back to article KIlling ID cards and the NIR - the Tory and LibDem plans

A future Tory government will cancel the ID Card Scheme - but, as The Register has asked several times, what does that mean? A broad commitment to abandon ID cards, even to cancel the National Identity Register database, leaves a certain amount of wiggle-room, particularly if - as is Tory policy - you're likely to be keeping …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    Lib Dem

    Vote Lib Dem.

  2. The Original Ash
    Heart

    Hashes

    Take hashes of biometric data and store those instead. If the data on the chip and the data on the person don't match, check with the central database.

    There. I've solved your problem. No ability to forge identity as you can't return to the root from the hash, a good centralised check for verifying suspected ID. The same checksum has to be on the passport and the person, and that means they need the hardware for creating the passports in the first place.

    I win, give me a £x00,000 job as a government consultant on the whole thing.

  3. Humph

    Spelling!

    Title: K[i]lling ID [C]ards and the NIR - the Tory and LibDem [P]lans

    Page 2, Para. 1: "... as it was when my [R]ight [H]on. friend was shadow Home Secretary ..."

  4. John Lettice (Written by Reg staff)

    Re: Spelling!

    Cut and pasted from Hansard. Hassle them about it.

  5. Anonymous Coward
    Black Helicopters

    And that's why....

    ....much as I would prefer to vote for an independent candidate, the fact that the Conservative party has committed itself to abandoning and deleting the NIR means that they will get my vote come a General Election.

    The threat to our freedoms is greater than any other, we must take the opportunity to demonstrate the public's disagreement with the principle of intrusive and unnecessary surveillance of the population.

  6. mmiied
    Pint

    re:re:spelling

    you copied your title form hansard wow pub aclock comes early at your offices?

    have one on my

  7. Anonymous Coward
    Stop

    Waste of money

    http://www.theregister.co.uk/Design/graphics/icons/comment/stop_32.png As the chips in the Biometric Passports are warrantied for only 3 three years and not the 10 years which is the life of the passport it is a complete waste of money rolling it out. As an aside, holding a passport and mobile phone in one hand when the phone rings might cause the chip to fail. My company pass which is rfid based disappeared in a puff of smoke, so a passport chip could in the same way.

  8. Nigel 11
    Thumb Up

    @original ash - bravo!

    Perfect. I was going to post the same.

  9. Anonymous Coward
    Anonymous Coward

    But will they actually do it?

    My concern is that Grayling's & Huhne's enthusiasm for reducing the scope of the data stored in the NIR will wane as soon as either of them are put in a position of actually influencing the decision.

    POLITICIAN : "Ok I want to change the system and scrap all the unnecessary data from the NIR"

    SUPPLIER : "Erm... ok... that change will mean delaying biometric passports for a further two years and will cost you another £600m to maike the change"

    POLITICIAN : <choke>

  10. Jimmy Floyd
    Headmaster

    Credit where it is crunched

    Nice to see the Right Honourable Shadow Home Secretary refer to "data" as a plural, as everyone knows it is (but usually forgets - me included).

  11. Dr. Mouse

    Too right!

    I have never understood why even a national identity card would "need" such an intrusive database.

    An ID card (or passport) should contain all information required to verify the bearers identity. The only thing which could be added to that is (as stated by "The Original Ash" above) a hash of (some of?) that data held centrally to verify that the card has not been forged.

    They could get a lot more support for a NID programme if they did this, plus one other part for the convenience of the holder: User defined data areas.

    What I mean is this: The card has additional data areas which can be used by other organisations. For example, a membership number for a club, or your bank card details, even 'electronic cash'. Even a phonebook, if you wanted... the point being that ANYONE can store small amounts of data on the card (with your permission).

    Now obviously this presents some security issues, and I havent thought this through fully, but the idea is simple (and I can't understand why NuLab havent pitched it to get people on board): If you want to get more people on board, give them something that will make their lives easier. The convenience of these additional features, added to the assurance that only a hash of your private data is held, would probably win over the vast majority of people, and would still be a great help to law enforcement, imigration, and anyone else who needed to verify someone's identity.

  12. Greg J Preece

    Always voted Lib Dem

    And from this, I see only more reasons why I should. :-) They're absolutely right about the unnecessary linking of passports with databases. Well done.

  13. Anonymous Coward
    Big Brother

    On faces and fingerprints.

    The current 'biometric' passport works OK. First of all it doesn't actually include any private data that a 'conventional' passport doesn't contain (merely a digitised photo). Secondly it relies on a person to verify the data (merely comparing the digital photo with the printed photo and the real person). Thirdly it isn't open to 'function creep'. It cannot be used for any other purpose than verifying your identity (at least no more than the photo on a conventional passport could).

    The *big* problem with the Government's ideas for the NIR, Passports and ID cards is that function creep beyond mere ID verification is not merely possible, but almost mandated. All that is required for biometric ID verification is a one-way 'hash' of the biometric data, so that a fingerprint can be verified as belonging to a person, but that person cannot be identified by their fingerprint. The ID card / NIR system intends to use a 2-way system where you *can* be identified by your biometric data. Why? Its not needed for an ID system. Why does the government feel the need to identify you *directly* from your biometrics? I can think of several reasons and I don't like the sound of *any* of them.

  14. John Lettice (Written by Reg staff)

    Re: But will they actually do it?

    It's a possibility, so it seems to me valuable to nail their commitments down so it's a lot harder for them to forget them.

  15. Penguin
    Big Brother

    Blinkered Populous

    The thing that truly frustrates me about this, more so than the fact that the MPs themselves don’t care enough to actually find out what the issue really is (or perhaps more worryingly - and likely - know damn well but twist what’s needed for their own gains.) is that people just simply don’t care.

    This sort of thing isn’t exactly taking a list of peoples names and keeping them in MS Access, this is incredibly detailed personal data stored en-masse and with that kind of data hanging around anything goes. Data Protection Act be damned, if they want to use it, they will justify it somehow. The NIR isn’t something that can be undone, once that threshold has been crossed I think that we will be the wrong side of a see-saw and the uncomfortable end is border line totalitarian, don’t get me wrong it’s not Orwell time just yet but with the NIR specifically it’s a big step in the wrong (or right if you are still crying about your second home) direction.

    It’s going down a path that could all of a sudden become very dark indeed.

  16. Scott Mckenzie
    Thumb Down

    @Vote Lib Dem...

    ....but i like driving my car, so that would be a bad idea.

  17. Anonymous Coward
    FAIL

    Makes me laugh

    This is why the numpty party make me laugh. They keep making all these wonderful promises and have no way to keep them.

    The biometrics bit is not really for passports, its to replace the aging UKBA fingerprint system that is used for visas and other immigration stuff. That was the contract IBM won. It will just do the passport stuff too at some point. The contract CSC won was to replace the passport application service, the bit that handles all the passport applications, again, little to do with cards. The other contract was De La Rue who just got the one for making the new passport.

    The thing that really makes me laugh is all the passport stuff is done on royal perogative so the HO can share data quite freely, and they have to capture a lot to process a passport application. Just look at what is required on the current form. Plus they already have a database over over 40 million passport holders. The ID Card Act actually strengthens the privacy and data sharing way beyond what is in place under royal perogative, so the lib dems and tory's are basically arguing for worse privacy protection!!! Numpties.

  18. Captain Hogwash Silver badge
    Headmaster

    @Blinkered Populous

    Blinkered Populace!

  19. Pat 11

    Isn't it the connections that are worrying

    I don't really care too much if the passport office store my details on a databse. They can have a stool sample as well if they like. The point is whether they connect that databse to any other state departments other than border control. The scary thing about ID cards and a NIR is that Labour, with their desire to make state a central factor in every detail of our lives, would have the ideal tool to become the ultimate nanny state.

    What I would like to see is a promise that personal information given in a passport application should only be used to make a passport and to make it work for overseas travel. Nothing else. Not to prove I am allowed NHS treatment, or that I am someone's parent, or trusted to buy cutlery, or OK to join a football team, or any of the zillion fucking busybody control-freak shit ideas that passes for administration these days.

  20. Anonymous Coward
    Anonymous Coward

    No were have I seen a logical, well argued case for

    Why NIR is required and

    Why the ID Card will not be a costly infringement of my civil liberties and

    How it will prevent ID fraud.

    There has been much spurious talk/words about 'security' and 'security' and, indeed, 'security' but at £6billion to create and £600 mill/yr to maintain it is very costly. So it will get "sold" to pay for it. It is unlikely, in the extreme to allow, that level of savings to be made in Government paper chases.

    It really has not been thought through as one comment above shows with regard to life expectancies. When something- no matter how technologically advances and capable of generating revenues abroad - was costly and unpopular home and abroad (TSR2, Inmos, et al) it was killed off. When will we reach this point with ID cards and the NIR?

  21. Anonymous Coward
    Grenade

    Voting Lib Dem.....

    ...is all very well, but they have not been elected as a government for a century.

    So, the only game in town is the opposition if the existing electoral rules apply, which they will.

  22. D Moss Esq

    Magisterial Lettice

    This is a pretty magisterial article of yours, Mr Lettice, and I congratulate you on it.

    The UK, like the Republic of Ireland and Denmark, is specifically excluded under EC 2252/2004 from having to record fingerprints on passports. There is no EU obligation there and no US obligation. The Identity & Passport Service (IPS) "volunteered" to record fingerprints. They can just un-volunteer.

    The ICAO's Berlin Resolution provides for people to send a photograph of themselves by post, together with their passport application -- there is no ICAO requirement to attend a personal interview, that is an elaboration of IPS's, and they can just un-elaborate it.

    The ICAO do point out that the biometrics stored on passports need to be protected by PKI, the public key infrastructure. PKI will protect any message, whatever it is, equally well. There is no distinction from that point of view between facial recognition and fingerprints. You and Mr Huhne are perhaps falling into the trap of a false distinction there.

    Mr Grayling might be more prepared to abandon the IBM contract for a biometrics database if he knew how unreliable the biometrics chosen by IPS are.

    There is no chance of these biometrics proving that each person has one and only one electronic identity. Professor Daugman, of irisprint biometrics fame, has pointed out that IPS would drown in a sea of false positives if they tried. The maths is incontrovertible. The more upright suppliers have given up offering "identification".

    They can barely offer verification, the confidence that the person in front of you is the rightful bearer of the passport. Here, IPS will drown in a sea of false negatives.

    So, drop the peculiar insistence on a distinction between the forgeability of facial recognition and fingerprint biometrics and add a healthy dose of scepticism about the reliability of the biometrics, and your article becomes 100% magisterial, instead of just 99%.

  23. Anonymous Coward
    Headmaster

    @Blinkered Populous

    You mean "authoritarian" not "totalitarian", but otherwise I agree.

  24. Shadowfirebird

    I keep my fingerprints on the end of my fingers

    ...so I can't actually see the logical need for people to carry a card, myself. Ditto passports.

    Of course the database is the really worrying thing, so nice to see (both) opposition party(s) pledging to ban it.

    Whether they *would* is another thing, but nice to see it all the same.

  25. Scott 19
    Troll

    Under me bridge

    Nothing to fear, nothing to hide.

    Just ask a politician, red rag editor or copper policing a peaceful demo.

  26. Will 28

    @Brian Morrison

    Actually the lib dems have never been voted into power. The Liberal party was voted into power about a century ago, but they no longer exist.

    As for whether it's a wasted vote, I would point out that if both Labour and the Conservatives get roughly equal votes, they then become quite a powerful party as they hold the ability to swing a vote either way.

  27. Anonymous Coward
    Grenade

    Hell handcart whicker basket soggy paper bag with concentrated nappy extractnappy extract

    Chipped Litter Bins, innocents on DNA database, DVLA selling info so you can be fined when overstayed in a carpark somewhere, separate celeb/VIP database, corrupt ex-Ministers on corrupt Boards, Congestion charge more in fines, opt out Donor Register, attend "Processing Centres" for recording of Biometric data, hacked RFID passports, toothless Information Commissioner, audit trail showing when STD clinic staff accessed your medical records, not allowed to take pictures of anything your told you can't by anyone in a uniform, policemen with no id, incorrect personal information in databases including not knowing which house you stay in despite having TV licence and council tax and God knows what else registered to the address but they won't tell you which so you can't fix it despite it being illegal. Lizard people

  28. John Smith 19 Gold badge
    Thumb Up

    No need to ask, no need to know.

    That is all.

  29. asiaseen

    @ Dr Mouse

    Hong Kong started issuing "Smart" ID cards in 2003 with precisely that function. At present the ID card has space to act as a library card and for an e-cert with some left over for future use. The data it contains is a digitised photo, templates of L & R thumbprints and conditions of stay and it works fine as a passport at HK immigration control points coming and going.

    http://www.immd.gov.hk/ehtml/hkid_hkid.htm#chip

    What it does not do is reduce illegal immigration or reduce crime.

  30. Throatwobbler Mangrove
    Big Brother

    burgers

    "The *big* problem with the Government's ideas for the NIR, Passports and ID cards is that function creep beyond mere ID verification is not merely possible, but almost mandated."

    I agree. Even if there is an initial promise that, for instance, fingerprint scans would only be used for passport/ID card purposes, I suspect that once the data is gathered the "Chinese Wall" would evaporate as soon as the first notorious/gruesome/attention-grabbing crime happens where a fingerprint is found but can't be matched except by accessing the IPS records. At that point, anyone that suggests that should be allowed will be immediately identified by the Sunny News of the Mirror as some sort of apologist for serial hoodie immigrant swan-eating murderers.

    Governments and personal information are like students and lager. If you really don't want them to drink all your lager, the only safe thing to do is not give it to them to look after in the first place.

  31. Anonymous Coward
    Anonymous Coward

    @Brian Morrison

    "the only game in town is the opposition"

    O RLY? I wouldn't vote for those wankers in a million years.

  32. Richard 33
    WTF?

    ICAO

    When do we get to vote out the ICAO?

    Right, you can't - they're an unelected quango. Why are we listening to what they have to say at all?

  33. Greg J Preece
    FAIL

    @Brian Morrison

    "Voting Lib Dem is all very well, but they have not been elected as a government for a century."

    *Facepalm*

    NnnnnNNNnnnnrrrgg....

    Oh, look, see? Look what you've done now! My brain is coming out through my nose!

  34. Anonymous Coward
    Anonymous Coward

    Shame about the Lib Dems

    Sometimes they hit on some really good policies. Quite often, in fact. But it seems to be a random process. In between, they are evil, back-stabbing lightweights. It's a shame.

    Yes: make the passport number be the hash of all the data it holds. Keep a central list of issued passport numbers, to cover yourself against forgery, and Bob's your auntie's man.

  35. Anonymous Coward
    Grenade

    Voting Lib Dem..... #

    What not tactically vote as you see fit, just vote the best local chance to unseat the Labour control freak!

  36. Robert Forsyth

    Gattaca comes to mind

    http://en.wikipedia.org/wiki/Gattaca

  37. Anonymous Coward
    Anonymous Coward

    1997 reloaded

    So, instead of "Anyone but the tories", we're now reduced to "Anyone but the jackbooted tories-dressed-up-as-Labour-but-without-the-libertarian-streak" as we watch a dozen pointless, wasted years trickle down the crapper.It's like a sheep trying to evade going to the slaughterhouse on Wednesday because it's a different guy with the bolt thingy on Thursday and he's a lot more humane.

    If everyone who actually claimed to be thinking of voting Lib-dem actually did it for once the other two might be forced to change- labour to the left, tories to the right and we might have an actual choice.

  38. Ed Blackshaw Silver badge
    Thumb Up

    @AC, 11:28

    "What not tactically vote as you see fit, just vote the best local chance to unseat the Labour control freak!"

    My consituency managed that in the last general election. It's just a shame that our new Lib Dem MP was such a twat when I met him (and his lackeys) in the pub.

  39. Anonymous Coward
    FAIL

    A future Tory government will cancel the ID Card Scheme...

    And just offshore personal data to prevent pesky UK laws from restricting how the data is used. Like it already is no doubt, off the record.

    Ironic that the Tory motto for the recent elections was "Vote for change - vote Tory" when what it really meant was "Vote for no change - vote Tory".

    Unfortunately voting Libdem is unlikely to produce any meaningful change either.

  40. Intractable Potsherd
    WTF?

    Well..

    ... first, I am glad that someone else other than me wonders why making hashes from whatever biometric data is collected is so hard! Well done, The Original [h]Ash!!!

    Second @ the "Makes me laugh" writer (AC Thursday 9th July 2009 14:08 GMT), I caqn't help wondering whether you are a troll, or payed by someone to put a positive spin on all this crap! Sure, royal prerogative needs reining in, and protections put in place, but having the NIR and ID cards in order to do it seems ... well, perverse! Simply having legislation that deals with the control and use of passport data would extinguish the royal prerogative as soon as it came into force. It could be called, say, the Travel Documents Act, and codify the whole thing. Of course, we'd get to basically the same place as we are now through the modern legislative tool which says "this is an Act that gives power to the Secretary of State to do what they want when they want to through secondary legislation". Over to you, AC, to show how your support of the ID Act adds ANYTHING to this argument ... though I bet we hear no more from you!

    Thanks again to John Lettice for another great article on this subject!

  41. Jim Morrow

    ICAO

    Richard33 burbled:

    "When do we get to vote out the ICAO? Right, you can't - they're an unelected quango."

    The International Civil Aviation Organisation is not a quango. It is an International Organisation: an agency of the United Nations. Its members are nation states. Quangos are a largely British invention. If the UK was to withdraw from ICAO it would have no say or influence over things like air navigation standards, accident investigation protocols and the format of machine readable passports that ICAO oversees. Paris icon 'cos even she knows that and how ICAO's work helps her get about a bit.

This topic is closed for new posts.