You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Commons Select Committees > Home Affairs > Home Affairs
Select Committee on Home Affairs Written Evidence

25.  Memorandum submitted by Intellect

1.  BACKGROUND

  a.  This submission has been prepared by Intellect in response to the press notice issued by the Home Affairs Select Committee on 18 November 2003.

  b.  Intellect represents 1,000 companies in the Information Technology, Telecommunications and Electronics industries in the UK. Intellect is committed to improving the environment in which our members do business, promoting their interests and providing them with high value services. Our membership spans blue chip multi-nationals through to early stage technology enterprises. Many of our members have been involved in similar card schemes across the world.

  c.  This submission has been prepared specifically for the Committee but draws on the views expressed in position papers written by Intellect in July 2002 and January 2003. These papers can be found at http://www.intellectuk.org.

2.  INTRODUCTION

  a.  Intellect welcomes the opportunity provided by the Committee to participate in this inquiry.

  b.  Intellect believes that its members and the wider UK technology industry (suppliers of cards, security technologies and integration services) have the ability to meet the technological challenges created by the Government's proposals.

  c.  This is an extremely significant project, however it is important that it is not undertaken in isolation. Therefore, there is a need for this work to be driven in line with other Government initiatives such as the e-Government programme and the NHS IT Strategy. Issues on data storage and manipulation arising from the Anti-Terrorism Crime and Security Act and the Regulation of Investigatory Powers Act should also be taken into account.

  d.  Success will only be achieved if government continues to maintain its open dialogue with industry and engages suppliers effectively. This is something, which the Home Office, to its credit, has already undertaken, and something, which we continue to welcome and encourage. Only with a comprehensive understanding of the industry, its capacity and its capabilities will the Government develop an ID card scheme capable of delivering on its promises.

3.  THE EVOLUTIONARY APPROACH

  a.  Intellect welcomes the approach taken by the Home Office during its period of consultation and deliberation. Officials have given a number of presentations to suppliers and this has enabled the development of an open dialogue between Government and industry regarding the technical issues surrounding the implementation of an ID Card.

  b.  Intellect also welcomes the evolutionary nature of the proposals published by the Home Office in November 2003. The involvement of the Office of Government Commerce (OGC), with whom Intellect has an extremely productive relationship, the appointment of a Senior Responsible Owner (SRO) and the trial currently being undertaken by the Passport Service clearly point to a programme which will allow the facilitation of dialogue to ensure that the right technical solutions are adopted and subsequently implemented.

4.  ACHIEVING ADOPTION

  a.  While UK citizens are largely familiar with authentication in relation to everyday banking transactions, the concept of an ID Card in providing routine access to government services is largely unfamiliar, and the context above needs to be continually communicated to all relevant parties. Fundamental to this is the fear, uncertainty and doubt, which still exists amongst citizens concerning the introduction of ID Cards.

  b.  Therefore, the success of an ID Card programme depends both on widespread acceptance and uptake by citizens, and extensive publicity of its benefits.

  c.  To succeed, the Government proposals must address the twin perspectives of citizens (citizen/consumer and citizen/taxpayer) and focus especially on citizen centric needs, including, for example:

    —  The value of the card to citizens—these need to be tangible and compelling;

    —  The trust of citizens in government—this must be earned and safeguarded;

    —  The security of personal data—the integrity of the programme depends on this; and

    —  The openness and visibility of government intentions—to overcome negative perceptions.

  d.  In combination, these factors require that the Government's business proposition is substantially citizen-focussed: an ID Card will have to deliver rapid and compelling benefits to citizens to shift negative perceptions and establish the foundations for long term success.

  e.  Therefore, the establishment of an effective card scheme built on the platform of a "gold standard" enrolment process and the associated database(s) would provide many potential advantages. These could include greater convenience for citizens and higher levels of security, without increasing the burden of regulation on organisations and at reduced cost. However, it is important to state that the success of any card will be dependent on the data provided to it.

  f.  The pace at which the benefits to Government, citizens and service providers can be realised will depend on the speed with which a card is introduced and used by a critical mass of the population. The approach adopted to enrolment will be a key factor in determining the speed, cost and level of public inconvenience associated with implementation. A single scheme would take longer to achieve critical mass, delaying benefits and increasing inconvenience.

  g.  Therefore, it should be possible for Government to specify and manage adherence to standards for the enrolment process and a card management scheme and card design/format, which would allow a multi-agency approach to the introduction of ID cards based on principles of interoperability and joined-up Government. This could enable exploitation of resources already in use by government and trusted third parties, in processing applications for services and entitlements, for new processes that meet the requirements of enrolment and card issuance. It would also spread the task of population enrolment, allowing faster implementation.

  h.  The approach outlined by the Home Office including the existing DVLA driving licence and UK Passport Service passport card offers key advantages over attempting to implement a completely new scheme from scratch. Perhaps the most significant advantage is that it offers the opportunity for guaranteed public uptake on a major scale without necessarily incurring huge additional costs to Government and the taxpayer.

5.  SECURITY, INTEGRITY & BIOMETRICS

  a.  A universal, easily recognised form of identity that can be trusted by all, and which would involve counter-fraud measures, would obviously benefit the fight against fraud and criminal activities, but could create new vulnerabilities. To this end, it is critically important that the correct architecture is implemented which allows security schemes to evolve on the card to combat increasing levels of risk and this, in turn, relies on the quality of data available.

  b.  As the Government rightly concludes there are some clear reasons why existing personal numbers issued by Government (driving licence number, National Insurance Number etc) are not appropriate, primarily because these systems were never devised to meet the need to have a unique personal number. A new unique number would need to be implemented in a way that avoids the type of problems that have occurred with other systems in the past—eg not attempting to link other personal data which may change, into the format of the number.

  c. Initially, under the current proposals, the card should be promoted as an identification tool, which delivers a benefit to the cardholder: a secure and reliable method of proving who they are. This will in itself improve efficiency in many areas, since the bureaucratic overhead of checking addresses, signatures, etc will be replaced by a simple and familiar mechanism. However, consideration will also need to be given to the development and implementation of cross-agency approaches as the card evolves.

  d. The design of a central database and the type of information stored will depend upon the precise characteristics of the selected ID card scheme. For example, it remains to be determined whether biometric information and PKI related data needs to be stored. However, from the papers produced by the Government, the approach outlined under which the central register stores only a minimal set of core personal information and acts, as a gateway to other Government databases seems pragmatic. It offers the potential to provide privacy safeguards surrounding the use and sharing of personal data and reduces the scale and risk of the project implementing such a system.

  e. Moreover, in the longer-term there is also the possibility that this could be extended to private sector organisations, provided that adequate safeguards are put in place to ensure that the subject's informed consent has been provided. This would provide a more comprehensive and consistent anti-fraud framework and provide tangible benefits to both public and private sectors through prevention of identity fraud related offences. Therefore, consideration should be given to the establishment of routes for verification of identity for use by commercial organisations.

  f. Fundamental to the establishment of a database is the development and implementation of a rigorous security policy monitoring access to data and procedures governing any misuse of data.

  g. Common open standards and the process to certify against these will be crucial. It is our view that the best path for Government, once it has considered these options, is to develop a specification and technical framework that suppliers can deliver against. Open published standards and interoperability are the most important criteria.

  h. It is suggested that an organisation similar to tScheme, or tScheme itself (http://www.tScheme.org), be empowered to develop a set or sets of criteria against which trust service providers for card systems can independently be assessed for each of the services they wish to provide.

  i. Capturing and storing biometrics as part of the enrolment process potentially offers many advantages in terms of identity verification, security and ensuring that an individual's `ID card account' remains unique.

  j. However, it is important to note that if biometric information is recorded, the selected option must meet the key criteria of being acceptable to the public and in terms of cost, viability and practicality on the scale required for ID cards.

  k. For example, the scale of the project to implement the required infrastructure could be very significant (particularly for an iris pattern biometric approach) and would need to allow sufficient national coverage to support the enrolment process and also potentially post card issue identity verification checks (on-line or off-line). The establishment of a nationwide network of biometric recording devices will need to address the issues of secure management, staff training, suitable locations and public acceptance.

  l. Further information is required for the successful development and implementation of the programme including:

    —  The manufacture, issuing and delivery of cards.

    —  The re-issuing of lost, expired or worn out cards on a day to day basis.

    —  If the option of a single, central database is chosen to store biometric data, will anti-terrorism measures be employed to protect such a sensitive asset?

    —  Further details on the instances where ID will be checked, for what purpose, and how long it is estimated it will take to establish these?

    —  How will the personal ID cards of those individuals who disappear from their domestic/work situation be treated? Will cards be operational for those not considered officially dead—ie those missing for less than the required period of time to be considered dead.

    —  How will cards be de-activated after the death of an individual- collection or central deactivation?

6.  INTELLECT INITIATIVES

  a.  In December 2003, together with the OGC, Intellect launched two initiatives designed to ensure the successful delivery of public sector IT projects. Both of these initiatives should play a role in the development of an ID Card programme:

    —  IT Supplier Code of Best Practice: Intellect has developed the first IT Supplier Code of Best Practice. The Code, through its Ten Commitments, establishes standards of professionalism for all providers of information systems and services to Government. Ensuring that best practice is championed and that public sector IT projects are delivered successfully.

    —  Concept Viability: Is a new service offered by Intellect to the public sector. It will enable public sector organisations to use the industry as a `sounding board'. Thereby, helping them to effectively assess the potential technological risks associated with specific public sector IT projects, before progressing from concept to delivery.

January 2004



 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index
© Parliamentary copyright 2004
Prepared 30 July 2004