« 7 Procedure for orders under s. 6 | Main | 9 Renewal of ID cards for those compulsorily registered »
May 23, 2004
8 Issue etc. of ID cards
ID cards
(1) For the purposes of this Act an ID card is a card which is issued to an individual
by the Secretary of State, or as part of or together with a designated document,
and which does one or both of the following as respects that individual.
(a) records registrable facts about him that are recorded as part of his entry
in the Register;
(b) contains data enabling it to be used for facilitating the making of
applications for information recorded in a prescribed part of that
individual.s entry in the Register, or for otherwise facilitating the
disclosure of that information.
(2) An ID card issued to an individual.
(a) must record only the prescribed information;
(b) must record prescribed parts of it in an encrypted form; and
(c) is valid only for the prescribed period.
(3) Except in prescribed cases, an ID card must be issued to an individual if he.
(a) is entitled to be entered in the Register or, by virtue of section 6, is
required to be so entered; and
(b) is an individual about whom the prescribed registrable facts have been
entered in the Register.
(4) In prescribed cases an ID card may be issued to an individual who.
(a) is not required to be issued with one; but
(b) is an individual about whom the prescribed registrable facts have been
entered in the Register.
(5) An ID card relating to an individual is not to be issued except on an application
made by him which either.
(a) accompanies an application made by him to be entered in the Register;
or
(b) in the prescribed manner confirms (with or without changes) the
contents of an entry already made in the Register for that individual.
(6) An application for the issue of an ID card to an individual must be included, in
the prescribed manner.
(a) in every application made by him to be issued with a designated
document; and
(b) in every application made by him in accordance with provision made
under section 6.
(7) Other applications for the issue of an ID card.
(a) may be made only in the prescribed manner;
(b) may be made to the Secretary of State or, in prescribed cases, to a
designated documents authority; and
(c) must be accompanied by the prescribed information;
and regulations for the purposes of paragraph (b) may authorise an application
to be made to a designated documents authority irrespective of whether an
application is made to that authority for the issue of a designated document.
(8) The Secretary of State must not make regulations containing (with or without
other provision) any provision for prescribing.
(a) the information to be recorded in or on an ID card, or
(b) the form in which information is to be recorded in or on such a card,
unless a draft of the regulations has been laid before Parliament and approved
by a resolution of each House.
Posted by wtwu at May 23, 2004 10:22 PM
Trackback Pings
TrackBack URL for this entry:
http://www.spy.org.uk/cgi-bin/mt3121/mt-tb.cgi/122
Comments
"(b) must record prescribed parts of it in an encrypted form;"
Encrypted data i.e. unreadable by the registered user is not the same as plaintext Digitally Signed data to prevent forgery , although cryptographic techniques are used for both.
There should be no encrypted data on the ID Card or on the Central Database.
All data on the ID Card and on any Central Database must be accessible by the registered person, with suitable, non-specialist equipment.
How can people possibly trust a system which might contain erroneous or libellous secret data that they cannot read in order to verify ?
What assurances are there that any encrypted data will not contain steganographicly hidden data or subliminal channels which secretely record discriminatory racial or other data within checksums or hash functions allegedly there for anti-forgery purposes ?
It will take only a single bit value of "0" or "1" hidden within a known position in the non-human readable Biometric data, to hide a secret, discriminatory, literal black mark on your National Identity Register.
It is a fundamental failing of the whole proposed ID card scheme that the use of Digital Certificates has not been contemplated by the Home Office, unlike say the Belgian ID Card system. At least such an ID Card might of use on the phone or via the internet, in order to authenticate access to Government or commercial services. The current plan cannot do this.
RECCOMENDATION:
Remove Section 8 (b) from the Bill.
Prohibit the recording of any data on the ID Card or the Central Database which is held in secret from the registered person themselves.
Posted by: wtwu at May 24, 2004 04:39 AM