What do NO2ID see as the main threats towards privacy and liberty with the introduction of a National eID card in the UK?

In my opinion, it is a nationalized identity system that threatens privacy and liberty. Individual privacy and security is threatened by the centralization of personal information in the hands of the state and by linking it all with key identifiers. Privacy is also threatened by the proposed use of such a system to create mechanisms for the passing of information between departments, and (notionally as ‘verification’) to and from private sector organizations, which in turn opens up many more channels for inappropriate use. Liberty is threatened because the scheme potentially gives the state much more power over the individual, both through surveillance, and by giving it (the state) the final say over the validity of a person’s identity and therefore over his / her access to goods, services and own property. Its operation (which would constrain every person’s civic life according to the plans) is wholly in the hands of bureaucracy, which would have powers to penalize citizens without resort to the courts. Independent redress has been made very hard.

What new threats do you believe could be created with the introduction of a National eID scheme?

They are myriad, however here’s a few examples:

• Failure of the system, consequently locking people out of their lives and / or inhibiting everyday business;

• Loss, theft or damage to cards being a serious problem to citizens, with no incentive on officialdom to deal with it quickly;

• Identity theft made infinitely more serious as a problem and easier by collation of all information centrally and linked directly to commonly produced documents;

• Penetration of the system by criminals making witness protection impossible and facilitating all sorts of crime against the person and damage to national security by similar means;

• Over reliance on ID officially held forth as secure, leading to greater fraud;

• Bureaucratic overload with more ID demanded because it can be exacerbating all the problems above;

• Deliberate or accidental persecution of individuals through use of information on the system – true or false;

• The massive recirculation of data posited by the system leading to the irredeemable spread of corrupt information, rendering previously adequate stand-alone systems useless;

• Massive increases in government power vis-à-vis individuals, and oppressive attempts to manage individuals directly through their ID records.

The eID card itself is often referred to as ‘red herring’ by NO2ID, and that it’s the database that matters – could you explain this a little further?

The card itself is a political red herring, rather than a technical one. And it is specifically not an ‘eID’ card that is being used as such. Of course the design of the card matters, but the UK government has chosen to focus public attention on ‘ID cards’ without any qualification and putting forward the familiar image of dumb cards with photographs. Referring to them as eID would draw unwelcome attention to technical detail.

The focus on ID cards distracts attention from the centrality in the law and the scheme of the National Identity Register as a catalogue of personal information about individuals and of information sharing across government departments using it. The functions of the Register would be unchanged, and as injurious to privacy and liberty even if no cards were ever issued.

Conversely, it would be entirely possible (in theory), to build a functional eID scheme that did hinge on the card and had no central storeof personal data, but that is not contemplated by the Identity Cards Act 2006, which legally requires a central Register in the control of the Home Office.

In an ideal world, what would NO2ID propose as an acceptable solution for the identification scheme?

There’s really no evidence that we need a national identity scheme. Most of the occasions on which government claims it would save citizens trouble are actually occasions on which troublesome demands for ID are imposed by the state; the arguments are therefore circular. The bureaucracy, sometimes deliberately, but more often ignorantly, confuses identity and authentication, authentication and authorization. Officials have a hierarchical, even hieratic understanding of identification, in which there is literally ‘a single source of truth’ and that truth is determined by official approval.

It is a mediaeval model of governmentalism, in which the king owns everything and everyone and all the details are kept in a big book. This was done most literal-mindedly in England in the 1080s, when William the Conqueror had what was later called ‘The Domesday Book’, compiled as a survey of his new kingdom. In that model all transactions are ultimately mediated by the state, and identity and privacy are necessarily antagonistic.

NO2ID is enthusiastic about the application of technology to provide authentication with privacy. We see no reason why keys, account cards, age verification and so forth shouldn’t emanate from a wide range of trusted sources and provide only the information or authority that their purpose requires. There’s no reason that identity should be unitary and indivisible. Any good system will provide redundancy, compartmentalization, anonymity and pseudonymity – all of which are needed in practice. All sorts of systems, each tailored to its proper use, are possible. There’s no good reason for them to be unified – on the contrary, it would be dangerous to put all of everyone’s eggs in one basket. For example: It is not necessary to the economic system that the Bank of England is the man-in-the-middle in every transaction. That sort of bureaucratic friction would be a disaster, everyone knows, even without the opportunities for crime and corruption it would create. Anyone who suggested it would be condemned by everyone in finance as a ‘dangerous idiot’. So why is the same sort of idiocy tolerated with regard to identity?

We have likewise from finance, perfectly good examples of working federated identity systems. Distinct payment card systems use the same infrastructure. Separate banks offer card services through shared systems, via chains of authority, not a centralized overseer. Those systems are flexible and respond quickly to threats: one of my identities within it can be cancelled if a card is lost, while another keeps working. No government specified it. It wasn’t the product of an empty theory. It grew to serve its customer’s needs.

In NO2ID’s opinion, what is the best way to safely collect and store personal data?

There isn’t one. What’s good depends on the circumstances and the use. And access must be properly controlled of course. But storage is not the issue here, sharing and transfer is. The technical challenge ought to be to find a good means of minimizing the sharing of personal information and for individuals to exercise control over what happens to their personal information. That is how public security and privacy could be enhanced and preserved by ‘eID’ – if the public, corporate users and solution providers would all reject the Domesday book model, and start to explore what offers the most benefit to individuals, rather than the most convenience to bureaucrats.

What is NO2ID’s opinion on the use of biometrics (fingerprint / iris) for person identification and authentication in government eID schemes? And does that opinion change if biometrics are used in private applications, such as access control for corporate office buildings and so on?

NO2ID is neutral about technology – it is how it is used that matters. Biometrics can certainly be handy for some sorts of access control, but they aren’t a panacea. It is particularly over biometrics that politicians and officials seem to bear out the Arthur C Clarke dictum that “any sufficiently high technology is indistinguishable from magic”, a weak intuition for systems and statistics leads them to think of ‘biometric’ as a synonym for ‘infallible’. And because biometrics are physically part of us, their use feeds the simple-minded bureaucratic model of identity as singular; as one file attaching to a particular body and linking all related facts. That is the danger of biometrics if they are shared. Just like any other shared identifier, they have the power to undermine privacy. And they are hard to hide, since we are always exposing them.

NO2ID would therefore say that of course biometrics can be useful, but that it is with elementary caution that they should be used as confirmation, rather than a sole key in any system, and of course they should be held locally, not shared.

As we know, the UK eID scheme has developed under the Labour Government, which most of the opposition are against. How would you feel if the opposition won in next year’s elections, yet continued with the eID scheme?

We’d feel betrayed, of course. But the simple decision to carry on against all public declarations of policy is highly unlikely. What is more worrying, is the possibility that a new government will not be sufficiently rigorous in extirpating the scheme, for which there is a powerful internal lobby in Whitehall and that it will end up permitting the principle components of a national register to be built as nominally part of other administrative infrastructure. The Home Office has prepared that route for several years by the decision to abandon the single clean database and instead to incorporate segments of the Register into existing systems maintained by the DWP, the UK Borders Agency and so forth.

The UK National eID scheme is currently being developed on a national basis – how would NO2ID propose to continue the campaign against the scheme if it became a European directive?

Currently it couldn’t be a European directive since national ID cards and related measures are specifically outside the competence of the EU. That could change if the Lisbon treaty comes into effect however.

An EU framework decision would require an escalation of the sort of action required, since it would cease to be directly possible to oppose it in the UK parliament, and the EU parliament has neither great powers, nor great will, to stop such a development. We are committed to staying within the law, but we certainly don’t discount civil disobedience if the UK authorities use policy laundering through the EU to sidestep domestic democratic and legal mechanisms. It is the sort of thing that brings the EU and national governments into disrepute.

That said, a system that had to comply with European standards of data-protection would be a different proposition. It might make a system such as the UK’s current plans impossible, because other member states have more serious attitudes to citizen’s rights and to privacy with which such a scheme would have to comply. It would make the lobbying process more difficult, but we would get new legal tools to challenge ill thought-out legislation.

 

  

 

 

Go to article:
1 |  2 |  3 |  4 |  5 |  6 |  7 |