Illegal Immigration Crime Terrorism Discrimination Europe Biometrics

How will the National Identity Card (NIC) and biometric passport work?

What information is stored about me on the National Identity Register (NIR)?

Who can access information about me on the National Identity Register (NIR)?

What happens when I lose my identity card or it is stolen?

ID card technology: Smart card vs dumb card

ID card technology: When is a smart card a dumb card?

ID card technology: Thin vs. thick card

How will the national identity card (NIC) and biometric passport work?                                The identity card scheme consists of three parts:

• National Identity Card (NIC) – the card you carry with you and must produce when ordered.
• Biometric passport (e-passport) – new EU passport being used to introduce the NIC
• National Identity Register (NIR) – the U.K. database holding information about you which is shared with the EU.

The identity card and biometric passport can come in two forms:

• ‘Smart’ card – with biometrics and data about you stored on both the ID card/passport and database. Expensive.
• ‘Dumb’ card – limited or no biometrics, data about you is only stored on the database. Cheaper than smart card.

The government wants to introduce an identity card, biometric passport, identity register, and smart card technology.

For the smart card technology to work, it must be backed up by fingerprint and eye-scanners in banks, shops, estate agents, hotels, and public services such as hospitals. To check your identity they in turn must have 24hr access to the National Identity Register (NIR). Every time the card is used, information about when, where, and how it was used is stored on the database in the form of an audit log.
 
The identity card is totally dependent on the biometrics and information on the computer chip and database. Your face, fingers and eyes are the original biometric and these are matched to the finger and eye-scans on the card and Identity Register. At the bank or when using your credit card in shops, you place your face and hands against scanning equipment and this tries to match your eyes and finger-prints to the biometric on the ID card and NIR.  If it is successful you can continue with your transaction. The card will also contain a PIN number for verification or for use over the internet and telephone, and an electronic ‘licence’ or ‘certificate’ that is supplied by the company controlling the ID card and Identity Register.

The facial biometric will be used to monitor your movements in public using CCTV camers which are capable of identifying an individual by recording the facial pattern. Implementation of these cameras began in 2006.

The biometric passport uses the same technology and stores the same information on the NIR. In reality, there is no need for an ID card as the biometric passport fulfills all the requirements for proof of identity, the NIR, and public surveillance by facial recognition. However, unlike the identity card, information from the biometric passport will be shared with the EU (via the SIS II database), allowing for European wide surveillance of British Citizens.

What information is stored about me on the national identity register (NIR)?                       The National Identity Register (NIR) is the database that holds the information about you. It will be run by a private company for the government in return for payment. The database will be the first, and the biggest of its kind.


The Identity Register will be available to a range of organisations involved in taxation and security. It will also be available to the EU as part of EU plans to introduce a Euro-ID and build a European policing, security, and legal system.

Each time you use the card certain information will be read and checked on the Identity Register. Details of when, where, and how your identity was checked will be recorded on an ‘audit log’.  The audit log is very controversial and many people object to it. This is because it keeps a record of your movements, social activities and financial transactions.

Shops and banks want to use the ID card to prevent misuse of credit cards. So every time you use your credit card you will be asked for your ID card to prove who you are. When you make purchases over the internet, this will be logged. When you join a sports club, video store, or stay in a hotel, your identity will be checked and this information logged. Every time you use the ID card information is written to the audit log. So very soon the Identity Register has a record of what you do and where you go from day to day.

The audit log can then be analysed to see what you are using it for. So for example, if you use social or health services a lot this will show up on the audit log.

The NIR will store:

• Name (and previous names used)
• Address (any other addresses you are associated with including previous addresses)
• Date of birth, sex, marital status, identity number**
• Nationality (both if dual national), place of birth, immigration/residence status, ethnicity, religion**
• Finger-prints, eye-scans, photograph (for biometric testing and surveillance)
• Medical information
• Audit log – when, where, and how the ID card was used. 
• PIN number
• Driving licence number, passport number, national insurance number, NHS number, local authority reference number
• Background evidence used for identity card application

**results from the Home Office consultation on identity cards suggest this data could be on the identity card itself. For the purpose of setting up the National Identity Register, you will not be allowed to withhold your consent to providing this information.

Under the Data Protection Act 1998 it is also permissible to hold information on:

• Sexual orientation, sexual activity
• Political associations

Who can access information about me on the national identity register (NIR)?                    The Identity Register will be available to:***

• Inland Revenue
• Customs and Excise
• Department of Works and Pensions
• Immigration Services
• Intelligence and Security Services
• Police
• U.K. Identity and Passport Service (IPS or UKIPS)
• Private businesses
  

Police, security, and intelligence agencies can access to the data without your consent.

The ID card will gradually be introduced into these services and the commercial sector by a process called function creep or piggy-backing.Eventually the ID card and NIR will be connected to the electoral role, so owning an ID card will be a requirement to vote.

A large proportion of the public object to this use of the identity card because it will completely change British society. Today, Britain is a free country where the government, police, and security services are answerable to the public. It is their responsibility to justify their actions to you, as they are there to serve you. You have the right of free movement and to carry out your daily activities in privacy and anonymity without suspicion (a tradition the English have enjoyed for centuries). Biometric surveillance using the NIR  will change this. It removes your right to privacy and anonymity and records your daily life. Analysis of the audit log when used with profiling techniques could bring you under suspicion, then you have to justify yourself to the government.

what happens when i lose my identity card or it is stolen?                                               The identity card provides access to banks, credit card facilities, health services, and in the case of the biometric passport, your ability to travel. When the card is lost or stolen you will be denied access to these services as a safeguard, in the same way you are denied access when your credit card is stolen. It may take several days before you receive your replacement card and you may be required to visit a police station to confirm your biometrics. During this time you cannot prove who you are and  risk of arrest if stopped by the police.

When your identity card is stolen, so is your identity because you cannot function without the card. In contrast, banking and credit card fraud, which is referred to in the media and by government as identity theft, may exclude you from some financial services for a short while but does not exclude you from other commercial and public services.

ID card technology: smart card vs. dumb card                                                                 Smart cards hold personal information about you on the card itself (on a computer chip) and must communicate with the database (NIR).

To be effective when used, the card or passport requires a 3-way check:

• the biometrics on the card must be checked against you (by hand/eye scanning)
• your biometrics and those on the card must be checked against the database (NIR).
• you must provide the PIN which is then checked against the card and database.

This 3-way check follows the basic principles of biometric identification: something you own, something you are, something you know. If this check is not applied, then the card or passport could be fake or being used fraudulently.

A dumb card is one which is not verified by your biometric or does not connect to a database. If there is no database to verify that the information on the card is correct, then you cannot be sure the person is who they say they are (even if the biometric on the card matches the finger/eye-scans of the person standing in front of you).

ID card technology: when is a smart card a dumb card?                                                   When the card or passport cannot connect to the database or your biometrics are not checked, then the smart card reverts to a dumb card. All information on the ‘smart’ card cannot be confirmed and the card could easily be a fake.

The smart card will revert to a dumb card when:

• the link to the national identity register (NIR) is down
• when the NIR crashes
• when the hand/eye scanners malfunction
• when the card is damaged
• when all 3 checks are not performed

The identity card and database must work 24hrs a day, 7 days a week to justify the smart card technology. If you use a smart card for transactions over the internet, the card must be verified against the database, but because you won’t have finger and eye-scanners in your home, it cannot be verified against you. Therefore, it is a dumb card, as it could easily be someone that has stolen the card using it over the internet. For more on how criminals can use biometric identification see the section on Crime.

Biometric passports are basically dumb cards out-side the EU because other countries are not allowed to access the database*.

ID card technology: thin vs. thick card                                                                           

• Thin cards – minimum data is held on the card but a lot of data is held about you on the database.
• Thick cards – a lot of data is held about you on the chip, but little on the database

There are pros and cons attached to both types of smart card. When a thin card is lost or stolen there is less of your personal information on the card that can be used by criminals. However, it is highly dependent on the information on the database (NIR) to operate. Therefore, a lot of information will be stored on you in the database which will be available to a range of different organisations.

When a thick card is stolen there is a lot of information about you on the chip that the criminal could get access to. The advantage is that you hold your personal data on the card, it is not held by the government. This gives you greater control over your own personal data and private affairs. However, when you lose the card it will take longer to replace as more data needs to be collected from separate organisations and placed on the chip.

References:
* Data Protection Act, 1998, forbids your personal and sensitive information from being sent or accessed from outside the European Union. Access requires your consent or that of Home Secretary. For ID cards/biometric passports to work, the Data Protection Act will most likely be modified
***The Home Office. Legislation on Identity Cards -  A Consultation, April 2004 

About | Privacy Policy | Copyright 2005-2009 www.idcardandyou.co.uk. All rights reserved.