This pernicious mix of big business and busybodies

The National Identity Register, when linked to other databases, will give the state unlimited powers to spy on us
Written by Henry Porter, originally published in The Observer, Sunday 28/05/06

Let me introduce you to Katherine Courtney, an American at the heart of the government's plans for the National Identity Register and who is to British freedom and privacy what Cruella DeVil was to Dalmatian puppies. Ms Courtney is now the head of business development at the new Identity and Passport Service, but in her previous role as head of the ID card programme, she was able to stupefy MPs with jargon that few of them can have understood.
This is her answering a question in the Home Affairs committee: 'I think it is important to say that while the pilot itself is not really about testing the robustness and scalability of the particular biometric technologies that are being deployed, it is about studying the enrolment process and the customer experience and being able to validate some of the assumptions that we have built into the business case around the time that it takes to enrol and the customer acceptability.'

By heck, the woman can talk. It is not so much the content of her answers about ID cards that chills the blood, but the unswerving, robotic certainty of the language with which people like her pursue Blair's dream of a totally controlled and monitored society.

The Home Office will not say if Courtney is naturalised or remains a foreign national, but I do wonder that such a person may sweep into government with a CV that features Cable and Wireless and BT Exact Technologies and the next moment be attending conferences as a government official with companies such as BT and Siemens Business Services. It seems incestuous and it is worth noting that it was on her watch that Professor John Daugman, who developed and patented the iris recognition technology that is to be used in the ID card, was appointed to the independent scientific group to advise the Home Office on identity cards.

There may be nothing untoward in this, yet one cannot help feeling that the threat to British privacy and rights is being mounted by people inside the corporate loop who, with their fanatical admiration for business systems, have little concern for individual privacy. In their powerpoint presentations, they may pay lip service to balancing the interests of the state with those of the citizen - or customer, as Courtney would have it - but this can only be to the detriment of our right to privacy as it stands now. Balance must mean we each surrender something of ourselves to a state whose power grows ineluctably under Tony Blair.

The British state presents a menace to individual privacy in the 21st century in two ways, as the Information Commissioner, Richard Thomas, demonstrates in his commendably clear report, 'What Price Privacy?'. The first is that under Tony Blair's 'transformational government', the Civil Service is moving to merge all its databases into one network with single entry points, so that someone with the right access could, for example, surf between the tax and customs database, criminal records, vehicle registrations and health and education records in their search for information on an individual.

If you add to this unified system the new National Identity Register (NIR) which, as Thomas points out, will include 'identifying information, residential status, personal reference numbers, registration and ID card history, as well as records of when, what and to whom information from the register has been provided', we will end up with an awesome apparatus of control and surveillance.

Why should we worry about this if, as is the case, each one of us may already appear on as many as 700 separate databases? How does a joined-up, centralised database threaten us more? One answer appears in the body of the Thomas report which shows that the security of databases ranging from health records, to the driver and vehicle licensing authority and the police national computer, which has 10,000 entry points, is regularly breached.

The report describes how inquiry agents use the system to supply personal information to, among others, newspapers and insurance companies. Warrants obtained by Thomas resulted in the arrest of a private detective working from his home in Hampshire who had regular access to BT's phone records, the DVLA and police computer. From the documents seized, Thomas's team realised how extensive was the market in unlawful personal data and how easy it is to steal from official records. Imagine a determined stalker gaining access to this proposed unified system and NIR, or a criminal gang, or a man in a custody battle, or a reporter from the News of the World or a foreign intelligence officer.

The threat of illicit use is as nothing compared to the misuse that it will offer government agencies. For one thing, there will be no knowing when and by whom your personal records are being inspected, so intrusion by the state is likely to become the norm. The other big problem is the phenomenal incompetence of the government when it comes to databases. Remember the fiascos in the Child Support Agency, the immigration service records, the old passport agency and with the benefits card. Only last week, the Criminal Records Bureau admitted that it had wrongly labelled 1,500 innocent people as pornographers, thieves and violent criminals. As a result, some failed in their job applications, which must surely mean they have a very good claim for damages against the government, based on the loss of reputation and earnings.

The Home Office refused to apologise and, instead, excused itself by saying that it had erred on the side of caution when making the checks against criminal records. That reaction is not good enough and it underlines the lack of accountability in government and the arrogance of officialdom when it comes to the reputations of ordinary people. It also raises the question of what might happen if a similar error were to infect the unified system.

If the government can't run the Criminal Records Bureau without defaming ordinary people, it is hardly likely to make the much larger NIR work. There may be some slight hope that government ineptitude will protect us from official intrusion, but experience from all the past cock-ups tells us that it is those private individuals who have no power and few opportunities for redress who are always the victims. And from the Thomas report, we may conclude that whatever the security measures put in place, the number of terminals with access to the NIR will mean that people's privacy will almost certainly be breached illegally.

The ID card bill has become law. 'Enrolment facilities' are being built and Courtney is seeking the best way of charging the private sector for checks against the database. We are going ahead with this thing despite ministerial admissions that the scheme will do nothing to stop illegal immigration or terrorism, and is unlikely to deter criminal gangs which have already compromised the chip and pin security. The option now remaining is large-scale public protest. We need a national debate on the running of official databases and the handling of personal information, for let's not forget that privacy is dear to us. The Information Commissioner's report makes clear that protecting people's personal information ranks third in the list of the public's social concerns, alongside the NHS. Concern in this area is growing, the report says, which is something that David Cameron should note.

In the meantime, I find myself wishing a hearty damnation to Courtney and her business plans, to the unified database of 'transformational government', to the incompetence and arrogance of the Home Office, to any bureaucrat who seeks to define an individual's identity with compulsory biometric measurement backed up by threats. If one thing has become clear in the last few weeks, it is that the government is not fit to be trusted with either setting up the National Identity Register or running it.