Do you actually know anyone in real life who is in favour of ID Cards?

[AtheneNoctua]

I am baffled. It seems everyone hates them either on grounds of cost or invation of civil liberties.

But go on, enlighten me, are there real people (MPS excluded from the definition of Real People) who want them rolled out?

Related article here about the Tories warning the bidders that the scheme will be scrapped and that they shouldn't invest heavily in a contract that is going to be cancelled if when they win the general election.

Tough - land registry problem is precisely the point! An arm of government decided it was a really bright idea to put confidential personal information online, and what do you know, the criminals noticed this was an opportunity...

edam- I am saying that the increased threat of cloning/ID theft etc makes improved ID security inevitable. I am not defending the exact govt implementation but I am saying that whether bio scan or ID card, we will have to go towards golden source of ID data with high security. This is a dead cert, I think.

On house fraud, that fraud is possible without land registry data as house for sale on line. Also going for houses that sold a long time ago that are likely to have mortgage being paid off....etc. All the data is there even withhout on line land registry.

To the OP, NO. But maybe they wouldn't tell me if they were, I'm fairly publicly anti-ID card.

Article on why an ID card won't make us safer by Bruce Schneier, a man who seriously understands the tech.
www.schneier.com/essay-034.html

Musical animation on the UK version won't work, by me & a friend. A little out of date now. We've gone through a few Home Secretaries since I made it. And I think the cost has gone up.
eclectech.co.uk/clarkeidcards.php

Not sure what he actually knows or does as a "security technologist". He does not analyse and compare the risks of the status quo which makes his evaluation less useful than it might have been?

My response had been no to ID cards, but this was a point of discussion with the current MsPan who ahd lived with these in France all her life. The debate was never around security issues but simple stuff like RTAs and id to do certain things like purchases.

Id cards to prevent terrorism is utter bollocks, as we all know. It depends how the gvt wish to sell the idea. But the cost to start from scratch is a ridiculous investment.

I know several people who work in finance who think that ID cards are ultimately going to be necessary, but that right now the money it would cost to implement the scheme with necessary security means it should be put off for a decade or so, as the technology to deal with so much data still needs a lot of development. (I am thick about such things, and have no idea if this is the case or not!)

I'm generally against them, as I think parliament should
1/ protect our civil liberties first and foremost
2/ protect us from terrorism as far as is possible without bringing in "protections" which lose us civil liberties.
Strictly in that order only. (And I lost a friend in 9/11 so I don't make that statement lightly)

About "the government" paying - the government don't pay for anything; they spend OUR money on our behalf! Whether it is paid for from higher taxation or direct subscription it will cost us a hell of a lot of money.

hedgiemum- you raise interesting points.

The implementation costs is something that I don't have a strong view on. Perhaps the implementation is best postponed until public accounts are in better shape but I don't think that it should be left for too long. Also it depends on what sort of jobs are created by this project.

Good point about the balance of civil liberties vs protection from terrorism. But don't you think that it is a false choice. But don't you think that it is a false choice? Does terrorism and crime impinge on our civil liberty? Depends on how you define freedom. The steps that I have had to take to proctect my ID since it was stolen leave me feeling less free. As I said, I think our children may well define the threats to their liberty in a broader way.

I think, because of past abuse, we have a knee jerk reaction/assumption that we need protecting from the govt but I think that, increasing there are more malevolent organised people out there.

The only good thing I can see about this particular ID Card scam scheme is that it may be the final straw the brings the Labour government to their knees. The Tories will win the next general election. And, when they do, they will scrap this plan. So, basically, we are going to continue to throw money at this project for another year and a bit and then chuck it all away. And, for this, the government needs to cut spending and raise taxes.

ToughDaddy - He understands technology and security. Properly. Not like the UK government.
Very well respected by people working in IT security. Summary of his knowledge base on his home page. His blog is worth a read.
www.schneier.com/

A general comment on the "if you have nothing to hide you have nothing to fear" approach... the logical extension is that we ban clothes (used to hide weapons) and have publicly accessible web cams installed in every room of our houses (stops burglary, abuse and all sorts). Think how much crime would be reduced.

Yes I'm extending it to silly levels but privacy is important and is not a crime. Unless I do something wrong I expect to be able to keep it.

Toughdaddy, I think you argue the point more eloquently than I could. It's not about protecting us from individual crimes, nor is it about the government monitoring us. As a society things have changed - the vast bulk of our assets don't exist physically but only electronically, we use computers for many of our day to day activities and we live in a world where it's no longer a big deal that the person you work most closely with lives on the other side of the world.

We have to adapt accordingly. We are part of a global world now and that brings challenges of it's own.

I work in for a bank in a building with 20+stories. I have worked here for long enough that I have good relationships with the security and reception staff. They know me, I know them. We wave and smile and exchange snippets of information. But... if, because I'm human and make mistakes, I turn up without my pass, they will not let me into the building until I have got a temporary pass and had someone with an active pass come and escort me.

ID cards have no bearing on that story, but I'm trying to make the point that the world is changing and ID cards are part of that. Increasingly, knowing who we are and being able to prove it in a manner that is satisfactory to the authorities will be important. As our lives become more electronic, our ability to download that data and prove we are who we say we are will increase - before, if you knew where you buried your gold and kept it secret, that was enough. But you run the risk that someone else can stumble on your gold and take it for their own. Now, that gold is in a computer and the risk is still there, but you need to find different ways to protect it and yourself.

Ultimately, I agree with ToughDaddy - these things will happen. The key now is to make sure they're done right and not in some useless half hearted way that leads to the kind of screw ups someone referred to at hospitals.

OhBling- you summarise the argument very well.

I fear that the politicians are very bad at/timid in explaining the concept. And so many people have having yesterday's arguments and not looking at the future. I don't care much whether this is a Labour or Tory policy and all the point scoring. Cameron is a forward looking, smart cookie and will revisit this project even if he is funding constrained in the short term.

Data security and security in general is much more fundamental to our civil liberties than say 20 years ago. We are still imagining that the state is the the biggest or only threat that we face. What are the things that I have to do know to protect my children's identity in the future? Some of crime is much more global and well organised than 20 years ago.

To those who oppose a physical ID card, would you oppose a plan that used "bio-scans" rather than a physical card? I really can't see how we will continue automating and digitising the rest of our lives and not underpin the security of our IDs. I can't see how govt departments will continue as a collection insecure fragmented databases vulnerable to attack and error. Why we wouldn't centralised, use more encryption, more secure fire walls etc. etc

I don't really understand all the technology arguments I'm afraid, but I do know there has still been no mention of the actual benefits of ID cards, Toughdaddy. How would forking out however much for a card, make my life better?

And forgive me if I'm being stupid, but how can they stop benefit fraud? They wouldn't stop people working cash in hand and claiming benefits, or claiming disability when they're not ill or any of the other millions of ways people fiddle the system.

Think it's a very dangerous point of view just to say it's inevitable.

And it's nothing like Google street view. That was one photo of one moment in time, showing exactly what any passer by could have seen had they been walking past.

Ooh TD, should we keep complimenting each other on how cool we are?

we could

or

or

Damn it.

More amusing than

I give up.

I am very much in favour of things like one central source of data, data security, as these things lead to effective communication and increased efficiency. This is something I support very much, but not unconditionally. There must exist some sense of budgets and schedules and what value this card brinfgs to us all and what cost (financial and sacriffice of civil liberties). These things must be balanced, especially in time of finacial turmoil.

The government already has all this data but they can't seem to organise it within the existing organisation. SO how does everyone carrying around a card with the same stuff on it simplify things? Or make them more secure?

OhBling - yes we could simply simper

verytiredmummy and AtheneNoctua - I am not arguing in favour of the current's govt implementation re: timing, cost and all the other detail. I am simply saying that the concept of uniquely identifying us and storing that data centrally in a highly secure way (bio-scan or whatever) makes much sense in the information age that we are at the early stages of.

I am NOT saying that ID cards at one stroke solves all crime, all fraud, all terrorism and all immigration issues. Unique identification is only one aspect of all of these issues for which you still need the right policies and procedures.

Clearly, being able to identify and authenticate individuals would reduce the multi MN/BN benefit fraud that we estimate in the UK part of which is due to multiple claims etc.

Clearly the technique for beating immigration referred to as back tracking i.e. lending your ID to outsider who wants to gain entry to UK, for example, would be more difficult with more robust ID dbase tracking. These are just examples but we will come to relaise how preserving our ID is an important asset in future.

IMO centralised databases are dangerous. They are too valuable, and, as soon as people get access to them, too insecure.

And as far as all the people carrying the cards around... at the moment it's pretty pointless. There is no way to read them.

"The Home Office has confirmed there is still no timetable for the rollout of ID card readers, without which carrying out effective ID checks is impossible.

So even though the government is continuing to foist the cards on foreigners, airside workers at City of London and Manchester airports and pilots, there is no way to check the cards are genuine. Official advice is to flick the cards with a fingernail because they make a distinctive noise."

www.theregister.co.uk/2009/05/20/id_card_reader/

eclectech - decentralised, insecure databases are very dangerous as well as inefficient, as well as expensive i.e. the status quo. We have to compare the costs and risk of doing nothing vs improving our systems and processes. Govt business needs to be modernised like any other subject to safeguards ofcourse.

I don't understand why people aren't concerned that more and more of their info is being held by unaccountable corporates and that this provides new threats and challenges and that we need to improve security to maintain our liberty which IMO is being eroded.

Anyone who thinks that we can preserve the integrity of our banking system for example, without being able to detect patterns and flows is not living in the real world IMO. Anyone who thinks that our banking systems are not already being corrupted by our inability to join up the dots is ignoring reality. Anyone who thinks that compliance procedures at banks are weeding out enough of dangerous criminals who are using our systems and will present more and more severe threats to us in future should think again.

Unique ID verification is just one important aspect as financial policing which is required. I wonder exactly how people think we are to deal the need to improve security against greater global threats. I wonder how many people in this debate expect the regulators/govt to keep us relativley safe?

Feeling like some sort of evangelical preacher on this issue.

Christ, I am supposed to be a centre-leftie politically but my argument is not ideological but more functional.

If data is stored in decentralised databases, when one bit goes missing it's not everything about me. I have other ID I can use to correct errors and it's only a small bit of information about me that people have accessed. If they steal my info from a large centralised stored then I'm screwed.

I am concerned about corporations holding details about me, but can control that to an extent. I don't understand how being worried about individual corporations collecting and storing informaiton should mean that I'm not worried about one uber government database holding masses of information about me. Frankly they can all f* off.

We do not have secure databases. People are not secure. Databases are all run and accessed by people.

Interesting experiment if you want to see how many times you data has been lost, by both corporations and government.
www.openrightsgroup.org/dataloss/

That's why I don't want ID cards. Well, lots of other reasons too but that is enough as far as I'm concerned. The rest are more idealistic.

And apologies for ranting and bowing out, but I'm way behind on work and must disappear.

great post, electech.

Agree, I'm equally concerned about private companies holding information on me - more concerned in some ways as I can't exert any pressure on them. At least the government is constrained to an extent by, for example, the Freedom of Information/Human Rights Acts and the need to seek re-election.

We need MUCH stronger data protection/human controls on non-state bodies - and on arms' length bodies that seem to exist in some sort of grey area. But an ID card wouldn't help, would do the opposite.

(That's why I don't have a Nectar card or whatever it's called these days. Although I do have a Boots card so any snooper who wants to find out what brand of sanitary protection I use can...)

eclectech- there are two issues being mentioned;

1)Authenticating /identification of your ID

2)Preserving your private info.

You mention the second issue: If you increase security of the database to the entent that it is unlikely that security is breached (say like the nuclear weapon system IYWIM) then you might say that the overall risk is lower. You can say that that having lots of insecure databases necessarily aggregates to less risk.

Further, the systems architects have ways of designing a "central dbases" that is infact split in such a way that you would infact have to break into several systems to gain access. So infact, you would have the best of both worlds: the benefits of standardisation and centralisation but the security of separate dbases.

So it is a question of design. We are getting into IT security design details here.

What we have to do is start by saying, do we want to increase security and efficency and reduice error rate?

Then we have to say what is the best design to achieve all of these given the threats we face.

If this issue is used as a political football and not explained properlly to the public just as you should justify any project then the govt will struggle to sell and the politics will interfere with getting the optimal solution. I am afraid that is now most likely.

You can CANNOT say

You can CANNOT say that that having lots of insecure databases necessarily aggregates to less risk.

but it does mean if one lot of data is lost, I'm only vulnerable to that extent, rather than handing over my entire identity all in one fell swoop.

Child benefit stuff - potential fraudsters have my bank account details (fairly easily obtained anyway - I'm self-employed and sort-code, a/c no and name are there on every email I send out). NOT my fingerprint and iris scan or my own date of birth and mother's maiden name or medical history etc. etc. etc.