Features

net.wars: Abort, RetrID, Fail?

And they're neck and neck down to the wire. Which will come first? The Lords' vote on the second reading of the ID cards bill or the general election?

Everyone figures the general election will be called for May 5.  After all, there are local elections that day already, and it would cost quite a bit to run a second, separate election perhaps only a month later.

So, May 5. With the ID card poised to…

Well, there's the thing.

Americans may find this incomprehensible (I know how weird it was to me when I first got here). First of all, Blair isn't actually elected Prime Minister. Blair must run in his constituency like any other MP. He could lose. If he does (he won't), no more Prime Minister, the party has to elect someone else leader. Second of all, he doesn't actually have to call the election now. He has five years from the date when Parliament was summoned (PDF)  after the last election - May 8, 2001 - to call it. But people like to feel they chose the time.

They only get three weeks to campaign, plus some time to dissolve Parliament. So chances are he'll make the announcement no later than April 4. In the lame-duck "wash-up" period between the proclamation and the dissolution, any unfinished and non-controversial bills get passed. But - and this is teddibly English - there's a kind of gentleman's agreement that one doesn't rush through anything that's contentious. Which the ID cards bill is, and several Tories have said that they will  block  any move to get the ID cards bill through in those last precious minutes before we're off to see the Queen. If it doesn't get through before the election, then it's back to the beginning, do not pass Go, do not collect your $200 ID card.

It's my belief that if the bill doesn't pass now it's going to be a lot harder in the next Parliament. For one thing, there are a lot more people campaigning against it . For another, the ID card's biggest champion, David Blunkett, has lost some credibility, although he's certainly going to try to campaign his way back.

For a third thing, on Monday a group of academics at the London School of Economics released a research report (PDF)  detailing the bill's many deficiencies. The ID card bill potentially conflicts with other UK legislation, notably the Disability Discrimination Act and the Data Protection Act. The required biometrics are going to be a problem for many more parts of the population than previously thought: Asian women often have fingerprints too fine for standard equipment; those of African descent may have iris patterns too indistinct. (Who did the biometrics vendors test this stuff on, anyway?) Manual labourers, those who have had cataract operations, people with conditions such as nystagmus, elderly folks with thin or worn skin…all of these are groups who may have trouble supplying the required biometrics.

The audit trail required by the bill is a whole 'nother ball of worms. Those who remember the battles over the Regulation of Investigatory Powers Act (2000)  and the data retention rules under the Anti-Terrorism, Crime, and Security Act (2001)  will remember privacy advocates warn how revealing traffic data is. Requiring that all transactions with the national database generate an audit trail makes sense: it's a check intended to ensure that any abuses of the system are clearly visible. But the pattern of transaction data can be as revealing as the details of the transactions themselves. And where today your library card, your driver's license, the ID you use to prove your age to the pub, your school and medical records, and your credit card data are all separate, the ID card will link them all together.

In seminars conducted by the LSE researchers, vendors expressed unhappiness at being asked to provide technology the public is likely to hate and/or distrust and also at the lack of liability provisions in the bill. Say my identity gets stolen, at a cost of thousands to me and tens of thousands to my bank, which gets defrauded. Is the government going to make good on the losses? No. Well, what about those vendors, then, eh?

Make no mistake, though. ID cards are still Out There, and They Will Be Back even if they get bleached out of the wash-up.

Enough carping. People always say if you're going to criticise you should propose a solution. So here's mine. Let's have have the ID card for people who want it. Only: let's NOT have the database.

If you lose the card, tough: you have to prove your identity all over again to apply for a new one. Use public key cryptography to authenticate the card as valid while avoiding tying a particular card to a particular person in any sort of central register. After all, if biometrics are as infallible as they're saying, the mere fact that my fingerprint and/or iris scan matches the one on the card ought to be sufficient proof without having to check against a database, right? And then we can find out whether people really do want this fancy, high-tech secure form of ID. If it's as convenient and wonderful and trusted as the government says it will be, they will come.

Sure they will.