20 October, 2005: Still stumbling head-first into the database state

[ Home page | Web log ]

So, more on ID cards. As you will have noticed, we lost the Third Reading vote on Tuesday, so the Identity Cards Bill has cleared the Commons essentially unaltered, after a bad-tempered debate cut short by a programme motion introduced by the Government to, in the words of Tony McNulty,

ensure that all parts of the Bill are properly scrutinised

-- giving a new meaning to the word `scrutinised'. That said, almost nobody not on the government payroll spoke in favour of the ghastly thing and this time round many of the MPs who spoke showed every sign of having actually read the Bill.

It was widely and inaccurately reported that the government were planning major concessions on the scope of the ID cards and underlying database. The Guardian (link above) reported that,

The home secretary, Charles Clarke, will today guarantee that the personal details contained on the national identity card will not go beyond those currently held on passports.

while the Independent said that,

[Clarke] will offer a guarantee that the planned national identity database will hold no more personal details than contained on a passport.

In fact, schedule 1 of the Bill, which defines the information which may be held on the National Identity Register, is unaltered from the Bill at second reading, and still contains a list of fifty-odd items of personal information and retains the intrusive `audit trail'. I pointed this out in a letter to the Independent today:

Sir: Ben Russell and Nigel Morris write (18 October) that the Home Secretary ``will offer a guarantee that the planned national identity database will hold no more personal details than contained on a passport''. Charles Clarke has made no such guarantee, and the Home Office has always intended that the National Identity Register would hold much more, and much more intrusive, information than does a passport.

Specifically, under Schedule 1 of the Bill, the register will store, ``particulars of every occasion on which information contained in the individual's entry has been provided to a person''. That ``audit trail'' will record the details of every occasion on which a person presents their card to be checked; according to the Home Office, that will be whenever they consult a doctor, or visit a hospital or a public library or even go to the shops. So the register will build up a detailed picture of every card-holder's life -- vastly more than the simple personal details shown on even the planned biometric passports. And under clause 22 of the Bill, this highly confidential information can be disclosed by the Government to anyone at any time for any purpose connected with a public service.

Chris Lightfoot
Cambridge

Oddly enough none of those who spoke for the Government in the debate saw fit to mention this aspect of the scheme, though Andy Burnham did address the question of how much data the database will hold, telling the Commons that,

it is not and never has been our intention to create an elaborate database that would hold detailed personal profiles for every individual

It's important to be charitable to one's opponents but I'm at a bit of a loss as to how this claim can be defended. If the government propose to make everyone own an ID card, build up a record of every time that ID card is shown, and propose that the card be shown on numerous occasions in our everyday lives, then in what way are they not proposing to record a `detailed personal profile for every individual'?

The Government have made one amendment to the Bill, adding the clause 1(6),

But the registrable facts falling within subsection (5)(g) do not include any sensitive personal data (within the meaning of the Data Protection Act 1998 (c. 29)) or anything the disclosure of which would tend to reveal such data.

A `registrable fact falling within subsection (5)(g)' is,

information about numbers allocated to [a person registered in the National Identity Register] for identification purposes and about the documents to which they relate

-- for instance, a passport number or an NHS number.

Now, `sensitive personal data' in the Data Protection Act includes information about medical conditions, political or religious beliefs, ethnic origin, criminal convictions, sex life and so forth. So the idea of the new clause is to stop any number ``the disclosure of which would tend to reveal'' information about any of those things.

There are two possible ways this could be interpreted. The first is that if the number itself revealed the information; since such identifying numbers are typically opaque, the amendment is meaningless because such a number could never be sensitive data.

The second interpretation is that if the number can be used to look up other sensitive information, then it shouldn't be on the Register. So, because your NHS number can be used to look up your medical records (in principle) the clause would prohibit sticking your NHS number in the database. This sounds like good news but is in fact completely irrelevant because it doesn't prohibit other people from storing the National Identity Registration Number on their own databases, and so such databases could still be linked together just as easily. (You might be tempted to then apply the clause recursively to the NIR itself, arguing that the NIRN has itself become a number disclosure of which would ``tend to'' reveal sensitive information, since it could be used to look up information about you in other databases, but presumably that's not how the courts would see things.)

I get the impression that the Home Office want us to think that the clause has the latter meaning -- and possibly even intend that it does. However, Chris Pounder, who is an actual lawyer in this area disagrees, and also points out that,

By inference, this limitation automatically implies all the other items in the [list of categories of registrable facts] -- except item (g) -- can be linked to sensitive personal data.

Of course, even if the second interpretation were the right one, the amendment does not affect the power (in clause 3(5)) of the Home Secretary to add things to the list of facts that may be recorded in the database -- whether they are sensitive or not. (Thanks to a correspondent for pointing this out to me.)

If I carry on at this rate I shall run out of holiday photos, so only one today:

Copse


Copyright (c) 2005 Chris Lightfoot; available under a Creative Commons License.