next Contents previous
Next: What Next? Up: Contents Previous: Is the card redundant?

Final considerations

When we consider how the scheme will actually be put into practice we encounter a number of issues that will have to be considered. The draft bill produced by the home office does not lay down the detailed specification for identity cards or the detailed arrangements for making applications. These will be set out later in regulations.

One particular criticism that has been made about the ID card system is the paradox that if the present forms of ID are so flawed as to need replacing how can you reliably prove your identity in order to obtain the new ID card. In addition how can those people without any form of identity document prove their identity to obtain the ID card?

The system is designed not to establish your true identity but merely to tie you via a biometric template to a name and address in the Register. There is simply no way for the Government to ascertain the true identity of any individual making an application for an ID card. Thus you could use any name and address and receive a legitimate ID card in that identity, however your biometric template would then forever tie you to that identity.

The National Identity Register is a Government Information Technology project of unprecedented size in Britain and is far more complicated than you might imagine. Essentially it will be a database containing identity data on all the inhabitants of the UK aged 16 or over. The sheer volume of data will mean that it will be housed on hundreds if not thousands of computers plus an even greater number of backups of the database in case of disaster.

There are problems with creating such a large IT project that will contain important private information. Building the register is technically possible but will require many computer professionals and a substantial period of time to complete. No computer project is ever error free and yet the National Identity Register needs to be to function properly, there will need to be a prolonged testing period to ensure it functions with minimal errors.

There will also be possible human errors associated with the register. With the sheer volume of identity data that needs to be entered into the database it will be a difficult task to ensure that it is all entered correctly. In addition there will need to be procedures for the modification of database entries when there is a change in details for an individual such as a change of name or address.

Government agencies such as the UKPS and DVLA already deal with the above issues but the new register will be larger in that it will contain more individuals and include more personal data for each person.

Another issue is if the National Identity Register is used to replace the various existing registers of the UKPS and DVLA. Having a single register in place of many creates a single point of failure, which is bad security, as it will increase the problems of loss or robbery of what is now an individual's sole identity document. Also it would mean a single computer database, which again is more vulnerable than several different ones. Redundancy is a good thing. What happens if catastrophe hits and the database is damaged or destroyed does Britain shut down or do we carry on without it and concede that establishing Identity is not of critical importance.

The very final consideration concerns the audit log associated with an individual's entry in the National Identity Register. The audit log will record each occasion an individual's recorded information has been accessed. This is an important tool to ensure that no one accesses an individual's private information improperly or without authorisation.

However if the ID card becomes an item that is routinely required in a number of situations such as any financial transaction or a purchase from a shop then the log becomes an important record that is open to misuse. The audit log in that case will be a record that tracks an individual's movements and is a clear infringement on a person's liberty and right to privacy.

Ideally the audit log should be secured so that absolutely no one may access it without the authorisation of the individual of whom it concerns.

next Contents previous
Next: What Next? Up: Contents Previous: Is the card redundant?

Creative Commons License This work is licensed under a Creative Commons License.