House of Lords - Constitution Committee

Surveillance: Citizens and the State - Constitution Committee Contents

Memorandum by Dr C N M Pounder, Editor of Data Protection and Privacy Practice

INTRODUCTION

1. This evidence is limited to exploring two of the issues identified in the Committee's press release associated with the launch of its investigation: "To what extent are the provisions of the Data Protection Act 1998 sufficient in safeguarding constitutional rights in relation to the collection and use of surveillance or personal data?"; and "Is there a need for any additional constitutional protection of citizens in relation to the collection and use of surveillance material and personal data? If so, what form might such protection take?".

THE NEED FOR A NEW KIND OF PARLIAMENTARY SCRUTINY?

2. The current mechanism of Parliamentary scrutiny has resulted in the following problems:

SCRUTINY OF SECONDARY LEGISLATION

3. Parliamentary procedures with respect to secondary legislation can lead to problems in the way scrutiny is effected, and this can be illustrated by the letter the Home Secretary wrote to the Joint Committee on Human Rights in relation to the ID Card scheme.[11] The Home Secretary claimed that if the detailed implementation of powers by Statutory Instrument (SI) breached the Human Rights Convention, then these SIs could be struck out by the Courts using its powers under the Human Rights Act. It follows that all human rights issues can be considered by Government when the instrument is drafted and not when the powers are being obtained.

4. There are several problems raised by this approach:

(b) scrutiny of primary legislation by Parliament when granting the powers can be limited because of the timetabling procedures can be used by Government to limit debate on important topics.

(e) Pre-legislative scrutiny by Parliament is effectively replaced by post-legislative scrutiny by the Courts. If a Court were to strike out a Ministerial order, (eg as happened in the field of terrorism), it would bring with it the prospect of further clashes between the Government and the Courts and thereby risk of politicising the judiciary.

(f) scrutiny becomes the preserve of those rich enough (or poor enough in the case of legal aid) to take human rights cases through the Courts in an attempt to strike out statutory instruments. This legal tussle is also an unequal struggle—the average citizen is pitted against a Government which has access to a bottomless public purse and teams of its own lawyers, if need be.

5. The JCHR has already commented on the problems identified above in its 19th Report. This Report recommended that Government should publish, with each Bill, a Human Rights Memorandum[15] which justified how any proposed Bill was compatible with obligations under Human Rights legislation.

6. The Government has not accepted the above recommendation.[16] It is difficult to see how Parliament can scrutinise effectively without the above information, and I suspect that many members of the public would be surprised to lean that Parliament does not have access to such information.

WHY PRIVACY IS AT RISK?

7. The Data Protection Act does not protect privacy to the extent imagined. I have detailed these arguments elsewhere[17] but I summarise the main points below.

(a) Data sharing policies have the effect of merging Government Departments that share personal data into a single data controller, whereas the Data Protection Act assumes an array of separate data controllers. This change arises because data sharing statutory gateways allow personal data collected for one purpose by one Department to be used for other purposes under the control of different Departments. In data protection terms, this especially degrades the protection afforded by the Second Principle (purpose limitation).

(d) Government Ministers are often responsible for policies which require interference with private and family life, or have oversight or responsible for the organisations which undertake such interference. A conflict of interest arises as these Ministers, at the same time as being accountable for this interference, establish the procedures which protect private life from such interference.

(h) Data retention policies are likely to be subject to function creep. The reason is that retained data are stored on a systems that costs £millions and there will be pressure to demonstrate value for money (eg by using the data for other purposes). That is why the NIR started life as a security system and is now a public administration, identity management and security system.

(i) Data retention policies require the public to trust the authorities performing the interference. The public has to trust that any use of retained data is limited to justified purposes approved by Parliament. The public have to trust that all staff who have access to the data are fully trained not bend the rules. The public has to trust that procedures which authorise interference are followed scrupulously. The public have to trust the politicians not change the law or use powers to permit function creep. All this trusting is one directional—from the public.

(j) The merger of security and privacy on the European Commission model is not the solution as this risks making privacy subservient to the security objectives.

OVERCOMING A STRUCTURAL PROBLEM

8. I think a major problem lies the fact that the public body or Minister responsible for policies/procedures that require interference with private and family life can also establish the policies/procedures which protect the public from over-zealous interference. The Home Secretary, for instance, produces Codes of Practice with respect to interference and safeguards in relation to policing, data retention, surveillance, immigration and national security matters. A recent example is the Serious Crime Bill where the Audit Commission are given powers to extend its data matching responsibilities (ie interference) and produce a Code of Practice which offers protection. As a matter of general principle the responsibility to interfere should be separated[23] or distanced from the responsibility to identify safeguards. As will be seen, such a separation could give Parliament an active role in determining public policy with respect to privacy versus security.

9. For example, suppose a Minister had to draft a Code of Practice for the processing of personal data in circumstances where the Commissioner had to approve the Code of Practice before the processing could commence. This means that the Commissioner would be able to withhold approval on grounds, for example, that the Code breached a Data Protection Principle or would be in breach of Article 8 of the Human Rights Act. You could have procedures where the Commissioner's view of the law could be tested, as of now, via a Tribunal system which could lead, via an appeals process, to the Courts.

10. Obviously, if there were to be a disagreement over a Code of Practice, there would be a period of negotiation where by the Secretary of State and Commissioner would try to agree. If such negotiated agreement occurred, then all well and good—the Code of Practice comes into operation. If no agreement was possible, the Secretary of State could ultimately override the Commissioner's objections by exercising powers that need an affirmative resolution before the provisions of a contested Code of Practice could come into effect.

11. The affirmative resolution requirement would mean that any disagreement would be brought before Parliament for a decision on the use of powers by a Minister, and before Parliament makes the decision, it can be fully informed as to the nature of the problem (eg take evidence from the Commissioner and Minister etc). However, at the end of the day, it is Parliament that is defining, publicly, where the balance between interference and privacy should arise—and not the body/Minister who is responsible for the interference.

12. There is also a need for a mechanism to allow a Code of Practice to be changed by the Commissioner after it has come into effect (eg where changes are needed because the practical effect of the Code has become apparent). There again, in the case of unresolved disagreement, powers, needing affirmative resolution of both Houses of Parliament could be made available to the Secretary of State. If the powers are used so that the SoS comes to Parliament for a decision. Again, it is Parliament having a role in defining the boundaries of social policy with respect to security versus privacy—rather the Secretary of State taking these decisions in isolation.

13. However, as soon as you have a mechanism which allows the Commissioner to change Codes of Practice, then it is easy to graft on a mechanism that allows data subjects/data controllers to press for changes to a Code of Practice. For example, data subjects can argue for a change in the Code of Practice because it is defective, whereas data controllers can argue for changes which reflect new processing circumstances. This kind of mechanism directly engages both groups of stakeholders in a data protection Code which effects them - namely, data subjects and data controllers. Codes of Practice become dynamic and responsive.

CONSTITUTIONAL ISSUES ARISING FROM A LACK OF SCRUTINY

14. The Appendix to this evidence illuminates a final constitutional issue; it arises when, for whatever reason, Government does not want something to be scrutinised. The "something" in this case relates to the Identity Card Scheme and the decision to use the National Identity Register (NIR) as a population register (the NIR is the database associated with the Scheme). The way that this decision was reached, in my view, raises questions as to whether Parliament is in a position to scrutinise any legislation effectively.

15. For instance, is it "constitutional" for the Government to use of the NIR as a population register:

16. In general, officials (and one assumes Ministers) knew before the General Election of 2005, that the intention was to use the NIR for a general public administration purpose. This fact could have featured as part of the General Election debate (and could have received an electoral mandate for this part of the ID Card program). As it was known that the use of the NIR for a general public administration purpose represented 20% of the business case for the ID Card scheme, should this fact have appeared in the ID Card Bill's Regulatory Impact Assessment laid before Parliament? Should a Ministerial statement informing Parliament of the change of use of the ID Card scheme been delayed for nine months until after Parliamentary scrutiny of the ID Card Bill was complete?[27] Should one of the several Parliamentary opportunities presented to Ministers to announce important changes to the ID Card scheme been taken?[28]

17. If the politics of accountability, scrutiny and debate over public policy cannot be channelled through a Parliamentary process on a subject as mundane as "efficient public administration", how can Parliament assume it has properly scrutinised any other governmental policy? Given that the next Prime Minister has already signalled his intention to grant Parliament more powers of scrutiny, my hope is that the evidence presented in the Appendix plays a part in these new constitutional arrangements.

18. For convenience, I have added to the Appendix, commentary which relates to the Committee's two Reports into the ID Card Bill on 17 March 2005 and 12 October 2005.[29] My own view is that if the Constitution Committee had been aware that the decision had been taken to use the NIR as a general public-sector information resource then I suspect these Reports might have been worded differently.

19. Finally, there is wide-spread concern that Parliament is no longer the focus of political and policy debate. Perhaps the evidence in the Appendix goes a long way to illustrate one reason why this is the case.

May 2007

APPENDIX 1

"APPENDIX: TIMELINE OF THE DECISION TO USE THE NIR AS A POPULATION REGISTER

INTRODUCTION

A1. When I gave oral evidence before the Home Affairs Select Committee in its inquiry into the draft ID Card Bill, I made the remark that a comprehensive public administration function should not be "piggy-backed" onto the National Identity Register (NIR), the name for the database associated with the ID Card system, without a thorough public debate as to the consequences.[30] The evidence I now lay before the Committee (in this Appendix) concerns how these plans were made without effective scrutiny by Parliament and contrary to a promise of a further round of public consultation.

A2. For example, months before Constitution Committee's Reports into the ID Card Bill (eg in September 2004), the Home Secretary knew that the ID Card had to be compulsory to realise the public service efficiency savings if the NIR was also to serve as a population register (the diagram on the next page[31] was produced by officials in July 2004). I am sure that if the Committee, concerned as it was about the relationship between the state and individual, was aware of this development, then it would have featured in the text of its reports. I am also confident that the Committee would have expected Ministers to refer to this development in their submissions to the Committee. However, for some reason the Committee (and Parliament) was not informed of this incorporation until the ID Card Act had been passed into law—even though this incorporation had been established as Government policy before the ID Card Bill had been printed in July 2005.

A population register

A3. The essential idea behind a population register is that all public authorities should be able to exchange (ie update and download) basic personal details via a central repository. By doing so, the system creates connections between diverse databases involved in such exchanges. There are obvious efficiency savings to be made when such data sharing is undertaken (eg the population register negates the need for a national census). However the risks are also apparent if the population register is associated with an audit trail which possesses an ability to enhance the link between public sector sources of information associated with each citizen (eg tax, social security, health, police, education)[32] and which is intended to extend to private sector information (eg opening a bank account, hire of a car).

A4. The decision to widen the use of the NIR to include a population register fundamentally changes the surveillance role of the NIR. No longer is the purpose of the NIR limited to law enforcement and security where a reason to interfere with private and family life can be justified in terms of security, crime or immigration. Because of section 1(4) of the ID Card Act 2006 refers to "the purpose of securing the efficient and effective provision of public services", the efficiency of rubbish or council tax collection could become a legitimate reason for interference.

A5. The security implications are also different—basic details from the NIR are potentially accessible to hundreds of thousands of public servants in any public authority. The civil penalty of not to keep the address details on the NIR could be viewed as a civil penalty not to update any public authority record (eg such authorities could report those who fail to update address records on the NIR). Who should run such a system also becomes an issue for legitimate debate—should it be the Home Office with its emphasis on security and crime, or the Office of National Statistics (ONS) which has a public administration ethos and is trusted by the public with respect to the Census? It is important to note that all these questions (and others) raise valid subjects of concern which could have (and should have) been debated when the ID Card Bill was before Parliament and that the ONS had identified about thirty issues of this nature.[33]

A6. The basis of this analysis in this Appendix has been published in Data Protection and Privacy Practice (July 2006) and provided to the Committee in a form which it has been updated and fully cross referenced. That updating has unearthed further information which has not been published.

2002 and 2004—The public consultations deny wide use of ID Card database

A7. The Consultation Document launched by David Blunkett in April 2002 posed an interesting question: "As an entitlement card would need to be underpinned by a database of all UK residents, an issue for consideration is whether this database should be a national population register ... or a new self standing database".[34]

A8. The answer came in the subsequent document "Legislation on Identity Cards" (CM 6178) published in April 2004. Under a Chapter entitled "Wider issues not included in the draft legislation" (my emphasis), it stated that "The National Identity Register and a population register are separate but complementary proposals and they serve different purposes" but the Government was "open to the possibility of including provisions relating to the creation and operation of a separate population register within the identity cards legislation" (Paragraph 3.21).

A9. Paragraph 3.20 of CM 6178 also promised that further legislation would be needed to establish a population register; it stated that further work would be undertaken and, that further developments "will also include public consultation to explore the issues around public acceptability of the proposal" so that any new "legislation would also introduce concrete safeguards for the public".

A10. In summary, the public was informed that the NIR was to support security matters—there were overlaps with a population register but they were separate databases requiring separate legislation, and that access to the NIR by law enforcement agencies would be strictly limited.[35] In relation to a population register, a further public consultation was promised "to explore the issues around public acceptability of the proposal".[36]

April 2003—Legal advice and the CIP

A11. Between the two public consultations, and prior to commencement of the Citizen Information Project (CIP), legal advice was taken ("Final Report, Annex 8: Legal issues").[37] This advice stated that if the population register contained limited contact details and if data sharing of these details were to be legitimised by legislation, then such legislation was unlikely to breach Article 8 of the Human Rights Act. The advice judged that any "interference by a public authority" in terms of Article 8(2) would very likely fall within a state's "margin of appreciation". This conclusion effectively told Government that it could lawfully draft data sharing powers, which permitted basic contact details about individuals to be shared across the public sector, without consent of the citizen. The data protection elements related to the First and Second Principles would also be resolved, as these cover essentially the same ground as Article 8.

A12. The general benefits of the CIP database were listed in this legal advice. These were described as: "ensuring that public bodies have accurate information about citizens"; "financial savings to the public purse"; "a reduction of the potential for fraud"; "speedier location of citizen records"; "reduced occasions when one citizen is confused with another"; "reduced occasions when communications between the state and citizen are sent to out-of-date addresses"; "simplified arrangements for citizens to notify changes of name and address"; and "improved targeting of public services and formulation of government policy".

A13. The data items listed in the advice were: "names including name history"; "addresses including multiple addresses and address history"; "sex"; "place of birth"; "date of birth" and "unique identifier number". The advice did not consider that the NIR would become the database for the CIP.

A14. This legal advice was obtained before the first meeting of CIP in February 2004 (CIP meetings involved staff from many Government Departments and senior personnel from the ID Card project were always in attendance). The advice contained sufficient detail to stimulate a public debate on the CIP if the Government wanted such a debate.

April 2004—Draft ID Card Bill published

A15. Clause 1 of the draft ID Card Bill[38] identified one expansive statutory purpose which enabled information recorded in the National Identity Register (NIR) "to be disclosed to persons in cases authorised by or under this Act". Clause 23 of that draft Bill identified a power which allowed the Secretary to State to authorise disclosures from the NIR, without consent, for prescribed purposes which were unconnected with terrorism, national security, crime, taxation, and immigration.

A16. It is clear that these two provisions were drafted in a sufficiently broad way to provide the legal framework for the use and disclosure of NIR data for the public administration purposes which was consistent with the CIP's legal advice obtained in April 2003. So if the intention was for the NIR, established by ID Card legislation, to assume CIP functionality, the Government was clearly in a position to inform the public and Parliament of this step. For example, during the first half of 2004, the Home Affairs Select Committee of the House of Commons was studying the Government's ID Card proposal in detail.

A17. It can be argued that at the text of the draft Bill studied by the Committee reflected the fact that the CIP and NIR were seen as separate. In the draft Bill, the general public sector purposes were "to ensure free public services are only used by those entitled to them" and "to enable easier and more convenient access to public service". These purposes are more limited than the broadly defined "the efficient and effective delivery of public services" purpose found in Section 1(4)(e) of the Identity Cards Act 2006.

March to June 2004—CIP is separate from NIR

A18. There is further evidence which suggests the two schemes were originally seen as separate. For example, the CIP Project Definition[39] prepared for CIP meetings in Spring 2004 identified around 30 policy issues to resolve. These included "Who should run the live register?" and "establishing trust in the organisation running the population register". Another document prepared for the CIP Project Board stated that a stand-alone Population Register Bill was the preferred option.[40]

A19. Other evidence also supports the view that the CIP and NIR were seen as separate:

— June 2004 A second round of public consultation reassured the public that "The register will not be open for general access" (CM 6178; "Legislation on ID Cards", paragraph 2.6) and that "The National Identity Register and a population register are separate but complementary proposals and they serve different purposes" (paragraph 3.21). The diagram following footnote 2 of this submission shows the extent of CIP functionality.

Using the NIR as a population register was always a possibility—March 2004

A20. A document made available to CIP personnel in March 2004[44] made it clear that "The Home Office has indicated that they are not averse to including CIP clauses" in an ID Card Bill because it had "already a slot in the legislative timetable". However, there were risks of "the Population Register being closely identified with the ID Card scheme" and that separate legislation would make it easier "to prohibit police or security access to the Register". Separate legislation would also "limit scope-creep" and would "set the Population Register clearly apart from ID Cards and allow it to be seen as a benign tool for improving public service". However, the "Home Office might consider that (separate) CIP legislation, if contentious, put the ID Cards scheme at risk".

A21. It concluded the decision to use the NIR for a population register "may become the preferred option if the Minister makes a decision about CIP in time for CIP powers to be included in the ID Cards Bill".

10 and 16 September 2004—CIP's population register should be part of NIR

A22. By the end of the summer these dilemmas had been resolved in favour of using the NIR as a population register for general public administration purposes. A letter dated 10 September 2004[45] was sent from the CIP project board to the Chief Secretary of the Treasury which stated that the merging of CIP into the NIR would "strengthen the VFM case for ID Cards". It therefore recommended that "the Home Secretary[46] be asked to include improving the efficiency and effectiveness of public services as a purpose of the Identity Card" and that "the NIR should become the national adult population register long term (but only if ID Cards become compulsory)".

A23. The letter also explained that the broad concept of a CIP had gained acceptance with the focus groups but when the detail of the CIP project were explored by these groups "concerns are raised that whether the potential benefits could justify the cost and that this would lead to linkage of sensitive personal information across government".

A24. The CIP minutes of 16 September 2004 supported the integration of the NIR and the CIP. These stated that the "ID Card legislation presents no impediments to the NIR sharing data with other registers to support their statutory purpose" and it was recognised that "the CIP position is now reflected within the ID Card Bill". The minutes also show that the Home Secretary would know of the change: it stated "Home Secretary to write to cabinet colleagues in early October to clear some changes to the IDC Bill. This will include greater clarity on the statutory purposes of the scheme, including the purpose of supporting greater public sector efficiency".

24 September 2004—Privacy Impact Assessment completed

A25. A preliminary Privacy Impact Assessment (PIA) for the CIP was finalised in September 2004 (published in "Final Report, Annex 8: Legal issues")[47] and succinctly identified the benefits of the CIP project as they were known at this date. Because of the merger of the CIP into the NIR, these benefits also applied to the ID Card scheme. The Assessment split the benefits of the CIP into three groups:

— Benefits to the individual: "only have to notify one government department of a change of address" and "once the citizen has changed contact details to one department, their responsibility to notify other departments is relinquished"; an up to date register will "allow citizens to receive personalised and targeted communications"; and improved services "as it is easier for the service provider to find the files".

— Benefits to the tax payer and society: "contact details up to date"; facilitate "internet services"; cost savings through better "tracing individuals", "reducing fraud"; "ensures every individual fulfils their obligations to the community" (whatever this means!); improvements in data sharing.

— Benefits to government: keeping contact details up to date; less waste of resources when tracing individuals; snapshots of population movements; targeted mailshots to citizens; better statistical analysis; provides a biographical footprint (because there is a record of those public bodies which use the address in delivering services to the individual); and savings as appointments always have up-to-date details.

A26. Given the Home Affair Select Committee's interest in the concept of a Privacy Impact Assessment, it is noted that the senior civil servant from the ID Card project is recorded in the minutes[48] as expressing interest in the PIA for the CIP's population register.

End of September 2004—a status summary

A27. By the end of September, in relation to the use of the NIR for "the purpose of securing the efficient and effective delivery of public services", the evidence suggested:

— the CIP and NIR were intended to be fully integrated and CIP functionality was to be implemented by the powers Ministers were seeking under the ID Card Bill which was before Parliament;

— that consent of the individual would not be needed to permit data sharing to achieve CIP benefits (legal advice; April 2003);

— both public consultations on the ID Card had reassured the public that there would not be general access to NIR and that there would be another round of consultation about a population register;

— the purposes associated with the CIP which were to be integrated into the NIR were well defined and detailed; and

— in order to merge the CIP with the NIR, the ID Card had to be compulsory and Ministers knew this. (Note: this emphasis is given because I have been unable to find any Ministerial statement which explained the need for a compulsory ID Card in terms of implementing CIP functionality).

October 2004—Government replies to the Home Affairs Committee ID Card Report

A28. However, in its official response, MPs on the Home Affairs Committee were told that the Government) was "no longer actively exploring plans to develop a separate population register but rather will be exploring options to improve the quality and effectiveness of existing registers".[50] As the NIR is not an existing register, this statement cannot refer the NIR which had not yet been created.

A29. The Government also told the Committee in its official response that it believed that "the NIR has the longer term potential to fulfil some of the functions envisaged for the national population register". This statement with its reference to "potential" is difficult to reconcile with the definite position as recorded in the minutes taken a month earlier (16 September 2004) which stated that "ID Card legislation presents no impediments to the NIR sharing data with other registers to support their statutory purpose" and that "the CIP position is now reflected within the ID Card Bill".

A30. The Government's reply did not go into detail as to the nature of these "longer term" functions, even though these were set out in the legal advice of April 2003 and in the Privacy Impact Assessment of September 2004. Nor did the Government reveal that the legal advice stated that consent of ID card-holders was not needed to permit sharing of contact details to achieve CIP functionality. Also absent in the Government's reply was any explanation that powers in the proposed ID Card legislation were broad enough to legitimise data sharing of a general administration purpose.

A31. It is interesting to note that Recommendation 38 of the Committee's Report had stated that "The Government must be clear and open about the issues involved and enable informed parliamentary and public scrutiny of any decisions". The Government's response to this recommendation was unequivocal: "The Government agrees this is an important issue".

28 October 2004 (Col 53WS—First written statement about the CIP)

A32. The Government informed Parliament of a "feasibility study" which found that a "UK population register has the potential to generate efficiency benefits" and that "if ID Cards were to become compulsory, it may be more cost effective to deliver these benefits (efficiency savings) through the NIR". The statement also does not reflect the status of the project as described in September 2004 (eg "the CIP position is now reflected within the ID Card Bill") and is very low key. Its use of words such as "feasibility", "potential", "if" and "may" makes the statement less definite than the decisions which had been taken.

A33. There was a promise of a further statement after June 2005 when a "second stage of project definition" was completed. This also reinforces the idea that matters have not yet been determined.

29 November 2004—Regulatory Impact Assessment published

A34. Home Office Minister, Des Browne MP, signed a Regulatory Impact Assessment (RIA) which was produced to provide Parliament with details which related to the impact of the ID Card Bill. The section of the RIA dealing with "more efficient and effective delivery of public services"[51] described the use of the ID Card to achieve savings. It did not refer to the fact that far more efficiency savings were to be realised by sharing the personal data in the NIR. The RIA did not reflect the CIP minutes of 16 September 2004 which noted that "the CIP position is now reflected within the ID Card Bill". The RIA did not even illustrate the range of benefits to individuals, government and society which were specified in the Privacy Impact Assessment (dated September 2004) or identified in the legal advice (April 2003).

A35. Similarly, paragraph 26 of the RIA (dealing with longer term benefits) did not mention the decision to use of the NIR for public administration as described in earlier CIP minutes. It tentatively suggested that the National Identity Registration Number "should the card scheme become compulsory" could "provide the means to make more fundamental improvements in the delivery of Government services" but that this step was "not part of the immediate business justification of the scheme". In addition, "the ID Cards scheme could provide a basis for people to notify changes of personal details such as address, only once", but this is "not currently costed as part of the functions of the Identity Cards scheme". (Note: In the letter dated 10 September 2004, the Home Secretary was told that the merging of CIP into the NIR would "strengthen the VFM case for ID Cards"; if one assumes that this statement is based on factual analysis, it is difficult to imagine that some cost estimates did not exist).

9 March 2005—Publication of Constitution Committee's First Report

A36. The Report makes no reference to the public administration purpose and this is presumably because Committee Members were unaware of the decisions that had been taken. However, one passage of the Report lays emphasis on the role of the ONS and the Census Act. It is possible that since the ONS were responsible for the idea of a population register, that the Committee would have strengthened the argument for an independent registrar (modelled on the Census arrangements)—and that the NIR should not be under the control of the Secretary of State.

18 March to April 2005—CIP benefits form fifth of ID Card business case

A37. The CIP minutes of 18 March 2005 identified "substantial CIP related benefits (address sharing benefits) within HO ID Cards outline business case, amounting to around one fifth of the total". Progress had been such that there was to be a "phased reduction of the CIP team". The Home Office representative stated that she "was able to re-assure the board that there were no anticipated issues with the Identity Cards Bill or the efficiency and effectiveness clause that is relevant to CIP".

A38. In addition, the CIP role was being augmented by the e-government agenda. The representative from the Treasury stated "Working with the Identity Cards programme to establish how Identity Cards could be used to help meet e-government needs" for example "Scoping the issues of e-authentication with service owners and Chief Executives" and "Development of a strategic approach to identity in government including a review of business processes and provision of a risk management framework for e-service delivery in a business sense". The Crosby Review (expected in the summer) could further widen the use of the NIR.

A39. The decision to have wider use of the NIR was in time to have been captured by Labour's manifesto for the 2005 General Election—especially as 20% of the ID Card's business case was being justified on CIP's functionality. Labour's Manifesto itself stated that ID Cards would be established to assist the authorities in purposes connected with crime, terrorism, illegal employment and immigration. There was no mention of the public administration purpose or data sharing of contact details based on the NIR, or that registration on the NIR had to be compulsory (with the implication that the ID Card had to be compulsory) to achieve 20% of the benefits of the ID Card scheme.

A40. The CIP minutes of 15 April 2005 stated that "up to 30 tactical data sharing opportunities (for the NIR) have been identified". These 30 data sharing opportunities have not yet been made public (unlike the 17 benefits which were identified in September 2004 but only made public in April 2006).

25 May 2005—Updated Regulatory Impact Assessment published

A41. After the General Election, on 25 May, the ID Card Bill was re-introduced into Parliament; the Bill specified the "the purpose of securing the efficient and effective provision of public services" and provided wide ranging disclosure powers (in line with the legal advice of April 2003). Home Office Minister (Andy McNulty MP) signed an "updated version" of the Bill's Regulatory Impact Assessment (RIA) to inform subsequent Parliamentary debate on the Bill.

A42. The section on "more efficient and effective delivery of public services" was almost identical with the RIA published 29 November 2004. Although the RIA was promoted as "an updated version" it still did not reflect the use of the NIR to achieve the functionality described in the CIP minutes and background papers (eg minutes of 24 September 2004) and the "30 tactical data sharing opportunities" which had been identified in April 2005 were not mentioned in the RIA. It is also curious that an RIA, which contains many figures which relate to the ID Card, did not state that 20% of the ID Card's business case depended on the merger of CIP into the NIR, or that compulsory entry of contact personal data into the NIR would be needed to implement CIP functionality.

24 June 2005—Final meeting of the CIP project—evidence from the minutes

A43. The final CIP minutes of 24 June 2005 showed that contact details from the NIR would be widely shared (upload and download) and that the Home Office had assumed responsibility for implementing CIP functionality. The minutes stated that the Home Office would have:

— "the responsibility for delivering an adult population register that enables basic contact data held on NIR to be downloaded to other public sector stakeholders" (The "Treasury and Cabinet Office should ensure that NIR delivers CIP functionality as planned");

— "the responsibility for ensuring from around 2021 basic contact data held by stakeholders can be up-loaded to the NIR"; and

— to "design the take-up profile of the NIR to be such that population statistics can be realised for the 2021 census".

A44. The CIP's final report which was prepared at this time (but not published until the ID Card Act 2006 had received Royal Assent) stated that secondary legislation (which is in the ID Card Bill) will allow "public services to be provided with NIR data without the need to obtain specific citizen consent".[52] The CIP final report also provided examples of how NIR data could be used (which presumably are a sub-set of the "30 tactical data sharing opportunities" identified on 15 April 2005).

A45. The opportunities identified in the Report included:

— "DWP targeting the 300,000 eligible citizens not currently claiming pensions";

— Taxation authorities "contacting employees required to complete self assessment";

— Managing passport application peaks by getting customers to apply early;

— "DfES tracing children at risk via their guardians' addresses;

— "Local councils collecting debt from citizens who have moved to another authority";

— "NHS targeting specific citizen groups for screening campaigns"; and

— "reducing the overall administrative burden on bereaved people".

A46. As the ID Card Bill was commencing its Committee stage in Parliament, there was no barrier to allowing debate to include the new responsibilities of the Home Office as described above.

A47. On 13 June 2005, the Parliamentary Research Department of the House of Commons Library published its 58 page research document into the ID Card Bill. These research documents were produced to inform MPs impartially about the issues—as with the RIA, this research document into ID Cards did not contain details of the decision to merge the CIP into NIR functionality as described above.

30 June 2005—CIP staff wants Parliament to be informed

A48. A draft list of recommendations were prepared by civil servants for the CIP Project Board ("Submission to Ministers—draft")[53] to consider to send to ministers; the list showed that CIP officials were very aware of the privacy and constitutional issues.

A49. Paragraph 2 of the draft recommendations began: "Urgent—Home Office believe there would be advantages in making an announcement before Parliament rises on 21 July so that the Government's intention to use the ID Cards register in this way is confirmed while the ID Cards Bill is still being debated". The reason for this is explained in paragraph 17: "Home Office believe there would be advantages in making an announcement before Parliament rises on 21 July" as "that would confirm the Government's intention to use the ID Cards register in this way while the ID Cards Bill is still being debated and so avoid subsequent criticism, say from the Information Commissioner, that the ID Cards register is subject to `function creep'".

13 July 2005—Ministers left to decide about informing Parliament

A50. The Project Board sent different recommendations to Ministers ("Submissions to Ministers") and the explicit 30 June text mentioned above was dropped in favour of a simple statement: "it is in the public domain that CIP is due to report to Ministers this summer but no date has been given for a Ministerial response". However, a draft letter prepared for Chief Secretary of the Treasury to distribute to Cabinet colleagues sought responses by 7 September 2005 as "I intend to make an announcement after Parliament returns" (in October 2005).

A51. A draft "Written Ministerial Statement" to Parliament was included as Annex B of this package. This contained sufficient detail to stimulate an informed debate about the merger of the CIP with the NIR if the statement was issued. In the event, no statement was made to Parliament in October 2005; however the draft Statement delivered in Annex B is not significantly different from the Statement which eventually appeared in 18 April 2006 after the ID Card Bill had become law.

A52. The Chief Secretary of the Treasury at this time was Des Browne MP who had also signed the Regulatory Impact Assessment on 29 November 2004, which related to an earlier version of the ID Card Bill. It is not known whether his detailed knowledge of the ID Card scheme played an influential part in the decision not to inform Parliament.

19 July 2005 -ID Card Bill Committee stage (Commons)

A53. In Committee, the Home Office Minister avoided reference to the fact that powers in the Bill were needed to ensure integration of CIP's wide data sharing functionality into the NIR (eg as identified by 24 September 2004). Instead, explanations were provided in narrow terms; for example "In fraud investigations it would be sensible, from its point of view, for it (a local authority benefits inspectorate) to have access to the register" or that "The fire and ambulance services could also be beneficiaries of access when verifying identity against the register following a major accident".[54]

20 July 2005—Response to written question, column 1783W

A54. The following written question illuminates what was to be the "obscure or deny line" adopted by Government with respect to its comments on the use of the NIR for public administration purposes (until after the ID Cards Act received Royal Assent in March 2006).

Harry Cohen: To ask the Secretary of State for the Home Department if he will introduce an amendment to modify the Identity Card Bill so that personal information from the national register associated with the identity card cannot be used by any public authority for the purpose of the efficient and effective delivery of public services without the consent of the identity card holder; and if he will make a statement. [13169]

Andy Burnham: The Government will not introduce such an amendment. The Bill as drafted only allows information to be used without a person's consent by specified public authorities named on the face of the Bill, or others subsequently approved by Parliament. These arrangements will be subject to independent oversight.

5 and 18 October 2005 (Third Reading debate)

A55. There were two further Parliamentary opportunities for Ministers to refer to the decision to use the NIR as a basis for the CIP functionality. On 5 October,[55] MPs were told that "Direct access to information held on the National Identity Register by anyone outside those responsible for administering the scheme will not be possible, only requests for information can be made by third parties. In the vast majority of cases, verification of information on the Register will only be possible with the person's consent". During the Third Reading debate on the Bill, on 18 October, the Home Secretary[56] (Charles Clarke) reinforced this message in the House of Commons: "What the Bill allows is for information to be provided from the register either with the consent of the individual or without that consent in strictly limited circumstances in accordance with the law of the land".

A56. It is a challenge to reconcile these two statements, and the answer to Mr Cohen's PQ, with the letter sent to the Home Secretary in September 2004 or the 24 June 2005 minutes which envisaged that, without the need for consent of the individual concerned, "basic contact data held on NIR to be downloaded to other public sector stakeholders" or for "basic contact data held by stakeholders can be up-loaded to the NIR".

24 October 2005—Publication of Constitution Committee's Second Report

A57. This Report essentially repeats the First Report, but includes an exchange of correspondence in July 2005 with the Minister. In that correspondence, Baroness Scotland states:

"Government departments or public authorities may be provided with information from the Register without consent but only if prescribed in regulations approved by Parliament. So it will always be clear which organisations can be provided with data in this way. The Bill also allows regulations to set rules as to how information can be provided in these circumstances, again this will be an open, transparent process".

A58. It is difficult to see how the above tentative text conveys the intend of Government or the firm decisions that had been taken (eg as illustrated in the minutes of the final meeting of the CIP since September 2004). For example, the paragraph not clearly represent the fact that "the responsibility for delivering an adult population register that enables basic contact data held on NIR to be downloaded to other public sector stakeholders" (without consent) had been incorporated into Government plans for the ID Card scheme.

24 October 2005—Joint Committee on Human Rights

A59. The Joint Committee on Human Rights (JCHR) published a report which questioned the access to NIR data via wide ranging powers in the ID Card legislation.[57] It reported that "We consider however that there remains a risk that a number of provisions of the Bill could result in disclosure of information in a way that disproportionately interferes with private life in violation of Article 8". These comments reflect Recommendation 60 of the Home Affairs Select Committee Report into Identity Cards which stated that "It is unacceptable that basic questions about the degree of access to the NIR should be left to secondary legislation".

A60. Both these comments were targeted at the kind of disclosures that were the subject of the legal advice dated April 2003 and were eventually published in April 2006. It is curious that although the Government saw no problem in publishing this legal advice in April 2006, the advice was not made available to inform the JCHR's scrutiny of the ID Card Bill in October 2005—some six months earlier (or indeed the Home Affairs Select Committee).

9 November 2005—The Delegated Powers and Regulatory Reform Committee

A61. The House of Lords Delegated Powers and Regulatory Reform Committee, in its Fifth Report[58] on the Identity Cards Bill, followed other Select Committees and expressed concern at the wide ranging powers in the Bill. In their evidence to the Committee,[59] Ministers did not explain the need for these powers so that the NIR can possess CIP data sharing functionality. Instead they explained that these wide data sharing powers were needed to cope with the exceptional or obscure emergency situation:

104 ... "The more obvious recipients of information from the Register are dealt with explicitly in the preceding clauses, but it is regarded as essential to have a reserve power to use in the public interest if it should be necessary. For example, it is conceivable that the power could be used to specify public authorities that are not Government departments such as the emergency services or local authorities for specified purposes".

A62. Note the use of the phrase "it is conceivable"—far more reaching decisions had been already been conceived months earlier (eg see 24 June 2005).

16 January 2006, Lords Committee Stage—no explanation of CIP functionality

A63. Baroness Anelay of St Johns successfully moved an amendment which replaced the words "securing the efficient and effective provision of public services" with "preventing illegal or fraudulent access to public services". This amendment removed the legal basis for the integration of CIP with the NIR (eg as decided in September 2004).

A64. In her attempt to defeat the amendment in the Lords, the Minister did not take the opportunity to expound the virtues of data sharing or explain that 20% of the business case for the ID Card depended on the merger of the CIP with NIR. Instead, the Minister explained the phrase "securing the efficient and effective provision of public services" in terms of the use of the Card whereas in practice, most of the efficiency gains of the CIP will depend on the use of the database.

"We should not limit the use of identity cards in helping to deliver better public services. It is not just a question of combating fraudulent use of public services; it is also about helping to transform those services. We believe that the public will want the introduction of identity cards to be used as a way of helping public services to deliver quicker and better services. Why should we have to keep filling in different forms with details of our name and address? If production of an identity card when seeking access to a public service can confirm our identity quickly and easily, surely we should be aiming to provide that. If producing an identity card enables address details to be confirmed, that will help both the public service and the applicant for that service". (16 January 2006: Column 478)

A65. The amendment was overturned by the House of Commons (13 February 2006). There was no Commons debate on the matter because of a guillotine motion, used by the Government, limited debate on Lords' Amendments. This fact alone, in itself, raises important issues of Parliamentary scrutiny.

March 2006—a game of Parliamentary ping-pong

A66. The House of Lords and Commons disagreed over the interpretation of Labour's manifesto which promised "We will introduce ID cards, including biometric data like fingerprints, backed up by a national register and rolling out initially on a voluntary basis as people renew their passports". The House of Lords said that this meant that people should be able to choose whether to obtain an ID Card with the passport; the Government said that as people volunteered to get a passport, that the ID Card could be issued to passport applicants. The result was a dispute and the ID Cards Bill ping-ponged five times between both Houses of Parliament.

A67. Eventually, a compromise was proposed by Lord Armstrong, where individuals did not have to have an ID Card if they applied for a passport before 2010, but their details would be entered into the NIR. Accepting the amendment, the Home Secretary told Parliament: "Lord Armstrong's amendment preserves the integrity of the national identity register. It ensures that the details of all applicants for designated documents will still be entered on it. That will mean that they will be afforded the protection that that will provide from identity theft. It will also provide the wider benefits to society by ensuring that attempts by people to establish multiple identities are more easily detected".[60]

A68. The minutes of April 2005 stated that the CIP formed one-fifth of ID Card's business case so long as entry of citizen details into the NIR is compulsory. This had been known for almost a year—however, this reason was not proffered by the Home Secretary in his explanation for accepting Lord Armstrong's amendment.

18 April 2006—Government announced NIR and CIP merger

A69. At the end of March 2006, the ID Card Bill gained Royal Assent without the merger of the NIR and CIP projects being raised. On 18 April[61] an announcement was made to Parliament by means of a written statement which explained that the CIP project had wound up. The April statement is not significantly different from the draft sent by the CIP Board on 13 July 2005—some nine months earlier. There was a comprehensive disclosure of CIP documents on its website which explained in detail the new functionality of the NIR.

15 May 2006—Prime Minister promotes "identity management"

A70. In an open letter, Tony Blair promoted the widespread public administration use of the NIR database. He told Home Secretary John Reid[62] "Eighth, I am keen to maximise the benefits of ID management (ie all transactions where a declaration of identity is required), including the introduction of ID cards by 2009. The full range of activity relating to identity management needs to be co-ordinated across government to maximise benefits to the citizen. I would like you to identify a Minister to focus closely on this and the agenda across Whitehall". Identity management also includes the e-government agenda.

A71. The minutes of this project also shows that there are early links to the use of the NIR in relation to the Government's policy of Identity Management. Transformational Government and e-Gov initiatives (eg see the minutes of the CIP project around March and April 2005). The Crosby Review could add to the use of the NIR in this respect.

October 2006—national identity management confirms use of NIR on the lines of the CIP

A72. The term "national identity management" is being used by Government to include the wider use of the NIR (eg to include a population register as envisaged in the Citizen's Information Project (CIP)). This can be shown by reference to the government's first "Section 37 report" on the likely costs of the UK Identity Cards Scheme (published in October 2006). Pages 7 and 8 of this report on ID Card costs (at bottom) reads:

— "Firstly, it (use of the NIR as a population register) would allow organisations to be more proactive—people could be contacted before their passport needs to be renewed; when employees need to fill out self assessment tax returns; targeting 300,000 citizens who are not claiming state pensions or those in particular age ranges who are eligible for health screening; allowing authorities to collect debt from citizens who have moved to another area; and reducing the overall administrative burden on bereaved people".

A73. This paragraph published in October 2006 can be compared with the list published on the first page of the Citizen Information Project's final report given to Ministers in June 2005.[63] The opportunities of wider use of the NIR for CIP purposes were listed as including:

— Managing passport application peaks by getting customers to apply early;

— Taxation authorities "contacting employees required to complete self assessment";

— "DWP targeting the 300,000 eligible citizens not currently claiming pensions";

— "Local councils collecting debt from citizens who have moved to another authority"; and

— "reducing the overall administrative burden on bereaved people".

March 2007—NIR to be used as a population register

A74. According to Home Office Ministers,[64] as "the National Identity Register is intended eventually to contain up-to-date identity information for all United Kingdom residents aged 16 and over. This will include name, age, address, nationality and biometric information, such as photograph and fingerprints. The National Identity Register will then be able to serve as a United Kingdom adult population register".

A75. It is interesting to note that one of the original Government consultations[65] stated that legislation would be needed to establish a population register and that "this stage will also include public consultation to explore the issues around public acceptability of the proposal". This promised public consultation has yet to occur and this subject has, as far as I can assess, could have and should have formed part of Parliament's scrutiny of the ID Card Act 2006.