Identity cards: draft UK law published

Out-Law News | 27 Apr 2004 | 12:00 am | 6 min. read

Yesterday's publication of the draft Identity Cards bill presents a paving bill for Ministers to establish the legal framework for the planned UK identity card scheme coupled with a national database. Most of the detail is left to unspecified future regulations.

Unsurprisingly it was met with withering criticism from civil rights groups.

ID cards and supporting database

The cards are intended to store basic personal information (such as name, age, nationality, whether a person has a right to work, and a unique identifier), a digital photo, and a biometric, which could include facial recognition, iris scans or fingerprints.

The government proposes linking the cards to a national secure database to which many services – public and private – would have limited access. This database will include: full name, maiden name, place and date of birth, gender, address, all previous addresses, photograph, fingerprint, other biometric information, nationality, national registration number, NI number, all passport numbers issued, immigration details, date of death. Other security and validation details are also recorded. And the Secretary of State is seeking powers to add to this list of items which must be provided.

The database will be a source of information for the Security Services, GCHQ, the police, any other organisation involved in the prevention and detection of crime, the collection of income tax or value added tax and any other organisation which possesses a power to gain access to the personal data. The Secretary of State is seeking powers to add to this list of organisations which can gain access to the central register.

Individuals face a civil penalty if they fail to keep registered details up to date – most notably their current address. If the card is made compulsory, an obligation to register with the national registration database could, subject to regulations, become akin to an obligation to register with the police and security services.

Protection of privacy

The Data Protection Act is seen as a mechanism to protect misuse of the database. In practice, however, the scope for the Act to be engaged is somewhat limited.

The reason is that as soon as governments legislate in relation to content, retention, disclosure and purpose, the legislation effectively removes the protection afforded by the first five principles of the seven listed in the Act.

Only if there is unlawful processing or inadequate security will the Information Commissioner have a role. The establishment of a specific Commissioner for the ID card scheme means that the role of the Information Commissioner could almost vanish.

Dr Chris Pounder, editor of Data Protection and Privacy Practice, published by Masons (the law firm behind OUT-LAW.COM) commented:

"If, for example, a future Secretary of State were to enact regulations that specify the disclosure of data items X to public body Y, it is difficult to see how the Data Protection Act could possibly stop an activity which has been made lawful through regulations."

Why do we need them and when do we get them?

According to the Home Office, ID cards will help tackle the type of serious and organised crime which depends on being able to use false identities: terrorism, drug trafficking, money laundering, fraud through ID theft, illegal working and immigration.

The cards will also enable people to access services more easily, and prevent access to those with no entitlement. And crucially, says the Home Office, the cards will help people live their everyday lives more easily, giving them a watertight proof of identity for use in daily transactions and travel.

For most UK citizens, the card will take the form of the biometric passport now being piloted. These passports are due to start being issued from 2005, and will replace older passports as they are renewed. Biometric driving licenses are also proposed.

At the same time, all EU and foreign nationals coming into the country for more than three months will have to obtain a biometric residence permit.

The Government anticipates that 80% of the UK's adult population would have an ID card by 2013 if passports and driving licences are issued on the proposed biometric basis. The card would become compulsory thereafter for all UK residents, but only after a decision by the Cabinet and a vote in Parliament.

The criticisms

Most critics point out that an identity card will not prevent terrorism.

Civil rights group Liberty describes the notion that an ID card will deter a potential suicide bomber as "quite ridiculous". It uses the tragic events in Madrid earlier this year to demonstrate its point: "Spain has a compulsory ID scheme and the men believed responsible for the bomb attack all had authentic cards," said Liberty.

Other critics point to the practicalities of the scheme, arguing that the Government's record on successful IT projects is dire, and that the project will be unworkable and vastly expensive.

Indeed the real purpose behind the scheme, according to critics, is not the identity card per se, but the national identity register that will be created behind the scenes to administer the card, and to which a large number of agencies and services will have access. This, say civil liberties groups, is a fundamental breach of privacy.

According to the Federation for Information Policy Research, an "audit trail" will be created in a Government database every time the card is checked. This trail will show every organisation that has checked an individual's card, allowing information held by those organisations to be accessed under other government powers or court order.

The audit trail can be accessed for a range of purposes including the investigation of crime committed by a large number of people in a common purpose – such as GM crop protestors – and can be stored indefinitely.

Ian Brown, Director of FIPR, commented: "It is unfortunate that the Home Office is fixated on ID cards when there are many more workable measures that could be taken to fight terrorism. We can only hope that the Cabinet members that have opposed these plans take this last opportunity to stop this legislation going forward."

Privacy International's Director, Simon Davies, described the draft legislation as "draconian and dangerous" and said that the Bill has the potential to permanently change Britain for the worse.

The Draft Bill itself

The Draft Bill sets out the legislative framework needed to build the scheme, including:

Setting up the 'national identity register' – the key database of personal information that the biometric cards would link to. Each person will have his or her own unique National Identity Registration Number;

Empowering the Secretary of State to order a person to register or, if the data is known, to register the person without consent;

Empowering the Secretary of State to require persons holding information that may be used to validate an entry in the Register, to give him that information;

Setting up a requirement for individuals to notify the Register of any relevant change in their circumstances, including any loss or damage of their Identity Card;

Creating a 'family' of ID cards, based on designated existing and new documents;

Empowering the Secretary of State to authorise various agencies, including the police and Inland Revenue, to access the database, although some privacy safeguards on the disclosure and use of information, and a requirement for independent oversight are included;

Establishing new criminal offences for the possession of false identity documents – covering the new identity card as well as existing identity documents, such as the passport and driving license;

Enabling a date to be set when it would become compulsory to register and be issued with a card (but not compulsory to carry a card, which is specifically prohibited in the Draft Bill). This provision could be brought in only following a vote in both Houses of Parliament on a detailed report which sets out all the reasons for the proposed move to compulsion and how the Government proposes to implement it;

Setting out the civil and criminal penalties required to make the scheme effective and to guard against abuse of the scheme. These range from a £1,000 fine to two years imprisonment – with up to ten years' imprisonment if convicted of possessing forged documents. It includes, for example, a civil fine of up to £2,500 for the failure to provide personal information when the cards become compulsory;

Enabling regulations to be made, once the scheme is compulsory, to make it a requirement to use an identity card to provide proof of identity to access public services;

What information can be held on the database and measures to prevent 'function creep'; and

Empowering the Secretary of State to change almost all elements of the scheme by means of an Order, which is usually subject to Parliamentary approval.

Timeframe

Following the trial currently being carried out on the next-generation passport, and a consultation into the draft Identity Card bill announced yesterday, it looks likely that the bill will be laid before Parliament in the autumn.

If all goes according to the Home Office plan, the first biometric passports will be issued during 2005, with voluntary ID cards available after 2007. The uptake of ID cards, passports and driving licenses will gradually increase until 2013 when, with around 80% of the population expected to have one of these documents, a Parliamentary vote on making ID cards compulsory is expected.

Global Term