30 October 2005

The crux of the matter: ID cards.

The main difference as I see it, between supporters of ID cards and those against, is this. I basically believe that our government in the UK, have on balance; the best interests of their citizens at heart. Whereas a lot of opponents see government as evil and corrupt and something we shouldn't co-operate with.

By thinking like this, they are basically saying they think representative democracy is evil and corrupt. I do believe that representative democracy is inefficient. Proportional representation could better represent the interests of the electorate and a freer media could help the electorate understand the issues much better, but basically I believe government represents public opinion and government is an extension of us. We should consider the government as on our side and participate with it as much as we can. This is the best way to improve government.

It is we, the public, that makes government what it is. ID cards are obviously totally neutral in this, they are only as good or bad as the government in charge. It seems all the objections opponents have to ID cards are, in fact, objections to bad government.

Because I believe that governments are on balance a force for good, I have no objection to government's having direct access to information about my life which can improve the overall efficiency of public services and reduce crime. In fact I believe they already have access to all this information at present through a myriad of private companies and that a NIR will make this relationship more open, honest and efficient.

On the practical objections, I do believe it is right of opponents to point out practical problems with the government's scheme and push them into introducing the best scheme possible. But for me, trying to stop ID cards altogether is throwing the baby out with the bathwater and actually suggests quite a luddite attitude to the advance of technology.

Even if the ID card scheme did prove to be a complete disaster and I'm pretty sure that won't be the case. The cost at £5.8 billion is about the same as 1 years spend on the Iraq War.

We have elections every 5 years and it could quite easily be scrapped in the opening voluntary 5 year stage of its introduction if people are not happy. It would not be a massive problem for a trillion pound a year economy to overcome.

The potential benefits of an ID card, are in my opinion, too great to be ignored and the gamble is small when you consider that they have already been proven to work well in other countries. There is no reason whatsoever why that couldn't also be the case here.

ID cards are a revolutionary change and do need to be carefully introduced, but on balance I believe it is better to introduce a not quite perfect ID card scheme and improve its deficiencies as we go along than to not have an ID card scheme at all. This is why I support the government's plans to introduce ID cards and think that you should as well.


  1. Hmmmm.....lovely posts Neil. I suspect you actually have these views on your own, not because a bunch of your mates have them, and you want to lead them to the next election.

    Please check on the cost of the Canadian Firearms registration. This was a data base much smaller than the one you were proposing. The costs have ballooned out of control! Now they say if they can only get another 20 million dollars, they can get it to actually work! (Fat chance, they have said that before!)

    But to use your own logic....you feel that by and large government is a force for good. Would that include the next non-labour government, and the next one, and the next one after that? If a non-labour government is good, then why do you hitch your horses to the Labour wagon? If you think the next non-Labour government is bad, then why do you want to give them more ammunition to further their "evil schemes"?

    Such a system is a boondoggle, will eat up thousands of Pounds of discretionary government spending, will result in a black market for fake ID's, will not affect any crime statistic you could name one way or the other, and you still won't get people out to vote in Municipal elections! In other words, a big payout with no return. Of course, it WILL give a lot of government employees work, lots of IT workers who can work at home from their house in New Delhi or Los Angeles, so such a scheme won't be all bad.

  2. Even bad government is unlikely to make bad use of an ID scheme. Though I disagree with a Tory govt because they favour a rich minority, I don't actually believe they are a malign influence on purpose. They generally want to help everyone, its just they put the interests of a rich minority first.

    I support Labour because they are BETTER than the Tories, it is not a question of black and white, evil and good.

  3. Nobody's saying governments don't have the best intentions, but the problem that they have a lot of power, a huge turning-circle, and aren't always advised by people with good intentions, or who have a full range of views. So we can see inadequately thought-out measures that have consequences that were never invisiged, and take a long time to rectify.

    Given the technical issues people have raised, I'm convinced there are IT managers out there who are already losing sleep over the ID cards project, but are so many rungs down, that this knowledge never reaches ministers.

    It is this distance, delays caused by committees and elections (including government changes), government's need to tinker with ongoing projects, the need to satisfy the Treasury, and to react to crises and changes in public opinion, as well as being committed to existing soft/hardware suppliers, that make big government IT projects so dangerous. Ministers are also, basically, ignorant of the technology, and are therefore dependent upon advisers.

    I just can't see it being anything but one of the biggest IT disasters in history. In fact, I'm totally convinced it will be - all the warning bells are ringing. If it ever sees the light of day and is still not bullet-proof ("not quite perfect" isn't good enough), what will have been the point?

    The sensible thing would be to kill the project now, pay everyone off, and seek a mandate for adopting a tried and tested scheme from some other country, albeit one that could be upgraded at a later date if need be.

  4. B4L, I just don't agree it will be an IT disaster as you suggest. The system won't be perfect, no system is, but it will be good enough to make it practicable and of significant benefit. Look the the massive database in the banking sector. They manage to keep potential hackers at bay, and I don't see the banking system running anything other than very efficiently.

    Also the gradual introduction of the ID scheme over 5 years is going to be a big advantage in correcting mistakes. Those who use ID cards will use them on an almost daily basis, so errors will quickly come to light and be corrected.

    There are big advantages to starting an ID scheme from scratch in comparison with other IT schemes that have failed because of the difficulties of upgrading or converting an old scheme.

    I worked on a database system for Norwich Union who had taken over the Age Concern contract from a previous company who (being a competitor) were totally unco-operative in the switch-over.

    It was a total 'mare', and we soon realised it would have been better for us to have contacted all the customers and started from scratch. Which with the sheer volume of complaints we received we effectively did in the end.

  5. Plenty more Register articles on the same theme, just to show that "not perfect" just isn't good enough, if you care about real people being on the receiving end of mistakes and corruption.

    What's more, "not perfect", "5 years to even out the bugs", "rushed through for political reasons", and "hushed-up for security reasons" are going to be red rags to the bulls. Worrying?

  6. ...By thinking like this, they are basically saying they think representative democracy is evil and corrupt.
    So, I'm an "enemy within" now, Neil? Can't you see the parallel between what you're saying and the way Thatcher was heading? I well remember Thatcher's use of the appartus of state to pursue a range of activities and laws I profundly disagreed with (including but not limited to her use of the Police and the sequestration of NUM funds) I guess we'll never agree - but let keep it simple - it's clear that the impication of this scheme is that the Government won't trust me not to lie about who am. So why then, should I trust them?

  7. hmmm luddite. Let's see, IIRC the luddites were in trouble because the technology destroyed their livelihood and they were being offered no means to support themselves. They weren't against chnage for it's own sake - just chnage that destroyed their way of life...........

  8. Even bad government is unlikely to make bad use of an ID scheme.

    Really? I'm not so sure.

  9. Chris, you miss the point. The guy committing the fraud was caught, it involved a relatively small number of cases (2,000). It happened back in the 1980s-early 90s and it didn't stop the overall database system working overwhelmingly properly and being of benefit to the vast, vast majority of customers. So I state again, the banking system has not collapsed and works very efficiently. And more than this, this case demonstrates that any problem or security breach (that will inevitably happen) can be cured.

  10. urko, its not a communal you. It is clear there are a minority of untrustworthy people about. This ID scheme will make it more difficult for them while making little if any difference to the rest of us. You should be for it. It is for your benefit it is being done.

    So you admit to being a luddite. The luddites were against change that affected their way of life, that is true. They also affected everyone's else's life detrimentally because of their actions, just like opponents of this ID scheme will. In the long term they even damaged their own quality of life, as ID opponents will.

  11. B4L, once the system is up and running we will see who is right. And like Brian Clough used to say about his players when they disagreed with him, "we talked about it for 20 minutes, then we decided I was right".

  12. Can't really argue with that!

  13. B4L, seriously though there are some significant advantages this scheme has over other schemes that have failed.

    Some advantages of the ID scheme database are as follows;

    1. It is being produced from scratch. Many of the problems of other failed IT projects have been because of the difficulties of upgrading or transferring from another system. There will be no bored data inputters trying to read off illegible handwritten records and the obvious mistakes this causes.

    2. Face to face interviews. Anybody who's worked in the information gathering business will know how important this is in improving accuracy. Each entry will be carefully input by the same person dealing with the applicant face to face.

    3. The 5 year time span of the voluntary introduction. Because it is being introduced over a 5 year period, this will spread the workload and give more time to rectify errors or problems in the system.

    4. The daily use of ID cards. This will mean that errors and security problems will be quickly noticed and rectified.

  14. Neil, can you please explain how the luddites "affected everyone's else's life detrimentally because of their actions?"

  15. For the record I am strongly opposed to this scheme, not because I have any particular distrust of my government or indeed because ID cards could not (potentially) deliver some benefit, but because this bill/scheme is completely misconceived. However, I just wanted to pick up on one key point.

    "The cost at £5.8 billion is about the same as 1 years spend on the Iraq War" -

    that £5.8 (to £20 bn) cost is our taxes. I work hard all week to pay for my share of that pot. Those piddly "billions" represent countless hours of people working, most of whom would rather be doing something else, than working to pay for a super database.

    Therefore I DEMAND that it is spent wisely. This "oh its only a few billion" attitude is fine, if it all goes wrong and is wasted, we get that money back....but we don't. It just gets wasted. We vote out the government,yes, but I don't get that time I "wasted" earning that money back do I?

    How many extra police could be get on the street for the money? How about improving border controls? Why you could even "give" everyone in the country a "free" paper shredder. That would have a more positive effect on combatting identity fraud than "sticking everyone's identity eggs in the one basket" and hoping for the best.

    The fact of the matter is that the supposed areas of concern that the identity register tackles could all be dealt with in cheaper more effective ways.

    This is the crime of this bill. It is risking antagonising a large proportion of this country (either the staunch NO2id'er or the person who really has better things to do with his/her time and money than buy an id card).

    No wonder trust in our institutions and faith in a sound democratic system is in decline.

    However, real problems exist behind this scheme (terrorism, id theft.)These are genuine areas of concern and instead of wasting so much time/energy/capital on the idea a big database will eradicate these issues, we should be dealing with them in a more effective manner.

    The issue is the large part of the labour side of house has not listened to any criticism. Will it listen to the Lords, and kill this bill before it is too late. Let us hope so.

  16. Chris, you miss the point [in respect of phantom withdrawals]. The guy committing the fraud was caught, it involved a relatively small number of cases (2,000).

    Nonsense -- read some more background on phantom withdrawals. Lots of people were involved, and not just using the attack described in that article (though that was the best-organised single one). The banks' systems suffered from a number of different security holes, over a long period of time; here are a few:

    - Storing the encrypted PIN on a particular part of the magstripe, without also (say) forming a hash of it with the account number. This meant that a crook could take a stolen card and rewrite the encrypted PIN with a copy of another from a card whose PIN he knew (for instance, his own card), and then withdraw money.

    - Storing the amount withdrawn in a given day on the card, so that a crook could make copies of a stolen card to withdraw more than the maximum daily limit.

    - Printing the whole account number on the receipt, so that a crook could watch a user type their PIN, then grab the receipt and reconstruct a card from it.

    - A bank's IT department could (as described) force all PINs to a small set of values, thus enabling fraud on a massive scale. (This one's pretty hard to fix, for obvious reasons.)

    - Even once the cryptography for generating PINs had been improved, by varying the decimalisation table in a type of cryptographic processor, a bank employee could infer an account's PIN from the encrypted value very easily.

    During the time that these vulnerabilities were active, the banks constantly denied that there were holes in their systems and scrambled to suppress evidence of them when they did occur. By contrast they were very reluctant to fix the problems. (If you have not done so, read about the case of John Munden, a police officer who was the victim of phantom withdrawal fraud whose bank then had him prosecuted for attempting to obtain money by deception. He won on appeal, but this is indicative of the depths to which the banks sank in the 1980s to cover up for poor technical security.)

    Even now we have had "Chip and PIN" foisted on us: another poor technical choice (the user of a "Chip and PIN" card is forced to reveal their PIN on every transaction, using a keypad attached to god-knows-what machinery with no means to verify that it is a legitimate card terminal).

    Summary: if you are looking for an example of a large-scale database with good security history, then do not look at the banks' systems.

  17. 4. The daily use of ID cards. This will mean that errors and security problems will be quickly noticed and rectified.

    Two comments on this one (not to imply I have no comments on the other points). Firstly, this has not been the case with bank cards, as pointed out above. ATM card fraud is still a lucrative business (which the banks still try to cover up) despite daily use of ATM cards.

    Secondly, you might think that ID cards would be checked daily (and it's nice to know that somebody outside the Home Office is looking forward to living in '"Papers, please" Britain'), but the government apparently doesn't. In their Procurement Strategy Market Sounding Presentation on the scheme, they indicate that they're looking for a verification infrastructure which can process "163 million verification transactions per year" (PDF page 13). With 40 million people having been forced to pay for a card, that's about four transactions per year: once every three months. Hardly the "daily use" you envisage. I have no doubt that people will be forced to show their ID cards more often than that, but simply displaying the card has almost no security value.

  18. I find it interesting that a Labour MP is throwing the term 'Luddite' around given the role of the original Luddites in the establishment of the Labour movement.

  19. Peter, which Labour MP are you on about? I'm not an MP or even a councillor, I'm just a member of the Labour party, nothing more.

    The campaign of the Luddites in smashing machinery was what I was deriding as counter productive. I consider this separate from their campaigns to maintain employment, pay and conditions.

    urko, "can you please explain how the luddites "affected everyone's else's life detrimentally because of their actions?""

    As a result of the upheaval and damage to machinery, wheat prices soared. Many people either starved or were put to death as a result of the disturbances. On top of all this, they didn't achieve their aims. If they had just accepted the new technology and campaigned against the lowering of pay and conditions instead, they could have got support from the unskilled labour taking their jobs.

  20. Chris, I'm sure there are many examples of fraud in the banking industry, but relatively it is minor. I know hundreds of people and I've never heard of anyone whose been a victim of phantom withdrawals.

    The point is, you are not claiming it is so bad that the banking system is going to collapse or even that they should scrap their computer systems and databases, so it is a minor point. Despite the fraud, it is still beneficial to have the computer databases isn't it?

    Interesting point about the cards only being used 4 times a year. This seems unbelievably low. Like you say this would considrably reduce the advantages if it was used so sparingly.

  21. The point is, you are not claiming it is so bad that the banking system is going to collapse or even that they should scrap their computer systems and databases, so it is a minor point.

    Not really -- the banks' databases have a tangible benefit: I can conveniently withdraw money from ATMs anywhere at any time, rather than only from my own branch in working hours. That's a specific, and quite important, advantage of the banks' databases. The concomitant risk is that the bank might be a victim of fraud and might manage to screw me out of the money they lose (don't, by the way, make the mistake of imagining that the victim of a "phantom withdrawal" is the account holder -- the victim is the bank, but banks have proven to be quite good at shifting blame on to others).

    So, let's say that the ID cards scheme is as secure as the banks' databases. Remember that it offers me no advantages whatever -- it will not enable me to do anything I cannot do at the moment, nor make anything I can do now more convenient or cheaper -- and lots of specific disadvantages, like having to hand over a bunch of cash, both in direct charges and in taxes, to fund it, and having transactions I make with the public sector recorded in a big database for any curious civil servant to look through.

    Add to those disadvantages the fact that -- if it even reaches the standards of bank databases -- the banks' experience suggests the thing will be a hotbed of fraud, some of which could be quite costly or damaging to me, or at the least extremely inconvenient to sort out, and you can see that this argument is relevant.

    The National Identity Register would be a bad idea even if it worked as designed; indeed, long term we will be much better off if the system collapses than if it staggers on for any length of time.

    Interesting point about the cards only being used 4 times a year.

    For clarity, I think this is intended to represent the frequency of full verification -- I think the card will be read and the NIRN copied to local databases much more frequently, but that won't put any load on the central system.

  22. "As a result of the upheaval and damage to machinery, wheat prices soared" I can find nothing in the link you posted to support this. Yes wheat prices soared, but I doubt this was anything to do with weaving - can you show some evidence? There's a body of thought that suggests that they had a lot of popular support - and as for tehm being put to death and deported simply for standing up for their rights - that was their own fault was it?

  23. Peter Clay2/11/05 2:39 pm

    Ah, sorry, I made a silly assumption about who you were.

  24. Price of wheat
    1808 78s 11d per quarter
    1809 94s 5d " "
    1810 103s 3d " "
    1811 92s 5d " "
    1812 122s 8d " "
    1813 106s 6d " "
    1814 72s 1d " "

    Machine breaking began in February 1811

    So how do you account for the price of wheat rising a year before the machines were being broken?

  25. urko, the most significant jump in prices occured from 1811 to 1812, is that a coincidence? Could be, I can't prove otherwise.

    Smashing up the looms was damaging the economy. In times of economic strife, basic foodstuffs and raw materials tend to rise in price. I'd hazard a guess that this is because people have less money and switch from higher priced luxery goods to more basic goods thereby forcing up their price.

    Even if I'm wrong on this, which I admit I could well be. The smashing up of the looms wasn't really a very smart thing to do. I understand it was caused by the owners and rulers being unreasonable. But like I say the skilled luddites, didn't seem to concerned about the unskilled either. If they had campaigned about better conditions and pay for all instead of blaming the technology they would have been better off.

  26. Remittance Man3/11/05 3:41 pm

    Bank databases are secure? Horlicks.

    South Africa has a pretty up to date banking system (in some instances more advanced than the UK) and I have had problems.

    The last time my credit card was renewed I followed all the security advice from the bank and still had fraudulent withdrawals.

    Some bugger at the issuing depot made a duplicate of my card. In the few days between the dispatch of the original from Jo'burg and arrival in my town this guy had made several over the counter withdrawals. Oh, and the banks ask to see your national ID card for this type of transaction!

    I was lucky; I was able to prove that I hadn't received my card before the dates of the fraudulent withdrawals and by showing my clocking records could prove I was a couple of hundred miles from Jo'burg when they occured.

    Kinda gives you a warm fuzzy feeling about database security and ID cards doesn't it?


  27. The full text is at


    "The trend to the Luddism of the 1811-12 period developed against a background of trade depression, 20% unemployment, low wages and high prices. Before any knitting frame breaking, which was the hallmark of the Luddites, took place, ordinary people had flooded the authorities with letters and petitions complaining about the situation. Much of the hosiery trade was with the American and Continental markets and this dried up during 1811. Wages had already dropped phenomenally when the effects of the latter stages of the Napoleonic Wars began to be felt. Moreover, the stocking trade was hit by sudden changes in fashion and the effects of economic blockade."

    Hmm the government ignored letters and representations - then people got angry.......

    Yes the Luddites could have handled it better - so could Scargill, it didn't make Maggie right.

  28. urko, I will concede this point. You seem to know more about the history of 'Luddittism' than me. The only point I was trying to make by mentioning them was that opposing technology is generally not a good idea.