Identity Cards Bill

My Lords, I have been thinking about this matter for a long time. I sit on the Local Authority Smartcard Standards e-Organisation, and we have been discussing identity management and efficiency in public service delivery for a long time. One thing that I realise is that the members of the public I have talked to tend to have muddled thinking about it, because they confuse the ID card and the proposed national identity register. They also confuse whether it is to be voluntary or compulsory—to own or to carry. The Bill will not produce a scheme that will fulfil the stated purposes. The other muddled thinking about which I get upset is how identity theft is defined. Stealing a PIN number or a password is not identity theft; it is just straight theft. Nicking a credit card is straight theft. Stealing identity is when you impersonate someone for much greater purposes. I shall not go into that any further. We have caused for concern, and concern spreads across the globe. We should consider a Bill introduced to the House of Representatives on 24 September 2003, the Benjamin Franklin True Patriot Act. Immediately after the short title, the first finding is:"““Benjamin Franklin stated: ‘Those who would give up essential Liberty to purchase a little temporary Safety deserve neither Liberty nor Safety’””." The old refrain ““Everyone else has one, so I want one too”” makes us sound like a spoilt child. In France in the middle of the 19th century, only the British, or the English, could move around freely, along with the crooks and the officials. If we consider how the card is to be rolled out, we see that it is the working, travelling, taxpaying wealth creator who will be forced to register first; they need passports, and so on. It is the dubious characters whom we want to catch at their nefarious practices with whom we will catch up last—probably in about 15 years, given the roll-out plans. What is the purpose? Is it national security? People have dealt with many of those matters already. We need good intelligence. We have GCHQ, sometimes called CSG. Those people can already track you through communications records, if they really want to. They need human agents on the ground; they need money. Is it prevention and detection of crime? How does a plastic card stop a thief or a murderer? I thought that they used them to slip open front doors on the latch. Is the database of fingerprints to be used to replace the police database? That might be useful. Is it immigration control? What will they do: cordon and search? That was very unpopular by 1952. You would be pretty cross if immigration officers wrecked your anniversary dinner party to try to arrest a couple of Chinese waiters. The noble Lord, Lord Stevens, talked about the idea that people could say, ““Stop. Where do you live?””. The ID card does not tell you that; that is sitting on the national identity register and cannot be divulged easily because there are many vulnerable people and you cannot give their addresses out willy-nilly—certainly not just to a police constable on the street. For that to work, the card must be compulsory to carry. Refugees do not need new ID cards, as has already been said; they have biometrically linked ID cards. What about illegal working? We have the national insurance number registry, which contains many more people than the working population, but so it should. It contains all retired people, many of whom have also emigrated. We must pay their benefits. It contains all the people who have come over here on one-year and two-year visas and gone abroad again. They may come back, so we cannot destroy their numbers until we know that they are no longer alive and in the system. So of course we have greater numbers, and the proposals will not alter that fact. The IND database will be checked for illegal working. Will it be up to date? If I am given permission to work, will that be updated on a daily basis or will I have to wait a week or a month while they take their records, sometimes by courier van, I believe, from Croydon to the Midlands to get it up to date? There are 3 million to 5 million small and medium-sized enterprises in this country, which creates huge potential for working illegally. Illegal workers will probably be cracked down on the most. If an obvious foreigner presents himself for employment, he will not undergo a biometric check; instead, a PIN number will be used to validate the card. Do not try to tell me that 20 foreigners operating as a gang would not pass around one card with a PIN number, so that each verifies himself each day. If it is not compulsory to carry a card, it will be possible to get away with such fraud. It would cheaper to let those people work, pay their taxes and get them out of the benefits system. I think that the Conservatives introduced that—so you can score one over the Conservatives again. Another declared purpose of the national identity card is the effective and efficient provision of public services. I do not call spending £0.5 billion a year to save £50 million on duplicate benefit fraud a return on investment. On coming into power, Labour scrapped the Conservative benefit payment card on the ground that it was too difficult to computerise 20 million claimants—interesting. Local authorities tend to deliver many, if not most, of those public services—that is why we have been worrying about it for so long—but they are not allowed to piggy-back on this card. It would have saved us a fortune if we could have done, but nothing is to be piggy-backed on to the national identity card. Access to free national health was mentioned. The health service is producing its own card. It will probably interest the noble Lord, Lord Harris of Haringey, to learn that much of the information that he wanted is to be kept on that card. You do not need it stored on a national identity card. What about speedier CRB checks? How would that be possible? All the biometrics would have to be uploaded up line. The NI biometrics are not held on the card; they are held centrally. Only the ICAO travel ones are held on the proposed card. They are sent up line, so I do not see how this proposal will save a lot of time—it is done at present. It is argued that access to other government services will be made easier. Farmers have to interact with public bodies frequently, but their fingerprints are often rubbed off, so they are a problem group. Woe betide a brown-eyed African farmer: he will have a lot of trouble, as the eyes would probably be difficult, too. It is claimed that it will be possible to open a bank account with a single ID card. You still need proof of address under the anti-money-laundering rules. Until those rules are changed, the identity card will be no good; otherwise, you could use a driving licence to open an account. It is compulsory for holders of a driving licence to give notification of a change of address, so why cannot they currently use their licence to open an account? That is because it is known not to work. Why would it work for the NI registry? Perhaps the civil penalty of £1,000 will be enforced better. Will more people be locked up? At least you will know where they are. I wish to outline the dangers involved in the legislation. It will be possible for authorities to monitor who you mix with. That is really what it comes down to. Road-user charging is proposed. We know that you cannot charge a vehicle—that is the problem with the insurance documents displayed on the car windscreen—so you must charge a person. It is proposed that drivers pop their ID card in the car so that the authorities know where they are and can send them a bill. They will know who you are, who you mix with, and so forth—I shall go no further. Over-zealous enforcement is a danger. You would be lucky to comply with all the myriad regulations coming out these days. I would be very surprised if the authorities did not get you on something. We know only too well about the bureaucracy of the system. There have been some horror stories, but as time is short I will not read out the details. For example, a chap was locked up in South Africa, and people have been wrongly accused of murder and had their businesses wrecked all because of mistaken cross-referencing on a database in the United States. Those cases are covered up for as long as possible. Cross-departmental government data-sharing and joined-up government are wonderful, but it would also be possible to use an individual’s address as a link to their details on the national census. That would tell us their ethnic origin, and we could have a very efficient sweep-up of undesirables. That is my answer to the noble Baroness, Lady Henig, about why the scheme is so dangerous. We do not know who will be in power in the future. I remind noble Lords that Hitler was elected. The Government can also use the information for useful things such as lifestyle-checking, the grey economy and so on. If you try to help a friend who has just hit hard times for a while, they will soon get you for that. When a policeman in Operation Glade leaked some interesting information from the police database the other day, he was merely rapped on the fingers; he was not even gaoled. That is not a very good signal to send out when the Government are trying to argue that all those systems will be super-secure. You must start locking up government employees who leak stuff; otherwise we will not really have security. Security is not breached by hackers; it happens when people get in and sell information. If I were a terrorist, I would try to get someone into the relevant department because they would then have a mechanism for switching ID. For example, ID is switched in trans-gender cases, witness protection programmes and for agents in the field. If I can get someone in who can switch the information on the core database, it gives me a licence to print ID. Noble Lords have already pointed out that ID theft is easier in the USA. CCTV was mentioned earlier. The difference between CCTV and ID cards is that CCTV cannot track people. These days facial biometrics are not good enough. One can look at something that happened on CCTV, work out what happened and then work forwards, but unless something has happened one does not bother. Potentially, ID cards will track, not in real time, throughout your life. So it will be possible to find out, for example, what new politicians were up to in their youth, giving people a good opportunity to ensure that they toe the line. Is the system feasible? I am afraid that it is all too feasible. The mobile network operators carry out identity management all the time. They ensure that calls can be made on a few hundred million telephones worldwide, and sometimes send horrendous bills for a particular company or person to pay. They also handle permission and access to third-party databases; for instance, Internet information pages. The technology is there, so it is not a problem. Biometrics work, but the problem is deciding what constitutes a pass: seven matches out of 13, for example, because two fingerprints did not work as they were burnt on the Aga that morning? Continuous updating will be necessary. The information will be held centrally. How will it be updated as people get older? How would a failure to match an identity be handled? Manual processes would have to be used, which is where the criminal or terrorist attacks the system. All I really worry about is what might be acceptable and useful to the citizen. There are two things here: the card and the NIR—nightmare intrusive regulation. I prefer the idea of federated control to central control, as central government control people but local authorities try to keep people alive. People think that as a result of the new scheme they will need to carry fewer cards. That will not happen. We will still require, for example, recognisable parliamentary passes, credit cards for financial information, a separate health card, a transport card such as Oyster and local authority cards for the library, gym, benefits, and so on. We will not get rid of cards; we will have an extra card. Do not think that anything else will happen. Locally authenticated biometrics would be useful. They would be much better than a PIN number; there would be nothing to lose. It would be great if the individual’s identity could be checked by putting their thumbprint next to the card. A government-approved universal reader that can read a biometric on the card might provide greater security so that we can throw out PIN numbers. Claims about verifying ID online and enabling credit card protection are rubbish. Two readers will be necessary: one for the national ID card and another for the credit card. Will people have that? No, so you will not get much there. An electronic passport on the card would be useful. ICAO-standard biometrics and local verification would speed up passage through borders, airports and so on. Perhaps an electronic visa could be added to improve things further so that a paper document would not be needed. That is a great idea, but local authentication would be needed for it to work. I have already responded to the claim that the card will mean that individuals do not have to find utility bills to prove their identity. As I said earlier, the rules on that would have to be changed. I am also involved with the Special Needs Application Programme Interface (SNAPI) project. We might put on it the new standard EN1334-4, which involves coding of user requirements to tailor terminals for people with special needs. Why should I not have several personae? I am fed up with being pigeon-holed. I have been faithful to my wife. Have you? Are you happy for someone else to know where you have been the whole time?