At the Intellect conference on Identity & Information in London today, Edgar Whitely from the LSE gave a terrific presentation. He was pointing out that the principle of data minimisation in identity systems is important, but he did it in a particularly arresting way.
Here's what he did.
As you can see in the picture, for reasons that will be not fully explained in a moment, the UK ID card has the holder's full name, date of birth and place of birth on it. These three data points are sufficient to uniquely identify the overwhelming majority of the population. So Edgar went to the Identity & Passport Service birth certificate ordering service and put in the details from the Home Secretary's card. He then paid his £10 and… with a suitably theatrical flourish, Edgar produced the copy of the Home Secretary's birth certificate that he had been sent in the post. Note that Edgar hadn't done anything wrong. As James Hall, the head of IPS who was on the same panel, pointed out, in the UK anyone can order a copy of anyone's birth certificate. He said that if you are a celebrity then hundreds of people will order copies of your birth certificate every year, which had never occurred to me. I'm sure James is right, but it does seem a little odd that people who want to commit identity theft will simply have to look at their mark's ID card to get started.
Edgar hadn't used the birth certificate to open a bank account or get a driving licence or anything, he was just making the point that if we don't adopt the right principles (eg, data minimisation) for identity systems, then we run the risk of making identity theft worse. It was a great presentation and a super stunt. Well done.
Anyone familiar with my deranged rantings about psychic ID (ie, virtually nobody) will be familiar with the general point: a characteristic of a 21st-century ID scheme is that it should only give up information necessary to enable a transactions, nothing more or less. So, if you are authorised to ask my ID card whether I am over 18 or not, that's all it should tell you. Not my name, not my address, not my age or date of birth. Just whether I am over 18 or not and that's it.
The current ID card scheme does not have this key characteristic, not for any functional reason but because the ID card and passport were jumbled up for a political purpose — the purpose being, as far as I know, to make it harder for an incoming administration to scrap the scheme — that constrains the design and implementation. Since the government wants the ID card to be used as a travel document within in the EU, it has to have certain human-readable information on it. That's why it gives away the key data points that make it tempting for criminals to kick-start their identity theft antics.
Actually, since there are no readers, criminals won't bother doing this. They will just make bogus ID cards. I firmly predict a booming market in fake ID cards just as soon as the real ones hit the streets. Oh, wait…
The fake cards ranged from provisional and regular driving licences to UK, German and other European ID cards, and contained holograms and chips.[From Cheshire couple jailed for selling fake ID cards – Chester Chronicle]
This means that people were manufacturing fake UK ID cards even before the real UK ID cards were actually issued. You can see the criminal logic behind this: people are vaguely aware of ID cards, but don't know what they look like, so if you're 20 and you want to get into an over-21 nightclub, a fake ID card is an obvious purchase. How much will people pay for them?
Well, here's a useful data point, which comes from the terrific scandal surrounding Baroness Scotland, Britain's Attorney General, who was discovered to have been employing an illegal immigrant.
Ms Tapui revealed that the out-of-date forged visa stamp in her passport was acquired by a Russian acquaintance for a £180 fee. She obtained the stamp after twice being refused a visa by the Home Office, which nonetheless took no action to deport her.[From I didn't show Baroness Scotland any passport, says housekeeper in sensational new allegations | Mail Online]
So for spreadsheet purposes, we can assume that a bent ID card that has "permission to work" or whatever written on the back is worth a couple of hundred quid. As long as employer makes a photocopy of it, they are in the clear, so everyone is happy.
There has to be a better way. For a start, the ID card has a contactless interface, so it would be trivial to write an application for phones with an NFC interface (eg, Nokia 6212s) that would read the card, go online to the (currently non-existent) web interface to IPS, check that the card is valid, and then display the relevant details from the chip on the phone screen. Since all employers, and all bouncers, need to have a mobile phone anyway, they might as well get one with an IPS application on it that validates cards.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]