Memorandum submitted by David Moss (ID 08)

Summary

1. The Whitehall strategy for delivering public services more efficiently depends on the National Identity Service. If the Identity Documents Bill were properly drafted, the effect on that transformational government strategy would be calamitous. The fact that the impact assessment of the Bill suggests that the effect is only mild suggests that the Bill may not be properly drafted.

2. So does the fact that the National Identity Register contracts with CSC, IBM and Sagem Sécurité have not been cancelled. So does the fact that the Cabinet Office is already talking about reshaping ID cards rather than devising a new strategy that doesn’t rely on ID cards.

3. It is suggested that the Identity Documents Bill Committee may like to improve the drafting by making it clearer what the National Identity Register is – otherwise how do the civil service know what to "destroy". The Committee may also consider improving the definition of an identity document given at clause 7 of the Bill. That definition should include debit cards, for example, mobile phones and digital certificates.

4. The survival of biometric residence permits warrants investigation by the Committee. They have always been said by the Home Office to be a part of the National Identity Service. Now, mysteriously, they are excluded.

5. The Identity Documents Bill should address the repeated claim of the Home Office and others that biometrics can be used to "bind" the bearer to an identity document. Otherwise the Bill is deficient. There is evidence that today’s mass consumer biometric technology is too unreliable to perform this binding and the Home Office refuse to disclose any evidence that the technology has now become reliable enough to do its binding job. Following the recommendations of the House of Commons Science and Technology Committee, the only evidence that is convincing is a large-scale field trial – computer simulations are not convincing and that could be stipulated in the Bill.

Credentials

6. David Moss of BCSL has nearly 33 years experience in IT and has spent over seven years researching ID card schemes, with the following findings. Crime prevention, crime detection and counter-terrorism can best be assisted by making more use of the global mobile phone system, which we already have. ID cards and the unreliable biometrics which go with them would be of little assistance and even that would be delayed for years while we get the infrastructure installed.

Evidence

7. "No ID cards are to be issued by the Secretary of State at any time on or after the day on which this Act is passed", says the Identity Documents Bill1, and "All ID cards that are valid immediately before that day are to be treated as cancelled by the Secretary of State at the end of the period of one month beginning with that day" and further "The Secretary of State must ensure that all the information recorded in the National Identity Register is destroyed before the end of the period of two months beginning with the day on which this Act is passed".

8. The Bill was published in May 2010. Almost a year before, in June 2009, HM Government published Safeguarding Identity2, a document produced by the Identity & Passport Service (IPS), an executive agency of the Home Office.

9. Safeguarding Identity describes the strategy then being pursued by the Home Office, the Cabinet Office, DWP, DVLA, the Ministry of Justice, the Department of Health, the Department for Education, the Department for Business, Innovation and Skills, local government, the devolved administrations and the EU with the aim of delivering public services more efficiently.

10. This strategy depends on being able to identify people reliably. "Our intention", we read at para.3.6, "is that, at the core of the information used to prove identity will be biometrics, such as photographs and fingerprints". And at para.3.30, "From 2009, the first identity cards will be issued to British citizens, with their biometrics stored in a chip on the card as well as on the [National Identity Register]. From 2012, anyone applying for or renewing a passport in the UK will also enrol their fingerprint biometrics on the [National Identity Register] ...".

11. Take away ID cards, as the Identity Documents Bill does, and take away the National Identity Register, and the Safeguarding Identity strategy collapses. That strategy was meant to deliver more efficient public services. If the Identity Documents Bill is effective, then the Home Office, the Cabinet Office, DWP, DVLA, the Ministry of Justice, the Department of Health, the Department for Education, the Department for Business, Innovation and Skills, local government, the devolved administrations and the EU will all find it harder to operate efficiently. That, at least, is the implication of Safeguarding Identity.

12. The impact of the Identity Documents Bill should be considerable. And yet the Impact Assessment3 prepared by IPS and signed by Damian Green MP on 29 May 2010 suggests that the effect of the Bill will be negligible. There will, after all, despite the claims of Safeguarding Identity, be no impact on health and wellbeing, for example, and no impact on the justice system (please see p.3). And there is no mention of the impact on the efficiency of public services.

13. Contracts have been signed with two companies to create the National Identity Register4 – "Together they will support the introduction of ID cards and allow for vital improvements to the next generation of biometric passports". CSC have a £385 million contract to produce the biographical National Identity Register. And IBM have a £265 million contract to produce the biometric National Identity Register. These contracts have not been cancelled. The Identity Documents Bill has had no impact in this case. Nor has the Coalition’s Our Programme for Government5, according to which "We will ... halt the next generation of biometric passports".

14. IBM signed a contract in 2009 with Sagem Sécurité6 to provide the biometrics technology needed for the biometric National Identity Register – "Sagem Sécurité (Safran group) has signed a contract with IBM to supply and maintain a biometric management solution for British travel and identity documents, on behalf of the British Home Office’s Identity and Passport Service (IPS). The project is a core element of the Government’s plans to upgrade to biometric passports and enhance the security of the UK border". That contract has not been cancelled.

15. The Cabinet Office Structural Reform Plan7 issued in June 2010 includes this action in its ICT strategy: "Support Department for Education and Home Office in decommissioning / reshaping Contact Point and ID Cards", please see para.3.4(i). The Identity Documents Bill has not had the impact intended on the Cabinet Office.

16. If the Cabinet Office weren’t still talking of reshaping ID cards, if the Sagem Sécurité contract had been cancelled, if the IBM contract had been cancelled, if the CSC contract had been cancelled, if the impact assessment warned of the difficulty of delivering public services more efficiently, then it would be clearer that the Identity Documents Bill is drafted effectively. As it is, the Identity Documents Bill Committee may ask themselves if perhaps the Bill needs to be made more precise so that the political will of the new government is not flouted and Parliament is not made a fool of.

17. For example, when the Bill says "The Secretary of State must ensure that all the information recorded in the National Identity Register is destroyed", what is the National Identity Register? Unless that is made clear, it is not clear what is to be destroyed. And at a meeting8 kindly organised by Lin Homer, Chief Executive of the UK Border Agency, it became patently clear that the status of the National Identity Register and even its very existence is a source of confusion for both IPS and UKBA: "Are UKBA and the Identity & Passport Service (IPS) using the same facial geometry system, I asked? Yes, said one person. No, said another. The Sagem algorithm is being used, said one person. The Cogent algorithm is being used, said another. The two algorithms comply with one standard, said a third person. Everything comes through the National Identity Register (NIR), said someone. The NIR doesn't exist yet, said someone else. We ended on the word "co-ordinated" – the approach is co-ordinated, said someone ... People misunderstand, someone said, the NIR isn't a box with everyone's name in, it's a legal construct of the Identity Cards Act. It's a question of risk management, said someone, we have to be prepared for future applications which are currently unknown".

18. A further example – clause 7 of the Identity Documents Bill defines an identity document as a document, stamp or label which is effectively a visa or a passport or a driving licence. This definition is inadequate. A debit card, for example, is an identity document, it identifies the bearer as the beneficial owner of funds in a bank account. But the Identity Documents Bill has nothing to say about debit cards. Nor about mobile phones. Ring xxxxx xxx xxx and you get David Moss. The mobile phone network operators can locate xxxxx xxx xxx more or less wherever the phone is in the world, more or less at any time. Which means they can usually locate David Moss. And they can identify who David Moss calls and who calls David Moss – they know David Moss’s associates. They know where David Moss lives and they know his bank account details. The mobile phone is an extraordinarily powerful identity document, but you wouldn’t know it from the Bill which is specifically meant to address identity documents. And documents, stamps and labels don’t need to be material artefacts. They can be digital certificates – browse the UK Government Gateway9 and there it is, you have the option to log on using a logon ID and a password, or chip and pin or a one-time password or a digital certificate. The Identity Documents Bill says nothing about the 40 year-old technology of digital certificates, i.e. about dematerialised identity documents.

19. IPS are or were responsible for the National Identity Service and they used to include in that scheme ID cards for UK citizens, identification cards for other EEA citizens and ID cards for non-EEA citizens, sometimes known as "biometric visas", now known as "biometric residence permits". The definition has now changed so that when we say that the National Identity Service is being "scrapped", that excludes biometric residence permits. Why?

20. One answer is that we have to issue biometric residence permits to abide by European Council Regulations 1030/200210 and 380/200811. That is false. Not being in Schengen, the UK is not bound by these regulations. Rather, we volunteered to issue biometric residence permits. The same is true of second generation biometric passports, please see European Council Regulation 2252/200412. The UK is specifically excluded: "This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis [OJ L 131, 1.6.2000, p. 43]. The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application". The National Audit Office13 say: "There are additional EU requirements specifying that by 2009 ePassports should include fingerprint data which will require personal attendance for fingerprint enrolment. The UK is not obliged to comply with the EU regulations as it is not a signatory of the Schengen Agreement but has decided to do so voluntarily". The UK volunteered at some stage to issue second generation biometric passports and clearly now the new government has decided to unvolunteer. They could do the same for biometric residence permits.

21. Another answer to the question why biometric residence permits are to continue to be issued is that the Home Office assume that the biometrics concerned work, that they are reliable, that they identify people, please see Annex A. Are the Home Office right about the reliability of today’s mass consumer biometrics?

22. We don’t know. The House of Commons Science and Technology Committee report14 on IPS’s plans for the National Identity Service more or less begged IPS not to choose the biometrics for the scheme until they had the strong supporting evidence that can only be provided by a large scale field trial. IPS have ignored them. The Committee also recommended that IPS publish figures on the biometrics chosen so that the public could have confidence in the National Identity Service. Again, IPS have ignored them. The Committee reported that the US Department of Homeland Security believe that there are no biometrics reliable enough to underpin a national ID card scheme. What have IPS done? They have ignored the DHS. Members of the public can submit Freedom of Information requests15, 16, 17, but the Home office will not disclose the evidence, if any, for the adequate reliability of today’s mass consumer biometrics technology. We are left with some evidence that this technology is highly unreliable18 and no evidence that it is reliable enough. The Home Office’s embrace of biometrics at the core of its Safeguarding Identity strategy seems to be a matter of faith.

23. The Home Office’s stance is that an identity document can be "bound" to the bearer by biometrics but that is dubious. The Identity Documents Bill Committee may agree that a Bill which purports to cover identity documents should address this doubt, otherwise the Bill is deficient. It is suggested that the Bill should be amended to stipulate that large scale field trials must be conducted before identity documents can be said to be reliable enough to make public services more efficient, including counter-terrorist services and police services in the fight against crime.

24. For the avoidance of doubt, the suggestion here is that, when it comes to biometrics, the Home Office, the Cabinet Office, DWP, DVLA, the Ministry of Justice, the Department of Health, the Department for Education, the Department for Business, Innovation and Skills, local government, the devolved administrations and the EU are all the victims of a latter-day tulipmania19. Safeguarding Identity cannot deliver its unimpeachable objectives and can be safely abandoned. The heartfelt speeches made by Rt Hon Alan Johnson MP, Rt Hon David Blunkett MP and Meg Hillier MP at the second reading20 of the Identity Documents Bill made it sound, to some people, as though the country is losing a valuable protection in repealing the Identity Cards Act. To other people, it sounded more as though they were giving unsolicited testimonials to a biometrics technology that doesn’t work and that they were acting as the unpaid salesmen of the biometrics industry. That is their business, but we cannot be expected to put up with the same behaviour from the current government. We want, need, deserve and pay for better government than that.

Annex A

A.1 Biometrics "will make identity theft and multiple identity impossible. Not nearly impossible. Impossible."
David Blunkett November 2003

A.2 Individuals can only register once as their biometrics will be linked to a single identity, which will prevent the creation and use of multiple identities.
Home Office Section 37 cost report October 2006

A.3 "Biometrics give us the chance to have secure identity … By giving certainty in asserting our identity and simplicity in verifying it, biometrics will do away with the need for producing birth certificates, driving licences, NI and NHS numbers, utility bills and bank statements for the simple task of proving who we are ... Terrorists routinely use multiple identities – up to 50 at a time – to hide and confuse."
Tony Blair November 2006

A.4 Biometrics will tie an individual securely to a single unique identity. They are being used to prevent people using multiple or fraudulent identities … Over time, we will be able to link people to a single identity across our systems using biometrics.
Home Office December 2006

A.5 Using biometric technology we can permanently link people to a unique identity … With biometric visas to help lock down travellers to a single identity …
eBorders March 2007

A.6 Biometrics "will make it possible to securely link an individual to a unique identity, thus preventing the registration of multiple identities."
Gordon Brown January 2008

A.7 "As the [ID] cards become more widely available the whole country will see real benefits for citizens, businesses and the country by giving a convenient and secure proof of identity that locks people to one identity".
Jacqui Smith January 2009

A.8 We plan to use all 10 fingerprints and facial biometrics to ensure someone can only enrol on the scheme once, thereby preventing multiple identities being established.
Dr Duncan Hine , Executive Director Integrity and Security Identity & Passport Service, January 2009

A.9 Labour insists the [National Identity Register], which will keep the fingerprints and biometric details of all new passport holders, is essential for preventing identity fraud and keeping Britain's borders safe … Mr Johnson [pointed] out the register was "the most effective way of preventing criminals or terrorists assuming a double identity".
Alan Johnson January 2010

June 2010

---

[1] http://www.publications.parliament.uk/pa/cm201011/cmbills/001/11001.i-i.html

[2] http://dematerialisedid.com/PDFs/13439_Safeguarding_Identity_w_opt.pdf

[3] http://www.ips.gov.uk/cps/files/ips/live/assets/documents/Identity_Documents_Bill_Impact_Assess ment.pdf

[4] http://www.whitehallpages.net/news/archive/185894

[5] http://programmeforgovernment.hmg.gov.uk/files/2010/05/coalition-programme.pdf

[6] http://www.safran-group.com/site-safran-en/press-media/press-releases/2009-447/article/sagem-securite-chosen-by-ibm-to

[7] http://www.cabinetoffice.gov.uk/media/414879/srp-cabinet-office.pdf

[8] http://dematerialisedid.com/BCSL/Faith.html

[9] https://authenticate.gateway.gov.uk/sidp/SignIn.ashx?gwv=1.0&gwrealm=http://www.gateway.gov.uk/myaccount/2007/07&gwreply=http://www.gateway.gov.uk/Default.aspx

[10] http://www.apply.eu/directives/format-for-residence-permits.pdf

[11] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:115:0001:01:EN:HTML

[12] http://dematerialisedid.com/PDFs/l_38520041229en00010006.pdf

[13] http://dematerialisedid.com/PDFs/0607152.pdf , please see para.1.7

[14] http://dematerialisedid.com/PDFs/1032.pdf

[15] http://dematerialisedid.com/BCSL/Appealing.html

[16] http://www.whatdotheyknow.com/request/misleading_press_releases

[17] http://dematerialisedid.com/BCSL/13728_Appeal.html

[18] http://dematerialisedid.com/Register/regBiometrics.pdf

[19] http://dematerialisedid.com/BCSL/Tulipmania.html

[20] http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm100609/debtext/100609-0006.htm#10060953000001

[20]