preventing benefit fraud or some other fictitious, flawed reasoning.

144 We feel quite strongly that the data about an individual on the National Identity Register must belong to the data subject himself. It is, of course, essential that accuracy be guaranteed and that individuals must have the opportunity to ensure, at will, that their records are up-to-date and accurate — particularly given some of the draconian measures within the Bill, in its current form at least. Accountability for data accuracy must rest with those responsible for its entrance on the NIR; ascending through to the responsible public authority or Department of State. We consider that the National Audit Office and the Public Administration Select Committee may prove useful in ensuring the rights of the Citizen do not become eroded further.

145 Our comments above, express concerns from a variety of correspondents, in relation to the disclosure of information from the National Identity Register. The contradictory comments from the Home Office and their apparent unwillingness to contribute to public debate have hindered, rather aided, our endeavours to establish the purposes of the Register. We remain unconvinced that, in its proposed form, it will form a suitable tool in The War Against Terrorism; we maintain what we believe is a healthy dose of sceptical cynicism in this regard. Until there is a definitive answer to the question of what, precisely, is the purpose of the scheme, we feel the only disclosure of information that can, lawfully and ethically, be made would be to the individual, in line with Data Protection principles.

146 Regarding paragraph 3.7 of the Green Paper, our concerns of lack of detail are, again, hung-out to air: we feel that the citizen will benefit from the protections offered of details that have been properly subjected to true parliamentary scrutiny, in the form of primary legislation and not via Secondary legislation.

147 Again, the reluctance of placing information into the public domain hinders us in our response to the Home Office's points about maintaining standards; when such information is made available we would be more than willing to offer our considered opinions, taking advantage of our correspondents' — and our own — expertise. As we state above, our preferred form of administration, is that of a Ministerial Department, which we feel provides far greater reassurance to the public than those of Executive Agencies.

148 The public are familiar with the abysmal record of Executive Agencies, from the Criminal Records Bureau to the Passport Agency, as we mentioned earlier. Further, a layer of bureaucracy can be prevented through direct ministerial accountability. Precedence demonstrates censures are far easier on Members than Strangers. Mechanisms for enforcement, we feel, ought be enshrined within primary legislation, without the reliance on Orders and Instruments. The practicalities of the scheme differ hideously from those of passports and driver's licenses; the whole point of an identity card scheme is it that access to significant public services, in time, to occur will be difficult without producing a recognised, verifiable form of ID — including essential public services, unlike the passports or driver's licenses, without which many people manage quite happily. Partly as a result of this, we find it unacceptable that levies for the ID card scheme could be proposed without reference to Parliament; the ample precedents of poll taxes in the past — quite comparable, we believe — and, indeed, more recently, the Poll Tax itself, the Community Charge, were all decided by Parliament, not by Executive Agencies.

149 Looking at paragraph 3.9, some of the processes — such as card manufacture, for example — could be contracted out to the Private Sector, but we would be concerned that there be an appropriate level of accountability, quality assurance and regard for individuals' privacy. We would expect that certain key functions, notably the management of the database itself, be kept in the public sector, however, or at least be given a significant level of oversight. Should each of the points in this paragraph be handled by a separate organisation, we believe this would represent an unacceptable level of data transfer between organisations.

Introduction
Broad principles of an Identity scheme
Purported purposes of an ID card scheme
Specific consultation points