Drew's Blog. The dots in .co.uk

Drew Wagar's Weblog.

« Found my car on... | Main | Office Shenanigans..... »

Thursday April 06, 2006

So it's a voluntary ID Card then...

Fascinating to see that the ID Card has finally made it onto the statute books...

More interesting is the government's definition of the word 'Voluntary'. If you were reading this story you wouldn't believe it, truth really is stranger than fiction.

I don't have to have an ID Card though, which is nice, however, if I plan to holiday overseas I'll be signed up for one anyway. Right.

In analysis, then, unless you are a conscientious objector, your info is going on the NIR, regardless. I can't see many of the great British public choosing not to renew their passports. (ID Card brings down Ryanair ;-)

Of course, you could renew your passport before 2008, when the NIR is supposed to be switched on. But they've thought of that. ;-) So, if it's going to happen, what do we have to be concerned about? Are ID Cards really that bad?

Well, IMHO, the card is a bit of a red herring. It's the NIR that's the issue, the so called 'Central Database'. Most of the scare mongering around this has been the idea that there will be a 'Central Database' with all of your info in it. Most people are talking about this as if somebody is going to set up one big database (choose your favourite - SQL Server, Oracle, Sybase, etc) on a huge big machine somewhere. This is kind of easy to imagine and get your head around, and it's described as such in the bill, but it's not going to be a technical reality. The 'central' database invisioned in this bill is really going to be a huge collection of separate databases, interlinked in various ways by keys, encryption, hashing and joins. There isn't going to be a www.bigcentraldatabase.gov.uk for the hackers to hit.

Of course, that's not to say that the 'central' database won't be a target, it will. What the next step is is what does the information architecture for what needs to be stored look like? Is it virtualised, how are different systems cross referenced, what divisions of data, management and storage need to be designed? How will information be compartmentalised? Questions, questions.

It might also be handy if somebody could explain exactly what this information will be used for, and how it might benefit Joe Bloggs who is going to asked to stump up £80 or so for it, when a passport or driving licence happily identified most of us quite nicely. This assumes that the ID Card won't be helping with online authentication. As I write this PKIs are not in scope for the card; but this is subject to change without notice... ;-)

It's kinda of inevitable that this system is going to happen now, (though whether it stays once it's implemented is up for debate though), but the design of the NIR is the next big thing. I want to be pretty much convinced the NIR design is a good one, otherwise I'll just have to be 'a fool' as Mr. Clarke would tactfully put it...

( Apr 06 2006, 01:04:18 PM BST / Apr 06 2006, 12:54:58 PM BST ) Permalink Comments [1]
Trackback: http://blogs.sun.com/Drew/entry/so_it_s_a_voluntary

Comments:

Sorry to disappoint you, but there's no conscientious objection clause either... If all else fails the Home Secretary can enter any information about you he happens to have to hand. s2(4) of the Act reads:

An entry for an individual may be made in the Register (whether or not he has applied to be, or is entitled to be, entered in it) if— (a) information capable of being recorded in an entry for him is otherwise available to be recorded; and (b) the Secretary of State considers that the addition of the entry to the Register would be consistent with the statutory purposes.

It is astonishing how many people have missed this.

Posted by Guy Herbert on April 07, 2006 at 08:54 AM BST #