Reading a paper by the European Network and Information Security Agency (Enisa) last week on privacy guards in EU ID card schemes raised some interesting questions for me.
The thing that jumped out, aside from the lack of encryption on the European cards, was that Enisa, a well respected security organisation, had obviously not got any response from the UK government over what privacy guards were in UK ID Cards.
In all of the tables about privacy guards, the entries for the UK were "unknown". It was "unknown" for example, whether a user would be able to change incorrect data about themselves on the cards, it was "unknown" whether additional data would be able to be added by other agencies, it was "unknown" what type of keys would be used, and so on.
This intrigued me. Why would a very well respected organisation like Enisa not be able to get hold of that information? When I asked an Enisa spokesperson why that should be, he wryly said that the UK government "likes to hold its cards close to its chest" when it comes to security.
OK, but that still didn't get to the bottom of it. An answer perhaps came from the Home Office, which told me last week that I was trying to compare apples and oranges. A Home Office spokesperson said that essentially eID Card schemes were used for government services, while the UK ID Cards scheme would be a "gold standard" for identity. I think that the Home Office may have palmed Enisa off with something similar.
I pointed out that eID cards were used for authentication, and to log onto government services, and that UK ID Cards would be used... for authentication, and to log onto government services.
The Home Office spokesperson admitted that on the surface the two looked similar.
The Home Office later sent through a statement:
"The European eID pilot aim is to look at how access to government services across national borders might be made easier," said the statement. "This is in line with the UK government aim to increase access by citizens to online government services. The services within the pilot will not be linked to the National Identity Register in any way."
Hmm, well we'll see whether that is true, ultimately.
Anyway, that still left the huge question of what privacy safeguards would be in the UK ID card scheme. I talked to privacy campaigner Phil Booth of No2ID about it, and he said that the technology "at the moment is very much under wraps", but that it was very difficult to tell if any privacy safeguards had been built into the ID Cards scheme at all.
"There's nothing to sink your teeth into," said Booth, who added that he had talked to a person who was architecting the system, and was told essentially that the government was "going to implement a bunch of international standards exemplified by the chip in the e-passport."
I went back to the Home Office and asked them a series of questions about privacy guards.
And I got some answers.
I was told that citizens would be able to change erroneous data about themselves on the National Identity Register, but that additional data could be written to the database by other agencies. I was told both the chip on the card and the back-end data would be encrypted, and that there would be certificate-based access control maintained through a public key infrastructure.
Whether this turns out ultimately to be correct is a different matter -- major government IT schemes have a habit of changing radically over time, mainly failing, and wasting a lot of public money on the way. I don't think the National Identity Register will be any different, apart from the small matter of the continued erosion of our civil liberties by this government.