In November last year I wrote to James Hall, Chief Executive of the Identity and Passport Service, to follow up a discussion point from his live webchat on the Number 10 website. I wanted to find out more about the safeguards surrounding access to the National Identity Register (NIR) — the ‘big brother’ database of your personal details, affairs and activities.
In my letter, I argued that safeguards on the NIR should be at least as strong as those protecting your home and business premises from being searched by the state. This would mean the police and security services would require a warrant or court order to gain access to your identity.
I’m happy to report that Mr. Hall has replied. I’m less happy to report that his response is far from comforting:
“You ask whether access to the database will be subject to obtaining a court order or warrant …
“Requests for information will not be granted automatically but will be subject to rules under section 21 of the Act … [This section] provides for regulations to be made concerning how the request for information should be made, at which level of seniority the power to request information may be given, and other requirements which requests must satisfy.
“These regulations will be subject to the affirmative process, meaning that they must be approved by both Houses of Parliament before coming into effect. Once arrangements are in place, they will be subject to oversight by the National Identity Scheme Commissioner in the case of the police and by the Intelligence Services Commissioner in the case of the security services.”
Mr. Hall seems to be saying that there are currently no rules governing access by the authorities to information about you held in the National Identity Register. They’re not sure how they’re going to control access, but you should be reassured that once Parliament has agreed a method, there will be a couple of Government quangos appointed to make sure it’s done right.
In other words, they haven’t thought about it yet.
This is why the Identity and Passport Service is unable to explain the safeguards planned to protect your identity from arbitrary intrusion by the state.
There are none.
In my experience, security has to be considered from the start of the project lifecycle to stand any chance of being effective. Sadly it seems the Home Office and the IPS are leaving it all until later, when the implementation of effective security will be much more expensive and difficult (perhaps impossible).
The Government wants to assume responsibilty for your identity. Shouldn’t they also take responsibility for protecting it?
No, silly me: if they wanted to do that they wouldn’t have dreamed up this ridiculous ID cards scheme in the first place.
Notes: Who can access your NIR record without your consent?