Friday, March 02, 2007

Do ID cards need to be such a problem?

One of the biggest debates over the next few years will be over Identity Cards. The whole issue of ID cards is a problem for a country that has never felt the need of them previously, or perhaps, more accurately, has ignored any need for them.

The debate worries me a little because I believe it will be taken over by the two extremes of the argument without looking at any solutions that actually might be halfway useful. In reality it is not even party political debate because if politicians were to be halfway honest, which they are not in this case, oppinion across the parties is all over the place.

So here I am going to put down my two penneth worth, and in so doing propose a basic ideology of a system that might work. I have taken as the start of my argument the thought that we are probably going to end up with some kind of system at some point in the future, so how about we get it right.

Photo of Charles ClarkeI originally posted this on Charles Clarkes 2020 Vision site in response to his arguments for identity cards. He made the point that:

"The issues are contemporary and controversial both within and between the political parties. But I believe that such databases are important for our liberty, our security and to defend our democracy."

You can read his article here.

Identity Cards - A New Approach

I think we are looking at this whole identity business backwards - bringing the policies forward based on reaction to events rather than a considered idea of whether these are useful. First, let’s break down where we need to establish identity, just in rough.

  • We need it to register for tax.
  • Obviously we need it for passports.
  • And we need it for benefits.
And where we don't need to establish identity

  • We don’t need it for walking down the street,
  • It is not needed for paying bills in shops, online, etc
  • Nor for just breathing, to be facetious.
So, there are times we need proof of identity and times we do not. This is making the assumption that most citizens are law abiding, of course, but that is a stance we SHOULD take.

Now, let’s look at a system that supports the above "needs."

The first, and most common need, is probably paying tax - though this does not need to apply to everyone. So, I apply for identity when I get my first job at, say, 19 years old. The Taxman requires basic data and needs to be able to access that data. I supply the data, and give him permission to access it. This includes my date of birth, place of birth, current address, etc.

Now, I want to register with a doctor and dentist. This requires me to supply data. Some of the data required by the NHS already exists - I just have to give them permission to access the bits they need. Any bits that are exclusive to the tax man (like my tax records) the NHS cannot access as I have not given permission.

Now, I want to go abroad, and need a passport. I now supply the additional data required and give the required permissions.

You get the idea. In all this process I am in direct control of my own data. I have to give permissions to agencies to be able to access only the data that they require.

In theory, I can refuse to give data and permission. However, I am not going to be able to get a passport if I do that, so that would be idiotic. Though, keeping that as my right is essential for the transparency of the thing.

Now, notice, I have not mentioned Identity Cards here. There is a very good and technical reason for this. We don't need them. Even supporting your arguments, Charles, we still don't need them.

Let me explain. I go into the DHS to get benefits. They want me to confirm my identity. Under your system I hand them my identity card which is full of data. They plug it into their machine. Their machine then goes of and does a query on the central database to confirm the data is as presented. To make sure that I then belong to the card, as it were, I allow a retinal scan and the taking of one thumb and one finger print and that is compared to the card data and the remote database data. Wow!

Alternative system: I walk into the DHS, they sit me in front of the retinal scan, which scans me. I enter a pin to bring up my record for comparison - the machine verifies it is me and I get my needs met.

You have not had to produce 60 million really expensive cards.

In addition, because the central database is permission based on a record by record basis, the database needs to be very basic. Rather than spend several billion setting it up, you grab a handful of top database designers from the open source community, and they put the whole thing together using MySql (which is both robust and free, by the way)

The expensive bit is the scanning equipment - but you are going to need that for what ever system you go for, sorry!

The main advantage to this kind of approach is that you are asking people to volunteer their information, rather than forcing it out of them, in return for services that are part of life. If they wished, they could avoid being on the database entirely, but they would have to live as a hermit in a cave somewhere.

It does not stop criminals - but then, they like to drop out of existence anyway, so no system will cover them.

The additional advantage is that once someone is on the system, they are both responsible for and in control of their data. They are the only person who has complete access to ALL their data in the normal course of events. Not even the government would have that access. Government departments would only have access to the data that is relevant to the service they supply.

Of course, the police and security services could apply to court for access to all data, and this job would be greatly simplified compared to now. But there would be no automatic right.

If people are in control of their own data, the Big Brother scenario is les relevant (though that would still worry even me)

My system, and its presentation, also has another little political bonus.

Since people would be controlling their access to services that are supplied by our government, under the way this system works these really would be seen as SERVICES ready for use by the public when they need them.

This really is returning government control to the people and fulfils my personal political mantra:

An MP is the employee of the People – not the other way around!