I've used the Freedom of Information Act, 2000 to attempt to liberate some information pertinent to UK ID cards from the Home Office. After all, we should know what the Home Office knows about ID cards, right? Well, here's all the correspondence I've had on the subject...
===== My Request (25th May, 2005) =====
On the 25th May, 2005 I sent the following request to firstname.lastname@example.org:
[[My address and other contact information removed]
Dear Public Enquiries,
Under the Freedom of Information Act 2000, I would like to request some documentation. I would like the Home Office to supply:
1) Any and all documentation detailing the benefits of ID cards with respect to the reduction or control of:
- Immigration (abuse of)
- Serious crime (eg. murder, manslaughter, rape, armed offenses, organised crime, fraud etc).
- Other crimes (eg. burglary, petty theft, mugging, public order offenses, drink related offenses etc)
- Identity theft (excluding private, non-Governmental issues between individuals and their banks, such as credit card duplication, unauthorised use of banking services etc)
- Illegal working (in particular, casual working, as opposed to long-term contractually covered "white collar" corporate employment)
- Misuse of public services (including any new requirements placed upon cardholders to obtain services, and which services are specifically targeted and excluded from Home Office view)
Such documentation may include reports, e-mail, memos, studies, investigations, trial results or other.
2) Any information regarding projected statistical changes to each of the above once ID cards are implemented
3) Any and all documentation regarding safeguards intended to be included in an ID card scheme, in particular:
- IT security schemes and technologies proposed to secure the national register
- Social engineering protections applied to the scheme to ensure input data is correct and is not extracted illegally or incorrectly from the register
- Biometric safeguards against falsification of fingerprints or other information
- Safeguards against the loss of biometric data to unauthorised third parties
- Rights of appeal against decisions made based on ID card information (ie. "mistaken identity")
- Any means of removing historical information from an individual's record in the national register
- Protections against misuse of ID and the national register by the police, including harassment and racial aspects
- Any other specific safeguards that are planned
4) A list of any bodies, organisations or departments that will have access to the national register, and to what extent. For example, the police will presumably have reasonably free access, whereas local government, presumably would not, except in certain circumstances. This should also include any provisions made for temporary access by bodies, organisations or departments (eg. special access for specific events or requirements).
5) Any provisions made for resistance to the scheme, such as legal enforcement of the scheme, or other.
I appreciate this is a fairly broad request. If anything is unclear, please do not hesitate to contact me for clarification. If the collation of this information is likely to exceed the twenty day limit imposed by the Act, please let me know what would be more suitable.
I look forward to hearing from you in due course.
=Initial Response (27th May, 2005) =====
On the 27th May, I received the following in a reply email:
Dear Mr. Bolton,
Thank you for your email of 25 May about identity cards.
Your request is being handled in accordance with the terms of the Freedom of Information Act 2000 as an information request.
We aim to send you a substantive reply to your request within 20 working days of our receiving it on 25 May. Therefore you should receive this response by 24 June.
If you have any queries regarding the handling of your information request please do not hesitate to contact me.
Identity Cards Programme Team
=Interim Reply (22nd June, 2005) =====
Date: 22 June 2005
Dear Mr. Bolton,
I am writing further regarding your request for information for:
1. Any and all documentation detailing the benefits of ID cards with respect to the reduction or control of: terrorism, immigration, serious crime, other crimes, identity theft, illegal working, misuse of public services.Such documentation may include reports, e-mail, memos, studies, investigations, trial results or other.
2. Any information regarding projected statistical changes to each of the above once ID cards are implemented
3. Any and all documentation regarding safeguards intended to be included in an ID card scheme
4. A list of any bodies, organisations or departments that will have access to the national register, and to what extent.
5. Any provisions made for resistance to the scheme, such as legal enforcement of the scheme, or other.
We are at present considering your information request. As you are aware, the Freedom of Information Act exempts certain information from disclosure.In the case of some of these exemptions it is necessary to apply a public interest test before we can decide whether information is disclosable or not, as outlined in section 2 of the Act. The public interest test is used to balance the public interest in disclosure against the public interest in favour of withholding the information in line with the particular exemption.
We are currently applying the public interest test in relation to the exemption contained within Sections 35 (which relates to formulation and development of government policy), 43 (which relates to commercial interests of the department), 22 (which relates to future publication) and 24 (which relates to national security). Where the public interest test is being considered the Act allows the usual 20 working day limit for a response to be extended.We continue however to deal with your request as a matter of urgency and aim to respond no later than 21 July. I would like to apologise for this delay and any inconvenience that it may cause.
If however you are dissatisfied with this response you may request an independent internal review of any aspect of our handling of your application. This can be done by submitting your complaint to:
Information Policy Team
4th Floor, Seacole Building
2 Marsham Street
Should you remain dissatisfied after this internal review, you will have a further right of complaint to the Information Commissioner.
Identity Cards Programme Team
===== Interim Reply (20th July, 2005) =====
Date: 20th July 2005
Dear Mr Bolton,
I am writing further to [[Name Removed]'s email dated 22 June in relation to your Freedom of Information Request.
I am sorry that we are unable to send you a substantive reply by 21 July, as previously indicated, as a result of our continuing consideration and the application of the public interest test.
You should receive a response no later than 5 August.
Identity Cards Programme
===== The "Substantive Reply" =====
The response arrived in my inbox on the 11th August, 2005. It's a PDF which is attached to this page. It's not a long document, but in summary they have provided very little information in the response. Most of the information requested is not in the public interest to be disclosed. The remainder is either commercially sensitive or already available in the public domain. There are some vague comments about which bodies will have access to the register, and what abilities people will have to remove information from the register.
===== My Thoughts on the Matter =====
In hindsight, I would have probably been wiser to send a series of requests, rather than one big one. That way, I may have found some of the answers out sooner.
It seems that the Freedom of Information Act achieves some things, but possibly only retrospectively. That is, in a few years time, once we have ID cards I will probably be able to find out a few things about them because they will not be so commercially sensitive, nor subject to ministerial decision making.
FoIA aside, I am enormously worried about ID cards, more so in the light of this non-information. In IT circles, we understand that 'security through obscurity' (i.e. "this is secure because I'm not telling you how it works") is no security at all. Further, I doubt the Government's reasoning for ID cards, as they seem unable to substatiate their assertions in any way. Just because they say it'll help various facets of crime and detection doesn't mean it will. We the people have to be able to check their facts. Sadly, since they're not giving us those facts, we can't do that.
The vague comments about who will have access to the register and how information can be removed from it also worry me. I would expect that such principles would have to be reasonably decided by now. After all, having a register at all means, surely, that it must have been decided what will be the primary functions of it. If not, then the general idea would be to store as much information as possible, for as long as possible "just in case". Clearly this is highly risky, and indicates a certain lack of forward planning on the schemes creators.
I would also expect that it should be well known exactly whom, and in what capacity, can use the register. Again, without this it is hard to see the intentions of the scheme. If the intention of the scheme were noble, then the numbers of accesses would be small. If the intention is more like a police-state, then the number of bodies able to use the database will be extensive. It seems impossible to see how this sort of thing has been defined.
So it seems the lack of a response is as damning as a full and frank one. The fact the Home Office is not telling us anything ought to be the greatest source of suspicion (fear, uncertainly and doubt, if you will ;-). Without knowing all the facts, we the people cannot make an informed choice. Thus we have to rely on ministers to do it for us (whom we hope are shown the full facts!). Well, I can't see anything wrong with that!