Tuesday, April 18, 2006

Back on the ID cards trail.

This ain't gonna make me popular:-)

I've been thinking about the debate on ID cards at ****con and why it continues to dismay me. The reasons people cite against ID cards tend to fall into two camps: practical and principled.


1. The database project won't work; the error rate will be high, the information won't be successfully updated, the Chinese walls (if any) will be compromised etc.

2. The biometric data part of the project currently has too high a rate of false positive and false negatives for succesful identification, plus some people can't reliably provide biometric data.

3. Even if these problems could be solved, the project will go wildly over budget - like all public sector IT projects.

4. The public will have to pay for ID cards/passports at an unreasonable level compared to current cost of passports.

5.Even if access to the ID card database is restricted (as it should be for DP law purposes) to government agencies like health providers and welfare agencies, or police/crime investigation/intelligence etc , information will become available on the black market, and thence to everyone from private detectives to ID thieves.

To me these are issues of detail - of technology and management; which are difficult to critique in a non paranoid way right now as we know so little about the design of the underlying database or its costing. The time to argue these points is when we know how the database is to be designed, what the permissions for access to data will be and what the rules for dealing with erroneous data, false positive etc, will be.

On issues of non enforcement and data seep - the general mantra is that oh yeh, DP and confidentiality and ethics law exist that are meant to prevent these problems, but it won't work. In which case we might as well give up on ever having laws at all. I see the problem, believe me I do, but blanket cynicism is not a principled way to argue against ID cards, any more than blanket cynicism about enforcement of laws against car theft (equally viable) is a reason to abolish all laws on theft of cars, or all expenditure on enforcement of car theft laws.

On issues of cost - if in principle there is a case for ID cards , then the issues of cost have to be secondary. The cost is a matter for a principled debate in terms of how much we value the fight against terorism and other alleged evils (benefit fraud, asylum seeker entry) as against how much we value our personal data privacy. That debate just isn't happening in the UK right now.

"Practical" issues - of efficacy rather than principle - do not seem to me to be where the debate should be currently focussed. And at the moment, judging by yesterday's panel, for most people, it is.

What are the principled arguments against an ID card?

1. Putting all the data in one basket - a single linked database - creates a single point of failure. One decent hack or unprincipled employee or illegal agreement for a access by a government agency with a private actor, and huge amounts of personal data can be released - whereas if we only have, say, an NHS database, at least only health data can be so compromised.

2. Function creep. Create a single linked database of personal data and more uses will be found for it. We start off saying we'll only use it to assist in crime or terorism detenction , or, more benignly, to allow child care agencies to track children at risk wherever they go - but then we end up lending it to debt collectors, to commercial database marketing firms, to people who want to find out where pedophiles live, etc etc.

3. Compulsion. Till now no one in the UK has actually needed to acquire an ID card - no compulsion to get a driving license or a passport. Our Continental cousins, who live in liberal societies where ID cards (NOT ID databases) have been standard for decades find our objection to this one hard to parse: and indeed it is hard to claim , if you look at the empirical reality, that we are a freer society than, say, Belgium or Germany because they have ID cards and we don't.

4. Most of all, the principled issues are about the consequences of a linked ID database, not an ID card: this point itself is obscured in most of the on line/extralegal discussions.

I'm not particularly for a national ID card/database. I'm not particularly against it either. I can see advantages: I'd quite like to live in a world where I was exposed to less degree of risk at airports, at large public events. I can see disadvantages: I also don't want to run the risk of discovering Sony, or the DMA, or my ex boyfriend, or my employer, can find out everything there is to know about me. (But I have a feeling we pretty much live in that world already with or without an ID card.)

My own feeling is that we already have a system as good as we can devise of laws and practices for dealing with consent to the collection of, and subsequent protection of, personal data. It's called data protection law. I've critiqued the PRACTICE of DP law extensively myself but almost no one disagrees that the principles are sound. The problem currently is that there is a generic "get out of jail free" clause in DP law, in relation to personal data collected for the purposes of investigation of crime or security, as well as some other public sector functions. We need to consider how data protection could, albeit in part, and with more safeguards, be applied not wholy exempted in relation both to the police and security services, and to private sector parties exercising crime prevention roles (most CCTV cameras, eg, are operated by private actors, and they too benefit from this blanket fiat.)

The other problem is that DP law enforcement is wildly under resourced. One hypothetical argument about enforcement might be that in an ID database world, the state must finance the Information Comissioner as fully as it finances the police. (yeh right :-)

But most of all I'd like to see a debate on ID cards that isn't focused around "it'll never work" or "it'll cost too much" or "they can't make me do this" or "we all know it's a bunch of lies". That isn't a debate. That's a lynching. I'd like to see a debate that focuses round the real issues: how do we want to balance our needs for privacy and our needs for security? How, if at all, do we want to balance our privacy rights and the positive uses that can be made of a linked database, for both citizens and consumers? What are the safeguards that need to be built in, which once specified we can then pass to the database builders? And most of all what kind of privacy do most people really want - not the activists, not the No2ID card people, not the constitutional law academics, but everyone?

(Thanks for ideas included herein from my fellow panellists Dave Clements, Andrew Adams and Mike Scott.)

No comments: