Although it seems that the Labour Government has delayed the Parliamentary rubber stamping, originally scheduled for this Wednesday, to sometime later, perhaps next month, a couple of the Secondary legislation Draft Statutory Instruments which list some more of the the devilish detail of the National Identity Register compulsory centralised biometric database and ID Cards scheme are now available online.

See the previous Spy Blog article: National Identity Cards Scheme creep - 4 Draft Orders laid before Parliament under the Identity Cards Act 2006

The two new Draft SIs are:

The Identity Cards Act 2006 (Prescribed Information) Regulations 2009 This gives a glimpse of the Prescribed Information which will be in plaintext and that which will be Encrypted on the actual ID SmartCard. Why there needs to be a specific clause about membership of the Privy Council, is a mystery. Note that there is no provision for mandating the encryption of the data once it is floating about the Government's or Private Sector partners computer networks .(something which the incompetently draughted, anti-Denial of Service attack inspired Section 29 Tampering with the Register etc. inadvertently criminalises )

The Identity Cards Act 2006 (Application and Issue of ID Card and Notification of Changes) Regulations 2009



There are two major issues with the detail of this latter SI, both to do with the extra information which ALL Applicants (for a new entry on the National Identity Register, or for a Modified Entry, within 3 months of when their circumstances have changed) .are REQUIRED to supply.

These data are not included in the statutory list of Registrable Facts listed in the Identity Cards Act 2006 Schedule 1 Information that may be recorded in Register

e.g.

(a) full name by which the applicant is commonly known for official purposes, (b) any other names by which the applicant is or has been known for official purposes and details of the period during which the applicant is or has been so known ,

What exactly are these "official purposes" ?

Official purposes of the Home Office?

Any other UK Government Department ?

Any UK non-Governmental agency like the Police or your semi-privatised National Health Hospital Trust ?

Any other European Union Government Department or agency ?

Any and all of these are capable of misspelling your name on their plethora of incompatible computer systems.

Why should you have to help the Home Office to propagate errors and mistakes, on a database that will haunt you for the rest of your life, and beyond ?

Much more sinister, is the demand for :

(m) a contact telephone number for the applicant,

(this phrase occurs in three different Schedules to these Regulations)

Why is this REQUIRED to be supplied by ALL applicants ?

It may come as a surprise to the Home Office, but not everyone in the UK actually has a "contact telephone number" !

Note that there is no provision for a contact email address !

Postal addresses, even for those who are homeless, are already covered in the rest of the Regulations.

Who will the Home Office be handing this contact telephone number data over to ?

N.B. "contact telephone number" is not going to be stored on the National Identity Register database or the ID Card itself, but it must still be supplied as part of the registration or modification process. Therefore it is exempt from the vague promises made by the Labour politicians and apparatchiki, about the privacy and security of the actual National Identity Register database itself.

So why is there this demand for for a "contact telephone number", for which there is no good reason for the Home Office to be told about, and kept updated for the 5 to 10 year lifetime of each ID Card, and cumulatively for the rest of your life ?

This has all the appearance of a sneaky attempt to link Names and Addresses to unregistered pre-paid mobile phone handsets, something which would fit in with the rest of the Home Office's Communications Traffic Data retention and snooping plans.

It also looks suspiciously like the sort of data which the Home Office would like to sell to private sector companies, like the controversial, data hungry 118800 mobile phone directory service. (see The Register - Mobile directory made legal threats to get personal details)

There is no easy or cheap error correction mechanism, set forth in this series of complicated Statutory Instruments.

All the power is with the bureaucrats, or their sub-contractors, and all the legal responsibility, risk and expense in chasing up errors, is lumped on to the innocent members of the public, on whom this ID cards scheme is being inflicted.

Will any Members of Parliament actually bother to scrutinise these Draft Statutory Instruments in detail, or will they simply be rubber stamped, as usual ?



