House of COMMONS









Tuesday 8 June 2004




Evidence heard in Public Questions 683 - 772





This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.



Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.



Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.



Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee.


Oral Evidence

Taken before the Home Affairs Committee

on Tuesday 8 June 2004

Members present

Mr John Denham, in the Chair

Mr James Clappison

Mrs Janet Dean

Mr Gwyn Prosser

Bob Russell

David Winnick



Witnesses: Mr Roger Smith, Director, JUSTICE, Ms Shami Chakrabarti, Director, Liberty, Mr Simon Davies, Director, Privacy International and Ms Vicki Chapman, Head of Law Reform, the Law Society, examined.

Q683 Chairman: Good afternoon everybody. Thank you very much, particularly to the witnesses today, for coming. By way of introduction may I remind everybody, particularly the witnesses, that we are moving now to the second stage of the Committee's inquiry into identity cards, where we are looking in particular at the Draft Bill that the Government has published. We have had an extensive range of evidence sessions, looking at the arguments for and against the principles of identity cards and the broader practicalities of the Government scheme, but I do hope in this afternoon's session that we can focus in particular on the draft words, at the drafting in the particular clauses that the Government has published. When we come to publish our report, in addition to a general assessment of the debate about identity cards, we will want to make some, quite possibly, clause by clause commentary on the Draft Bill. So this session and the one we are having next week is particularly helpful to us. Could each of you introduce yourselves, for the record, and then we will get underway?

Ms Chapman: I am Vicki Chapman; I am Head of Law Reform and Legal Policy at the Law Society.

Ms Chakrabarti: Shami Chakrabarti, the Director of Liberty, the National Council for Civil Liberties.

Mr Smith: I am Roger Smith, Director of JUSTICE.

Mr Davies: I am Simon Davies, the Director of Privacy International.

Q684 Chairman: Thank you very much indeed. Could I start with a question, based on the Liberty evidence, to Shami Chakrabarti? I am looking at clause 1 of the Bill. You have argued in your evidence that clause 1, which sets limits on registrable facts, or intends to set limits on registrable facts in the National Identity Register, is insufficient because there could still be links to the Police National Computer or the National DNA database in some way. Could you explain why you think that is a problem, given that presumably access to those links could be controlled in some way by legislation to the people who already have access to them?

Ms Chakrabarti: I think the point that we were trying to make in this part of our written evidence is the safeguards that are promised in the commentary that goes with the Bill in the White Paper are really not much cause for comfort, because clause 1 in particular does allow for a relatively broad amendment, not just by primary legislation but by these broad definitions related to information about numbers and so on and so forth. We have given the example of the Police National Computer just as an example, but another example could relate to the definition of "residential status" in clause 1(6) of the Bill. We do not see in principle why detailed information about someone's past residential status or, indeed, past immigration status, perhaps many years after they have acquired British nationality, is something that can in any sense be said to be limited to identity and identifying information, which is very much the suggestion in the White Paper.

Q685 Chairman: Can we pursue the point about the Police National Computer, which is one of the examples you gave? What is your real objection to there being some controlled link between the National Identity Register and the Police National Computer? Might that not be of some value to the police and people involved in tackling crime?

Ms Chakrabarti: One has to put that relationship in the context of a Register and a Bill that is very broad, not just in terms of what, under this clause, may be held, but in terms, as we will see in later clauses, of the possibility for wide dissemination by way of the Secretary of State's order for purposes that are not specified in detail in the Bill and that potentially go beyond even the purposes that are currently allowed for specifically under Article 8 of the Convention on Human Rights or, indeed, data protection principles.

Q686 Chairman: If there is a case - and you may want to dispute this - for at least some links between the National Identity Register and things like the Police National Computer or perhaps the National DNA database, how would you have wanted to see this clause drafted in a way that would address the sort of concerns that you are expressing?

Ms Chakrabarti: There are so many things that I disagree with obviously in the proposition that you have set up. The point that we make is principally that the definition of a registrable fact is very, very broad, and that elsewhere in the Bill you see the possibility for very broad dissemination of this data, and the fact that one of the broad aspects of registrable fact provides a link to these other databases that may in some sense be referenced by numbers, simply illustrates the point. We are not advocating that this should be linked to a National DNA database or indeed the PNC.

Q687 Chairman: I know you are critical of the proposition as a whole, but within the context of the Government's Bill your issue is the breadth of what can be registered and the controls or lack of them on the dissemination of information?

Ms Chakrabarti: Indeed, which are not even, as one would expect, specifically limited elsewhere, in I think clauses 20 to 23, by very specific purposes for dissemination.

Q688 Chairman: Thank you. May I come to Vicki Chapman, please? In the Law Society evidence one of the things you are actually concerned about is that the definition of registrable facts includes the number of occasions and the occasions on which an individual's records were accessed. Some of the witnesses that we had at the earlier stages of our inquiry actually argued that that was essential, because to know whether the database was being improperly used it was important to be able to have an audit trail of who had accessed it and on what occasion. Can you help to clarify that for us because up until now I think the gist of the argument has been that we needed to have that information because otherwise there are no checks on potential abuses of the Register?

Ms Chapman: Yes, absolutely. We do not disagree with the need to have that audit trail at all; our concern was about the use to which it might be put. It is clearly very important that that audit trail exists in order to identify and discourage any misuse of the Register, and we would not have any problem with that being used for internal audit purposes to ensure that any access powers to the Register had been correctly used. However, that audit trail is going to give access to an enormous amount of very privacy sensitive data and, as Shami was just saying, in the later clauses, clauses 20 to 24, there is a lot of access to that data by a very wide range of bodies, although, interestingly (and we may come on to this later), apparently not by the individual themselves whom the audit trail is about. The point is that that is very sensitive and very valuable information, potentially about a person's activities and their interaction with public services. That is very valuable information, fairly readily available to a very wide range of bodies, which could then be used for a whole range of purposes, including extensive data mining or data matching to build up profiles of people and their activities. So our anxiety is not about the existence of the audit trail, merely the use to which it is put.

Q689 Chairman: That is very helpful, thank you.

Ms Chapman: I wonder if I might make a slightly wider point on the basis of the questions you have just asked, which is I think one of the things it is useful to pull back to is to come back to the purpose of the Bill itself. The Bill, apparently, is about helping people correctly to identify themselves when interacting with, for example, public services. What we are talking about here is a database and the enormous amount of information that database holds and the interaction of that database with other databases and the information that might then become available. I think it is important to keep that in mind because that is rather different from the stated purpose of a card or a system which is just to enable people correctly to identify themselves.

Q690 Chairman: Thank you. Could I follow on to ask about some comments you made on clauses 2(4) and 8(4)? You have expressed concern about the ability to include details on individuals who have not applied to be put on the Register. At the moment we have a biometric card for asylum seekers, the ARC card. Is there not a case for sensibly including some of that core information on the National Identity Register, if we are dealing with a set of people of whom identity, I think it is broadly accepted, is a very important issue for proper functioning of the asylum system. Are there not cases like that where it would be very sensible to include that information on the National Identity Register, even though they were not part of the National Identity Register in the normal way?

Ms Chapman: I think the inter-relationship between 2(4) and 8(4) is quite an interesting one and, in a way, perhaps we come with questions rather than answers. If 2(4) is about, as the Home Office suggests, being able to register people who have not applied but who are perhaps failed asylum seekers, our point would simply be it is not necessary at the moment. At the initial interview fingerprints are taken and people are questioned about their status, so that information already exists. If it happened to be on the ID card database as well we would not have a problem with that, in that narrow sense. But clause 2(4) is a very, very wide power and if the intention is simply the one that you describe then say so, and in a way 8(4) is the same thing. It is very unclear, if you are happy for me to go on to that?

Q691 Chairman: Please.

Ms Chapman: It is very unclear again what is intended here. The Government is saying that people who are not required to be on the Register could nevertheless be on. If that is aimed at, during the so-called voluntary stage, somebody wishes to go on to the Register, they do not have another mechanism for getting on, fine, just add in the words, "And has applied to be on the Register". Otherwise, it is very unclear who this is intended to be aimed at. Is it about - posing the question - people who are not required and have not sought to be on the Register being put on the Register in any event? Of course, once you are on the Register lots of consequences flow about keeping information up to date and third parties confirming it and of course that data then being disclosable to other parties. So in a way we are just raising the question about what is this for, and if it is for a very narrow purpose it should clearly say so.

Q692 Chairman: If I could ask you to take that a bit further? You accept, I think, in principle that where a database already exists, as it does for asylum seekers, then having that on the one database so that people do not have to check two might be sensible, but you obviously have in mind certain groups of people who are not currently on any database and who have not applied and who could find themselves being put on it. What sort of people do you think that might apply to? I know you cannot answer the Government's questions but what do you think the Government may have in mind that we should be aware of?

Ms Chapman: I think it depends whether you take the, it is simply bad drafting and all they had in mind was somebody who wants to go on to the Register voluntarily but is not required to during the voluntary phase and could therefore be put on, if that is what they have in mind there is a very simple answer - add the words in. If there is a more sinister answer it could potentially be somebody who is not required to be on the Register, for example a young person, somebody of 15, they are put on to the Register in any event, registrable facts are then taken about them. Of course, once you are on the Register, as I say, duties then to keep it up to date, duties to provide your biometrics all flow from that, with penalties for not doing so. I do not want to create too much of an image of too sinister an explanation, but you could see that it has the potential for being used in that way, given the breadth of the wording.

Chairman: That is very helpful.

Q693 David Winnick: Leading on, regarding registration, Ms Chapman, you are not very happy with clause 5(2), which more or less states that before the compulsory stage any application for a passport or ID card should include either an application to register or confirmation that an individual has already registered. That is on your briefing to us, as you know, on page two. Do you feel very strongly that this is wrong?

Ms Chapman: Yes, we do. I think the Government is being very disingenuous here about the use of the word "voluntary" because what we are looking at is a situation where during the voluntary phase documents can become a designated document - passport, driving licence. So let us assume that the Bill has come into force, you have moved house, you have to reapply for a driving licence, at that point you will be required to go on to the database or seek to have an identity card. We of course accept that it is not compulsory in the sense contained in clause 6 of, you have to go on to it and there are financial consequences of not going on to it, but it is not the way we use the term "voluntary" if actually you wished to renew your driving licence or you wished to renew your passport you have to go on to that database. I think, to be more honest, what the Government should do is to say during the voluntary phase, before Parliament has decided that this should become a compulsory system, if they want to incrementally build up a database, when you are applying for your passport or driving licence you should be able to say, "Yes, that is fine, I have no problem with that," or "No, actually I would rather have a simple driving licence, thank you very much, for the time being, until Parliament has decided this is compulsory."

Q694 David Winnick: In fact, it could be argued, I suppose, that what the Government has in mind is another aspect of "function creep" - surprise, surprise!

Ms Chapman: Yes.

Q695 David Winnick: You describe clause 5(3), Ms Chapman, in your briefing, as "vague" and say that it could lead to some misunderstandings because the Home Secretary, or those acting in the name of the Home Secretary can ask for "any type of information for specific individuals" - the top of page 3 in your briefing. This applies to foreign nationals, does it not?

Ms Chapman: It is unclear, but judging from the Home Office's explanation it might apply to making it compulsory for foreign nationals to register for an identity card during the voluntary phase. That is obviously taken from what the Home Office has said. The wording on the page of the Bill is extremely vague; it is not at all clear what prescribed information might be required. One of the concerns is that the prescribed information may be different for different groups of people and that obviously has the potential to be discriminatory and we do not know until we see. There is an element of why pick on 5(3)? It pervades the whole Bill. Because there is so much left to regulation and because the wording is so broad a lot of the time we come just with questions about what is it that is intended here, what sort of information is likely to be required? What we would like to see, should this proceed, is much more spelt out on the face of the Bill. Of course we accept that there may be a need for regulation making powers to alter that subsequently, because obviously there has to be an element of flexibility, but it would be much easier to see what it was the Government had in mind if things were clearly spelt out in the first place, to give you broad parameters, if you like, of the sort of things that are being looked at with, if necessary, regulation making powers to amend.

Q696 David Winnick: Say the Home Secretary said to you that for national security reasons - and bearing in mind the times in which we live - what is wrong with taking such measures if it is going to protect, as he would put it, large numbers of people?

Ms Chapman: What he needs to do is to spell out what those measures are. That is the difficulty; we do not know what measures he has in mind, we do not know what information he has in mind to collect from people. It is difficult to answer the question because we have no parameters within which we are operating. It is a difficulty throughout the Bill, but it is a difficulty in a sense between clause 1 and Schedule 1. Clause 1 is the purpose clause and it sets out what is a registrable fact. That is not amendable by regulation, but then we have Schedule 1, which gives us a bit more detail - the relationship between the two is not entirely clear from the Bill - but that can be amended by regulation. Again, what are the parameters within which we are operating? If we had it more clearly spelt out on the Bill, even with the power to amend, we would know what we were dealing with.

Q697 Mr Clappison: Just briefly, one point, if I may? I have been listening with great interest to what you are saying about the Bill and I think a lot of what you are saying is you feel that the powers which have been taken are too wide and a very great deal is being left to regulation making, and quite a lot of your concerns would be set to one side if you knew more about it. Can I ask you particularly about the point that the Chairman was asking you about a few moments ago, about the case where information about somebody is put on the Register without them having asked to be put on the Register during the voluntary phase? What you are saying about that was you felt that it was important that the circumstances in which that happened should be defined. You also agree that it is important that an individual who has had information about themselves put on the Register in this way should then know that this has happened and that information is being kept?

Ms Chapman: Yes, I think it is absolutely crucial, both in the circumstance which you describe, where somebody may not even realise they are on the Register, and indeed for all people who know perfectly well they are on the Register because they applied to renew their driving licence and have been required to go on. One of the oddities with the Bill is that despite all the people in the later clauses who are allowed access to information on the Register, it appears that the individual would not be allowed access. Although you might expect, under normal Data Protection Act requirements, that a person would be able, through the Data Protection Act, to access the personal information that was held on the Register, that appears to have been specifically excluded in clause 14(4). So, yes, I absolutely agree with you, I think it is essential that the individual on the Register is able to access the information about themselves, not least for the practical purpose of being able to check that it is correct.

Q698 David Winnick: If I could turn to you, Mr Davies. Your concern is about the provisions in clause 5, the collection of biometric data and you call for a requirement, as you put it, to ensure privacy and dignity. Some may say that is another dig by you and your organisation because you do not like identity cards. What would you say to that, Mr Davies, that it does not really add up to a great deal when you say "a requirement to ensure privacy and dignity"?

Mr Davies: I believe it goes right to the heart of our discussion here. By way of background, the rather unusual submission we gave to the Committee was confined to the problems that may be faced by blind and visually impaired people. I do declare an interest, I am legally blind, and I am prepared to tell you what that means at a person level. What we have done is to lay out the scientific and technical evidence that me and hundreds and thousands of people like me simply will not be able to use the biometric technology in the way that a fully sighted person can. So we are talking about dignity. By way of example, Mr Chairman, I can hardly see you; I can see a shape. I hope that you are not winking at me because I would never see it. Other Committee Members would have to guide my head if you were an iris camera. I would have no hope of fixing on that iris camera. If you can imagine a public place where I am asked to identify myself through a defective part of my body, we are talking serious human dignity issues. I have had photo-shoots, as we all have, using professional photographers. Most professional photographers leave the session with me with less hair than they arrived with because they cannot get a fix on my eyesight, my eyes will not hold stable enough because the focusing mechanism changes. There are two million people who are blind and visually impaired and what we have set out in the submission, I think fairly meticulously, is how various eye conditions cannot meet the requirements demanded by either the legislation or the technology. I do not necessarily think that we are all useless when it comes to the registration phase because you are going to have extensive technical expert support to register an eye; what you are not going to have in the verification stage is any sort of assurance that the person will ever match their enrolment biometric, because you are going to have cheaper technology at the doctor's surgery, at the Job Centre, at the bank, and you will not have the expertise to guide a blind person. So we all believe that the Bill should contain guarantees and safeguards so that whatever the infrastructure that is established under the provisions of the Bill ensures that blind people and visually impaired people do not suffer. You can imagine in a bank, for example, with the 15 minutes it would take before a camera even has a hope of getting a fix on my eye, with a rather angry queue of people behind me and the embarrassment that I, and thousands of others, would suffer. This sounds like the thin of the wedge to get privacy enshrined in British law, but I believe this is the perfect opportunity to do it.

Q699 David Winnick: Mr Davies, you are of course opposed to identity cards on a broader front but this is one aspect that you are confirming.

Mr Davies: Yes.

Q700 David Winnick: Recognising, as I am sure all my colleagues do, what you have just said about your own position, I suppose the response would be, yes, but we have a Home Secretary who has been blind all his life, and would he not therefore be particularly sensitive to all the points that you make? What would you say to that?

Mr Davies: As a blind person I would say that the Home Secretary does not recognise that he is blind. He has never once recognised the blindness issue in the discussion over the iris recognition technology, and I have been constantly flabbergasted by the silence from the Home Secretary on this point because the National Physical Laboratory, for example, in tests conducted in this country, acknowledged that they could not register a blind person. Yet we are asked to comply with legislation that assumes a perfect technology. I am afraid we are the ones, as blind people, who are going to suffer. Whenever there is a fallibility it will fall on us. I am sure there are many aspects to this and I am sure there are many populations that are just as vulnerable because they also are not perfect, and they cannot perfectly comply with the requirements of the technology. I can only speak as a blind person and I can only rely on the research that we have given to you.

Q701 David Winnick: Do you therefore believe that blind or visually impaired people find themselves having to register far more frequently than people whose eyesight is not in that condition?

Mr Davies: If I look at the example of cataract operations, the medical reports which we have cited in our submission stipulate that when a cataract operation has been conducted then a person's iris changes to such an extent that - and this is the advice of the Paper - they should re-enrol if they are currently registered with an iris programme, there is that much of a significant change to the iris. We are talking almost a quarter of a million people a year who undergo cataract operations. What that assumes is that to fulfil the requirements of the clauses of this Bill they either would be in breach of Section 30 if they do not notify the Government that they are about to have a cataract operation; or, alternatively, they are going to have to re-enrol after the operation - and this would apply to any blind or visually impaired person who goes through a medical procedure. So just on that one point alone I believe that there would be a greater encumbrance on blind people. If we go to the prescribed documents, the prescribed information in Section 5, if we assume that blind people cannot use the technology - and I believe that is the case - we come back to the question we were discussing before, what additional prescribed information is going to be required of blind people, or anybody, indeed, who cannot use this so-called infallible technology? I do agree with the Law Society, this matter has to be set out in great detail because if I, for instance, on verification of my biometrics, cannot conform to the needs of the technology there is a limitless potential for the Government to demand that I appear for appointments, that I apply stricter and stricter tests to ensure that I am who I say I am. What I am saying is here, the fully sighted, fully functional human being can perhaps use this technology in a way that is satisfactory to that person's needs.

Q702 David Winnick: If there were no biometric details, which obviously the whole emphasis has been on that as far as the Home Secretary is concerned, just to get it quite clear, Mr Davies, you take the same position on the introduction of identity cards as your colleagues here?

Mr Davies: I am broadly in support of the position taken by my colleagues, all of them.

Q703 Mrs Dean: May I turn to Vicki Chapman, first of all? You are concerned about clause 8(4), which you say could lead to a discriminatory issuing of ID cards, for example to acquire a data trail of an individual's movements. Is this really a practical concern?

Ms Chapman: It is difficult to know because, as I was saying previously, it is difficult to know what is intended. I suspect that clause 8(4) might simply be attended to allow people to register during the voluntary phase where they do not have any other means of doing so - very innocent, and could easily be dealt with by those additional words. If that is not what it is for, then what is it about? Is it about entering, as the example I gave, a 15-year old who is not required to be on to the database, in order to acquire information about them which can then interact with other databases to provide a data trail? I do not know; I am just raising the question that it is not clear what the intention is. I think in the information that the Home Office gave, they simply referred to "special cases" - I do not know what that is.

Q704 Mrs Dean: So it is not clearly defined enough for you?

Ms Chapman: Yes, exactly, and if it has the innocent explanation I have suggested then it can be easily remedied.

Q705 Mrs Dean: May I turn to Shami Chakrabarti? You say that clause 8(4) and clause 2(2) mean that "the Secretary of State may pass regulations requiring non nationals who are not applying for immigration or refugee status" to have identity cards. Can I ask you why is that a problem?

Ms Chakrabarti: The bigger problem is not restricted to clauses 8 and 2, about which I say the same as Vicki Chapman from the Law Society; it is just a slightly odd provision which looks very innocent but which allows for entries on the Register and for ID cards to be issued to people who do not apply themselves during the voluntary phase and who are not subject to compulsion under clause 6. The bigger concern that pervades the Bill is for potentially discriminatory and arbitrary consequences, in relation to this twin-track voluntary and compulsory approach. In earlier phases of this consultation the Home Office was very keen to talk about foreign nationals as an obvious category who might come for compulsion before British nationals, and we have concerns from a race relations point of view. We have basic discrimination concerns but also race relations concerns because of course in relation to the clauses that protect those who applied voluntarily for a card, from being required to produce it, how will the person who is making the demand know who to make the demand of if, for example, it is a foreign national whom he suspects? The obvious concern is that he is going to ask someone who looks foreign, i.e. who is not white. So I have to say, there is going to be a considerable difficulty from the point of view of that person because if he gets his judgment wrong clause 19 provides a statutory tort that may create a liability to damages for demanding the card of someone who was not the subject of compulsion. So there are practical as well as principle concerns about nationality discrimination or treating foreign nationals differently from UK nationals. Interestingly, in the more recent discussion and, indeed, in this White Paper, other examples of categorisation and of groups who may be subject to compulsion are given, and one example that is given is age. There are perfectly logical reasons why a government that is interested ultimately in having a complete national identity system might choose a particular age group for compulsion first. For example, the anecdotal and statistical evidence at any point might suggest to the Home Secretary that people above a certain age are more resistant to entering into this scheme voluntarily, for reasons that Simon Davies gave, and may be cultural and historical reasons, and the Home Secretary under this Bill would be entitled, therefore, to say that people in their 20s are more likely to want to apply for a driving licence or a passport and therefore they will gradually come into this system voluntarily, but people in their 60s are less likely to do that, "So I will make them subject to compulsion first." The Home Secretary can say to himself that that is justified because, "I have told everyone that we are moving down the road towards a national scheme," and it is in this older category that we have the problem of voluntary take-up. So he makes the older generation subject to compulsion and, as a result of his order under clause 6 of the Bill, forever more the people in that compulsory category are subject to a much, much harsher regime in relation to renewing their cards and so on and so forth. They are subject to the draconian financial civil penalties, for example, for late renewal, whereas someone in their 20s, perhaps now in their 30s, who entered the scheme voluntarily is not subject to that same treatment. That seems to us to be a very odd and potentially arbitrary and quite discriminatory approach in relation to individual human beings, notwithstanding this global idea that you can put people in groups and make some of them subject to compulsion.

Q706 Mrs Dean: If you carry through what you were just saying and made it compulsory all in one go for everyone, would that not take away the ability to be able to introduce the scheme gradually? You mention the age range, but it might be that if you were bringing in a compulsory scheme then it might be better to phase it in a certain way. Is that not what you are saying, that you would actually stop that happening if you carry through with your point about not introducing it in a phased way?

Ms Chakrabarti: I understand the attraction of the approach from the Home Office's point of view. They have been very clear that they want to move ultimately to a national and compulsory scheme. However, I have to say that from a rule of law point of view, from a practical point of view, from a human rights point of view, there are dangers. I think the term used repeatedly by the Home Office is "sensible and flexible" in relation to this inordinate ability to do things by order or to treat different classes differently. I am afraid I would not call it sensible and flexible, I would say that there are dangers for breadth and arbitrariness, which is the opposite of good sense and flexibility. The example that I gave, of the older person who forgets to renew and is therefore subject to draconian sanctions, as opposed to the younger person - and those two people were only treated differently because of their wider class and perhaps a legitimate and genuine believe on the part of the Home Secretary that older people would be more resistant. That is not a judgment about an individual but about a class and it could potentially have these very harsh results, notwithstanding the earlier point I made about race, which flows directly from saying that if you are in a compulsory category you are then not protected even from the protection against being required to produce the card in the street; and if various demands may be made on someone in a compulsory category and one of the categories is foreign nationals there is an automatic consequence for race relations because, as I say, as a public official or indeed a private individual, if I am allowed to ask foreign nationals, who am I going to ask? I do not know who to ask until I see the ID card; I am going to make a judgment, realistically, based on appearance and race.

Q707 Mr Prosser: Ms. Chakrabarti, you say in your evidence - or Liberty say - that there should be a duty to ensure that entries are accurate and that something to this effect should be written on to the face of the Bill. You go on to say that this could be achieved by requiring the entries to be made known to the individuals, and perhaps this should be done on an annual basis or a bi-annual basis. Do you not think that such a structure would become more bureaucratic and made the system more cumbersome to run?

Ms Chakrabarti: Firstly, I am echoing, I think, what has been said by others, including the Law Society, about the irony of a Bill which promotes access to information on behalf of a whole range of authorities, and possibly more that the Home Secretary has not thought of yet that he will prescribe by order, that the person who does not get to verify the accuracy of this information ought to know what is held about them is indeed the subject of the citizen. As to bureaucracy, there are other people currently who hold a large amount of data, such as the DNHS, and they do send out questionnaires to allow people to correct entries, and there are all sorts of people who do this. I quite support the Bar Council and the Law Society doing these things themselves. There is a lot of potential bureaucracy, as you will imagine, that is provided by this scheme, but this one safeguard is very important to ensuring that this data is accurate. Ultimately, the Home Secretary's own dream of this wonderful, foolproof identifying scheme will be as nothing if there is not that check, and of course the only way to do it is to offer up the information on a periodic basis to the person himself because he cannot see it on his card; the information is not on the card, it is accessed to this huge database, and, as the Chair put to me earlier, quite possibly linking that database with other databases that are currently in existence or yet to come into existence. How is the individual ever to know whether the information is accurate if there is not some kind of system of questionnaire or regular auditing or opportunity to verify it?

Q708 Mr Prosser: Mr Smith, JUSTICE also makes similar observations with regard to access to information and also access to who has accessed their information. Do you contend that that should be an absolute right of the individual to have that information?

Mr Smith: I think the principal position is that the person has the right. The principal position is that the person has the right to all the information on the database about them. I think one has to say that the notion of having a record on the database of who checks it is not only about auditing improper use, it is actually about adding a third dimension to the information there, so you are able to check what has happened to someone over time. I think the person has a right, in principle, to the information about them, the registrable facts, and the information about who has checked it. I would be prepared to say, where it was against the interests of national security, or in some way impeded the pursuit of crime, that there should be an exceptional element, but as a point of principle your identity will be your physical presence and person and this entry on the database, and I think we all have the right to see what is on that database.

Q709 Mr Prosser: Have you given any thought to how that would be articulated in the Bill itself? What sort of text would you suggest?

Mr Smith: "You shall have a right to see all such information as is on the database save only for the following exceptions: (1) where it can be shown manifestly to prejudice national security; (2) where it is in the pursuit of serious crime, which would be impeded by you knowing that information."

Q710 Mr Prosser: With no limit as to how many times an individual could make those enquiries?

Mr Smith: As a matter of principle, no; as a matter of bureaucratic inconvenience we have rules about people abusing the courts as ill founded litigants, and I am sure there could be some provision which imposed escalating charges in cases which were reasonable to do so.

Q711 Mr Prosser: Thank you. Ms Chapman, in your evidence you say that it would be unwise to allow disclosure of discrepancies between information provided and information on the Register. Is it not essential that the State is able to make the comparison between the two in order to identify inaccuracies and mistakes?

Ms Chapman: It is really a very simple point. Somebody turns up to access a particular public service, they give their address, according to the Bill what would happen would be somebody would say, "I have just checked your details and it says, no, you do not live at 113 Chancery Lane, you live at 2 Parliament Square. A very useful piece of information, thank you very much." A person says, "Sorry, forgot to tell them about my change of address," and goes off. You can imagine a situation where stolen cards are in circulation, forged cards are in circulation, and you do not want people giving out the information that is actually on the Register to somebody who might be presenting as a person but may not be that person. Surely it should be sufficient to say, "There is no match" or "Your application has been rejected"? Of course you would have to match with that what my colleagues have just been saying, which is the ability of the individual to check that the Register was correct, because if you had just moved house and you had sent in your details appropriately, as you were meant to have done, but the Register had not been updated in time, you would want to know that. The point we were making there was a very simple point, that it would be foolish to give out the correct information to somebody who might not be the person they were presenting to be.

Q712 Mr Prosser: So how would you improve it? Would you just have a simple statement saying that it would be prohibited to disclose?

Ms Chapman: The answer is simply that where somebody presents and where there is a discrepancy you just say, "There is a discrepancy." As when you use your credit card and the embarrassment in the shop when they say, "It has been rejected"; they do not say, "It has been rejected because ..." You have to then go away and check your information with the credit card company who then say, "We are sorry, we made a mistake," or whatever. So something along those lines.

Q713 Mr Prosser: You also say that there is nothing in the Bill to provide for vulnerable people and for people who lead chaotic lifestyles. My colleague said like MPs! How would the Bill address that? Is there a simple form of words to address those problems?

Ms Chapman: No, there is not.

Q714 Mr Prosser: So do they stay outside the circle, or what happens?

Ms Chapman: I think in a sense what this illustrates is the difficulty with the scheme as a whole and in a way one has to step back instead of getting into the detail and say, "Actually, what is this about?" Given the way the Bill is written, I can give you a couple of examples of real concerns. You can imagine somebody who has frequently changing information, perhaps somebody fleeing domestic violence, somebody with mental health problems or addiction problems, there is a requirement under the Bill to notify changes. Two things flow from failure to do that: one is a penalty and the other is potentially a denial of access to services, and yet we are talking about the most vulnerable people here who may really need access to those services - benefits, healthcare, whatever it is that is being required. There is also a very draconian measure about the failure to notify if the card has been lost, stolen or damaged. No requirement that you have to know the card has been lost, stolen or damaged, merely that it has been lost, stolen or damaged, and there you are looking at not only potentially a denial of service to somebody but a criminal offence. So I think what we are doing is illustrating with those particularly vulnerable groups how difficult it would be for them to comply potentially with certain parts of this Bill and the consequences that may flow from that. As I say, in a way I think it is an illustration and what we need to do is to step back and think, what is this about actually? We started out with something that was combating identity fraud, tackling illegal working, fighting serious crime and, as you know, when we were here before we expressed concerns about, one, whether it would do those things, and, two, even to the extent that it did was it a proportionate response? Now here we are discussing the detail of this Bill which would have, I think, a really serious impact on some of those most vulnerable groups if it went through in its current form, along the lines that I have just described.

Mr Davies: Mr Chairman, we share those concerns absolutely, and if I could just refer to the Lisbon Strategy?

Q715 Chairman: "We" being who?

Mr Davies: Privacy International. Or I could speak on behalf of all Privacy advocates, but I will not. The question of vulnerable population is something that I would like us to address in writing to you because it is extremely serious. I have been trying to find a figure for the Committee and I refer here to the Lisbon Strategy, which was attempting in 2000, which was a ten-year plan, to create a knowledge economy throughout Europe. If I can quote from the European Commission's response to the analysis of the Lisbon Strategy, it says, "The knowledge economy threatens to bring about greater inequalities and social exclusion. Almost 150 million people in the EU face a higher risk of marginalisation," and there is a very substantial parallel between a high-tech ID system, which requires IT literacy, and an ability to comply with systems and the sort of knowledge economy that the Lisbon Strategy outlines. We are talking here of almost one-third of people who have significant risk of marginalisation.

Q716 Chairman: We spent a couple of days each in Sweden and Germany, which have ID card systems, although they are not high-tech ID card systems. The issue of vulnerable and marginal groups was not raised at any point in our visit to those two countries as being any significant problem at all, even though they have, they believe, virtually universal registration, changes of address requirements, and so on. Those of you who tell us all these dire things that are going to happen, can you explain to us why that has not happened in Sweden and Germany? Do they not have marginal or vulnerable groups or people with mental health problems?

Mr Davies: They do not have biometrics.

Q717 Chairman: They do not have biometrics, but everything else is the same?

Ms Chapman: I am sure they do and I am not aware of those systems. But may I ask a question: is access to public services dependent upon producing a valid ID card?

Q718 Chairman: The answer we were given was that certainly it is very difficult without an ID card.

Ms Chapman: But not impossible?

Q719 Chairman: Not impossible, that was the answer we were given.

Ms Chapman: It may well be that one of the safeguards we would need to have very clearly spelt out is what would happen if somebody appeared without their ID card and how would they still access those services? I suppose the second question is, did they have such rules as are laid out in the Draft Bill about requirements to update and penalties for not doing so, and penalties for not reporting theft or damage?

Chairman: Those are certainly issues that we will report on, but broadly my impression was that they do, certainly in terms of changes of address and things of that sort. I just wanted to know because these things have been said about this system and there is a substantial amount of evidence from countries with ID card systems and compulsory registration, which do not necessarily back up the worst of the things being said.

Q720 David Winnick: The Chairman has stated in the two countries he mentioned that access to public services is very difficult without an ID card, Ms Chapman. I was not on the visit, but obviously my colleagues were, the Chair has just stated that. Would you take the position that even if the voluntary system was in operation for an ID card the same would apply in practice, that when people did go to hospital or applied for benefits inevitably the first question would be, "Have you got your identity card?"

Ms Chapman: I think there is obviously a real danger that once you have a voluntary card - or apparently voluntary card - in operation, there may well grow an expectation that people will have the card and be required to produce it and it may well put people to considerable inconvenience if they do not have a card and have to go some other way about proving their identity. As I understand what the Government intends, one of the key things about the identity cards they are proposing is the biometrics, and that is one of the things that I think they hope will make it so much more secure than other forms of identity card. If that is the mechanism for proving identity you then get into a whole new ballgame about reading those biometrics - is every post office counter, is every hospital going to have one?

Chairman: We have rehearsed that in some of the other sessions, but thank you very much indeed.

Q721 Bob Russell: Clauses 20 and 21 of the Bill cover disclosure of data on the Register without the consent of the individual concerned, so we are talking here about the police and intelligence agencies and have they been given too much access to the database. So to Mr Smith and Ms Chapman, you say that you are extremely concerned by the powers of clause 20 to disclose information without the consent of the individuals concerned. I believe you were arguing that both the range of authorities and the grounds for disclosure are too wide. So if that is the case what do you think would be reasonable if, indeed, anything can be described as reasonable?

Mr Smith: I find clause 20(2) quite extraordinary, and I would hope that it is the Home Office lawyers' first attempt, because I can see the point of 20(3), which is ---

Q722 Bob Russell: I was actually asking about clause 20 at this stage.

Mr Smith: Sorry, I was taking us to 22. Yes, 20(3) I can understand, which is disclosure to a police officer for courts. It seems to me that 20(2) should just be taken out completely.

Q723 Bob Russell: That solves that problem.

Mr Smith: After "chief officer of police" you insert Director-General of the Security Service and all the rest of the people, and if they want to consult it in the interests of the national security purposes ---

Q724 Chairman: That is 20(2) and 20(3) not 22 and 23, hence the confusion.

Mr Smith: Sorry, I could not understand why you could not understand me! 20(2) seems to me an outrage and I cannot imagine your Committee would accept that because it is so broad, "... purposes connected with the carrying out of any of that Service's functions ...". Reasonably connected? What are the functions of GCHQ? To listen to the airwaves. It gives unlimited access really and I think that has to go. "In the interests of national security; for the purposes connected with the prevention or detection of crime," I can see the point of that.

Ms Chapman: I agree.

Q725 Bob Russell: Ms Chakrabarti, you argue that there should be "exhaustive lists of purposes appropriate to the legitimate accessing and sharing of information" to cover the disclosure to the police and other bodies of information on the Register without the consent of the individual concerned in clause 20. So what sort of purposes do you have in mind?

Ms Chakrabarti: As I said before, Mr Russell, there are precedents in Article 8 of the Convention on Human Rights and the Data Protection Act itself and we are talking about something that is purpose-specific; we are talking about national security; we are talking about crime prevention and detection rather than, as Roger has said, long lists of personnel who clearly are engaged in part or possibly for the most part for some of those purposes, but when you have long lists of personnel they have a blank cheque for all purposes. So purpose-specific provisions on the face of the primary legislation. And the second part that follows on from that is about clause 23, which is even after this compendious list of personnel who may get access we have this nice catch-all for the Home Secretary to add people and purposes by order. The mind really boggles at what he has not thought of yet. It really is too much of a blank cheque; it is far too generous and in danger therefore of falling foul of data protection principles and, indeed, in Article 8 of the Convention on Human Rights.

Q726 Bob Russell: You have spelt out why a blank cheque is not acceptable to you. How few names would be acceptable on the cheque, in your mind? Or should there be no cheque at all?

Ms Chakrabarti: Rather than names I prefer purposes and the obvious purposes that I have mentioned and that Roger and others have mentioned relate to the prevention and detection of crime and to safeguarding national security. If there are others that require the involuntary disclosure of identification I think that the Home Secretary should say what they are now and put them as specific and clear purposes on the face of the Bill.

Q727 Bob Russell: You have clearly stated your serious concerns. If I can now move on to the oversight of the scheme and we have the National Identity Scheme Commissioner, and I suppose we should be grateful it is not a Tsar or an envoy, but we have a NISC in clauses 25 and 26. So continuing with you, if I may, with Liberty, you suggest that the National Identity Scheme Commissioner's powers, set out in clause 25, should be extended to cover "the operation of the registration and identification scheme as a whole" and then very bravely you then criticise the Prime Minister, which not many people do nowadays, his powers, in clause 26, to suppress details of the Commissioner's reports. How would you see your proposals working in practice?

Ms Chakrabarti: Firstly, obviously I am not criticising the Prime Minister, but the idea that this Commissioner needs to report to the Prime Minister as a safeguard against the Home Secretary, I think it would be better, frankly, if he reported to Parliament, and you will forgive me saying that to this parliamentary forum. Secondly, I think he has a rather grand title because if you actually look at his jurisdiction it is incredibly limited. He is most probably a Section 23 Commissioner and that is not such a glamorous job really. No doubt somebody would be prepared to do this one day a week, but it would be much more of a safeguard if the Commissioner had jurisdiction over all of the Home Secretary's powers, and there are many of them in the Bill as a whole, and then he really would be the Identity Commissioner.

Q728 Bob Russell: If those clauses were amended in the way you explained, would that mean you would then be happy with those clauses or would you still be unhappy with them?

Ms Chakrabarti: We have made the points that we have made. We are talking about the three-fold approach. We are unhappy with the idea of ID cards per se but we are engaging with the detail of the Bill as suggested. We have made the points about the breadth of these clauses and in particular the breadth of definitions and the ease with which the Home Secretary can amend them by order. The third point is that this Commissioner has far too limited a jurisdiction given the broad powers of the Home Secretary and that it would be a better safeguard if he reported to Parliament rather than to the Home Secretary's boss.

Q729 Bob Russell: Mr Smith, you say that you are "unhappy with the proposed National Identity Scheme Commissioner" and with the extent of the powers that he or she will have as set out in clauses 25 and 26. As I understand it you would prefer an extension to the powers that the Commissioner has and a new statutory power "to investigate and audit the process". Would you not agree that many aspects of identity cards, such as technical issues relating to biometrics, are outside that Commissioner's expertise unless by some chance he or she has that expertise? Normally they would not have that expertise, would they?

Mr Smith: We were mainly concerned with the data aspects of it, the data protection access and access to the data on it. I think it is a discrete area over which one should quite legitimately have the Commissioner.

Q730 Bob Russell: But he or she, the Commissioner, could get in that expertise, could they not?

Mr Smith: Yes, of course.

Q731 Bob Russell: So it is not a problem?

Mr Smith: No, I do not believe it is a problem at all. I think they should have responsibility, if they are monitoring it, where they have the expertise themselves. We also thought that to make it neater this Commissioner could be linked in with the Information Commissioner, who is waiting behind us to say that he does not agree.

Q732 Chairman: Shami Chakrabarti, you are concerned about the proposed 2,500 fine for failure to comply with registration in the lesser stages of this. Given that the government, if they wish to go down this line, may need some tools to require people to comply, is there any level of fine or penalty that you think would be acceptable or reasonable?

Ms Chakrabarti: The concern is not really just about the level of the fine or penalty. There is a greater concern that comes from two sources: one, that this can be imposed on multiple occasions and so can rise very quickly to much more than the 2,500, and secondly, as was suggested earlier, there is this discrimination. The twin-track approach produces a much harsher regime with these financial penalties which, incidentally, may be called civil penalties for the purposes of this Bill but may turn out to be criminal in substance once the courts have had a look at them. For the purposes of Article 6 of the Convention on Human Rights this may turn out to be a criminal rather than a civil penalty. It matters not as long as the process is fair but it is worth remembering that these civil penalties are available not just in relation to the hard-bitten refusnik who chooses not to comply even though he was required to but also everyone who did not choose to volunteer at the moment when that was open to them, if ever it was. There was the example I gave about the elderly and so on, so all in all we have the potential for a very harsh scheme here.

Q733 Chairman: So at the very least, although I know you are against it in principle, you would want some distinction drawn in the penalty regime between, as you say, the ID card martyr, the hard-line refusnik, and the person who has fallen foul of the law by a failure to take up the opportunity or the request that is on them?

Ms Chakrabarti: I think closer attention is required.

Q734 Chairman: Mr Smith, I wonder if you could pursue the point that you explicitly raised in your evidence that these turn out to be criminal rather than civil penalties? Could you explain that to us for the record?

Mr Smith: You, when you introduced it, called it a fine. If you had to use ordinary language you would call it a fine and since that goes to the essence of it, it is universal, coercive, it has got sanctions. There is an old case from the 1990s, Benham, which related to the poll tax. That related to somebody who was imprisoned, but I think that in essence what that case is saying is that you take into account in deciding whether something is criminal or civil how governments have described it but you really have to go to the essence of what is happening. What is happening here is the imposition of a fine. I have some sympathy with the government. They do not want to create poll tax martyrs. They want a coercive system, they want to impose a fine. They do not want imprisonment to follow non-payment of that fine. Fine: say that, and be clear about it, because I think it does make a difference what you call it. It makes a difference to the burden of proof, it can potentially make a difference to the availability of legal aid, it can potentially make a difference to the mental element that would be required to be proved if someone was charged and was successfully to be convicted. It does make a difference whether it is civil or criminal and if it is a crime and it is a fine it should say so.

Q735 David Winnick: Ms Chakrabarti, you said of course as an organisation when you spoke previously that it is not the wish of Liberty to encourage non-compliance with the law and most people will accept that if Parliament agrees to a law that law should be obeyed. Having said that, do you have any sort of estimate of the numbers of people who are likely to break the law, refuse to pay the fine and suffer imprisonment? When I say have you got an estimate, that is putting it perhaps in an inappropriate way, but do you feel there is a sizeable number of people who would take that line?

Ms Chakrabarti: I am going to turn if I may to Mr Davies who will I am sure remember the precise result of that poll, but there was a poll just a few weeks ago that suggested that there was a significant hard-core minority who were prepared to say at this point in the discussion that they would be the hard-bitten refusniks.

Mr Davies: We commissioned a UGov poll about three weeks ago of 2,020 adults and the results were that 38% of the population were opposed to compulsory cards but it appears that the opposition was extremely deep because 25% of that chunk of the population were prepared to take to the streets and demonstrate. 16% said they would be prepared to engage in civil disobedience and 6% said they would be prepared to go to prison, which represents about a million people. The support is broad but the opposition is extremely deep and entrenched.

Chairman: Can I thank all four of you very much indeed for coming this afternoon. It has been a very useful session.

Memorandum submitted by The Information Commissioner

Examination of Witnesses


Witnesses: Mr Richard Thomas, the Information Commissioner, and Mr Jonathan Bamford, Assistant Commissioner (responsible for data protection), examined.

Chairman: Welcome back, Mr Thomas, Mr Bamford. It is good to see you here this afternoon. Mr Winnick is going to open the questioning.

Q736 David Winnick: You make the point in your paper, Mr Thomas, at page 2, in essence that no matter what safeguards are made by the government the criminals will consider trying to forge the identity card. How seriously do you really take that to be the case, bearing in mind the view that the card will be so sophisticated, we are told, that it would be very difficult for criminal gangs to get in on the act?

Mr Thomas: Could I perhaps make a very short opening statement before addressing your particular question? When I came to see you last time, Chairman, I used the language of "healthy scepticism" about the government's proposals. Having looked at the detail now I have to say that that that is beginning to change to rather more "increasing alarm". I think that as we see the detail of these proposals it is now clear that we are talking not about ID cards as such. This debate is primarily about a National Identity Register and all the consequences of that. Some of the issues arising from information sharing have been discussed earlier this afternoon. This is beginning to represent a very significant sea change in the relationship between the state and every individual in this country, and I think it has to be seen in that sense.

Q737 David Winnick: Since you have made that introduction, as the Information Commissioner what you have said of course should send bells ringing across the whole of the government machinery and certainly the Home Secretary. What has made you so alarmed about the situation since you last gave evidence, Mr Thomas?

Mr Thomas: We have always expressed some anxiety and reservation about where this is leading and I want to come back later perhaps to talk about what it is fundamentally for; what are the purposes of this broad scheme. I still, even now, have doubts about the broad purposes of this. Clause 1 of the Bill sets out the statutory purposes but one can almost describe clause 1 as a Sir Humphrey, "Yes, Minister" statement of the statutory purposes. Clause 1(2), the primary purposes, is to provide a record of registrable facts about individuals, so there is a lot of circulatory language in the definition of "statutory purposes". It does go on to talk about the purpose being the issue of cards, facilitating the provision of a service, enabling information to be shared from the register, and that begins to give us a clue perhaps as to why my concerns are increasing, because it is not just about citizens having a piece of plastic to identify themselves. It is about the nature of the information held about every citizen and how that is going to be used in a wide range of activities. In many ways I was not unduly surprised to see the detail of the draft Bill but when one sees the way that the draftsman has clearly approached all the various issues which need to be addressed in the process of constructing a scheme like this one begins to see fleshed out on the face of this draft Bill, with a great deal of detail to come later as regulations are made, just how complex this issue is and how far-ranging and extensive the arrangements are going to be.

Q738 Chairman: Those of us who have seen legislation in preparation know that on occasion parliamentary draftsmen not only give ministers what they want or what they have asked for but a great deal more. Often a lot of the process of Parliament is getting the legislation to reflect what ministers originally said they wanted. From what you have seen of the Bill at the moment do you think that is the situation we are in, where the Bill is far broader than the stated aims and could be brought back in line with what the government have said they wanted, or do you think the Bill reflects a broader agenda and therefore is drafted in the way it is because there is a wider set of aims than the government have so far set out?

Mr Thomas: That, frankly, Chairman, is a terribly difficult question because it depends upon being clear about what the purposes are. One can only make judgments about the appropriateness of the detailed drafting and the acceptability of the various safeguards when one is absolutely clear what are the purposes. Is this primarily about dealing with illegal immigration or illegal working? Is it primarily about access to public services? Is it primarily about the fight against crime and terrorism? It is only when one sees the Bill as drafted that one sees that it is all of these things and many more, and I think the draftsman, perhaps as you are suggesting, has identified a very wide range of issues which need to be addressed with a comprehensive scheme. The point I want to make to you is that this is a very comprehensive scheme. I think it would probably be the most comprehensive and ambitious scheme anywhere in the world. Leaving aside all the technology aspects this would be an unprecedented scheme.

Q739 David Winnick: Shades of 1984?

Mr Thomas: I would rather not be drawn down emotive routes, Mr Winnick.

Q740 David Winnick: I think we will come to our own conclusions, Mr Thomas, after what you have just told us. If I can come to the question I put to you, the government is saying in effect, "Yes, the card is so sophisticated, it is the gold standard of identify. The criminal gangs will not be able to get in on the act." What do you say to that?

Mr Thomas: I have to be very concerned. The phrase "gold standard" appears many times in the consultation paper and I understand the government's wish to create a super standard. At the moment the passport is widely recognised as being the most thorough document. The data associated with passports is of a great deal higher quality than, for example, for driving licences. We know from our own experience with the DVLA that there are, inevitably perhaps, large numbers of mistakes and problems. However, the passport is widely targeted by criminals and counterfeiters. Passports have a significant value on black markets. I think that an identity card which is purporting to have the attributes which are intended for it by the government would be a very attractive proposition for criminals.

Q741 David Winnick: Even with biometric details?

Mr Thomas: Even with those. We are yet to see the technology in practice; this is largely untested technology. I have some anxieties about such a comprehensive scheme with over 60 million people perhaps eventually coming on the scheme with technology which has not yet been fully tested. In theory, if the technology delivers that which it says it will deliver then perhaps the risks will be reduced, but there are the risks of people with questionable motives, forging or counterfeiting cards. There are probably even greater risks of mistakes and errors occurring. We see these with every database we come across. However hard organisations try (and they do try very hard) to eliminate mistakes, to keep information up to date, mistakes do creep in. One point I especially want to emphasise to the committee is the very serious detrimental effect it can have on the individual. Whether there is deliberate identity theft, someone using a stolen card, or whether there are mistakes made there can be some very serious consequences, not just denial of access to public services but a great deal of aggravation and sometimes loss of livelihood and other more serious consequences arising from mistakes made. My anxiety is that this is going to be the gold standard. This is going to be the official document, the scheme with the authority of the state behind it, and that may make people perhaps too credible about the acceptability of the information flowing from the scheme.

Q742 David Winnick: As regards the final paragraph on page 7 in your very interesting paper to us, on future compulsion, if the situation arises where clause 6 does go into operation on compulsion, you are saying in effect that one could have a situation not only where the public sector organisations would ask for the identity card to be produced but private sector ones as well?

Mr Thomas: Yes. I would like to say a little more about clause 6 because there are safeguards here as in other parts of the Bill. I acknowledge safeguards which have been put in here. Clause 6 deals with the move to compulsion. I have some doubts about whether this really is a voluntary stage moving to a compulsory stage. As was said earlier this afternoon, it is not really voluntary for those wanting passports or driving licences. There will not be a non-ID version of the passport or the driving licence as we see it, so it will not be genuinely voluntary in that sense. But even if one accepts the notion that one tries out a voluntary scheme first of all, I just question whether it might not be better to have a separate Bill which creates the compulsory stage at some later stage. The government identifies for its report that the super affirmative procedure will require a report, and the criteria for judging the acceptability of the scheme are set out in paragraph 1.13 of the consultation paper. I would like to go through those because I think they are important. First of all, are we confident that the roll-out during the first phase has delivered significant coverage of the population? Secondly, is there clear public acceptance? Thirdly, is the scheme making a further significant difference to tackling fraudulent access to free public services and to tackling illegal working? Lastly, is the technology working? Those are perfectly respectable and acceptable criteria but I just question whether a single report covering those matters written by the government and then a yes or no vote in both Houses of Parliament is sufficient. Why not test the acceptability of the scheme on a voluntary basis to see whether the British public take to the scheme, whether it does meet all these tests, and then if the answer seems to be yes there may well be a need for some fine-tuning. We cannot anticipate all the problems at this stage but it seems to me that a Bill putting it on a compulsory basis at that stage may be better. I do have some concerns about clause 6, going back to your specific question. For example, it is said that under the voluntary stages a private sector organisation could not insist upon the production of an identity card. Under the Bill as drafted that particular safeguard disappears when you move to compulsion. There are a number of examples like that where some of the safeguards which are there during the so-called voluntary stage are taken out once an order has been made under clause 6.

Q743 David Winnick: Some people have said in effect that the term "function creep" is an exaggeration put forward by critics and the rest of it, but what you have said in the last paragraph of your brief would mean that function creep would be paramount. If clause 6 ever comes into being as it now stands what you are saying is that you would find it virtually impossible to go anywhere where some identification is required without having to produce the card.

Mr Thomas: I find it difficult to envisage exactly what life would be like then but you are right to say that after that stage, once an order has been made under clause 6, production of the card, the use of the information held on the register, would be a great deal more widespread than perhaps many people have envisaged. The government does address the issue of function creep in its paper very fully and I am pleased about that, but I am bound to say that to a large extent the government seems to talk in terms of function creep about the sort of information being collected. We are concerned more about the uses to which the information is going to be put. When I came to this committee last time I tried to elaborate on the various types of function creep and that is one issue which I am not sure is addressed very clearly by the government. Taking the totality of the Bill, we have counted at least 20 order-making powers in this Bill and each of those if you like can take this a stage further into more detail than currently appears on the face of the Bill.

Q744 David Winnick: It is said in the government's draft Bill that it will not be an offence not to carry the identity card, but of course would it not be the situation that if the police stopped somebody and the person did not have the identity card, that in itself, though not an offence, would mean that there would be an inevitable feeling on the part of the police officer of suspicion about why the person being questioned did not have the identity card with them, and that could apply of course to other matters not relating to the police?

Mr Thomas: That is certainly possible, yes.

Q745 Chairman: Before Mr Prosser comes in could I ask a question about whether the concern is actually about the issues of principle or the fact that there is not a clarity about what is going to happen if the Bill comes through? Let me put a hypothetical question to you. If one listens to the evidence this afternoon, it might well be the case that the identity register would build up information on the number of times that somebody had travelled in and out of the country, that it might have links to the police national computer which might reveal that somebody had a previous conviction for drug importation and someone says, "There is a lot of information there which is highly sensitive". On the other hand the ordinary member of the public might take the view that analysing that information which enables someone to show that they have made a series of repeat visits to Colombia, stopping off at a couple of Caribbean islands on the way and then coming back to this country, might be the sort of thing that could usefully be interrogated from the use of this information. There are a number of different issues there, are there not? Should that information be stored? Who should be able to interrogate it, if at all, or is that the sort of use of information that in principle should be beyond the pale of this scheme because frankly it just takes us too far into tracking a lot of individuals' information in order to identify some?

Mr Thomas: No, I am not saying that there is not an inter-relationship with investigation of crime with those sorts of aspects. Those have been brought out this afternoon. I am not saying you can divorce those. What I am saying is that one has to be as limited as possible. Data protection is all about drawing lines. It is a question of where you draw the lines. My concern is that too much of this Bill at the moment as drafted is very open-ended. If we can be precise about the particular purposes; if we say, as parts of the Bill do, that there are exceptions or provisos specifically where there is national security concern or where there is the investigation of either serious crime or other sorts of crime, in particular situations that may be acceptable, but so much of this is written in much broader language. If I can just give you one example in clause 20(5), which is about information sharing, that is, "a disclosure of information not falling within paragraph 9 of Schedule 1" - that is, all the non-audit trail information - "is authorised by this section if it is made to a prescribed officer" of the Secretary of State's department for the purposes connected with the carrying out of any of the prescribed functions of the Secretary of State. Of course, that is very wide indeed. It is the Secretary of State for Transport, for Work and Pensions, for the Foreign Office; every Secretary of State, and it is very easy to make an order to bring a very wide range of information inside this subsection for the purposes of information sharing. We know from our data protection experience that where too much information is shared, where there are not appropriate lines drawn, then individuals can and do suffer serious consequences in particular situations.

Q746 Mr Prosser: Mr Thomas, you have delivered a robust critique of certain aspects of the draft Bill this afternoon. Can I ask whether you have completed or delivered your formal response to the Bill yet?

Mr Thomas: No, we have not, Mr Prosser. We have provided this committee with our initial analysis of it. We are working to the mid July timetable. We have had discussions with some of the officials at the Home Office. One was in my office just yesterday where we were discussing some of the detail with officials, but we will be producing and publishing a full critique nearer the middle of July. We are coming today to give you our position so far.

Q747 Mr Prosser: This is a curtain raiser?

Mr Thomas: Yes. I am not suggesting that we have got a great deal more. We will elaborate and perhaps fine-tune our critique but we are giving you where we have got to so far. Of course, we have been looking at this now for nearly two years since this government proposed these particular proposals and my office looked at the previous government's scheme some years ago.

Q748 Mr Prosser: Earlier on this afternoon you said that one of the reasons you were concerned and why you have consolidated your concern is to do with what the Bill is about. Is it primarily about terrorism or access to services or illegal working or asylum abuse or whatever? Is there not justification for an identity card and a database if it addresses all of those and perhaps in good measure? What is wrong with that?

Mr Thomas: The concern is the absence of any clear rationale for it. If you were to identify particular functions we could then look at a scheme and say whether or not it is appropriate for that scheme. In the written submission we gave to the committee we gave you details of a government committee in the early 1950s looking at the Second World War national identity card. That was introduced in 1939 with three stated purposes: for conscription, for national security and for rationing. By 1950 the government committee of the day found that in those 11 years that scheme had grown to 39 stated purposes. The debate at the time the committee reported in the early 1950s was that the main rationale for identity cards was the prevention of bigamous marriages. One has to draw lines somewhere, I am afraid. One cannot just say, "All these are fine. We are not too concerned about the detail". I think the interests of individuals do require absolute clarity as to the purposes.

Q749 Mr Prosser: Just dwelling on that for a moment, if consecutive Home Secretaries are receiving reports, first of all from the police, who say that a big problem with organised crime is proving identity, an identity card would help matters, and then if immigration officers send reports back to the same department saying that the illegal working system is almost impossible to crack properly unless they can have assurance of identity, and if the CID report back and say that organised crime is running rampant because of the theft of identity, - and we have heard the stories of people found with 57 different identities in their possession - and there can be other examples, of course, all the way down to terrorism, if all those lines of investigation are all coming back to the Home Secretary or to government and all of them are saying that one major sensible practical way of addressing this could be a secure identity card, that is a rational way to proceed, is it not? There has not got to be one overwhelmingly compelling reason to drive forward a Bill.

Mr Thomas: Not a single reason, but we have not had that rationality spelt out. We have not seen how identity cards are going to be used in these various examples. We have not seen precisely why the entire population needs to provide so much information in order to deal with illegal working or with organised crime. Yes, they are particular problems. Yes, we may need to have more information about those engaged in those activities, but that is not necessarily a rationale or justification for the entire population.

Q750 Chairman: If I can bring you to the Bill, if the government with its resources has assessed these problems and decides, as the Home Secretary said to us not long ago, that this makes a contribution to solving those problems as a matter of policy, and we are now dealing with the Bill, what is it exactly that you would like to see on the face of the Bill that ensures that the ID card scheme does what the government has said it wants it to do, because, with respect, it is probably not for the Information Commissioner to assess the effectiveness of measures against illegal working or drug trafficking or whatever; it is about the use of the information? What would need to be on the face of the Bill to address the fundamental concerns you have about that?

Mr Thomas: My greatest disappointment is clause 1 where we talked a lot in the past about the need for clear statutory objectives and I do not see that in clause 1 as drafted. Clause 1 is very general, very unclear and does not give us clarity as to the purposes, to use the statutory language of data protection, for which this information is being processed.

Q751 Mr Prosser: I want to turn now to some of the many elements of concern that you raise. First of all, you talk about the possibility of people who are not really eligible to have an identity card being entered into the register. How realistic is that, bearing in mind that without a biometric it would not be much use to anyone, would it? What is the problem there?

Mr Thomas: Is this the issue of those being entered onto the register without their own knowledge?

Q752 Mr Prosser: Yes.

Mr Thomas: This was a novel feature. It is in the consultation paper. We had some anxieties. Some of these were voiced by others earlier this afternoon. Being on a register with such powerful consequences without knowing that you are there I think is serious. The very least one might expect is to have a notification to the individual saying, "You are now on the register. Here are the details we have about you", and people would be able to check the accuracy and the up-to-dateness of that information. That would be one thing which is not in the Bill at the moment.

Mr Bamford: This is again one of the problems with the inter-relationship between an ID card and a central register. Essentially you could have a situation where although there is a prohibition on having to produce an ID card there is no such prohibition on somebody checking the register as long as it is authorised by somebody. We often authorise people to do checks on criminal records when we apply for jobs, not expecting there to be anything there. In theory an individual could have found their way onto the register without their knowledge and somebody could be checking that in terms of service delivery and that could have severe consequences for the individual if that information was wrong. The sources where this may come from are not specified. I know that previous evidence has implied, "It is so that we can deal with asylum seekers and others", but the wording of the Bill does not limit it to that. It could in theory come from other government databases, such as the ones that are proposed at the moment, for example, the Children's Bill. We need to understand that the way this all hangs together can mean that there can be detriments to individuals as far as the identity register is concerned if you end up there without realising you are on it.

Q753 Mr Prosser: On that point, the interchange with the citizens' database, if that ever comes in, and the children's register, do you want no relationship at all between these various databases or do you want to limit the relationship and interchange between the databases?

Mr Bamford: Again, what is the purpose of having it? If anybody wanted to have a citizens' information project database what is the real benefit for that for this particular register, about which a lot has been said about how it is going to be collated from scratch, it is not going to be based on existing databases but there appears to be provision to allow information to flow from existing databases with all the flaws that may be there without having the chance to clear those? Similarly with the Children's Bill database, you can do it under clause 8 of that, which will be a powerful database if it comes to pass because it will have details of all our children in the UK on it: what is the idea behind that? Is it, as the minister said, that one of the things that people might get on their 16th birthday might be their national identity card essentially, so that they can spot rising 16's? If that is the case people should be aware that that is happening. It certainly is not then an application as such and people doing it voluntarily. The question is, with the other information flowing there what are the real aims for doing that? If there are no real justified aims then it should not flow there. That goes back to one of the issues about the National Identity Register and what is it there for. Is it there for its ostensible purpose under clause 1, essentially to have a register of registrable facts, or is it there to deal with service delivery issues ultimately? A lot of the points have been alluded to as service delivery issues in terms of checking people who may be going backwards and forwards to Colombia or whatever rather than just being an issue about, is that Jonathan Bamford?, is that Richard Thomas?, so again we have to be very clear what its real use is and whether the information is relevant or not.

Q754 Mr Prosser: We took evidence on the work done so far on the Citizens' Information Project and that database and we were told that it was first thought of in 1908. Our view on the committee was that you wait a hundred years for a database and two come along at the same time.

Mr Thomas: Possibly three or four because we have mentioned the children's database. There is also the NHS one. We have some concerns and we are frankly in the dark about how all these inter-relate.

Q755 Mr Prosser: You also complain about clause 5 which you say is another open-ended problem, and you say it is "the open-ended requirement on an applicant for registration to provide such information as the Secretary of State sees fit to require". It is open-ended. How would you want to restrict and limit that to make it more practicable?

Mr Bamford: There must be an idea already what sort of information the Secretary of State might reasonably require. Is it a birth certificate or those sorts of documents that we are really familiar with that could be set down in a statute without too much pain where we could be clear about that? What are the limitations there on the retention of that information? In Schedule 1 there is the issue about the application process and documents as part of the validation process and it says that information that is used for validation can be kept, so when you think about a birth certificate, are the details that are on the birth certificate going to be kept - who somebody's mother or father was, their occupations at the time of birth? We have to have some limitation to make sure that the only information there is that which is required to establish identity and that we do not end up with a lot more collateral information being retained for no apparent purpose relating to that individual's identity.

Q756 Mrs Dean: You are concerned that the Bill does not specify the details that might be legible on the face of the card. What do you think would be appropriate?

Mr Thomas: This is one of those issues again going back to purpose. For a driving licence it is acceptable that the address should be on the face of our paper or plastic driving licence as it is now. I am not at all comfortable with the idea of the address being on an identity card. I would not like to see the address on a passport. I do not want to go through airports or see others using my card around the world knowing I am away from my home. That creates a range of risks and problems. I would be very unhappy with the national insurance number being on the face of a card. I would be pretty unhappy I think with the national identification number, as put forward under this scheme here, being on the face of the card. I am talking at the moment about what is printed on the face of the card. There is then another set of questions about what is on the chip because it is clear that there will be some sort of microchip on the card which will only be readable by appropriate machines. We want safeguards and controls there. We have made points to you that that should be encrypted. That is not currently contemplated but we think that safeguards are required so that electronic eavesdropping, which does go on, could not take place in this area to download information improperly. We need to look at the detail of this as we move forward when - and I am sorry to repeat the point - we are clearer as to the purposes of the scheme.

Mr Bamford: One of the possibilities that now appears to have been blocked off is that you can have a non-ID card version of your passport or driving licence, so we will have two ID cards potentially with increased information over the primary purpose of that document, ie, a passport or a driving licence. In some instances individuals might choose not to have an ID variant of that because they have to produce their driving licence in lots of circumstances around the world so they do not want the collateral impact of the ID card information being captured by car hire companies or others who might not look after it quite as well as it would have been if it were the original service provider for ID card purposes.

Mr Thomas: The complete answer to your question is, no more information than is necessary for the intended purpose.

Q757 Mrs Dean: Turning to the contact chips, is it realistic to expect ID cards to have contact chips or encrypted contactless chips?

Mr Thomas: I do not see why not. Technology is moving in that direction and the technology, as I understand it, is more straightforward than biometric technology so that is not a particularly difficult area. There may be some incompatibility with the international travel documentation being proposed by the ICAO, the International Civil Aviation Authority, but do bear in mind that they are having to deal with the entire world, including remote parts of the world where they have not got the sophisticated equipment to read encrypted data, and do also bear in mind that when your travel documentation is being scanned at an airport that is a fairly secure environment. When you are producing your card in a very wide range of environments going from the doctor's surgery to the social security office to the local town hall, there is much less control over the circumstances in which that card is being read. That is one argument, we feel, for having a much tighter regime here.

Mr Bamford: To be fair, clause 8(2) does say that an ID card must record prescribed parts of it in an encrypted form, so there is a step in that direction, but we would go further and say it all should be in an encrypted form because there is this real prospect with contactless chips that they can be electronically eavesdropped when the transaction is taking place.

Q758 Mrs Dean: What restrictions would you like to see on the requirement to notify changes to information on the register? Are you concerned about the possibility of charging for updating the register, and also, as was mentioned earlier, do you have concerns about vulnerable groups not changing that information that should be on the register?

Mr Thomas: One of the data protection principles is that information should be kept up to date, so in principle with a scheme like this it is important that systems are involved in making sure that they provide up to date information and that they are able to check the current accuracy of their own information, so in principle that must be a good thing. However, I do recognise the point that on the one hand if there were to be a charge for it that may be a deterrent. Of course, ironically, if you do not do it you may face a fine, so you may have to pay one way or the other. I do understand that when you notify a change to the DVLA you do not pay anything at the moment and maybe any scheme would have to be designed with that same principle in mind.

Q759 Bob Russell: Talking about clauses 14, 15 and 20-24, disclosure of information on the register, in particular 14(4), you have given us quite a catalogue of reasons for significant concern. Under 14(4) you say that the "potential for disclosure with consent to be manipulated by others should not be underestimated". Would you like to see clause 14(4), which you say removes the right to see an audit trail, taken out of the Bill?

Mr Thomas: This is a very strange clause. You touched upon it earlier this afternoon. We are very puzzled by it. It cuts right across the so-called subject access right in the Data Protection Act, which is expressed to be notwithstanding the terms of any other statute. That flows from the European directive, the principle that people can see their own records. This appears to undermine that principle and we are not at all clear what is intended here, whether the Home Office intends that people should not see their own information. We are rather doubtful that that was the intention so it may just be the drafting which needs to be put right. There may be some national security concerns but the Data Protection Act recognises that, because the subject access there is subject to national security and investigation of crime limitations. There is a wider point which was touched on in your question, Mr Russell, which is, can people be manipulated into seeking their own information? In the jargon we call this enforced subject access where people are effectively required to search out and get details of their own record, and we find that objectionable, and indeed it is outlawed by section 56 of the Data Protection Act, although that section has yet to be brought into force. The principle we find unacceptable.

Mr Bamford: Can I add a couple of points of detail to that? To deal with the last point first, again, I am sorry to harp on about the relationship between the register and the card, but there is a provision which deals with people being required to produce their identity card at clause 19. Normally that will not be the case unless it becomes compulsory and then that falls away. That deals with the card being produced but there is no requirement there to stop an organisation saying, "If you authorise us you can have this service better", so there is not the same safeguard with the information on the register being consulted at clause 14, and the two go hand in hand and should have similar provisions. As the Commissioner has mentioned, we should have public information data protection systems which should stop enforced access and deal with that point, but again there is a disparity between the register and the card. There is a safeguard in one instance; there is no safeguard in the other. The two need bringing completely into line. In connection with this confusion over clause 14(4) and somehow overriding an individual's right of subject access, as has been mentioned, we do believe that all legislation has provisions which may again override that, though that is a debatable legal point. I did note from earlier evidence from the minister, Mr Brown, that when he was asked about video stores and others checking the central register he said that the fact that an individual had a right of access to see who checked their register entry in the National Identity Register would be a great safeguard for them. We need this point clarifying because either that is a safeguard or it is not a safeguard. The way things stand at the moment it would appear that an individual would not be able to check who had accessed their details, whether it was a video shop or whether it was the security services.

Q760 Bob Russell: I thought I asked quite a short question. That was a very extensive, exhaustive answer but I am still not sure whether you are saying you want clause 14(4) removed or left in. There are so many qualifications and clarifications and fine-tuning. Could you just say whether you want it left in or taken out?

Mr Thomas: We do not like it as it stands.

Q761 Bob Russell: So as it stands you would like it out?

Mr Thomas: I think it has to be out or substantially re-worded.

Mr Bamford: As the Commissioner has already mentioned, if the concern is individuals using their rights of access to find out whether security services have checked the register, there are already exemptions under the Data Protection Act access rights to safeguard that sort of information from access.

Q762 Bob Russell: You quite rightly drew attention to the various problems and you have stated categorically that unless those problems are resolved in your opinion it must come out.

Mr Bamford: Yes.

Q763 Bob Russell: Would you prefer procedures for an individual to grant others access to their data to be spelled out in the Bill? I guess the answer is yes.

Mr Thomas: Yes, indeed. I think that follows from everything we have been saying for the last five minutes.

Q764 Bob Russell: Finally, what restrictions would you want to see on access to the register by the police and intelligence agencies, and I am not sure what is meant by "the intelligence agencies" here? Presumably not the local social security office.

Mr Thomas: Presumably we are talking about the security services as described in various parts of the Bill. I certainly accept that where national security is concerned those defined services are entitled (and rightly so) to have access to information which the rest of us do not know about. I do not have any difficulty with that. I do have difficulty, again echoing earlier comments this afternoon, with the width of the provisions in clause 20(2) at the moment which effectively give those services unlimited entitlement to the information for any purposes. We have not only to identify the organisations but also the purposes for which they want the information. If they want it for national security or the investigation of serious crime that is fine, but just leaving it very open-ended, as the Bill in clause 20 does at the moment, is not satisfactory.

Q765 Bob Russell: You have given a powerful answer on the intelligence agencies. Why do we not return to the police? At what level within the police force would access be acceptable to your mind, bearing in mind that the term "police" is ever-widening as far as I can see with privatisation and so on? At what level of the police would you say that access would be permissible?

Mr Thomas: I am not sure I have got a comprehensive answer to that this afternoon. Jonathan is one of my experts on policing matters. The Bill does attempt to draw a distinction between serious crime and less serious crime and that is probably a good thing. I think what you are implying is that there may be various levels within a police service and various types of police service which opens this up very widely and that does raise some concerns.

Q766 Bob Russell: Can I ask you to mull that over because I would suggest, Chairman, that if the police were to have access it would have to be at quite a senior level?

Mr Bamford: Knowing the difficulties of the police in the past, the case is often that the most senior officer in the Dumfries and Galloway Police might be a very junior rank at three o'clock in the morning who is having to authorise things, whereas in the Metropolitan Police it might be someone of quite a senior rank. This is as much an issue for the Police Service in terms of the ranks they have available to authorise things at times of real need. From a pure data protection point of view it is the issue of what is the evil you are trying to address and is the case made out for that in terms of proportionality? Is it serious crime and is it likely to prejudice that serious crime? That would be the real issue for us, not whether it was authorised by an inspector, chief superintendent or assistant chief constable.

Mr Thomas: There may be a case in some cases for some sort of authorisation process, judicial authority or whatever so, as part of our answer to that, it may have to be properly authorised along the lines set out in the regulation of investigatory powers legislation.

Mr Bamford: To go back to this point of class exemptions, if you like, of whether it is the director-general of a security service, I think we need to recognise that the Director-General of the National Criminal Intelligence Service and the Director-General of the National Crime Squad have many functions which are traditional policing functions which are not ones that are allied to national security. I am sure the Director-General of NCIS is particularly interested in football hooliganism at the present time but there is a disparity between the level there and their brother or sister chief officers in other forces where it is a serious crime test for them rather than whether it is one of their functions. Given the fact that NCIS in particular are the national central bureau for the UK for Interpol and the national unit for Europol, you could in theory find information flows to other police forces around the world at a lower level than will happen in the UK. That needs to be looked at quite carefully.

Q767 Chairman: Mr Thomas, you gave us a number of reasons why there should not be an address on the identity card. Can you explain why a number of other European countries have universal identity card systems that show people's addresses which do not seem to have caused huge problems with the citizens of those countries? Are we dealing here with theoretical problems or practical problems which, on the basis of extensive international evidence, you can show us exist?

Mr Thomas: I do not know that we can claim to be experts on what happens in the various other countries. We have given to this committee a paper which gives some information which we gathered from our colleagues in other parts of Europe. I made it very clear on my first appearance before this committee that identity cards can co-exist with data protection regimes. Clearly they do in the rest of Europe. That is why I am very careful to say we are not against identity cards, but I think we are talking about something now which is far more extensive than exists anywhere else in Europe.

Q768 Chairman: I am not asking about the general issue. You made a very specific point that there should not be an address on the identity card. Other countries seem to have systems with addresses on identity cards. I am very keen on that very narrow point; I do not want to rehearse the wider argument.

Mr Thomas: If I could just correct myself if I gave that impression, I was not saying I was hostile to addresses on identity cards. What I was saying was that the address can be there if it is consistent with the intended purpose. That is why I found it acceptable for a driving licence, not acceptable for a passport, reflecting current practice, and an open question about an all-purpose identity card. There are some risks with address, there are some risks with national insurance number and so on.

Q769 Chairman: Can I ask you finally two points and perhaps you can wrap them up in one answer? You make two points about the Bill and one is about independent oversight. What exactly would you like to see done in the Bill to either strengthen the powers of the proposed Commissioner to make them adequate or to have a different body altogether?

Mr Thomas: I would like to see strong independent oversight. We made this point to you last time.

Q770 Chairman: What would you put in the Bill?

Mr Thomas: There was a case for a new body or for the Commissioner, as set out here, to be enlarged; to ensure that the various requirements of the legislation are achieved in practice; to keep the entire system under review; to specifically charge a dedicated regulator, if you like, to ensure that the scheme is being operated in accordance with the statutory arrangements, and is being operated in accordance with the policies, the practices and the procedures as announced by the government; to provide an annual report to Parliament, going wider than the power envisaged by the clause at the moment. What I would also like to see is my own powers enlarged as a longstop. I have the power to audit any data controller - and there will be a data controller for this scheme - but I can only do so with the consent of that data controller. This is unusual across the whole of Europe. All my European colleagues can go in and do an audit without the consent of the data controller. At the moment I have that limitation. I would certainly want to see that limitation removed in relation to this particular scheme. To the extent therefore that I have a longstop role as the Information Commissioner it is absolutely crucial that I can audit without the consent of anybody.

Q771 Chairman: Would you like the Commissioner to have powers to intervene and stop some practice or forbid some practice from the operation of the scheme, or merely to be able to report on it?

Mr Thomas: There may well be a case for that. One of the points we made to you in our written submission is that completely absent from the Bill at the moment is any sort of special procedure for the citizen who wants to challenge something which is unacceptable, inaccurate, inappropriate or whatever. The only remedy appears to be judicial review and we all know the costs and the difficulty of going to the courts by way of judicial review.

Q772 Chairman: Could you just continue that point? What rights should the individual have?

Mr Thomas: I would like to see spelt out, as one does see in most administrative schemes of one sort or another, provision for the aggrieved citizen, with reasonable cause or legitimate grounds for concern, to go to an independent body. It could be the same body as has the overall regulatory oversight or it could be another tribunal; that is a detail, I think. I would like to have an independent mechanism to which the citizen could go for challenging the accuracy of information or for the way in which the first information was being used and, if appropriate, for claiming remedies in the form of compensation or a prohibition on unacceptable processing.

Chairman: That is very clear. Thank you very much indeed, gentlemen. It has been a very useful session.