Reasons for ID cards not made clear

Thursday, March 12, 2009

The identity minister Meg Hillier has admitted that the government did not make its reasons for identity cards "clear enough".

In a Westminster Hall debate, the Labour MP Mark Todd accused the government of not making a "promising start" and said the public's trust must be won for identity cards to work.

He said: "The intellect workshops that were held two years ago when the genesis of the project was established made it absolutely clear that, for the project to work, clear uses and benefits must be explained to the public and a high level of trust won.

"As I said, we have not made a desperately promising start. Tentative attempts to sell the idea have provoked ridicule in some cases. The brief appearance of the website www.mylifemyid.org, which was aimed at young people, became a predictable target for opponents." He added that selling the project to its potential customers would be "tough and expensive".

Responding to the accusation, Hillier admitted that during the process of the legislation and beyond, the government had not been clear enough about its reasons for introducing ID cards.

"We have had a period since the Identity Cards Act 2006 became law, after it was debated in parliament twice in 2005, when perhaps we were not communicating enough to the outside world about our plans," she said. "Inevitably, such a vacuum is filled with people's concerns, and there probably was not a strong enough counter-voice from the government about the benefits."

Todd also questioned the government's choice of creating a single identity document, when perhaps relying on several disparate forms of identity would make people more secure. He warned having just one source will make it certain that its vulnerabilities are tested.

"Presumably the [phishers'] target will be card holders who are foolish enough to place elements of their data in circumstances where they are made available for someone else to exploit," he said.

"The staff involved in the maintenance of the data and the design of the technologies will also be an obvious vulnerability; the behaviours of card holders themselves are a further vulnerability. Those who are far cleverer than I will, no doubt, be working already on the perceived frailties of the scheme."

Hillier defended the security of the scheme, insisting that several legal protections are in place. She said if any of the "handful" of staff who have direct access to the register tamper with the register unlawfully, they will face a "severe legal penalty, including a prison sentence".

She said: "No personal information will be downloaded to USBs or discs. In fact, generally, there will be no terminals on people's desks, as that would allow them to look up an individual with the card present. That puts the power in the hands of the citizen.

"If I present myself, my card and my PIN, I am clear that I have given permission for some information about me on the register to be verified by the person, bank — whomever I have a relationship with. No one else should be able to look up information, except in extreme circumstances, such as suspected terrorism or serious crime—and only then, when clear proof is given to the custodians of the database that the information, or a certain amount of information, is required."

Hillier added that there will be no opportunity – not even for the police – to "fish around the register, it will be as secure as a military database".