EURIM Working Group Minutes
|
Working Party: |
Theme 2/3 - Entitlement Working Group |
|
|
Ref: |
02-T02-Min04 |
|
|
Minuter: |
Emma Fryer |
|
|
Date: |
9/10/02 |
|
|
Circulation: |
Attendees and Apologies |
|
|
Queries to: |
Emma Fryer, Tel: 0191 384 0282 Mob: 07714 803 650 |
|
|
|
|
Minutes of the EURIM Scoping Meeting on Entitlement Cards 9th October 2002, Macmillan Room, Portcullis House |
|
Summary |
|
|
Purpose of Meeting |
|
|
|
|
|
|
|
Main Areas
of Concern |
|
|
1. Credibility 2. Security 3. Liability 4. Scalability
/ large scale project management 5. Data
Protection 6. Usefulness
– to encourage take-up |
|
|
|
|
|
Actions
Agreed |
|
|
1. Timetables
for respondees to be identified to help collaboration. 2. A EURIM
workshop on legal issues to be held.
It would cover liability,
compulsion, a new criminal offence and card offences under other
jurisdictions (cross border jurisdiction). 3. A briefing
on the practical issues of implementation to be prepared for
parliamentarians. 4. A EURIM
workshop on registration issues to be held. |
|
|
|
|
|
Next Meeting
Date: TBA |
|
Full Meeting Notes
|
|
|
|
Action |
|
1 |
|
Chairman’s introduction
|
|
|
|
1.1 |
The Chairman welcomed
everyone and ran through the agenda items.
He outlined the objectives of the meeting, to summarise views and
identify the areas in the consultation document that would be addressed as
priorities by responding bodies.
|
|
|
|
1.2 |
The meeting would be
held under a variation of Chatham House Rules.
|
|
|
|
|
|
|
|
|
|
Entitlement cards and Identity Fraud –
presentation by Stephen Harrison, Home Office
|
|
|
2 |
|
Introductory Comments
|
|
|
|
2.1 |
This consultation differed from that
conducted by Michael Howard in 1995 in that in addition to looking at the
pros and cons of an entitlement card, it went into more depth about
implementation should the government decide to go ahead with the scheme. The Home Secretary was committed to
ensuring that people understood the practicalities of obtaining and using
cards. |
|
|
|
2.2 |
This
meeting also provided an opportunity to lay some myths to rest and to
introduce a biometric demonstrator that would shortly be on trial in the
passport service to test public reaction. |
|
|
|
2.3 |
The
consultation period of six months was longer than average. The Home Office
realised the importance of the issues and that many organisations would need
to consult their members extensively in order to make considered
responses. This also allowed the Home
Office team sufficient time for face-to-face consultation with interested
parties. |
|
|
|
2.5 |
The
government position was neutral and the consultation attempted to set out the
pros and cons in a balanced way. |
|
|
|
|
|
|
|
3 |
|
Overview of the Consultation
Document |
|
|
|
3.1 |
The
Government sought views on:- ·
The principle of having an entitlement card scheme ·
The various types of scheme ·
The potential uses for an entitlement card (to keep the
debate open, government was inviting suggestions rather than listing
potential uses) ·
How it would be delivered ·
Data protection and privacy issues ·
Other measures to deal with identity fraud while the card
was being rolled out. |
|
|
|
3.2 |
The
Government sought views from:- ·
General public including young people (a young person’s
version of the paper was available) ·
Public and private sector service providers ·
Other sector specific groups – CBI, TUC, etc ·
Pressure groups ·
The IT industry – through trade associations rather than
individual companies They would also conduct opinion sampling and focus-group
research |
|
|
|
3.4 |
There
were several types of card scheme: ·
Compulsory: where it was obligatory to have a card and
produce it on demand. This had been
ruled out. ·
Universal – all lawful residents would have to register
and be issued with cards, but there would be no obligation to carry it ·
Targeted – to specific sectors where identity fraud was
prevalent (eg benefit claimants and company directors) ·
Voluntary – for those who lacked any other form of
official identification. The thrust of the arguments in the
paper favoured a universal scheme. |
|
|
|
3.5 |
The
scheme would be enacted through primary legislation and would go through full
parliamentary scrutiny. |
|
|
|
3.6 |
A
new, unique, personal number would probably be used, to avoid data quality
errors of other schemes and provide enough numbers. It would not replace the NI number but would be linked to it. |
|
|
|
3.7 |
A virtual (cardless) scheme was being
considered, where the number rather than the card was the identifier on a
central register, and cards could therefore not be lost or worn out. |
|
|
|
3.8 |
Possible
uses for the card might include ·
Providing better public services (probably initially more at local
authority level than at central government level). ·
Reducing identity fraud – currently more security was
needed behind the issue of identity documents such as passports. ·
Tackling illegal immigration and illegal working by
reducing the “pull factor” - preventing trafficking and asylum abuse,
encouraging people into managed migration procedures and making compliance
much easier for employers. ·
Convenient travel document. ·
Proving age – most current schemes were local although a
few were country-wide. ·
Reducing administrative burdens on law enforcement
agencies ·
Discouraging some forms of organised crime which made use
of fraudulent identities ·
Registering on the Electoral roll and voting. · Storing emergency medical information (with the card holder’s consent). |
|
|
|
3.9 |
In practice, the card could build on
existing documentation – driving licences and passports – to reduce risk and
cost. 12 million people had photocard
licences, 44 million had passports, so they could be made acceptable forms of
entitlement card. 35 million people
interacted with the passport office and DVLA in a 5 year period, so this
could be rolled out to a large proportion of the economically active
population without any new applications being made, just more detailed
checks. |
|
|
|
3.10 |
The scheme proposed that those
holding photocard driving licences or passport cards would not need to carry
a separate card – both would be acceptable forms of entitlement card. The
passport cards and driving licence cards could not be combined into one
because they complied with different standards (different photograph sizes,
etc) and although there was scope to lobby the standards bodies about these
discrepancies any outcome was distant and uncertain. New data would be used
to avoid problems of data quality. |
|
|
|
3.11 |
This central register or database
would be limited to core personal information only (this could possibly include biometric information). Any other
personal or sensitive information, and information on service entitlement
would be segregated and held securely by other organisations, whose databases
would be linked with the central register.
Sensitive information held by an organisation would only be accessible
by that organisation. |
|
|
|
3.12 |
The government was
considering whether biometric information should be carried on the card and
public acceptability trials and feasibility studies were currently underway.
|
|
|
|
3.13 |
Some
popular myths needed to be laid to rest.
·
There would be no requirement to carry a card ·
There would be no changes to police powers. ·
There was no hidden agenda as to the services that might be linked to a
card scheme ·
The central register would not be responsible for all the
information government held about an individual · There was no intention to put a hold on other smartcard initiatives – there was no guarantee that an entitlement card would become a reality and roll-out would be slow in any case. |
|
|
|
3.14 |
Biometric demonstrator
Public acceptability trials were due to go live in the London passport office by November. The trials would assess public acceptability of the use of Iris patterns as biometric indicators using high-resolution photography and recognition techniques, which were less messy and intrusive than fingerprinting. |
|
|
|
3.15 |
Views on the consultation could be
transmitted through the website, by email, or in writing. |
|
|
|
|
|
|
|
4 |
|
Round
table feedback – Questions, points and major concerns Questions |
|
|
|
4.1 |
Was there
scope for early use of identity cards for people wanting access to
businesses, so that it could be trialled before mass roll-out? |
|
|
|
4.2 |
Different
biometric readers provided different levels of security –how was this going
to be taken into account? |
|
|
|
4.3 |
How far
might an entitlement card be deployed and used in practice as authentication?
This was one of the primary solutions to cybercrime. |
|
|
|
4.4 |
Could there
be a liability risk for the issuer of identity cards if a successful
applicant’s identity was later proved to be false and the checks had failed
to reveal this? |
|
|
|
4.5 |
How would the multi-application model
work as an architecture? Getting that
right at the start was essential because of the huge cost implications. |
|
|
|
4.6 |
There was a business
view, a technical view and a societal view to consider. It was difficult to see from the
consultation what benefit would be conferred on the citizen. Why should they have a card if there was
no advantage in it?
|
|
|
|
4.7 |
Hacking and piracy were major
concerns. Could people with sight problems still use the biometric testing
equipment effectively? |
|
|
|
4.8 |
Would the theft of the
card mean the theft of an identity?
What systems were in place to prevent this? The use of card for fraudulent purposes was a major concern. |
|
|
|
4.9 |
Should
the consultation not make more effort to consider how the scheme would
operate under future technologies? |
|
|
|
4.10 |
Why
was the system only being considered on a UK scale, rather than a regional,
local or European level? |
|
|
|
4.11 |
Would
this new scheme compete with other systems that were currently being rolled
out an undermine investment in them? |
|
|
|
4.12 |
Was
there an overlap with more traditional certificate issuers, issuers of
identity and the maintenance or protection of electronic identities in a
smart card or similar environment? |
|
|
|
4.13 |
From an educational perspective,
would it be possible for students to use the ID when registering for, or
progressing through e-learning programmes? |
|
|
|
4.14 |
Were the right and left irises
different in an individual? |
|
|
|
4.15 |
What was the government planning to
do to convince the public that it was a worthwhile exercise, particularly in
the light of the RIP Act? |
|
|
|
|
|
|
|
|
|
Major
Concerns |
|
|
|
4.16 |
The question
of liability, particularly for issuers. |
|
|
|
|
Levels of
security |
|
|
|
4.17 |
Data protection and
privacy issues such as the further
use of information and the constraints upon this use
|
|
|
|
|
The technologies that
would be used and their limitations.
|
|
|
|
4.18 |
IT project issues.
|
|
|
|
4.19 |
Practical and related
issues, such as the how the card would work for people who held power of
attorney for others.
|
|
|
|
4.20 |
The impact on branch banking and
online transactions |
|
|
|
4.21 |
The need was to know
the potential customer requirement, and to manage government expectations as
to what could and could not be done.
Retail banks issued twice as many cards as government wanted to and
had good experience of the kinds of services that cards could realistically
offer to individuals.
|
|
|
|
4.22 |
Ensuring that the
process remained focused on the customer, as well as on potential benefits
like security and reduced administrative costs.
|
|
|
|
4.23 |
The
extent to which the scheme would reduce identity fraud |
|
|
|
4.24 |
Network security issues in the
proposed scheme. |
|
|
|
4.25 |
It was essential for the card must be
really credible, so that it established identity beyond doubt. |
|
|
|
4.26 |
The
large scale use of biometrics. There were no precursors. |
|
|
|
4.27 |
Social
exclusion issues |
|
|
|
4.28 |
The
need to link into other initiatives like Smart Cities |
|
|
|
|
|
|
|
|
|
Other Points
|
|
|
|
4.29 |
Currently
it was not illegal to have multiple identities, only to use them
fraudulently. |
|
|
|
4.30 |
Certain
solutions already existed in the form of credit card sized secure access card
which did not store information, could be connected to any pc and was
transparent. |
|
|
|
4.31 |
One
organisation planned to produce a technical “can do” perspective on how the
various scenarios could be delivered, in terms of cardware, infrastructure,
issuance and management and using expertise from existing projects, like the
French national heath scheme which provided cards to 48 million people. |
|
|
|
|
|
|
|
5 |
|
Home Office Response to questions and comments |
|
|
|
5.1 |
Synonyms – This was a complicated area. Some
members of society such as transsexuals and transvestites, held different
identities with different genders.
These would have to be linked to one secure identity. New offence- The proposal to make the use of a
false identity a crime was controversial. It was important to preserve
people’s ability to use different identities where they had reasonable
cause - if they were fleeing an
abusive partner for instance. Linking services - levels of
security would vary and this would create problems for interfacing
services. Services were more likely
to be added incrementally, and any necessary enabling legislation tabled when
the service was being linked to the card scheme rather than having a
catch-all provision in any entitlement cards bill. |
|
|
|
5.2 |
Technical issues – It was
not feasible to go into technical security issues at this stage. The focus was on providing a mixture of
services useful to citizens on a more mundane level, such as concessionary
travel, parking fees, and the occasional interaction with government such as
tax returns. Government did not want to focus it exclusively around high tech
applications. Different security
levels would apply depending on the interaction. |
|
|
|
5.3 |
Authentication – It was
agreed that an entitlement card must set a gold standard of authentication
and was pointless unless it commanded confidence. As such, digital signatures
and other applications could be built around the core information on the
central register. It was not for the entitlement cards consultation exercise
to focus on these details at present:
This scheme alone was unlikely to provide a solution to the problems
of authentication eg who would issue digital certificates, but it could
provide an important building block in the form of a reliable database of
validated identities. |
|
|
|
5.4 |
Liability –
Government would view the liability in the same way as banknotes. Effort would be put into preventing
counterfeiting and it was up to the service provider to be satisfied that the
person presenting the card was genuine.
Checks were always safer if done from multiple sources of
information. Government would not
plan to compensate for fraudulent use of entitlement cards. |
|
|
|
5.5 |
IT project –
government had an unenviable track record in large IT project management and
the Home Office was no exception. It
was as much about the nature of IT as civil service contractual
relationships. Projects were always
over time, over budget and performed below expectations. It was vital to manage ambitions and learn
lessons from the past. The card must
be sufficiently useful to be justifiable, but to minimise risk, increased
functions should be added incrementally, not built in up-front. |
|
|
|
5.6 |
Power of Attorney – There was
no reason why a person could not be nominated to act on behalf of
another. They would need to present
both cards. |
|
|
|
5.7 |
Privacy and data protection issues - The consultation paper explored the issues
as fully as possible given the early stage of policy development at
present. It would only be possible to
answer some of the more detailed questions if and when they reached the stage
of a firm proposal as to how a scheme would operate in practice. There were
no firm procedures as yet but government was consulting as widely as possible
here. |
|
|
|
5.8 |
Multi-application issues – These
appeared attractive but might add risk.
Organisations renting space on the cards could bring down the cost but
most multi-service cards involved services being delivered by only one or two
organisations. There were few
genuinely successful multi application card schemes to learn from. It was important to note that the standards
that had eluded the smart card industry would not magically appear just
because the government issued 50 million cards. Far larger schemes were already operated by banks. If standards
had not been agreed by the time the Government decided to implement any
scheme, They would have to buy the best product in the market at the time. |
|
|
|
5.9 |
Bank branches – bilateral
discussions with APACS and BBA had been instructive and would continue. Banks
saw the card effectively as an ID to validate identity, not a token like a
debit card which attracted higher rates of churn than was desirable for
government documentation. The Post
Office had a potentially important role here since its network would make the
face-to-face contact that was necessary for first applications feasible in
more remote areas. |
|
|
|
5.10 |
Iris recognition problems – In most
models it was necessary to focus on a point, but more sophisticated models
combined head, shoulders and eyes so they were appropriate for blind or
partially sighted people who could not focus on a particular point. This technology might be adopted for
driving licences and passports even if entitlement cards did not become a
reality. Nobody would be denied a
card because they lacked the ability to provide the necessary biometric information. |
|
|
|
5.11 |
Level of application, local, regional
vs. UK & Europe– The important thing for a
card was universal recognition so it had to be UK wide, although devolved
administrations might opt for different services to be accessible via the
card. Local cards already
existed. The Treaty of Nice makes
clear that the Commission does not have any competence in the area of
identity or travel documents and therefore there was no mechanism for the
Commission to establish an EU-wide scheme. |
|
|
|
5.12 |
Large scale biometrics – This was
an area requiring a great deal of thought. It was unlikely that there would
be one ideal solution. Fingerprints
were the most established biometric indicators and systems held many millions
of records, yet sophisticated computer systems were needed to identify
possible matches and a trained officer was still needed for
confirmation. This would not be a
rewarding occupation compared with other duties fingerprint officers could
undertake (eg in policing) and there was already a shortage of staff. The lack of supply in the marketplace
suggested that a cheap but effective fingerprinting system would be hard to
find. Iris definition was simpler and less
invasive. The largest iris scanning
systems held about 30,000 records and tended to apply in secure, closed
environments. Scalability still had to be established. Facial recognition was now being used
for passports in Australia. It was
not an exact science but current systems were throwing up matches with
reasonable reliability. There was a balance between a system so sensitive
that it threw up too many matches and led to backlogs and escalating costs,
and a system that missed abuses and was insecure. |
|
|
|
5.13 |
Education / Connexions card - It was proposed to use this card in the way
suggested by the questioner (eg access to education systems). An entitlement card might replace the
Connexions card in the longer term but at present the Connexions Card did not
provide the same level of proof of identity that an entitlement card would
do. |
|
|
|
5.14 |
Misuse of the card – It was important to have the right
procedures in place so that the card could be robust against counterfeiting.
Consultation with an array of experts was underway. There was a trade-off
between balancing customer needs, the requirement to roll-out cards within an
adequate timeframe, and cost. |
|
|
|
5.15 |
Convincing people of the benefits - The argument for cards was weakened by the
uncertainty over which services would be available. The services of most value – such as benefits entitlement or
NHS services - were likely to be the most difficult and high risk to link to a card scheme. Services would be added on a case by case
basis, not up front. |
|
|
|
5.16 |
Irises – The two
irises of one individual were different.
The registration process usually involved taking images of both eyes
but only one was usually checked when authenticating identity (the second
being available as a back-up if there were problems with checking the first
eye). |
|
|
|
|
|
|
|
6 |
|
Further
comments from the floor |
|
|
|
6.1 |
The Chairman concluded that many
responses could be expected and it would be helpful if the various bodies
communicated with each other during the process. There was concern that
responses would represent different industry perspectives and close collaboration
was not feasible. However, they would
benefit if EURIM could provide a response at a more general level. A joint
workshop was proposed, and this was agreed. |
|
|
|
6.3 |
It was agreed that power of attorney
issues were particularly important in the social inclusion agenda. The Post
Office was involved in this and would have valuable experience. Discussions
were likely to focus at the application rather than the entitlement level. |
|
|
|
6.4 |
A number of groups were already
looking at privacy and data protection concerns. |
|
|
|
6.5 |
Issues of identity were at the heart
of the information society and the issues of stolen cards vs. stolen
identities and the use of a false identity becoming a criminal offence should
be priority areas for response. |
|
|
|
6.6 |
The card must be viewed as a card and not the card. (SH agreed, in
principle any card could be used so long as it linked to the central
database. However it was important
for cards to be generally recognised by the public which would in practice
limit the number of different cards). |
|
|
|
6.7 |
EURIM could focus on the legal
implications, such as: The need for ground rules to be very
clear or sooner or later someone would argue that the card issuer had
liability, the proposal that using a false identity should become a criminal
offence, and the need to define whose law applied when the card was used in
other jurisdictions. This was agreed |
|
|
|
6.8 |
Different levels of security based on
perceived risks did not always relate to real risks – for instance the checks
for a mortgage application as opposed to a proof of age card. A newsagent who was convicted of selling
cigarettes to a minor because of fake ID could lose his livelihood whereas a
large mortgage company could survive the occasional fraudulent borrower. |
|
|
|
6.9 |
Was the difficulty of implementing
health cards being exaggerated? (SH
noted that there was an enormous amount of work involved both on access to
health cards and electronic patient records and one look at the NHS back
office suggested that this process would not be instantaneous). |
|
|
|
6.10 |
The liability model proposed in the
consultation paper was poor. Issuers must expect to have a statutory duty of
care. |
|
|
|
6.11 |
If, under subsequent legislation, the
card became compulsory, then the issuer must accept some kind of
liability. No-one would issue cards
to socially excluded groups unless they could avoid liability. |
|
|
|
6.12 |
There were other issues of liability
concerned with service providers, then the central system states a card is
valid which then proves not to be. |
|
|
|
6.13 |
How was the Home Office dealing with
issues of fraud? (SH noted that identity fraud was handled separately from
plastic card fraud and was located with the entitlement cards work. If the card scheme went ahead, the current
unit would be expanded to handle the additional work. As for acting on the Law Commission’s
recommendations on fraud offences, it was often difficult to find legislative
slots given the other pressures for limited slots in the legislative
programme. It was therefore important
to focus on enforcing existing laws better through more joint working with
the private sector and across Government). |
|
|
|
6.14 |
The lack of information about the
application of the card gave mixed messages and suggested that there was
scope for the card to incrementally become compulsory. (SH noted that the consultation paper made
it clear that any legislation would be drafted in such a way that a
compulsory card could not be introduced
without further primary legislation. Each service implemented on the
card would be subject to its own legislative
safeguards). |
|
|
|
6.15 |
Which public or private bodies would
have access to this central database and how would compliance with the data
protection act be assured? Government
would set a statutory purpose for the database holding that information, but
if services were rolled out, a whole range of organisations might have access
to the core personal information on the database like name and address. Government, just as industry, had to work
within existing legal frameworks, and whilst services could check the
validity of the card against the central register, the cardholder would be in
control of who the information was released to. |
|
|
|
|
|
|
|
7 |
|
Forward
Plans |
|
|
|
7.1 |
EF agreed to circulate notes from the
meeting to all present, together with SH’s presentation slides to those who
required them. |
|
|
|
7.2 |
PV proposed the next action:- to identify timetables to which groups
submitting responses were working and establish how they might collaborate. |
|
|
|
7.3 |
PV proposed that MPs would welcome a
briefing on the legislative issues, on the practical issues such as the
scalability of biometrics, and on improving their track record on delivering
large projects. He suggested that this work should be done in collaboration
with intellect. |
|
|
|
7.4 |
PV identified follow-up actions – ·
A workshop on legal issues – EURIM would look at issues of
liability, compulsion, a new criminal offence, and cross border jurisdictions ·
A political briefing on practical issues held by EURIM, SEMA
and possibly Intellect ·
A workshop on registration issues to try and identify the
different points of view ·
Other perspectives would be reported independently. It would be helpful if those making
submissions could keep in touch so that everyone could keep abreast of
progress. This would help officials differentiate between submissions from
different perspectives and those that were asking for different things. |
|
|
|
7.5 |
PV thanked everyone for attending and
closed the meeting. |
|
Attendance – 9th
October 2002
|
|
|
|
|
John |
Baker |
CIPFA |
|
Tony |
Brown |
APACS Guest |
|
Christopher |
Byng |
Abbey National |
|
David |
Clancy |
Office of the
Information Commissioner |
|
David |
Coldicott |
RBS |
|
Bob |
Conway |
Schlumberger Sema |
|
Helen |
Dickinson |
P.O.S.T. |
|
Earl of |
Erroll |
House of Lords |
|
Emma |
Fryer |
EURIM |
|
Earl |
Gardiner |
Energis |
|
Nigel |
Greenaway |
Fujitsu Services |
|
William |
Harbison |
Nortel Networks |
|
David |
Harrington |
CMA |
|
Stephen |
Harrison |
Home Office |
|
Kate |
Hodgson |
Consignia |
|
Guy |
Lodge |
EURIM Rapporteur |
|
David |
Mason |
Consignia |
|
Alex |
Mbanu |
Financial
Services Authority |
|
Mita |
Mitra |
BT |
|
Tony |
Neate |
National Hi-Tech
Crime Unit |
|
Adrian |
Norman |
BCS |
|
Christine |
Oddy |
Former
Parliamentarian |
|
Lord |
Renwick |
EURIM President |
|
David |
Rippon |
ELITE (BCS) |
|
Chris |
Taper |
Individual
Observer |
|
Robert |
Temple |
BT |
|
Richard |
Trevorah |
tScheme (Guest) |
|
Philip |
Virgo |
EURIM Secretary
General |
|
Colin |
Whittaker |
APACS |
|
Ben |
Williams |
Microsoft |
|
Christopher |
Williams |
Eden Secure
Systems (Guest) |
|
David |
Wright |
EURIM |
Apologies
|
Jon |
Cole |
WSCC / SOCITM OBO
Bob Griffiths |
|
|
Peta |
Cubberley |
Parliamentarian's
Assistant |
|
|
Ian |
Dobson |
Open Group
(Guest) |
|
|
Margaret |
Graham |
Fujitsu Services |
|
|
Colin |
Hebden |
EDS |
|
|
Scott |
Housley |
Link Interchange
Network |
|
|
Mike |
Jenkins |
Fujitsu Services |
|
|
Alan |
Leibert |
Alco Partnership |
|
|
David |
Lennox |
British Bankers'
Association |
|
|
Geoffrey |
Llewellyn |
Schlumberger Sema |
|
|
Kenneth |
Millen |
Eden Secure
Systems (Guest) |
|
|
Ian |
Nayler |
Individual
Observer |
|
|
Chris |
Oulds |
Alco Partnership |
|