Identity Cards Bill

moved Amendment No. 11:"Page 1, line 11, leave out ““secure and reliable””" The noble Earl said: I return to territory similar to that which we covered in our debate yesterday on Amendment No. 8. That said, I assure the Minister that I find the use of ““secure and reliable”” rather less provocative than ““convenient””. Evidently none of us would question the critical necessity that the ID register be both secure and reliable. As with ““convenience””, functions of both ““security”” and ““reliability”” should be built in from the outset as a key component of the scheme’s IT architecture. To that extent it would be wholly appropriate that the Bill requires the operation of the scheme to be secure and reliable, as envisaged in Amendment No. 15, which we will debate in due course. On my reading of the Bill, however, that is not what the words do in their context. As with the use of ““convenient”” in paragraph (a), they assert without qualification that the register will be secure and reliable. I repeat that I do not question the desirability of this, but simply to say it is so does not make it so. Indeed it might be more accurate to infer that, as things stand, the scheme is showing distinct signs of insecurity and unreliability. Clearly the evidence to date in respect of biometric identifiers is mixed. Here I do not question the Government’s strenuous efforts to develop reliability within the process of biometric data capture. The Minister referred to them in detail in our debates yesterday. There are some important points here, though. The threshold of accuracy for a whole-of-population database is extremely high. As I understand it, failure-to-enrol rates as low as 1 per cent could render the scheme almost unworkable. More importantly, data capture and data verification are two disparate processes. In respect of the latter, the available evidence, some of which I referred to yesterday, suggests error rates running at in excess of 30 per cent in a situation where, as with data capture, figures of around 1 per cent could render the scheme inoperable. This is exceedingly important. It is all very well to establish a system of collection of biometric data that accords with adequate thresholds of accuracy; indeed, it might even be technologically possible so to do, although there is a fair amount of scepticism on that point within the IT industry. In turn, that threshold of accuracy has to be carried through to the separate process of end-user applications. Worryingly, our debates yesterday suggested to me that an assumption exists that if data capture can be developed to an appropriate level of accuracy, data verification will, as a matter of course, be equally reliable. This is simply not so. In effect, the case for the reliability of the scheme across the whole range of its processes has yet to be proved. As to the security aspect of the scheme, the proposition was advanced yesterday that, because of the scope and character of the database, it will be impossible to make it wholly secure. The Minister referred to the issue in these terms:"““to date there has not been a recorded security breach or compromise of a government database which is protected in the same manner as that designed to protect the national identity register””.—[Official Report, 15/11/05; col. 989.]" In response, I simply say that there is a first time for everything. In fact, if I consider the psychology of the IT community, I suspect that this will act as a red rag to a bull. Hackers and crackers are just as likely to perceive this as a challenge for them to test their computing skills. To that extent, we had better hope that our debates on this point are not particularly widely read by such individuals. Quite apart from that, as my noble friend Lord Crickhowell pointed out yesterday, the Pentagon’s main defence system—where presumably IT security is just as robust, if not more so, than that envisaged for the register—was breached with relative ease by a young man living in a council house in south Wales. Moreover, the IT industry, pretty much across the board, is increasingly strident in its criticism of a centralised database for the storage of biometric data, because of the grave security issues it gives rise to—the so-called honeypot effect. In so far as it may currently be fashionable within Government to adhere to the principle that, in determining policy, the advice of professionals should be heeded, what prospect is there that the Home Office will accept this counsel? I beg to move.