posts tagged ‘id register’

purpose

fears relating to terrorism and illegal immigration, and the growing problems of identity theft and fraud have induced several countries’ governments to propose national identity card schemes, most recently the US, UK, Japan and France.

identity cards are nothing new: in developed countries most people own numerous identity cards: passport, driving licence, bank cards, library card, entry cards for school, office or sports club, and so on. a national identity card is primarily used to identify people to government agencies: immigration, social and health services, and so on.

proposed schemes

most proposed schemes centre around a national identity register, containing key details about each resident and the identity numbers allocated by government departments, encapsulating an individual’s entire relationship with the state in one record. each presentation of an identity card involves contact being made with the central register to verify identity (with a biometric signature) and retrieve an identity number (which can then be used to retrieve records held by that particular government agency).

there are three principal grounds for serious concern with such schemes:

technically flawed

• the risk of failure of a centralised system is high.
• the tolerable level of risk of failure, sabotage and snooping is virtually zero.
• the costs of commissioning and maintaining such large scale systems rise exponentially as the risks are reduced towards zero.

civil liberties infringed

• large numbers of civil servants at many levels will have access to the national identity register on an ongoing basis.
• safeguards to ensure that information is only released on a need-to-know basis may be flawed, circumvented illegally, or deliberately removed for misguided reasons.
• it is a golden principal of civil liberties that nobody in a position of power should know more about an individual than necessary to do their job.
• if you have nothing to hide, why worry? because, even in a stable country run by a benign government, there are people at all levels of power who are prejudiced, indiscrete, vindictive or paranoid; and because anyone can become a victim of injustice.

unnecessary

• the data stored in the central register could just as well be stored on the card itself.
• all information on the card could be encrypted in such a way as to make it tamper-proof and updatable only by authorised agencies.

the alternative

any alternative scheme should satisfy the following:

• the technical and procedural framework for storing, updating, and retrieving data from an identity card should be published as an open standard.
• the standard must allow for different levels or combinations of identity verification to be used by different bodies depending on the risks entailed by misidentification.
• the standard should allow for verification by PIN or password entry (since biometric verfication will not be possible or cost-effective in all situations).
• the standard must allow for remote identity verification, for instance over the the Internet.
• the standard must allow for the technology used to verify identity and encrypt data to be changed over time (as more reliable systems are developed).
• all information on the card must be encrypted in such a way as to make it tamper-proof.
• an individual’s biometric signature must normally only be stored only on the individual’s card. (temporary exceptions would apply for criminal investigations, and permanent exceptions for certain classes of convicted criminals.)
• any public or private body should be able to store its own identity number for an individual on his or her identity card, allowing this one card to be used in place of other identity cards.
• it must be possible to make a backup or copy of an identity card with minimal difficulty.
• the card should be able to hold critical medical details (e.g. blood group, severe allergies, organ donation preferences) and emergency contact details if desired by the holder.

further reading

• UK Home Office : Identity Cards
• silicon.com : ID cards on trial
• Privacy International : Identity Cards

contributors

Edward Leigh