Caroline Nodder, of 'The Publican':

The specific information is itself relatively innocuous – browser configuration, OS and system fonts installed – but the combination of parameters can give each installation an uncommon or unique profile, which could be used to track users.

In my case, the copy of Firefox on my work PC has a browser fingerprint entirely unique among the 864,366 tested so far by the EFF's 'Panopticlick' tool; If I use my copy of IE (yeah, as if...) one other installation amongst 864,395 browsers has the same fingerprint. And my work PC & browser are less customised than my home machine, which I'd be more likely to use for activities I wouldn't want tracked (not that I do; I'm just making the general point that a private PC would see more varied activity than one owned by one's employer).

There are some solutions, but I'm not sure how practical they'd be, as they diminish the browsing experience; they maybe worth considering if you do want to hide specific activities, though.

Then again, let's wait to see what actually happens....

I can think of several reasons why a retailer might wish to limit the extent of such an offer, but that's certainly not one of them; it's merely an excuse, exploiting and perpetuating the frustrating culture of fear. This is the sort of thing, individually trivial, which softens-up the public to accept ID cards and other genuine risks to privacy, anonymity and yes, personal safety.

[Rant over. This time...]

A 'solution' is to make the footage available to interested members of the public – i.e. self-appointed moral guardians and underemployed busybodies – allowing the unqualified to act as unpaid security guards reporting anything suspicious at their own expense: the intention is to turn curtain-twitching into a game, with prizes.

I'm certainly not going to publicise the organising company with a link but, to their credit, they stress that they're working with private-sector cameras, with no intention to expand into the public sector (street surveillance via council/police apparatus).
Do I believe them? Probably, but that's a key point: how do I know that I'm not being watched, and never will be watched, by unaccountable amateurs?

[Update 28/01/10: The 'service' is yet to be launched since, at the time of writing, the Information Commissioner's Office is investigating its legality.]

We had the confidence to walk down dark alleys I would normally avoid, occasionally dressed in ways that rather marked us as non-locals, with a perhaps-very-misplaced feeling that no-one would try anything whilst the cameras were watching.

This seems analogous to the common argument against bicycle helmets: that they instill a false sense of security and a dangerous recklessness; without the illusion of invulnerability, non-wearers (should) feel a need to take extra care.

Yet... I wouldn't want to be without my cycle helmet.

*: Yes, I looked for, and at, the cameras. So report me.

As Cory Doctorow said at BoingBoing:

The scary thing is that none of the parodies are as paranoid as the genuine ones.

As reported months ago, the UK government is obliged to discard the genetic information of anyone not found guilty of a crime: a 'just in case' DNA database of the innocent is expressly forbidden by the European Court of Human Rights. However, as expected, the UK government has failed to act on the ruling, and demands for the police to delete information about less well-known individuals have been rejected. Let's hope that this instance has an effect.

*: Understandably, commenters on the article question whether anything has really been deleted, and whether all forms of Thomas' DNA data have been destroyed.

It's not quite as bad as Phorm (what isn't?), as it's easy to opt out and stay opted out, and Google's a relatively reputable company: I'm fairly confident the opt-out will be respected.

Two criticisms, though:

• This should be implemented on an opt-in basis, never as an opt-out. Google may choose to believe that a majority of people won't object to their online activities being profiled in order to assist targeted advertising – they may even be right – but that presumption should be implemented as a button in a prominent location on the Google website which, presumably, most people would happily click. Not the alternative: profiling everyone unless they visit an obscure page deep within the Google site, seemingly only mentioned in a blog posting.
• The opt-out is straightforward and seemingly comprehensive but, as mentioned above, it's not as readily available as it could be. To save you a search: the initial opt-out is here, and a browser plugin (for Firefox & IE) which prevents the opt-out cookie being deleted is available here.

As a bonus, a way to opt-out of other US advertisers' targeted advertising is available from the Network Advertising Initiative.

I've discovered that students don't need to directly apply for bursaries at a certain higher education institution: so long as each student has already applied for government funding too, and hasn't opted out of information from that application being shared, the university will automatically receive household income data and process the bursary.
However, the other side of "don't need to directly apply" is that students can't apply directly, so those who have opted out of data sharing are disqualified from receiving £1,000 p.a..

I'm very glad I'm over a decade past being an undergrad, as I don't consider this acceptable. Well, if I understand it correctly, anyway. If the question on the government form is "do you authorise us to pass on these details to the university?" i.e. specific information to a specific organisation for a specific purpose, that's entirely fine, but I strongly suspect it's an open-ended "do you agree to your data being shared with other organisations?" – such as other government departments, the police, debt collectors, future employers, etc.

Private data is personal property, and I demand control of it. That doesn't mean I'd be willfully obstructive, of course: anyone requesting access to my data, who explains why it's required (that's 'required', not merely 'wanted'), will almost always receive it, for that specific instance (no data retention without explicit consent).
But I need to be asked.

Actually, the system is getting worse. In previous years and for Entry 2009, prospective students have to opt into data sharing, but for Entry 2010 consent is presumed unless an applicant specifically opts out. That's back-to-front, and is extremely poor practice.

But then I read the substance of his article, and found little more than platitudes timed to coincide with next Tuesday's US regime change. It's particularly offensive for one of the most senior members of the current UK Government to say:

Keep talking, David. You might accidentally say something real.

I'd love to know how the Home Secretary reconciles her rhetoric on this issue with a recent statement by her own boss, the Prime Minister, that "it's important to recognise that we can't promise that every single item of information will always be safe, because mistakes are made by human beings."

Then don't hold the data in the first place.

If – if – the government complies with its obligation, this mean the profiles of ~850,000 innocent people must be deleted from the National DNA Database.

Needless to say, the Home Secretary has already announced that the government will not comply with the ruling "while ministers consider the judgement" i.e. introduce a legislative workaround, but it'll be hard for them to ignore it outright.

*: In England, Wales & N.Ireland – in Scotland, DNA samples from those not charged or those later acquitted of alleged offences are already destroyed.

Fine, but the only rational response is to minimise the risks and consequences, by avoiding data collection unless absolutely necessary for clear, non-extendable reasons, and prevent the sharing of data beyond the immediate recipient.

By the PM's own argument, the National Identity Register (and associated ID cards) cannot proceed.

The opt-in/out for users is awkward: BT customers are required to accept responsibility on a per PC, per user, per browser basis. If the server-side opt-out isn't available yet, BT, don't launch until it is.

As I mentioned in March, before Phorm can intercept traffic from individual websites, the law requires there to be permission from each website's owner too. As The Register reports, "in its advice to Phorm and ISPs, the Home Office said it believed that publishing a website gave implicit consent". A bizarre claim, but at least requiring BT to offer an opportunity to explicitly withhold permission.
It should really be an opt-in, of course, but I'm not going to boycott the opt-out whilst waiting for others to force BT to do the right thing.

One could block all search engine bots, or publish under https, or password-protect all content, but that's dodging the issue: I'm denying permission to Phorm, not whole categories of traffic. Hence, the only genuine option offered is send an e-mail to website-exclusion@webwise.com.

Actually, don't. As a commenter on the El Reg article notes, the Home Office's opinion (not legal advice, just opinion) is more accurately stated as "there MIGHT be a case of implied consent ONLY IF there are not explicit terms denying consent".

Hence, it may be worth adding a notice to one's website, perhaps on a 'terms & conditions' page. Nicholas Bohm of Fipr has drafted the following recommended text:

Though personally, I'm happy with Street View, so long as its cars are observing from public roads.

Firstly, they say that the trial was legal because "there was no criminal intent on behalf of BT". Intent isn't a definitive test of legality. Drunk drivers don't actively intend to cause injury or death, but their knowing irresponsibility is more than enough for prosecution.

Secondly, the trial was legal because, they allege using very flawed logic, there was implied consent, "because the service was going to benefit customers". That's a very dangerous argument – it's bad enough when state agencies make impositions 'for your own good', but private companies simply cannot assume consent. It's for the individual customer to decide whether there's a potential benefit, and to decide whether that 'benefit' is worth the cost. Consent has to be explicit, not implied.

A judicial review of the police investigation is being sought. This isn't 'sour grapes', a refusal to accept the unwelcome outcome of a valid inquiry: the investigation itself plainly relied on flawed premises.
The EU's investigation of Phorm and the entire class of tracking/ad-targeting software is also proceeding; let's hope Europe-wide legislation overrides the City of London Police's inadequacy.

Excellent; they got it right, though as Tom Reynolds observes, it presumes that patients are equipped to make educated decisions about privacy/security issues.
All proposed national databases should be that way, and also require further explicit consent before information can be shared with other databases so, for example, the national census, DWP or police cannot freely access one's health records.

A slightly negative point is the rumour, also reported by Reynolds, that those electing to opt out of the NHS Database (or rather, declining to opt in) will be added to another database, a handy register of 'difficult' people.

Firstly, the DNA profile of anyone tested but not convicted of any crime should be deleted; likewise, the profile of anyone with an expired conviction should be deleted. The proposal to add everyone to the Database at birth should be abandoned. It's wrong to presume the potential criminality of the innocent and to continue to criminalise those who have 'repaid their debt to society'.

Additionally, the inquiry recommends handing control of the Database to an independent body, not the police and the Home Office, who have an obvious vested interest and, as the inquiry further notes, "cannot be trusted".

These measures begin to address my principled objection to state agencies compiling personal records at all (beyond the investigation of specific cases, for the duration of those investigations, anyway – I'm an individualist, not an anarchist). A permanent database is simply the wrong basis for a relationship between a state and its citizens: a government should never have ready access to such fundamental power over individuals.

These measures would also have the practical benefit of preventing police 'fishing expeditions': purely speculative attempts to match individuals to evidence from past crime scenes.
I obviously don't have a problem with DNA evidence being used to confirm or eliminate suspects in specific cases, but the suspicion has to come first (and be compelling enough to convince a judge that a DNA sample needs to be taken, 'cos I'm damned if I'd volunteer one), but trawling through the entire Database 'just in case' is unreasonable, not to mention less definitive than is generally perceived.

The result is an annually-updated database for government purposes and a slightly-abridged database which is sold on to private companies for commercial purposes. One can opt out of the edited register, and of course I do, but these things should always be opt-in, never opt-out, and the whole idea of the state obliging citizens to populate a spammers' address database is deeply distasteful.

The BBC reports that a 'government-commissioned review' doesn't like it either:

For more mundane reasons the Local Government Association concurs, since the hassle of having to administer two registers in return for a paltry £5 per thousand names doesn't even make financial sense. They squarely blame central government, with the implication that the 'for advertisers' database could be abolished.

So. A potential boost to the principle of privacy and a potential blow to direct marketers. A good day.

The government's central argument is that identification parameters offered by the ID cards scheme would be useful to aviation security. Fine, but two points:

• Useful, not essential. I'll accept essential measures, involving the barest minimum of personal data, but nothing that merely makes security easier to administer.
• If there is some essential functionality, why not incorporate it into the existing airport security system? The system already uses identity cards for staff, which presumably wouldn't be totally abandoned in favour of national ID cards, so why bother with two schemes at all? Other than as a spurious justification for the very existence of one scheme, of course.

As that suggests, the ridiculous plans to "install airport-style x-ray machines in every London underground and mainline rail stations across the UK were ruled out today amid fears of a passenger rebellion against journey delays.", though it was mentioned that "a handful of bag screening machines and bomb detection dogs will be placed at tube and mainline stations in London and other cities instead." These will be portable and be moved around the network.

Personally, I object to them at all, as their primary purpose seems to be to do something – anything – visible, irrespective of whether it's meaningful, whilst simultaneously normalising the idea that the state can examine private property 'for the greater good'. Existing police powers of stop & search should be adequate without this sort of invasive security theatre.

Anyway, that was yesterday. Curiously, the same Guardian journalist paraphrased precisely the same story under a different headline today, "Stations to get x-ray security", which suggests a rather different interpretation of the issue. Yesterday the message was 'unworkable security withdrawn, mostly', whereas today's has reversed emphasis: 'new security introduced, with caveats'.

So what changed overnight?

I was tempted to go elsewhere – no retailer complying with spurious governmental requests deserves my custom – but the alternative was far simpler: I paid cash and gave fake details. Unless John Coulston (manager of the Lancaster Banking Company, 1826-1866) really does enjoy EastEnders from his old office at 68 Church Street.

The UK has operated TV licensing since 1946, and the enforcement regime seems to have worked – so don't change it. No doubt it's easier for the TVLA if people meekly add themselves to the database, but as I say (too often...) the responsibility of the state is to serve its citizens, never the reverse. When that arm of the state happens to be a private-sector contractor, the demands are even less acceptable.

I comply with the law, and it's for the TVLA to prove otherwise. I'm damned if I'll do their job for them, merely for their convenience.

That's obvious, but rather extreme: it's equally obvious that there has to be a balance between law enforcement and individual liberty. As I've said too many times to hotlink (just read the blog's 'Privacy' archive), society shouldn't be organised for the convenience of government agencies. People are messy, complicated creatures whose existence is inhibited by being bubble-wrapped against every potential threat: law enforcement shouldn't be easy.

The cubicles idea is mere hyberbole, of course. I wish I could say the same about the proposal to monitor all telephone and e-mail traffic, but that's a genuine suggestion; no, more than a suggestion: according to the BBC, the Home Office has confirmed a wish to incorporate it into the draft Communications Bill later this year.

I can't help wondering whether this is a distraction, a deliberately over-the-top proposal in comparison to which another, as yet unannounced, intrusive policy will look relatively reasonable.

I'd object to this sort of action anyway, but the practicalities are truly scary: Britons and visitors will be compelled to trust government agencies and their allegedly 'rigorous' safeguards, despite a steady stream of examples proving fundamental incompetence in government data security.

Remember the 'Judge Death' storyline from 2000 AD's 'Judge Dredd' comic strip, in which a regime had decided that since all crime is committed by the living, everyone had to die? That'd work too.

AntiPhormLite is a secondary browser which continuously, automatically yet plausibly browses the web as a background process or whilst one is genuinely accessing the web, thereby generating masses of utterly spurious data. No attempt is made to block the tracker, but all it'll get is junk.

Nice thinking.

Then 'authorities', now able to enforce the consensus morality, decide what we can look at.

For our own good, of course.

For the record, if the ban does specifically apply to the four categories of extreme p*orn noted in the BBC article's sidebar, and no others, I wouldn't mind. Much like ID cards, the problem is in 'function creep' and interpretation – what will be covered by the new law, say, five years from now? How about the image accompanying the article? A pierced tongue is dangerously close to certain peoples' definition of 'mutilation'.

There are certain activities I consider repulsive, and I've never quite understood the attraction of p*rn, but my morality shouldn't restrict the right of others to engage in them (or view the results), only objective issues of participants' safety, and when that comes to consensual s&m, for example, that's difficult to regulate.

I suppose that's my key point: there may need to be some way of ensuring participants' safety in the production of p*rn, but it's absolutely no business of society if I (hypothetically) wish to view it and hence be "depraved and corrupted", as the 1959 Obscene Publications Act phrases it.

With opposition from such web dignitaries as Sir Tim Berners-Lee, a legal challenge by Fipr and revelations that Phorm has already been covertly tracking BT customers, let's hope the message gets through that this form of ad-targetting is simply, beyond negotiation, unacceptable, especially from a (ex?)spyware company.

Reminders:
Consent for Phorm (or similar trackers) to track the Ministry's visitors is explicitly withheld.
A simple technique for client-side blocking of Phorm's tracking is described here.

The wide-ranging comments thread is particularly interesting too.

There's a fine example of how 'innocuous' traffic analysis for ad-targeting could be hijacked by those with skewed morals – imagine if your access to the internet was regulated by someone who considers that "p*rn is inherently harmful" and masturbation (in private) is, by definition, shameful.
Those are the genuine opinions of a presumably well-intentioned person, not a conspiracy-theorist's nightmare of a repressive government or a shadowy corporation; they're not fictional sci-fi, but the moral grounding of someone who could stand for government or become employed by an ISP today.

Here's another Wired article by Schneier, similarly debunking a too-often-accepted fallacy: that security and privacy are mutually-exclusive opposites.

The official excuse is that it's to combat money laundering, but I have three major objections:

• Presumption of guilt. Prove I'm a money-launderer, then refuse to serve me. No proof? Then give me my Euros. As is supposed to be standard in UK law, the accuser bears the burden of proving guilt – it's not for the defendant to prove innocence.
• Who serves who? It's far easier for the government to take preemptive action against everyone than to identify criminals first, but that gets the relationship between the state and the individual back-to-front. The state exists to serve the individual; the individual's actions shouldn't be restricted for mere administrative convenience.
• Wouldn't work. If there's a serious money-laundering problem, wouldn't that involve fake identity documents as a matter of routine? Would counter staff recognise a forged driving licence?

I mentioned this issue to my colleagues a moment ago, and heard of another example. In order to become a member of Lancaster Public Library, one has to show two forms of identity – not passport or driving licence, but both – and a recent letter from one's bank. Dangerous stuff, access to information; we wouldn't want just anyone to have it.

It's not about having to obtain cards, and never was. It's about the underlying National Identity Register (NIR) – who cares about pieces of plastic if the data are readily available by computer?

Let's consider the need for those in jobs with security implications to carry National ID cards.
Firstly, 'security implications' is open to interpretation. At present it's 'air-side' airport staff and airline crew, but it wouldn't take a conceptual leap to extend that to, say, childminders.
Secondly, there may well be an argument for airport staff to undergo rigorous security checks and have to carry ID cards – so implement a standalone scheme for airport security, entirely unrelated to the National ID cards and NIR. There's absolutely no reason to link them, other than as a spurious attempt to justify the Government's plans.

The one good point is these revisions push the implementation date further and further away – hopefully we'll have a different Government by the time anything actually happens.

Incidentally, a related BBC article, published two months ago and perhaps superceded, repeats two more irrelevances:

The state should not have these data arrays. Period. Whether they're on a card, in a database or in a network of databases is utterly irrelevant.

Counterintuitively, I regard media exposure of extreme/blatent capture of private data as harmful to privacy advocates: even as the public react against the extremes, they (we) become inured to lesser, everyday intrusions, accepting them as 'not as bad as it could be'. No. The little invasions matter too, and we mustn't be dazzled by the sensational examples.
Equally, every additional news report embeds the issue a little deeper into everyday culture, rendering it a little more accepted and no longer evincing the same level of outrage: "Identity cards? That was last year's news". It's a dilemma: am I contributing to it even as I type this text?

Perhaps an even greater problem than adult complacency is that children are growing up believing that lack of privacy is the norm – it's all they've ever known so is simply the way they presume the world is.
I can't decide whether this new toy, discovered via BoingBoing, is a symptom or a further tool of erosion.
It's a toy airport-style security scanner, allowing children to role-play 'security officers and suspected terrorists', or to practice their social compliance. It's a lot like the toy stoves and ironing boards traditionally given to young girls to impose perceptions of their social roles. That mightn't be the manufacturers' conscious intent, of course, but the result is no less insidious.

To be clear: I certainly don't object on principle to hand luggage being scanned for genuinely dangerous objects, but it's something to be merely tolerated as reluctantly necessary in specific and uncommon circumstances. If people become accustomed to bags being searched elsewhere and children think security scanners are part of the furniture of adult life, it's a tiny step to acceptance of ID cards and wider powers for state agencies to monitor individuals. And as existing instances of incompetence (repeated mass data losses by state agencies) and pointless interventionism (the war on moisture) demonstrate, that isn't acceptable.

The slightly disturbing part is that Phil Booth of NO2ID, an organisation I promote each time I write about my opposition to ID cards, is prominently listed amongst the speakers. If he's to attend in a personal capacity, that's fine with me – his own political affiliations are his own business – but I really hope it's not as an official representative of NO2ID.

I can understand a wish to band supporters together for a better chance at gaining representatives into positions of influence, but there has to be a close connection, absent in this instance. There's no causal link between the issues, nor even an especial likelihood that a supporter of one will regard the other favourably.

Opposition to interference into individuals' private lives by national government isn't remotely the same issue as opposition to European central government, so the campaigns should not be actively affiliated. I'm sure many UKIP members welcome ID cards as a means of excluding foreigners, so dislike Booth's organisation, whereas people like me object to the cards³ whilst actively seeking the break-up of the UK into autonomous elements within the EU so disdain UKIP.
For much the same reason, it's important that the public don't naturally associate one with the other. "Fighting ID cards? That's a UKIP issue, isn't it? I don't like UKIP."

It reminds me of the 1991 General Election, in which, at least in my constituency, Plaid Cymru (my party of choice) affiliated itself with the Green Party, in an attempt to get a Plaid MP into Westminster who'd then have to vote according to Green policies. Hence, though I've always wanted Wales to separate from England, Plaid lost my vote – I'd never vote Green. Conversely, one of my English housemates, an environmentalist who considered Welsh nationalism irrelevant, doubted a Plaid MP really would promote Green issues, so the Greens lost his vote too.

1: And yes, I do mean England, whatever UKIP might claim.

2: The Green Party (hardly a major party) seems to have settled on Lancaster for annual conferences. I can't decide whether they're breaking with the 'seaside towns' tradition merely to be characteristically perverse, or whether they're the only party to acknowledge the need to seek higher ground (certainly not moral – I mean above rising sea levels).

3: The National Identity Register, really – never forget it's about the data, not the pieces of plastic.

One doesn't need to be a conspiracy theorist to appreciate the potential for personal harm or, at the very least, embarrassment:

And that's even without state-sector agencies having proved themselves incapable of securing citizens' personal data, so the case for abandonment has to be even clearer here in the UK....

As it happens, I travel quite a lot without fully accounting for my movements. Because that is my right, and I am perfectly entitled to be vague about where I'm going – no-one, least of all a police officer, gets to question that.

The particularly alarming aspect of this loss was that it was from a facility in Iowa.
What was private data on British citizens doing in a foreign country without the individuals' knowledge and express consent? Any foreign country, though without wishing to seem anti-American, I'm especially uncomfortable that it was the USA, whose government has a history of contriving reasons to appropriate personal data for 'security' purposes and permitting foreign nationals no legal recourse if it's misused* .
I can understand and even support a nation's right of access to data held within its sovereign boundaries (under specific and independently-regulated circumstances) – so don't put British data within the USA's jurisdiction.

I was also amused to notice that civil servants have been promoting my own argument for me:

*: I'm not saying the US Government, nor the UK's would misuse personal data, either deliberately or ineptly, but they could. I prefer not to take the risk, and after all, the data are the property of the individuals, not the state.

For some reason, I hadn't expected to be linking to Ben Goldacre commenting on ID cards, though there's no question this application of biometrics security is bad science.
Just read the article (which even cites 'Mythbusters'), especially if you believe "if-you-haven’t-done-anything-illegal-you-have-nothing-to-worry-about".

If we now know that relatively junior staff working with confidential data apparently have access to removable storage media (how basic a security flaw is that?) and entire national datasets, and can readily get CD-Rs out of their buildings, wavering public acceptance of ID cards must have just evaporated.

Kerr repeats a routine non-sequitur:

I could go on to explain, again, why the security minister's quoted flat assertion that:

According to a report which doesn't seem to be on the website yet, new UK legislation allows a number of state organisations to gain full access to journalists' contacts (I think that's phone records in particular):

• Any police force
• The National Criminal Intelligence Service
• The National Crime Squad
• The Serious Fraud Office
• Any of the intelligence services
• Any of Her Majesty's forces
• The Commissioner of Customs and Excise
• The Ministry of Defence
• The Home Office
• The Commissioners of Inland Revenue

• The Ministry of Agriculture, Fisheries and Food
• The Department of the Environment, Transport and the Regions
• The Department of Health
• The Department of Trade and Industry
• The National Assembly for Wales
• Any local authority
• The Environment Agency
• The Financial Services Authority
• The Food Standards Agency
• The Intervention Board for Agricultural Produce
• Health Authorities
• National Health Service Trusts
• The Home Office (er, again?)
• The Department of Social Security
• The Personal Investment Authority
• The Royal Pharmaceutical Society of Great Britain

Doesn't this instill a wonderfully cuddly sense of security about how an ID cards database would be used?

Last night, I watched 'Touch of Evil', the 1958 film about a well-regarded but corrupt police officer responsible for framing murder suspects, leading to numerous wrongful executions. One line jumped out at me:

Which makes it somewhat... paradoxical? hypocritical? that the Home Office seems to be obstructing individuals' ability to report incidents directly to the police.

D'you know, this could almost make one wonder whether the supposed justification for ID cards as a means of combating 'identity theft' is a mere smoke-screen, and that there's some other, unstated reason².
Imagine that.

¹ : Okay, or maybe just a different agenda....

² : Don't worry, I'm no conspiracy theorist. I'm talking about mundane administrative convenience, not sinister plots. Them too, of course....

R-i-g-h-t. That's beyond satire, really, but I might as well make a half-hearted effort: the slave trade was a 'great British institution' once. Aspirational stuff, eh?

The BBC goes on to inadvertently highlight one of the key issues:

I can't stress this enough: never mind bogus claims about terrorists and criminals, the groups from which I wish to withhold personal information are, quite specifically, government agencies.

This is precisely the sort of government access abuse to which I object. The state has no right to this private, personal information, under any circumstances; mass-murder is no exception.

[Via BoingBoing, where commenters suggest it'd be an unconstitutional invasion of privacy. No; really?]

One is supposed to have a 'defective' passport replaced.

[Via BoingBoing.]

Consider this naïve little diatribe from Polly (that has to be short for Pollyanna) Toynbee, who plainly occupies a fantasy world where technology and administrative organisations function flawlessly, government is invariably benevolent (and always will be) and anyone who thinks otherwise is a delusional conspiracy freak. Scary stuff.

Whatever you do, read the comments, not just the article.

That's from the Guardian. If it's an accurate quote, the Prime Minister seems to be saying privacy and individual rights are inherently outmoded, and that they are to be overtly denied. Utter rubbish, of course.

As El Reg reports, Mr Hustinx went on to say that pre-existing laws are already adequate: "Current legislation does allow, for instance, law enforcement to check suspicious phone numbers found in a computer."

I agree. Maybe governments are under pressure to be seen to be 'doing something'. Maybe they're maliciously exploiting a political climate to impose a police state. Personally, I think that's over-dramatic and the truth is more mundane: governments wish to extend and integrate data on individuals for mere bureaucratic convenience, though I resist anything which could conceivably be used by the collective against individuals in future, unforeseen circumstances.
Whatever; I don't regard additional invasion of privacy to be acceptable, nor even necessary, irrespective of provocation.

A key test of any new measures must be this: is current legislation truly inadequate? If the proposed legislation was not enacted, would that prevent essential actions being fulfilled?
That's 'prevent', not 'hinder' – 'hinder' is good. Government powers shouldn't be too easy to apply, to discourage all but the most essential uses.

That was an initiative championed by the disgraced former Home Secretary, Charles Clarke. If, as it seems, the Government is prepared to (justifiably) treat him as a scapegoat and excuse to abandon unpopular legislation, how about his apparently unworkable ID cards scheme?

Scarily, though unsurprisingly, ministers are beginning to reveal the expected hidden agenda: that all information will be interlinked for the state's mere convenience, and presence on the National Identity Register (with or without ID cards; they're of limited relevance) will be compulsory for access to public services.

Phil Booth, national coordinator of No2ID compares personal identity to the Titanic:

Yet on the other side, the Government's own Information Commissioner is horrified by the commercial trade in private data. In one instance, a researcher was being paid £120,000 per month to trace people for finance companies and local councils. If anyone took legal action, the statutory fine in a magistrates' court would be up to £5,000. Still think the state will adequately protect your personal details?

Okay, the ID Cards Bill contains stronger penalties for improper access, but still, the best defence is to abandon the idea of a centralised database altogether.

[Update 11:20: The Guardian reports that animal rights terrorists, sentenced yesterday (12 years each – it's a start) for crimes culminating the 'kidnapping' of a corpse, obtained key information on their victims from a member of staff at the DVLA.]

The NO2ID campaign group are asking that those considering early renewal do so during May, specifically to coordinate the impact on Passport Offices and make some sort of collective statement. I don't do collectivism (and my current passport has another 8½ years to run), but others might wish to participate.

Remember, once you're on the Register, you're on for life, and are liable to keep the Government's records about you up-to-date. That includes being liable for their errors.

The Lords' main objection was that cards were being linked to passport applications/renewals, and hence made compulsory in all but Charles Clarke's dream world. The apparent concession is that compulsory possession of a card has now been postponed from 2008 to 2010*. That's after the next General Election, and if elected the Conservatives are likely to repeal the legislation outright.
Who'd have thought I'd be hoping for a Tory government?

However, as with many aspects of this scheme, the headline statement is of limited relevance beyond being a misleading sales slogan. The cards themselves won't be compulsory until 2010, but anyone renewing a passport before then will be added to the national ID database, which is the real issue. The cards don't matter if the information is available by other means.

I suppose those for whom this really matters could renew their passports immediately, and hence avoid ID registration until 2016 (standard UK passports are valid for a decade). I wonder how the government plans to capture their data.

Two quick points from the BBC article:

*: Technically, making ID cards compulsory would require further legislation, but 2010 is the most likely date for that, and I'm convinced the government will attempt to slide that one through Parliament as a fait accompli.

Tradition dictates that Peers aren't supposed to block legislation specified in the governing party's election manifesto, supposedly because the nation voted for the government on the basis of that proposed legislation, so the nation has already approved it. That's flawed majoritarian logic, of course, and even if it was accurate in principle, the specific details need to be scrutinised and debated.

Accepting (for a moment) the legitimacy of the government's claim, opponents of the ID cards database point out that it wasn't a manifesto pledge – the election promise was that ID cards would be voluntary, whereas the aspect the Lords are rejecting is that anyone applying for a passport will have to obtain an ID card too, and be entered on the national register (which is far more important than the bits of plastic). It's compulsion by stealth.

The Home Secretary has a simple response, which is so jaw-droppingly disingenuous that I can no longer take him seriously. Reported in the Guardian, Charles Clarke said:

Voluntary means that one can opt-in to gain an alleged benefit, but that there's no material negative impact ('cost') of remaining outside the scheme. In other words, if the pre-existing situation is the baseline, opting-in could raise quality of life, but opting-out wouldn't put quality of life below the current baseline.
When one is obliged to opt-in or accept a major curtailment of one's lifestyle, that's compulsion.

Hence, BitTorrent impedes monitoring of public internet traffic (by which I mean private communications and personal data) by government 'security' agencies. They won't be able to routinely check everything, though if they have reason to focus on something in particular, they're at no greater disadvantage than now.

Sounds excellent to me.

A vulnerability is that anyone can view his/her own travel history via a ticket machine or web browser; anyone logging into the system as the cardholder (such as a spouse, never mind hackers) will therefore have access too. El Reg makes a good point about this facility:

'Government Connect' is a scheme to link computer systems in local and central government, with the stated intention of faciliating 'citizen-centric e-government' (whatever that really means: probably more like 'government-centric e-citizens'). The plan is for councils to write to citizens already on existing local systems, offering them the opportunity of creating a 'single sign-on to government', i.e. one could "go online to do official chores without needing to know which arm of the state carries them out". No thanks.

This first phase will be voluntary, and will only involve the same level of ID verification as one would need to obtain a library card. However, there's a stated intention to bring medical records and similar truly private information into the system in a later phase, which would involve – surprise, surprise – the Home Office ID cards database.
I can't avoid a suspicion that if the 'overt' ID cards register becomes crippled by public opposition and Parliamentary amendments, that scheme's proponents will try to sneak in the functionality they really want under the cover of seemingly tangential schemes.

This whole programme raises a fascinating question. If a primary selling-point of the ID cards database is that it would be a single sign-on for government systems, why have local authorities decided to also develop Government Connect?
Or rather, if people are given the opportunity to sign up to GC (or not, if they choose), what's the point of ID cards?

[Update 23/02/06: Interesting. The final three paragraphs of this entry have appeared on today's Guardian 'Technology' letters page.]

Obviously, the reader is intended to unquestioningly absorb the implication that ID cards would eliminate identity fraud and hence save the nation money. Yet there's no evidence that ID cards will tackle ID fraud in a way that better use of existing, less intrusive measures wouldn't – the reverse, in fact.

By precisely the same logical approach:
Statement 1: Violent crime is increasing in the UK.
Statement 2: An automatic rifle costs less than a police officer's annual salary.
Implication: The general public should be armed.

Statement 1: People get sore feet.
Statement 2: Kittens are fluffy.
Implication: Shoe manufacturers need to contact illicit furriers.

**** the convenience for the police – this is wrong. I can appreciate that detection of crime is difficult. Tough. Freedom is always more important, even if that makes life difficult for the police. I believe that apart from in political contexts, the UK police generally do well already, and consequently their powers and resources should not be extended.
The state exists to serve the people, never the reverse. It is my fundamental belief that the state should not have detailed knowledge of individual citizens. To say this is going too far is like saying the Atlantic Ocean is a bit damp. I was going to make a flippant comment such as "what's next? Subcutaneous GPS implants?", but suddenly that's not so inconceivable a leap.

Let's be clear: this isn't surveillance of convicted criminals, nor even of previously-identified criminal suspects (and whose standards define 'suspicious'?), but everyone. Millions of people, law-abiding or otherwise, will soon be routinely monitored, with logs of our movements stored in a central database for years.

The article focuses on reduction of car crime, but it would be all too easy to target legal but 'inconvenient' dissenters. What are the chances of a car logged as having been in the vicinity of one protest event being turned away by police on the way to another protest? The Independent happens to mention, without elaboration or comment, the fascinating claim that MI5 (the UK's domestic intelligence service – some might over-dramatically call MI5 'the secret police') will also use the database for purposes that even a Chief Constable (regional police chief) doesn't know about.

The European Parliament challenged the legimacy of giving data on EU citizens to a foreign government, and in his advice to the European Court of Justice, Philippe Leger, the advocate-general (whose legal opinions are accepted in 80% of instances), has agreed. His recommendation is that the agreement be annulled immediately.

I strongly object to disparate personal records being combined. The Passport Agency shouldn't have access to my medical records. The Police shouldn't have access to my tax record. Each branch of government should only have access to the minimum of personal information, strictly limited to its own, quite distinct, subject area.
This is quite apart from what I consider to be abuses of the system:

However, if the data are properly anonymised, I think increased integration would be a great idea, which could indeed target public services better and improve policy-making. Planners need information, and the better the information, the better the plans.

For me, the absolutely critical point is the anonymising – if there'd be any way to backtrack data to an individual (not 'only with a court order'; that's not good enough: I want it to be impossible), I'm totally opposed to the proposal.

The key points are:

• The ID card database will contain no more personal information than is already held on passports: name, date & place of birth, gender, address, nationality and immigration status.
• Additional personal details, such as health or criminal records cannot be added at a later date without fresh primary legislation.
  That doesn't eliminate function creep (primary legislation might be slipped through fairly easily), but it prevents it happening 'casually', or by default.
• Furthermore, the register cannot include identifying numbers linking cards to different databases of personal details. For example, the card cannot include a personal code for the police national computer or an NHS number which might enable a cross-check to be made with medical records.
  Intuitively, that seems to be of limited relevance – there doesn't seem to be any mechanism to prevent passport/ID card numbers themselves being linked to police or health records.
• Individuals will have access to their entries in the ID database and the record of which organisations have used them.
  That sounds like standard Data Protection practice, not a new selling point.

Of course, the extremely obvious question is that if the ID card database will hold no more information that already on a passport, why not abandon ID cards altogether and stick with passports alone? What's the point of the ID card register?
So far as I can see, either too much political capital has been invested, and the government can't face the embarrassment of abandoning the scheme (please do – I'd have more respect for a climbdown than stubbornness), or there's more to the register than the public is being told.

The average (presumably urban) Briton will be detected by 300 cameras each day, 'creating a pervading sense of paranoia', as Morgan over-emotes.

Traveling back from the airport a couple of days ago, an announcement reminded me that all passengers of a train are under constant survellance from the moment they enter a station until the moment they leave the station at their destination; indeed, before and after those points too, as police cameras also monitor the roads leading to the stations.
The US Department of Homeland Security is often criticised for putting collective 'safety' ahead of personal liberty, but the UK's intensity of surveillance wouldn't be legal in the USA.

Interesting tidbit casually mentioned in the story: it will be necessary to undergo biometric identification when applying for a job.

The closing paragraph:

My one criticism of his statement is that he said:

If that's the intended route, why not give everyone a NHS PIN, entirely independent of the National Identity Register? Going through the NIR doesn't seem to add anything to this specific type of transaction, other than manufacture an excuse to have a NIR.

The Register explains that companies may be charged for Criminal Records Bureau (and hence National Identity Register) checks on prospective employees, providing a fairly small but consistent revenue stream contributing to the costs of the national ID database. One could make the obvious observation that the income could be increased by expanding the range of employers required to make criminal record checks, but that's speculative.
Likewise with driving licences: it's suggested that use of ID card details may streamline applications – but there'd be a NIR transaction charge for doing so.

That's the underlying point: the database may partly fund itself through transaction charges each time an organisation needs to access someone's details, thereby reducing the up-front cost of each card – the 'soundbite' figure which the government needs to massage.
Yet that transaction charge will either be passed on to individuals directly, or borne by agencies such as the DVLA, themselves funded by public money i.e. taxpayers will be paying anyway.

Consider that carefully: the DVLA, a government agency funded from taxes and licence application fees, would be paying the NIR, another government agency; effectively, an inter-departmental budget transfer. In real terms, how does that differ from the public paying the NIR directly, through taxes and application fees, and how does paying at the point of applying for a driving licence differ from paying at the point of applying for an ID card?
Apart from 'coincidentally' making the ID card look cheaper initially, of course.

Read the article; there's no point in my merely paraphrasing it. I'll just say that he identifies my main concerns: not cost, but invasion of citizens' right of privacy from government, function creep (and increase in the number of parameters recorded) and availability of information to unaccountable organisations (other than the government itself, I mean).

Mr. Thomas's final point is fundamental, and worth repeating. If we were to accept there is any justifiable purpose to ID Cards (I don't, but just for the sake of argument):

It looks hideously complicated to implement and administer, even if no-one attempted to evade it (improbable!). I'd anticipate major teething problems, massive overspend, and then potential abandonment of the whole scheme. Cynical, or merely accustomed to government practice?

The fee would vary according to congestion, so that rural driving could cost as little as £0.02 per mile, rising to £1.43 per mile on the busiest roads (e.g. the M25 around London). Hence, it wouldn't be possible to merely measure the number of times a vehicle's wheels rotate (i.e. absolute distance), it would be necessary to also know where the vehicle has been.
If this could be stored within the vehicle itself and only transmitted to another body (e.g. the tax authority) with the knowledge and express permission of the driver, perhaps in tax bill disputes, I wouldn't particularly object, but if any external body (such as the police) could gain access to these records without the consent of the driver, and records were kept for more than a couple of weeks, I'd regard that as invasion of privacy, public surveillance, and unacceptable. It'd also be far too easy, and tempting, for a person's travel history to be linked to his/her entry on the national ID database.

The aspect that particularly confuses me is that we already have a usage-based, indirectly 'per mile' tax system, which also takes into account the relative fuel efficiency of vehicles. It's called fuel tax. I don't think it's broken, so why replace it?

El Reg proceeds to 'quote' the UKPS:

I'm extremely unhappy about the UK government having access to my personal details, but that some foreign regime might gain access too is far beyond unacceptable.

One of the most fundamental aspects of my world view is that the purpose of the state is to facilitate the lives of individual citizens, but never vice versa. Citizens do not exist to serve the state, and our rights should not be constrained for the convenience of the state. I'm sure it would be useful for government agencies (and private companies) to know who I am, where I live, who I know, where I go, how I travel, what I buy, etc. but that doesn't mean they should. So, no identity cards, no sharing of data between government departments, no national fingerprint or DNA database.

This philosophy is now expressed by the 'Individual-I', a public-domain icon which stands for:

• Freedom from surveillance
• Personal privacy
• Anonymity
• Equal protection
• Due process
• Freedom to read, write, think, speak, associate, and travel
• The right to make one's own choices about sex, reproduction, marriage, and death
• The right to dissent

In a generally one-sided (pro-card) article, the Guardian mentions that the existing network of 'chip-and-PIN' credit/debit card readers could be upgraded to become ID card readers in future. Why? If I want to buy a bag of potatoes, the shopkeeper shouldn't even have the opportunity to access my personal details. Even if that isn't the intent, it's an opportunity for the unscrupulous and tech-literate to increase ID theft.

Secondly, the same article grossly understates the nature of the data to be stored:

The lack of public understanding of this point is worrying. It seems a proportion of the population would be happy to hold an ID card which merely proves their identities (perhaps name, address, and some means of proving that the holder is who he/she claims to be). I'd object to that too, but just for the sake of argument, I'll acknowledge that an ID card of that type would be acceptable to a majority. However, whatever Government soundbites and partial mass-media 'news' reports say, that's not what's on offer. Please don't be deceived!

Oh, and the article repeats that fallacy about ID theft costing the UK £1.3 billion p.a., not quite juxtaposed with an estimate that card implementation will cost up to £3.1bn over 10 years plus £584 million every year in running costs.

And anyway, what about online, phone or postal identity fraud?

From 2006, new adult applicants for UK passports will no longer be able to apply by post. Instead, each will have to attend a personal interview at a passport office (the current network of seven is being expanded by an order of magnitude) where he/she will also be fingerprinted. This will affect 600,000 people per year initially, but will soon be extended to those renewing passports; that's 5 million p.a.

Hence, a national fingerprints database will rapidly accumulate, to which it has been confirmed the police (and who else?) will have routine access, comparing fingerprints found at the scene of a crime against the new database without further, specific authority.

£415m is being invested in the passport service to introduce these new 'biometric passports' – which (coincidentally, of course) will make the implementation of ID cards themselves look cheaper.

[Update 25/06/05: Yep. The Prime Minister has said that "70% of the cost (of card implementation) would be spent on new biometric passports whether or not ID cards were introduced." Translation: 'we're spending the money anyway, so we might as well slip the cards in too'. That's not a reason for cards, it's an argument against including fingerprinting in the passport application process at all i.e. don't spend the money!]

This is all merely proposed, right? Objections can be raised before implementation, right?
Wrong. It has already happened. It seems that due to the intricacies of the UK system, passports are issued under the royal prerogative rather than legislation. Proper debate and Parliamentary assent are not required.

A few months ago, I prematurely gloated that the ID Cards Bill seemed to have been quietly abandoned. Unfortunately not.
The 'revalidated' (yeah, right) Government has restored the Bill to the Parliamentary schedule, with the intention of getting it through a second reading within the next fortnight. Quite apart from probably leaving insufficient time for a protest campaign, it takes advantage of post-election instability in the Opposition parties. In short: it's to be forced through before there can be proper debate.

Let's hope the Government's reduced majority makes a difference, at least in forcing some concessions aimed at convincing waivering MPs, but I'm not optimistic.

Several earlier postings on this issue.

Recently, Lancashire County Council decided to close Greaves Park nursery school (kindergarten) in Lancaster, but protests from parents obliged the Council to think again. Having taken those views into account alongside other considerations, such as cost and the absolute necessity of there being a nursery school in that location (perfectly adequate coverage apparently exists elsewhere), the Council confirmed the existing decision.
Last week the local paper, The Citizen, reported that parents had launched a petition against the decision, and already had 350 signatures. And? The parents had been heard, and their objections deemed insufficient to counterbalance the other factors. So far as I see, the matter's closed. The Council had to listen, and did, but it didn't have to agree. The Council already knew the decision would be unpopular with some in the local area, so why does the precise number of objectors matter? A vocal minority (and let's face it, 350 from the area's entire population is a pitiful number) can't just keep making further representations until they 'win' an outcome they like; that's collective petulance, or genteel mob rule.

Incidentally, please don't mistake this as support for the Council's decision. I'm commenting on the decision-making process, not the issue itself.

Even if the very concept wasn't outdated, I distrust the accuracy of petitions anyway.

• Firstly, they can be faked (padded with false identities) too easily.
• Secondly, assuming all names are genuine, petitions can be padded with irrelevant contributions. I wonder how many of those 350 actually live in the affected area, or even have children.
• Thirdly, peer pressure could add the signatures of several people who mightn't otherwise choose to contribute. Had this been a secret ballot, I don't believe all 350 would have voted.

I wonder whether public bodies are obliged to observe any specific protocol about petitions, such a logging their receipt or formally adding them to the documentation of a decision-making process. Personally, If I was a civil servant receiving a petition, I'd politely thank the person making the submission, then dispose of it unopened.

Would you want potential employers to read a purely speculative suggestion that you might have a criminal record, or to be recorded as resident of a house an ex-partner purchased well after the relationship ended? Would you like to be identified on the records of neighbours, and hence be potenially associated with their activities, whatever they might be?

Would you appreciate having no right of reply and no opportunity to correct errors?

One item which has therefore emerged is that a Labour government has considered introducing identity cards before, following terrorist incidents in 1974 - and rejected the plans as 'extremely expensive and largely ineffective'. In a confidential cabinet memo, then- Home Secretary Roy Jenkins said:

The Bill doesn't even specify the parameters to be available on each card's chip, but does itemise over fifty categories (not items - each category could contain multiple parameters) of information required for the register.
These obviously include name, address, photo, National Insurance number, and similar identifying characteristics, but also factors the Government has no obvious right to know (e.g. the serial numbers of identifying documents issued by other nations) and wildly open-ended categories which could be interpreted far too loosely: "Information recorded in the Register on request" and " The number of any designated document which is held by the applicant that is a document the number of which does not fall within any of the preceding sub-paragraphs" - of course, any document could be 'designated' at a later date.
There's a full list at NO2ID.

I'd urge all visitors from the UK to read through that website - whatever you do, don't rely on the mass-media for a full account of the issues.

One other point: in April, then Education Secretary Charles Clarke, rejecting the idea that ID cards could be used to deny free education to the children of illegal immigrants, said outright that:

I don't even agree with his assertion. Census data are collected by the completion of one form per household, once per decade; a snapshot of the population. Identity card data would be collected for each individual, who would need to keep the government informed of any changes (or face a £1,000 fine).
It's also worrying that the Home Secretary is conceptually linking these issues. The census collects a lot more, varied information, about many aspects of one's life, than the barest minimum required to prove one's identity - what exactly will be stored in the ID database?

The Prime Minister is quoted twice:

The Home Secretary makes that same point about the ID card enabling people to produce their own identification:

So it's not going to be compulsory to carry the card, but:

I won't rant, honest. However, one rhetorical question: how does US law even permit this? The principle of 'innocent until proven guilty' is fundamental. If law enforcement agencies have a concrete, provable reason to track a specific individual, that's one thing, but contemptuously treating every visitor as a potential criminal, systematically recording personal details 'just in case', can only be adopting the diametrically opposite principle: 'presumed guilty until proven innocent'.

Speaking of presumption, I presume US visitors to the UK will be treated identically. No? Why not?

And no, this posting is not anti-American. I'd object to any regime attempting to make foreigners jump through hoops and show undeserved deference, as if it's a privilege to visit rather than a commercial benefit to the host nation.

It seems I, and others opposed to ID cards, have possibly been missing the point: it's not having to carry the card that's the problem, but being on the database in the first place. There will be no legal requirement (initially) to carry an ID card. Any claim that that's some sort of concession or compromise is evidently bogus, as the card itself isn't needed.

The full article considers other aspects of the scheme, even if it does portray some of them as beneficial.

Bottom line: I want the state to know the absolute minimum about me, and I don't want branches of government to correlate their knowledge with that of other branches. If 'the authorities' wish to know something about me, they should have to ask, on each individual occasion, and I should be able to withhold the information.

Real bottom line: the state should exist to serve the individual, not the reverse.