Blunkett risks ID card battle with EU

Legal questions as real cost exceeds £3.1bn

The total cost of the UK's ID card scheme is likely to be considerably in excess of the Home Office's £3.1bn, it became clear from evidence given by Home Secretary David Blunkett to the Home Affairs Committee earlier this week. Considerable expenditure outside of the core of the scheme will be effectively "laundered" via other government departments and private sector organisations, which is somewhat ironic considering that one of the things the scheme is supposed to do is tackle, er, money laundering.

And Blunkett is setting himself up for a possible collision with Brussels, because the justification for forcing EU citizens to have a card is at least arguably fraudulent.

This last revelation came just at the tail end of his evidence to the Committee. Asked by Committee chairman John Denham: "Is it legal for us to impose a requirement on EU citizens that would not be required at that stage of British citizens?", Blunkett responded: "It is... It is so long as we build into the legislation that we are intending to apply compulsion at some point to our own population."

This perhaps hinges on who he thinks "we" is, at this juncture. Blunkett most certainly intends to apply compulsion, but the position as far as the legislation is concerned is that a decision on compulsion will be taken by Parliament after the card has a significant level of penetration and a report has been delivered to Parliament. The strength of the intent would therefore seem debatable. Non-UK EU citizens will be compelled to have a UK ID card during the "voluntary" phase if they are resident for more than three months, and there would seem to be some grounds for them to complain to Brussels.

The total cost of the scheme, meanwhile, will clearly be more than £3.1bn, and the deeper the penetration of the ID into UK society, the more the cost will climb. And Blunkett would like its penetration to be very deep indeed. Asked if the cost included, "for example, the biometric readers and equipment which is going to be installed in other Government departments, such as the the Department for Work and Pensions, the Health Service and so forth?" Blunkett replied:

"It does not, and the reason it does not, and this is another reason why taking this incrementally makes sense, is having made the decision... to publish the draft Bill and to indicate that we will legislate and we are serious in going forward on this... we are now in a position to say to department agencies and to the private sector that you will over the next ten years be in a position where if you choose to do so, or if we designate a service to do so, the technology that you are using for other purposes should now be presumed to have an appropriate reader for your proposes, depending on what it is. As with the Minister of State, who I think gave evidence to you last week, we would have a situation where as the electronic medical record programme is developed across the whole of the NHS, that it is done so in a way that the equipment they are using and the computers that they are operating can also build in this facility." (our emphasis)

So effectively, Blunkett will be hitching a lift on the efforts of departments throughout government. The NHS electronic record programme is a particularly impressive example, as this vast and expensive project is already rolling, and now being anticipated as making what will surely be a very substantial contribution to the national scheme, without needing to figure in the latter's budget. The flexibility of the individual departments to embrace or ignore the national scheme is also perhaps questionable, given the words "if we designate a service to do so".

Blunkett goes on to add to the compatibility list:

"That will be true of JobCentres, that will be true of GP practices, it will be true of the commercial sector. We are giving fair warning that we will be developing over the next few years the capacity of everyone to be able to build in. I think this would be a tremendous opportunity commercially in this country if we were ahead of the rest of Europe and North America. We know they are moving in the same direction and what a tremendous piece of enterprise and innovation can now be offered by British companies and by us in terms of delivering a set market for them to be able to determine their likely take-up, to be ahead of the game, and I hope that British enterprise will rise to the occasion."

Blunkett's dream of British technology leadership remains treasurably unsullied by expressions like "bleeding edge" and "out on a limb." He also had a few things to say about the extent to which commercial operations would have to be able to access the system. The Home Office is apparently much exercised by the difficulties in actually imposing the requirement of the 1996 Asylum Act that employers should have to check immigration status of potential employees. The ID scheme will make it possible for a check to be made with the identity Register, and this will be compulsory. This does not mean that all employers will need to have Register accreditation, but all employers will have to check. So, in Blunkett's example, a corner shop owner will have, say, two weeks to run a check through an accredited agency. These do not yet exist, but clearly they will have to, so we have a whole new category of private sector service imposed by the government. Readers will also be present in local libraries, so it's possible anyone will be able to use them.

How this corner shop owner's check is actually carried out and what the checks against abuse are is not entirely clear. The Home Office pitch is that the presence of your card in a reader is, effectively, your permission that your ID be checked. But if the employer (or anybody else) is not going to do it on the spot, then the card is not going to be present, and it's a telephone check. So did you give your permission for that? Or you lost your card. So did you give your permission for it to be in a reader? All of this is would of course be illegal, and the Home Office goes on about the penalties quite a lot, but stealing credit cards is illegal too, and people still do it.

It's also clear from the evidence that it is Blunkett's intention that the police perform online ID queries using mobile readers. This, as we've argued here before, promises to be a costly technical minefield of doubtful utility. But he mentions current police experiments with mobile fingerprint readers, so may anticipate this as being one of the police budget areas that their share of the ID card expenditure is going to go through. ®

Related stories:

Everything you never wanted to know about the UK ID card
Draft bill and consultation
Glitches in ID card kit frustrate Blunkett's pod people
UK public wants ID cards, and thinks we'll screw up the IT
Fingerprints as ID - good, bad, ugly?
ID cards: a guide for technically-challenged PMs

Other stories you might like

  • Saved by the Bill: What if... Microsoft had killed Windows 95?

    Now this looks like a job for me, 'cos we need a little, controversy... 'Cos it feels so NT, without me

    Veteran Microsoft vice president, Brad Silverberg, has paid tribute to former Microsoft boss Bill Gates for saving Windows 95 from the clutches of the Redmond Axe-swinger.

    Silverberg posted his comment in a Twitter exchange started by Fast co-founder Allison Barr Allen regarding somebody who'd changed your life. Silverberg responded "Bill Gates" and, in response to a question from senior cybersecurity professional and director at Microsoft, Ashanka Iddya, explained Gates' role in Windows 95's survival.

    Continue reading
  • UK government opens consultation on medic-style register for Brit infosec pros

    Are you competent? Ethical? Welcome to UKCSC's new list

    Frustrated at lack of activity from the "standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade.

    Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners – meaning security specialists could be struck off or barred from working if they don't meet "competence and ethical requirements."

    The proposed setup sounds very similar to the General Medical Council and its register of doctors allowed to practice medicine in the UK.

    Continue reading
  • Microsoft's do-it-all IDE Visual Studio 2022 came out late last year. How good is it really?

    Top request from devs? A Linux version

    Review Visual Studio goes back a long way. Microsoft always had its own programming languages and tools, beginning with Microsoft Basic in 1975 and Microsoft C 1.0 in 1983.

    The Visual Studio idea came from two main sources. In the early days, Windows applications were coded and compiled using MS-DOS, and there was a MS-DOS IDE called Programmer's Workbench (PWB, first released 1989). The company also came up Visual Basic (VB, first released 1991), which unlike Microsoft C++ had a Windows IDE. Perhaps inspired by VB, Microsoft delivered Visual C++ 1.0 in 1993, replacing the little-used PWB. Visual Studio itself was introduced in 1997, though it was more of a bundle of different Windows development tools initially. The first Visual Studio to integrate C++ and Visual Basic (in .NET guise) development into the same IDE was Visual Studio .NET in 2002, 20 years ago, and this perhaps is the true ancestor of today's IDE.

    A big change in VS 2022, released November, is that it is the first version where the IDE itself runs as a 64-bit process. The advantage is that it has access to more than 4GB memory in the devenv process, this being the shell of the IDE, though of course it is still possible to compile 32-bit applications. The main benefit is for large solutions comprising hundreds of projects. Although a substantial change, it is transparent to developers and from what we can tell, has been a beneficial change.

    Continue reading

Biting the hand that feeds IT © 1998–2022