Identity Cards Bill

I am grateful to all noble Lords who have contributed to the debate. I take the strictures of the noble Lord, Lord Peyton, very seriously. He is right to draw our attention to those words and paragraphs from the report of the Constitution Committee. The Government take these issues very seriously indeed and we are absolutely determined to ensure that, in bringing forward the Bill, we reach the high thresholds expected of us in the way the legislation and the scheme will work once established in law. We have debated this issue already in some of the earlier amendments. Clause 1 is at the heart of the identity card scheme. It establishes the national identity register and it sets out the statutory purposes for which the register is to be established and maintained. The amendment focuses on the security of the register but it is unnecessary. The security of the register, certainly in managerial terms—the noble Lord, Lord Crickhowell, referred to this issue—will be of paramount importance and, as such, does not need to be set out in primary legislation. Furthermore—this is a very important point—the Data Protection Act, and in particular the seventh data protection principle, imposes already a statutory obligation on us to ensure that the appropriate technical measures are taken in order to secure the safety of the register. That is spelt out very clearly in the seventh data protection principle and is also made clear in Section 4(4) of the Data Protection Act 1998, which states:"““Subject to Section 27(1), it shall be the duty of a data controller to comply with the data protection principles in relation to all personal data with respect to which he is the data controller””." So it is implicit already in legislation that we should comply with that principle. The amendment adds no more to that obligation. Perhaps I may go into some of the detail of the issues that have been raised—the question of hacking and so on. The national identity register is not physically connected to the Internet or any publicly available network. The security control procedures designed to connect the NIR to application handling and identity verification systems are some of the most sophisticated currently available. These safeguards are designed to provide a defence in depth, as we have heard before, through distributed security architecture and are considered unlikely to be vulnerable to external attack while under appropriate management, audit and security operating procedures. It should be noted that to date—I know we have made this point before but it is important that it should be recorded again—there has not been a single recorded security breach or compromise of a government database which is protected in the same manner as that designed to protect the national identity register. No applicant or card holder information is ever transmitted in a manner that could expose it to the risk of interception or compromise. An advanced cryptographic and intrusion prevention scheme has already been designed to protect the supporting NIR communications infrastructure as part of the overall security architecture of the scheme. All security features designed to protect the NIR and supporting communications infrastructure have been developed in conjunction with the GCHQ’s Communications-Electronics Security Group. The CESG, as it is known, is the Government’s national technical authority for information assurance. The noble Lord, Lord Crickhowell referred to management issues. In essence, he drew our attention to the potential abuse that might occur by virtue of the activities of agency staff. The proposed scheme incorporates the design principle that no one individual can change details directly on the NIR. Verification service traffic is one way, and does not access the NIR directly. It should be noted and understood that the content of the NIR is never stored in a manner that would leave it exposed to the risk of data extraction. A small number of communication links serve the database. These links are all encrypted using high-grade cryptography. There is no PC access to the NIR, and only a small number of operations staff with the highest level of government security clearance will be responsible for managing the uploading of information to the core database. Additionally, Clause 31 creates the offence of tampering with the register. A person convicted on indictment can be sentenced to up to 10 years in prison or a fine, or both, and on summary conviction to a prison sentence of up to 12 months. If we need reminding, employees would also be subject to normal employment law remedies. Disclosure would certainly amount to gross misconduct, and would be a dismissable offence by virtue of that. So only a small number of authorised members of agency staff would have access to the register. It will not be connected to the Internet, and outside bodies will not have access. This is a highly secure system. It is designed that way by all other government databases. We do not believe that this amendment aids or assists that. It is already implicit by virtue of the seventh principle of the Data Protection Act. Our argument is that this unnecessary amendment adds nothing to the Bill, nor will it add any further protection.