What kind of meltdown might require the government to break the glass? Well, just for amusement purposes (since it could never happen, because the Home Security said that the ID card system will use "military" security) let's suppose that a disgruntled member of staff steals the entire biographical database. Let's say a fifty million individual records (5 x 10^7). Each individual record comprises 50 data items — actually in the UK Identity Cards Bill it was slightly more than 50 — so that's 5 x 10^1. Let's say each data item is 1KB. They're not, but whatever. So now we have a database of 5 x 5 x 10 x 10^7 or 25 x 10^8 or a couple of terabytes. That's it, a couple of a terabytes. I can buy a 2TB USB hard drive on Amazon right now for a couple of hundred quid and by the time the database is up and running, it will be fifty quid. So I can store the entire database for next to nothing, chuck it in my car and zoom off with it.
When they come in in the morning and notice it missing, there needs to be a big red button on the wall that they can smash the glass and press. Ah, you might say, it seems unlikely that a vetted civil servant will deliberately and flagrantly break the data protection act or whatever. Well I imagine that's what they thought in Chile, before a civil servant started publishing their national identity register on the Internet. We shouldn't let this kind of thing stop us from building a better identity infrastructure, but we should use it to help us build a better one, by which I mean one that depends on open peer review for its security.
I've always said that I'm in favour of building a national identity infrastructure. I don't want my goal to be derailed by some crazy "China Syndrome" panic. Remember that? When the famous Jack Nicholson and Jane Fonda film "The China Syndrome" came out, it was going to be just another thriller. But 12 days later came the accident at Three Mile Island. No-one died at Three Mile Island, but the combination of the fictitious events in the film and the real events at Three Mile Island somehow combined to form a mythic catastrophe. I don't want the same thing to happen with ID. Oddly, I was thinking about the TMI analogy because of this chap's aversion to Oyster cards…
I could be one of the last of a dying breed. No, not a cynical old hack – there is still a steady trickle joining the ranks. But one of the very few Londoners left who does not have an Oyster card for navigating around the capital's public transport system.[From Nigel Willmott: Our movements are tracked enough already. For me, 'touching in and out' of tube stations is a step too far | Comment is free | guardian.co.uk]
Now, as far as I know, Oyster cards are actually a rather good example of how privacy should work at the consumer level. Customers have a choice as to whether they have an anonymous card or not and even if they do have a personalised card the data is anonymised after a few weeks. Thus, if there's a crime or a terrorist bomb or something, then the police can obtain a list of all the people who came through the barriers. But they can't trawl back through last years records, which seems to me to be a reasonable compromise. But the newspaper reporting of the "MiFare crack", paranoia about ID schemes and people being tracked and traced, and a general mistrust of "RFID" technology is coming together to mix fact and fiction. There may be a TMI event just around the corner: a big event — no-one get hurt — gets conflated with fiction in the minds of the public and then it's very hard to put the meme back in the box and the public's mind is set against ALL schemes. This isn't good at all.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]