Do the Thales Group and 3M Company directors, employees and sub-contractors realise that they face up to 10 years in prison and / or an unlimited fine for any hardware, software or configuration errors or mistakes (even temporary ones) ,or any industrial action such as going on strike ?

Here are some Statutory Instruments which show that the benighted National Identity Register and Scheme is creeping ahead slowly, presumably starting to come into force for the airside workers at Manchester and City of London airports after the 20th October 2009:

SI 2009 No. 2574 -The Identity Cards Act 2006 (National Identity Registration Number) Regulations 2009

(2) A National Identity Registration Number shall provide no information in respect of a person other than that an entry in the Register has been made and that the entry has been given that number. (3) The process by which a National Identity Registration Number is given to an entry in the Register shall have no regard to any other reference number or code assigned to the person in respect of whom the entry has been made.



Note the wording "...shall provide no information in respect of a person other than..." and "...no regard to any other reference number or code assigned to the person.."

Will this force the NIRN to be properly random, using well established cryptographic hash techniques?

Or will the Home Office repeat the disaster of the having number series sequences grouped around the date of issue, which provided a way into breaking the on on-chip encryption of say the first version of the United Kingdom Biometric Passport, allowing it to be read remotely and to be be cloned

See the Wikipedia article section on Biometric Passport Attacks

There cannot be a simple counter which is incremented sequentially as each new ID Card is issued , and there must be no Office Location prefixes or series which distinguish say the Manchester Airport numbers from the London City Airport Numbers etc.



SI 2009 No. 2565 -The Identity Cards Act 2006 (Commencement No. 4) Order 2009 hints indirectly at a couple of the companies who are helping to build the wretched National Identity Register, and whose products and services you might wish to think twice about buying:

SCHEDULE Article 2(4)(b) Addresses of premises where a British citizen or EEA national is working under a contract for services for the Identity and Passport Service 1. Gorse Street, Chadderton, Oldham, Lancashire OL9 9QH.



This seems to be



3M Security Printing & Systems Ltd.

Gorse Street

Off Broadway

Chadderton

Oldham

Lancashire

OL9 9QH



Telephone: 01616-832460



Companies House

Registration Number: 3658741



The 3M Company is a United States conglomerate.

2. Dolphin House, Ashurst Drive, Bird Hall Lane, Cheadle Heath, Stockport, Cheshire SK3 0XB. 3. Poseidon House, Ashurst Drive, Bird Hall Lane, Cheadle Heath, Stockport, Cheshire SK3 0XB.

These seem to be French owned Thales Group defence contractor premises, e.g. Thales Underwater Systems Ltd, but presumably some Thales Information Systems Security people involved in the Manchester Airport and London City Airport National Identity Register and ID Card scheme roll out are based there.



Thales Information Systems Security

United Kingdom offices:

Thales e-Security Ltd.

Meadow View House

Long Crendon

Aylesbury

Buckinghamshire

HP18 9EQ

UK

Tel: + 44 (0)1844 201800

emea.sales@thales-esecurity.com



Thales

Mountbatten House

Basing View

Basingstoke

Hants, RG21 4HJ

UK

emea.sales@thales-esecurity.com

Thales e-Security Ltd.

Manor Royal

Crawley

West Sussex

RH10 9HA

UK

Tel: + 44 (0)1844 201800

emea.sales@thales-esecurity.com



Thales UK Ltd.

Wookey Hole Road

Wells

Somerset

BA5 1AA

Tel: +44 (0)1749 682081

emea.sales@thales-esecurity.com



Thales

Jupiter House

Station Road

Cambridge, UK

CB1 2JD

UK

Tel: +44 (0)1223 723600

emea.sales@thales-esecurity.com



We wonder if the people working for these companies realise that the badly draughted Identity Cards Act 2006 section 29 Tampering with the Register makes them criminally liable, with a penalty of up to 10 years in prison and / or an unlimited fine, for the slightest error in hardware or software or configuration, i.e. any "conduct"

where it makes it more difficult or impossible for such information to be retrieved in a legible form from a computer on which it is stored by the Secretary of State, or contributes to making that more difficult or impossible.



and where

* "conduct" includes acts and omissions; and

* "modification" includes a temporary modification.



It also applies to non UK citizens, and to conduct outside of the United Kingdom i.e. the whole universe.

These criminal penalties trump any of the Terms and Conditions in the small print of any (civil law) Contract signed by these companies with the Home Office

No less a legal authority than Baroness Scotland of Asthal, who is now the Attorney General (mired in scandal by her own illegal worker documentation legislation and also over second home expenses claims) , confirmed, when she was the Home Office Minister steering the Identity Cards Bill 2005 through the House of Lords, that the wording of this clause (which has passed unchanged into law under the Identity Cards Act 2006), would make it illegal for Trades Unionists and others working on the the National Identity Register / Scheme systems, from taking any "industrial action" such as going on strike.

See - Final day of the Lords Committee stage of the Identity Cards Bill 2005 - no amendments, even to the stupidly drafted Clause 31 Tampering with the Register etc.