id cards, and what we should all be asking

This is in response to January Girl who has asked me exactly what my objections to id cards are.

I consider my anonymity to be a right
An id card in itself is not a problem. A standard card that could be used to identify oneself is not a bad idea. I don't think it's necessary since I already have ways in which to identify myself, but I wouldn't have a problem with the government giving me a card with my name and address, and perhaps date of birth written on it. It could even carry a photo, I don't care. I would oppose it on principal because it's not needed and wouldn't solve any problems. There is also a cost associated with it that I, as a tax payer would end up carrying. I would also have a problem with being made to carry the card, or having to prodcue it on demand. This is because I consider my anonymity to be a right. If someone thinks I have done something wrong, it's up to that person to prove it. I should not have to identify myself or prove my innocence on demand to anyone, even a policeman.

It's not an id card scheme
The proposed id card scheme in the UK however is not merely an id card scheme. A database is proposed which would carry information about every card holder. The information in the database could be anything. Currently about 50 items of information are deemed essemtial for the card. No guarantee is given that this is the final list, that the current or future governents would not change it, or that information would not be added without the cardholder's knowledge. No guarantee has been given that the information stored will not be sold. In fact it has been suggested that certain organisations, we're not told who, would have access to the database, or areas of it, for a price.

Information is power
All this is scary in itself because information is power. As an example, the way things stand at present, it would seem to me that the database would hold information about my marriage to an Asian woman who currently does not hold a British passport. Assume for a moment that the British National Party managed to secure some parliamentary power. The BNP have had some by-election success in the North of the country in the last couple of years. I don't think it's being too paranoid to suggest they may get a few MPs before too long. Their last manifesto said that they wanted immigrants to be deported to their country of origin. That would be my wife. For that reason I will fight until my dying breath to keep information about my marriage out of their hands. This is only an example. This database could hold my criminal record, sexual preference, political affiliations, religious beliefs, this website address, the names of people I've slept with, my brother's criminal record, my health history, HIV status, employer history, tax history, in fact, just about anything. And there is no guarantee that any of it will be correct.

Who's ging to keep my data safe?
A database of this size and complexity is without parallel anywhere in the world. No-one has even come close to collating and managing 60,000,000 records of this complexity. It's not a static database, things will change, names, marital status, address etc. Managing this database is a huge task. The consequences of mismangement of the database would be enormous. All these details in one database would mean that, if compromised, a potentially disasterous situation could result. I don't trust this government at all. I certainly don't trust future goivernments. I don't think I would trust anyone with managing this database.

biometrics are not good or security
By far the most frightening element of this database however is the fact that they want to include biometric data. Now this is an apalling idea on so many levels that I could write a whole entry on this alone, but here are the basics. People have this idea in their head that biometric identity is fullproof. It is most certainly not. A fingerprint used to access a bank account is only secure as long as the finger is attached to the owner, a rubber finger copy doesn't exist, or the encryption isn't compromised. A pin number is completely safe until you tell someone. Remember, once a fingerprint system is compromised, that's it, you can't change your fingers like you can change a password. And in case you think I'm overreacting about fingers being chopped off to gain access, it's already happened.

In fact biometrics don't even work very well
And while we're on the subject of biometrics, have you actually wondered how effective biometrics are at identifying people? No biometric reader that I have ever seen has been anywhere near 100% accurate, and I have seen a few. Here's a little secret from the IT world, nearly all commecial fingerprint readers are set to grant access with far less than a 100% match. That is to say, all these people with car doors and laptops that grant access when the owner puts a finger on the pad, are likely to grant access to the wrong person from time to time. That's because false positives are less annoying to the owner (the one that paid the money) than false negatives. And fingerprint recognition is rather better than anything else we have. Facial recognition is near useless as a security measure. Remember also that your fingerprints are available everywhere to copy. And they can be copied.

Abuse of data has happened before
This really is going to sound like the rantings of a mad man, but read to the end of the paragraph before you brand me a fool. Hitler killed millions of Jewish people because it said "Jewish" on their id papers. Hitler could not have done that if he didn't know they were Jewish. I realise that Hitler was mad, that politicians like Hitler are thankfully very rare, and that it's not likely to happen again. However, Hitler was voted in democratically like Tony Blair was. Can you give me any firm reason to believe that a situation like Hitler coming to power could not happen again? If it did, I wouldn't want anyone having access to a database which had my details on it.

This kind of thing does not come cheap
The original price estimate for this card was I think somewhere around 70 pounds. The government's current estimate is just under 100 pounds. An independent body has disputed the cost estimate. The government has admitted that the cost it has calculated includes updating biometric data every ten years. It has been suggested that it needs to be done at least twice as often as that to keep it up to date. It also fails to take into account other updates and costs associated with people refusing to comply. In fact the worst case scenario puts the cost at 20 billion pounds. That's four times Britain's initial budget for the Iraq war and 23 times the cost of building the milenium dome. That comes out at around 300 pounds per person in case you're wondering. Now who do we believe, the governement (the one that invested 5 billion in the Iraq war for us) or the independent body ( the London School of Economics in case you're interested) that claims they can't do it for the quoted price?

The questions all British people should be asking
Is this an id card, an entitlement system, or simply an information collecting exercise?

Will people who cannot produce an id card (whether or not they are entitled to one) be refused treatment and die on the floor of the hospital? And if the answer to this question is 'no', how will it eliminate health service fraud as it is currently claimed?

Will people be refused other benefits if they are unable to produce a card (education, pension, unemployment)?

The Spanish already have id cards but there was still a huge terrorist bomb in Madrid recently. How will these cards combat terrorism? Bear in mind that the US has no plans to introduce id cards despite a high risk of terroist activity, neither does Australia, to name but two.

By the government's own admission, they have no idea how many illegal immigrants there are in Britain. How will id cards solve this problem as is currently claimed?

Will the cost be capped? If so, where will the money come from if (when) there is an overspend?

Will the tax office have access to this data? If so, can I expect a visit from them if something they read in the database makes them suspicious, even if they have no evidence that I have acted improperly in any way?

What happens if my id card is invalidated in some way, either intentionally or through some error? Might I lose my job because I can no longer pay tax and national insurance, will my driving licence still be valid? Will I still be entitled to medical care, education, and state benefits?

What happens if I discover that some information about me is incorrect? Do I have to prove that it is incorrect to have it changed? Could I find myself trying to prove that I am in fact someone that that the authorities believed was dead? Could I find myself atempting to prove that I have never lived at a particular address, committed a particular crime, owe tax or something else, perhaps 10 years or more previously?

Will the elderly, the young, the disabled, the unemployed, and the poor be required to pay for id cards? If not, will that push up the price for the rest of us?

Has some contigency been built in for those people who will resist registration? Will a resistance to register increase the cost for everyone?

Is there a contingency in place for people unable to provide biometric data (people with no fingerprints, irises, facial abnormalities)?

What is the advantage of the new id card scheme over the existing social security number system regarding employment fraud? That is to say, if an employer is currently willing to employ someone that cannot produce a social security number, are they less likely to employ someone that cannot produce an id card?