Identity Cards

– in Westminster Hall at 4:58 pm on 11th March 2009.

Alert me about debates like this

Photo of Mark Todd Mark Todd Labour, South Derbyshire 4:58 pm, 11th March 2009

I intend to address the definition of the identity cards project and its procurement. I shall not discuss the principles behind the project, nor shall I attempt to persuade the Minister that it might harm civil liberties. I have never bought that argument and I did not make it during the passage of the Identity Cards Act 2006.

The concerns that prevented me from supporting the Government on Third Reading were far more prosaic. I was concerned about whether the project was good value for money and whether we were proceeding in a way that limited the risk of failure. The first point is complex, partly because of uncertainty about the project's cost. I recall during the Bill's passage speaking to a group of IT specialists, who immediately agreed with me that the estimates given by the Government and by critics of the Bill were entirely speculative.

Are we better informed now? The answer is: perhaps a little. The project is better defined than it was. One major aspect of the technology—iris recognition—that carried both risk and uncertainty has been omitted from the original list of specifications. A sensible deconstruction of the project has taken place and it has been divided into more accessible elements, often linked to existing passport activity. An initial low-volume activity serving foreign nationals will test aspects of the programme. Of course, that deconstruction will make the monitoring of the precise cost of ID cards beyond the passport project hard to assess. I still argue that we are some distance from having any reliable figure for the marginal cost of ID cards as a project and we are certainly—I will expand on some of the reasons why in a moment—a considerable way from understanding the ongoing costs of maintaining a national identity register for UK nationals. Within acceptable bounds, we do not know what the project will initially cost and how much it will cost to maintain.

The other uncertainty in the calculation of worth is rather more profound: what exactly will the register and the cards offer? Again, when discussing the genesis of the project with IT professionals, I found the unanimous view given was, "I wouldn't have justified it this way." The confused melange of arguments about stopping terrorism, tackling illegal immigration and fighting crime have appealed to those looking for quick-fix politics, and they have helped the idea to build some base of preliminary popularity. However, such arguments have also created a substantial base of hostility and they would be rapidly demolished or severely weakened by even the most cursory scrutiny.

The 7 July bombers were proud of their identities and would have been holders of ID cards anyway. Illegal immigrants, by definition, live in the shadows of our society, and to operate in the open they would currently need to show legitimate identity. Giving false identities to the police is a problem affecting a minority of crimes. Thankfully, we have moved on to the more adult argument that should have been at the heart of this project from the start: that proving one's identity is increasingly a necessary part of life—not all the time, but frequently enough to cause inconvenience and a simple tool to do that would help. However, there is a counter-argument: that relying on several disparate sources of identity proof makes us more secure than relying on one tool alone. Having one supposedly authoritative source will make it certain that its vulnerabilities are tested.

I have noted from the technical discussion of the project, that phishing—with a 'ph'—has already been identified as likely. It is helpful that the Home Office have looked at that. Presumably the target will be card holders who are foolish enough to place elements of their data in circumstances where they are made available for someone else to exploit. The staff involved in the maintenance of the data and the design of the technologies will also be an obvious vulnerability; the behaviours of card holders themselves are a further vulnerability. Those who are far cleverer than I will, no doubt, be working already on the perceived frailties of the scheme.

One critical element is required to sell ID cards as a tool for the citizen: trust. Bearing in mind the significant and technically resourced opposition to the project, weaknesses will be both sought and given high-profile exposure. It is wholly unrealistic to expect a project of such a scale and complexity to avoid error and failure. Trust damage is extremely likely, and we have not made a terribly promising start. Government and private sector data management does not have a good reputation. PA Consulting, which I understand is the firm advising the Government on the project, as I am sure many other firms are, recently lost the personal details of the entire UK prison population. In the company comment, one root of its problem is disclosed:

"the challenge of managing necessary confidential information held by government, and in particular eliminating human error, is industry wide."

Procedures and processes are fine, but human beings do not necessarily conform.

The other unspoken root problem, which I have already stressed, is reliance on one encompassing technology rather than dispersal of risk. The role of the national identity scheme's commissioner also remains undefined. That element will either build trust in the project or—if the appointment is weak or the terms of reference of their activities are poorly defined—be a means of subtracting trust. Before cards are given to any UK nationals, we need to know who that person will be and exactly what they are supposed to do within what budget.

The public's trust must be won. The intellect workshops that were held two years ago when the genesis of the project was established made it absolutely clear that, for the project to work, clear uses and benefits must be explained to the public and a high level of trust won. As I said, we have not made a desperately promising start. Tentative attempts to sell the idea have provoked ridicule in some cases. The brief appearance of the website www.mylifemyid.org, which was aimed at young people, became a predictable target for opponents. Selling the project to its potential customers will be tough and expensive. In addition, one has to say that it almost certainly has not been properly costed in the programme.

The responses of the first recipients of the cards who can speak up—foreign nationals have been carefully chosen because, arguably, they are a group that cannot complain—have been either hostile or deeply unenthusiastic. Airline pilots have vigorously contested the need to have the cards at all, and Roger Wiltshire of the British Air Transport Association has said

"we do not see the ID scheme bringing any security or business benefits".

One might imagine that the financial sector, which requires ID proof more than most, would be vocal in its enthusiasm. Of course, that sector has other things to worry about at the moment, but its virtual silence speaks of extreme caution at least.

Those concerns have, of course, been reflected in supplier behaviour. The political controversy over the project, its muddled, incoherent justification, and the lack of endorsement from potential users has been noted in the supplier community. The careful design of the scheme to incorporate more consensual and current activity, which is a sensible route to take, within discrete projects related to existing Identity and Passport Service work has ensured that some interest is retained. However, the drop-out from the initial pool of potential suppliers has been notable. The survivors—those who are prepared to lead consortiums—would be wise to price in the risk of interruption, diversion and reputational damage.

Let me illustrate one obvious problem in procurement. The Government have sought to engage the private sector in the initial data capture exercise through a competitive marketplace. The training and security checks of staff involved will, of course, be a substantial cost, as will the acquisition of data capture centres dispersed around the country. Understandably, the IPS states that such centres have been located in places of high footfall

"such as high streets or large shopping centres".

This will not be a low-cost activity.

The Home Office website specifies the sorts of people who might be involved in the exercise. Providers will need to have a strong brand that customers know and trust. Unless the initial suspicions about the project are dispersed and opposition melts away, I know of few strong brands whose customers trust them deeply that will voluntarily enter a market where conflict is assured, and, what is more, for the relatively modest marginal profit that they might achieve in a genuinely competitive marketplace.

One suspects that what is actually meant by the statement is that a public sector brand such as the Post Office, which might be obliged to take part, might be the provider of choice, but then one needs to consider that most of the Post Office network lies in private hands. Persuading a group of sub-postmasters, who would have some difficulty assembling the skills that are necessary to do such a job anyway, to participate is beyond the imagination of even those behind this project.

Let me now touch on one of the features of the national identity register which highlights some of the confusion in the thinking: the inclusion of the holder's address. That is the feature of a person's identity that will change the most and the most frequently. Passports do not currently require that identifier. Presumably, the successful identity service currently offered by the IPS for verifying passports when presented as proof of identity for employment or other purposes includes no address obligation within the process, or the person must produce some associated document alongside their passport to demonstrate that the address at which they claim to live is actually the one to which bills are sent and so on. Cursory consideration reveals why there is a difficulty with including such data on the national identity register.

It is an offence for driving licence holders, as it will be for ID card holders, to fail to notify a change of address. Someone might innocently think, if they did not know much about our citizenry, that we always notify. It is an offence not to do so, so we report our change of address. However, the Driver and Vehicle Licensing Agency thinks otherwise, with some substance. It estimates that nearly 20 per cent. of the driving licence addresses held on its database are inaccurate, and that is with a sanction attached to failure to notify a change of address—exactly the same as for ID cards—and with at least some likelihood of a failure to notify being identified. If one is stopped and required to produce one's driving licence to demonstrate who one is, it is perfectly possible that a failure to notify will be spotted.

Anyway, how would such data be verified on an ongoing basis? When the card is presented to prove identity, will accompanying proof of address be required? As I have demonstrated, there is no reason to suppose that the address held on the national identity register from the initial capture will be right. Those who are likely to have to prove identity regularly might well have an incentive to maintain an accurate address for fear of penalty. Will those who seek verification of an address report offenders? That is a substantial question. If the person who seeks to verify the identity detects an error in the address, is he obliged to inform a third party of it? Those who wish to lose themselves in our society—I do not wish to stereotype the presumed targets of the project, but there must be some—could readily avoid such interfaces, so exactly what purpose is served by holding the address? The accuracy of the register will be questionable, at best. The maintenance of the data will be costly and will introduce risk—for example, the risk of addresses being mistakenly allocated to another identity, as in the miserable case of errors over the address of one of my constituents. The transposition of her address with that of another debtor by a third party led to her committing suicide.

I note that Department for Work and Pensions customer information system technology will be utilised as a base of biographical data. I am not sure, but I would be surprised if I were the only MP who regularly encounters difficulties with the DWP CIS database. There is already confusion over people's identity. I can think of two problems in my constituency that have been drawn to my attention in the past six months. There has recently been an attempt to clean up the data, and I would be interested to know what the outcome was. In a written answer to me, the Home Office estimated that each year 14 per cent. of people change address. The task of ensuring the accuracy of the process will be substantial and the cost huge. For what?

I would also welcome some information on the availability of reader technology. The cards will be of little value unless card readers interfaced with the register are widely available. One presumes that that will involve market-led technology and that several companies may produce the appropriate kit. However, for what must be a significant investment, certainty as to the scale, timing and specifications of the opportunity are required. I have not noted producers of such kit emerging.

Some sensible decisions have been made since the passage of the Bill—to simplify the project, to deconstruct it and integrate it with existing IPS activity, and to change the disastrously ill-thought-through justifications for it—but I doubt whether it is realisable in its planned form. Hard though it may be to reverse course now, that would appear to be the wisest approach. At the very least, further elements of risk—the inclusion of addresses, for example—should be removed and the project should be drawn still closer to the core passport process.

Photo of Meg Hillier Meg Hillier Parliamentary Under-Secretary (Home Office) (Identity) 5:17 pm, 11th March 2009

I am pleased to speak for the second time this afternoon, Mr. Caton.

I am delighted that my hon. Friend Mr. Todd has raised this debate. Unbelievably, this is actually the first time that I have had the chance to debate the matter as the Minister responsible since I was appointed to take responsibility for ID cards in July 2007. I very much welcome his calm and rational discussion of some important points.

My hon. Friend was right to highlight the fact that during the process of the legislation and beyond, there has been uncertainty about some of the reasons why we are introducing ID cards. The Government have not been clear enough about their reasons.

We have had a period since the Identity Cards Act 2006 became law, after it was debated in Parliament twice in 2005, when perhaps we were not communicating enough to the outside world about our plans. Inevitably, such a vacuum is filled with people's concerns, and there probably was not a strong enough counter-voice from the Government about the benefits. I hope that I can put that straight today.

First, to pick up on my hon. Friend's comments about uncertainty over costs, this is one of the most reported cost areas in government. Every six months, a cost report is laid before Parliament. Sometimes I think that it is an inflexible way of reporting costs, perhaps for some of the reasons that he raised, because it tends to lead to people jumping on a particular large figure. Over a 10-year period, the cost of the scheme will be £4.785 million. About 70 per cent. of that, however, will be the cost of implementing secure passports with fingerprints, something that we are doing to meet international requirements that make life more convenient for British citizens travelling abroad. The operational cost of issuing the cards and maintaining the register will be recovered from fees, as we are currently required to do for passports, so there is no big pot of money waiting to be spent. I know that my hon. Friend understands that point, but it is worth highlighting for others following the debate. We do provide that level of detail, and, were we able to break out of the cost report straitjacket, perhaps we could explain it more clearly. Too often, however, people jump on that large figure and consider it a major area for criticism, but, if we divide it by 10, the figure is considerably lower in any case.

My hon. Friend's point about the rationale is important. Convenience is a major factor, but, when we polled the public, they were very clear that safeguarding their identity from fraud was a concern. On the subject of immigration control, messages from other parts of the Home Office about maintaining our borders were also a key factor. When we get a job, use a bank, purchase goods and access services, we need to prove our identity. Currently, we use numerous documents, and, when I was last at a parcel collection office, I saw 11 listed documents, most of which were not forms of identification. A birth certificate is not a suitable form of identification to prove who one is, because anyone can buy it from the General Register Office or their local council, and utility bills can fall into the wrong hands.

I carry my passport around with other documents, and that is not very secure, so having one single way of proving one's identity will be incredibly useful to people. If I have time, I shall mention how we might do so automatically. The scheme will reduce needless bureaucracy, so the long-winded process of proving one's identity by, for example, handing over various documents to one's local council for a parking permit will no longer be the only option. Someone may take those documents to a back room to photocopy them, keep the copies and, perhaps, lose them, as sometimes happens even with good councils. In the future, however, there will be a simple way to prove one's identity.

My hon. Friend highlighted the fact that the identity documents that we currently present reveal a lot of information about ourselves. For example, all the information on my bank statement is not something that I want someone to see when I try to prove my address. It can be difficult for many married women who operate under different names to find a utility bill in their name, and, certainly, that is increasingly difficult for younger people who do not have a telephone landline or who live in shared accommodation. The information about one's address is on many of those documents, but it will not be on the face of the card.

In producing an identity card, there will be safeguards that do not exist for the many other ways in which we currently prove our identity. It will be a voluntary scheme, so people will be able to choose to continue to go down the cumbersome route of producing sheaves of paper; or, they will be able to register with the scheme. We hope that the first British citizens will register in the autumn. We will soon invite early expressions of interest and then decide the areas in which people will be able to sign up to the cards at the same time as some airport workers will receive them.

The Identity Cards Act 2006 is explicit about the information that can be held—it is information that proves identity. There will be no requirement to include, for example, blood group, criminal record or health issues. Interestingly, however, some young people to whom I have spoken wondered why we were not including that information. Different groups in the population have different attitudes, but I want to be very clear that there is no intention, either by the Home Office or by the Government, to extend the information that will be included on the identity card. As the Minister responsible, I am very clear that we do what we say we will do, and no more. We are very clear about that.

The card will display only minimal information but, using the fingerprint and digital images, link one person to one identity, which is the key point. Making life easy and more convenient is one area, but, for public sector organisations and private businesses, it will improve efficiency, too, because procedures will be quicker and easier. As one council chief executive told me, they will be able to spend more time on the people who are difficult to deal with, because they will be able to process many people whose identities will be easy to check if they choose to produce a card. Of course, under the 2006 Act, they will not be required to show the card. No one will be required to show the card to access a public service, but they can choose to do so if they wish to be dealt with quickly.

The message about ID fraud is important. It is a growing concern, about which I get more letters now than I did when I started this job. People are aware of ID fraud issues, and we will soon launch work to remind people to maintain their identity securely, pointing out the various measures that the Government, across the board, can undertake to help people do so. We already have a very trusted Identity and Passport Service—71 per cent. of the population trust it to hold their information. Information from our passports is held on a database, but we will provide a far more secure database and far more secure updated information, making the card a much more useful product. In many ways, the identity card programme involves an update similar to what we have done with passports—automating the process, rather than having an old-fashioned paper-based system.

My hon. Friend is right that one could counter-argue and say that several documents are more secure than one, but that is why we must get the first identity check right. The IPS is very good at doing that. We recently introduced interviews for first-time adult passport applicants, and there have been some successes, with people often faltering when asked, either prior to or after an interview, for further information to verify that they are genuinely who they say they are. We have a trusted Government organisation already doing that work, and the same organisation will run the identity card scheme.

My hon. Friend is right that trust is a key factor. It certainly bears on my mind as the Minister responsible for the work, and we need to ensure that we build and maintain public trust and show that we have clear and transparent approaches to tackling any breach of trust. The scheme's commissioner will soon be appointed—we hope by the summer. His or her role is clearly laid out, and I shall happily send details of it to my hon. Friend, if he wishes. The scheme commissioner will work alongside the Information Commissioner's office, with which we have had several discussions to ensure that the scheme works properly. Several legal protections are in place—for example, regarding the handful of staff who will have direct access to the register. They will amount to about 100 people. My hon. Friend rightly raised the issue of human error, but, if somebody tampers with the register, they will face a severe legal penalty, including a prison sentence.

No personal information will be downloaded to USBs or discs. In fact, generally, there will be no terminals on people's desks, as that would allow them to look up an individual with the card present. That puts the power in the hands of the citizen. If I present myself, my card and my PIN, I am clear that I have given permission for some information about me on the register to be verified by the person, bank—whomever I have a relationship with. No one else should be able to look up information, except in extreme circumstances, such as suspected terrorism or serious crime—and only then, when clear proof is given to the custodians of the database that the information, or a certain amount of information, is required. There will be no opportunity—not even for the police—to fish around the register to see what information can be found. It will be as secure as a military database. Nothing is ever risk free, however, and it would be irresponsible of us to suggest that. Nevertheless, it is important that I highlight those points.

Foreign nationals have been very receptive to the scheme. I stress that they were not chosen as an easy, soft-touch first group; other work was going on in the Home Office, so we decided about a year ago to align both projects. Rather than leave out the immigration scheme, there seemed to be much more sense in aligning the two as part of the same scheme. It was clearly part of the same approach.

Airline pilots have sought portability for their security passes, and we have had some constructive conversations with a number of air industry organisations—perhaps more constructive than with those few that have chosen to criticise the scheme publicly. I am always happy to consult people and to discuss their concerns. It is much more helpful if they talk to us directly, rather than just going to the newspapers. The business benefits to airlines will be enormous. The scheme speeds up checks, and that benefits employers and employees, because they will be able to start work sooner and their salaries will not be late.

I have little time to go into what is a big area, but the suppliers went through a rigorous procurement process and, if they fell by the wayside, it was because they did not meet requirements. Hand on heart, I can say that one of the best procurement teams in the Government is dealing with the scheme. We went through a very effective procurement strategy. We set up a competition, and five companies ended up on our team of contractors which will bid for smaller contracts. That strategic suppliers' group went through such rigorous testing that we now know the standards that we expect from it, and it does, too. There is much more collaboration in the team now, and its members are competing heatedly for various contracts that are now being sub-let.

Sitting adjourned without Question put (Standing Order No. 10(11)).