I’ve just read Alan Johnson’s article at Comment Is Free. Other than to say that it’s the same old Home Office nonsense, I shan’t deconstruct it further – Longrider has already done that with characteristic style. What I’m more interested in is the sentiment expressed by Johnson’s headline: “We need Identity Cards, and soon”. While it is wrong, it does hint at a real problem, and one which has not been convincingly solved.

It’s difficult to interact with Government properly on the Internet. Public services should all be available online, but attempts to put them there are often stymied by the absence of good ways to identify and authenticate people. It’s important that we fix this problem. Interacting with bureaucracy electronically has clear benefits: it’s fast and convenient, it permits services to be customised and interlinked, it makes it easier to help people who are confused, it simplifies data collection and significantly reduces cost. These are real, substantive benefits.

An so, we have Identity Cards, which — among other reasons — the government is introducing in order to make these changes possible. Unfortunately,  ID Cards are a deeply inappropriate solution. They miss the point so severely that it would be funny if it weren’t so dangerous. The main mistake made by the benighted scheme is to assume — more or less blindly — that a proof of identity is actually what’s required.

What organisations really need to know is not who you are, but what you are authorised to do or have, and whether you are a person they already know. They need to understand what they should and shouldn’t give you, and they need their relationships with people to be consistent: whether you’re called Bill or Bob couldn’t matter less, but if you’re Bill and you’re now just calling yourself Bob, that’s important for organisations to realise.

What’s needed is not a card. It’s not a gigantic database cataloguing every conceivable fact about all of us. It’s not an authoritarian state insisting that you must identify yourself on demand. Government assumes that it should control the tools that we use to identify ourselves, but that attitude is what’s got us into the situation we’re now in: where impersonal juggernauts of institutions are incapable of interacting with us efficiently and empathetically. Where we strive to avoid contact with them and always take the shortest route out of any interactions we have to have, because they feel like wading through treacle.

What’s needed is a way for organisations to interact with us where we control our own data, releasing it to those we trust, and revoking it when relationships break down. Where we can selectively provide the information that organisations need. To have privacy and respect from a system that currently treats people rather badly: as a number, as the sum total of their customer record and credit rating, as a threat presenting a risk to be managed. A system, in other words, that allows organisations to get the assurances they need without sacrificing our dignity.

The ID cards scheme is not this system, and we must fight the good fight — but let’s not let be blinded by it. We mustn’t throw the baby out with the bathwater. Fantastic things could be made if a respectful and effective authentication scheme were to exist — so perhaps, despite Johnson’s article being the same old Home Office balderdash, there was an iota of truth in his headline.

In any case, No2ID are raising the alert: a batch of regulations are being laid before Parliament next month which provide a lot of details about the scheme’s implementation. These regulations must be approved by MPs before they are passed, which means a vote — and which means that the time has once again come to write to your MP and ask them to vote against the regulations. From No2ID, here they are:

• The Identity Cards Act 2006 (Application and Issue of ID Card and Notification of Changes) Regulations 2009

  The detail that you will have to give to the Home Office about
  yourself, much much more than the “basic identifying information”
  ministers keep referring to.

• The Identity Cards Act 2006 (Prescribed Information) Regulations 2009

  What will be kept on the cards – but not yet anything about the national identity register database and how it might work.

• The Identity Cards Act 2006 (Designation) Order 2009

  The first of potentially many such. Provides for some people to be forced onto the system because joining will be a condition of applying for another official document that they need.

• The Identity Cards Act 2006 (Fees) Regulations 2009
• The Identity Cards Act 2006 (Information and Code of Practice on Penalties) Order 2009

  The unfair rules that will be used to punish non-compliance.

• The Identity Cards Act 2006 (Provision of Information without Consent) Regulations 2009

  Sets out who the information may be passed to once the IPS has it. Audit trail information will go to: police, intelligence services, and SOCA, and to anyone else they authorise – so we are immediately beyond government promise – plus HMRC, who can’t however authorise it to be given to third parties. Further, non-audit trail information – such as document numbers, names and addresses, signatures and fingerprints, quite enough to be keys for other searches or massive identity fraud – may be provided to the Home Office and MoJ, DWP, DoT and FCO. Records of what information has been given to whom and why may be destroyed after 12 months or less.

• The Immigration (Biometric Registration) (Amendment) Regulations 2009

  Expands the ‘ID cards for foreigners’ system vastly by extending it to more categories of people (for example, spouses of British citizens, visiting artists and academics) who are only being treated as a threat in order to justify ID cards for all.

Please: write to your MP now and ask them to vote against these regulations next month — especially if you have a Labour MP.