What you need to know about ID cards
Whether you back the looming ID system or not, here's what you need to know about government plans to create an identity database.
When you apply for a card, your details are added to the national registry which so far is just a spark in the Home Office's eye, as it doesn't exist yet. When it does, it will be a repository of information on everyone with a card, containing their name, address, photo and fingerprint, among other details.
The Home Office has said that no private or public organisation will have access to this data base except for police, immigration and security forces, of course. "Police and a number of specified crime prevention organisations may be able to use information on the register for the purposes of detecting or preventing crime," Home Office spokesman San Matthews told IT PRO.
"The Identity Cards Act 2006 provides for a small number of organisations that may request information from your record for a specific purpose," he added. "These are the security services, the police, HM Revenue and Customs. In each cast they will be required to justify why they need the information."
In order for the database to be useful, it must be correct. To ensure this, part of the draft legislation for the British ID card regards fines for not updating the registry regarding change of address, name or gender. The Home Office has promised to warn first, fine after if you fail to notify the registry of a new address. Should you miss that first warning, the first fine will cost 125. Continue to fail to update the database, and the ultimate fine will hit 1,000 a charging scheme on par with the driver's licence fines at the moment.
Those are just civil charges, however. The criminal charges of up to two years in prison come in if you are deemed to be "deliberately or recklessly" supplying incorrect data.
This might be a good point to note that plans to place criminal charges against those who have "deliberately or recklessly" lost public data have yet to come through despite being promised a year ago. The information commissioner the UK data watchdog is only just about to possibly receive the ability to fine such reckless organisations.
SecurityThe card has been marketed by the government as a way to protect average people from identity fraud. Given the many times this past year the government has lost people's identifying data, some added security would be a good thing. But it's those very data losses which have left many calling for the card and registry scheme to be abandoned.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
NO2ID obviously disagree but here's why. At the moment, identity is an "ill-defined mushy thing" made up of your name, account details, and various other data which is floating around about you, explained Herbert. When people talk about ID fraud, they mean someone has been pretending to be them, using their name or a credit card, for example.
But now, with a consolidated, official identity, it really will be possible to steal it, as it will be a tangible thing. "It's vastly more dangerous," he said.
Pair that with "joined up government" and departmental data sharing, and it's even worse, he claimed. "The whole concept of data sharing is doing precisely the reverse of increasing security."
Weirdly, NO2ID's Herbert is not the only person who claims databases are inherently insecure. Prime Minister Gordon Brown agrees: "It is important to recognise that we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like the communication of information."
Well, okay then.