back to article ID cards have three databases, says minister

Identity minister Meg Hillier says that the Identity and Passport Service has "custom built" its own database for the identity card scheme. Following reports that the IPS had scrapped plans to store biographical information on the Department for Work and Pensions' database, Hillier said that the controversial scheme has three …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    Stupid woman

    You'd think she'd be smart enough to shut up about it with an election coming up.

  2. The Original Ash
    WTF?

    YES!

    I WOULD LOVE TO HAVE MY BIOMETRIC IDENTITY STORED ON A PIECE OF SHORT LIFE SPAN CONSUMER ELECTRONICS. THAT IS A WONDERFUL IDEA.

    Seriously, where do they get these people... This Identity minister must be cloned from Tweedle Dumb. Yes, that's an intentional mis-spelling.

  3. Michael

    3 databases?

    "the one that holds the fingerprints and facial image, the biometric data, and then the other information which is broadly what is on your passport already and the third bit is the one that links the two"

    Also known as one database with 3 tables?

    What is wrong with just storing the info on the chip?

    1. Gulfie
      FAIL

      What is wrong with just storing the info on the chip?

      I imagine this is for verification reasons. As and when somebody manages to (a) modify an existing card in a way that it still looks internally valid to card readers or (b) creates a whole new card that looks internally valid to a card reader, you need some way of refuting the contents of the card. A simple mechanism would be to hash the card contents, hash the database contents, compare the two.

      If you don't have two sets of data, you can't do that.

      And to all those who ask why multiple databases, the simple answer is likely to be security. For verification purposes all you need is some kind of hash from the biometrics database. Separate that data out, put it in an utra-secure environment and only allow verification requests and responses from the outside world. This helps prevent disclosure - accidental or deliberate - which should be topmost in the minds of the people designing this system.

      Not that I want it - I just wanted to explore possible reasons for some of these design decisions. Still fail.

      1. The BigYin

        It's all just a local check anyway

        You can't refer back to the main db in cases like this. Can you imagine the infrastructure? *GLOBALLY*? And you'd need wireless+portable, with a response time in seconds. So most readers will simply use a local check, trusting the card.

        WTF is the point in the card then?

        My (slightly tin-foil-hat) opinion is: social control.

    2. smudge
      Big Brother

      Look up

      The answer to your last question is partly contained in the comment above yours - the one in capitals.

      The other answer is of course that it would be easier to create and use fake cards if they weren't checked in realtime against a secure remote database.

      Sure, the forger would have to find a way round the digital signature, but with that done all the check would be doing is verifying that the biometrics on the card matched the person presenting it.

      Which tells you very little.

  4. Anonymous Coward
    Anonymous Coward

    so....

    that would be 3 tables on a bog standard (please don't be access) relational database then?

    Has someone been trying to explain how databases work to a politician?

    1. Uncle Slacky Silver badge
      Grenade

      Little Bobby Tables

      Let's see what happens when *he* signs up to the ID register...

    2. Ed Blackshaw Silver badge
      Boffin

      Ho ho ho

      Has anyone tried explaingin databses to _civil servants_?

      I would actually expect the implementation to be three different databases, on different platforms, from three different suppliers, with all the interoperability and security issues that this entails. A typical implementation for these three would be something like:

      1) SQL Server on Windows, custom app front-end written in C++

      2) MySQL on Linux, web front-end written in PHP

      3) Oracle on some custom hardware, data only accessible through stored procedures

      Anyone expecting any less of a dogs dinner for such a government led IT project is sadly naïve.

      1. Graham Marsden
        Coat

        Has anyone tried explaingin databses to _civil servants_?

        "It's all done by magic pixies"

        "Oh, ok...."

      2. Anonymous Coward
        Anonymous Coward

        MySQL

        They wouldn't be allowed to use something completely free such as MySQL!

        The argument would ensue "Is it supported?".

        I had an argument with a free open source module I embedded into an application I wrote for a government agency, I justified it by a) it works where as the non-free product doesn't work adequitely, b) we don't have to buy it so no hassle with licenses and the bureaucratic nature of the agency for which we're working.

        My management was concerned it wasn't supported..but the fact is, the bloody thing worked properly so we didn't need support for it!

        And as for Oracle? They've probably got some rule that says though shalt only use Microsoft shite.

    3. PirateSlayer
      Troll

      Eh?

      3 tables on a 'bog standard' 'relational database'. Aside from your bizare reference to Access (which is as bog standard as you can get), I think you'll find that one table will suffice here (unless you are suggesting that 1 person can have n faces, or one person can have n left digits).

      1. Jonathan
        Thumb Down

        many records needed

        a person may only have 1 face, but can have several addresses, alternative ids etc.

        a bit shorthand, but..

        Table:person:

        Fields:

        uniqueID

        name

        dateofBirth

        (,etc.)

        Table:address:

        Fields:

        uniqueID

        address line 1

        (,etc.)

        Table:personAddresses:

        Fields:

        person.uniqueID

        address.uniqueID

        personAddressType (e.g. work/primary residence/other residence)

        Table:alternativeID

        Fields:

        uniqueID

        value

        Table:personAlternativeIDs:

        Fields:

        person.uniqueID

        alternativeID.uniqueID

        personAlternativeIDType (e.g. National Insurance Number, Passport number, Drivers Licence number, Prison System number, medical practicioners license number etc.)

        1. PirateSlayer
          Happy

          Response.

          I don't see why they would require an address history in this whopper of a database. Surely they only neeed your MAIN residence (like with driving liceneses)...my god the politicians will have to exempt themself ASAP.

          I guess you COULD have multiple profile shots, but your retina, finger prints and DNA are not going to change...unless you visit Ukraine or eat a lot of North Sea fishies. Also I would question the need for out of date information being on the system...if the objective is to identify you, they should only ever need the most recent of everything...address included! As for the other identifiers, I guess this could be farmed out to another table (Person ID, ID ID, ID Number)...this might be getting silly.

          1. John Smith 19 Gold badge
            Happy

            @Pirate Slayer

            "I don't see why they would require an address history in this whopper of a database. Surely they only neeed your MAIN residence (like with driving liceneses)...my god the politicians will have to exempt themself ASAP."

            1)How else will they be able to cross reference all the *historical* surveillance data without it?

            2)Because they can.

  5. irish donkey
    FAIL

    Make the ID Card Compulsory for Unemployed People

    That will immediately net 90% of the UK population.... opps sorry I am a year ahead of myself there.

    That will net 70% of the UK population........ opps sorry 6 months ahead of myself there

    Make it compulsory to have an ID Card to collect unemployment benefit. That way our out going MP's will vote against it as they won't want to have to get an ID Card when the get slung off the gravy train!

    If you don't vote you can't complain when things don't go your way.

    1. Lee Dowling Silver badge
      Alert

      If you don't vote you can't complain when things don't go your way.

      "If you don't vote you can't complain when things don't go your way."

      What about when *none* of the options go my way?

      1. Ottoman
        Go

        Then...

        Set up your own political party and put forward your options?

        1. codemonkey
          FAIL

          The youth of today..

          @Ottoman

          I dearly hope you're very young Mr/Mrs/Ms Ottoman...such perfect naivety. If you happen to be older than say, like, 20, then I applaud you for your belief. Of course, you could learn that the system is not really here for your views...that way you really would be engaging with reality. Heaven ( as if ) forbid. Google "Reality Info" for an education :) Serious. Try it:) All the best in your journey. Peace.

          1. Ottoman
            FAIL

            @codemonkey

            I am neither young nor naive, I however, am very tired of people bitcing and complaining yet doing nothing about it and resigning to their fate. You don't like something, change it!

            Often, in life, we do not get exactly what we want, so choose the next best thing which is available, if you are not in a position to create your options.

            Doing nothing and hoping that it will go away is exactly what is wrong with the society we are living in.

            FAIL it is indeed but not on my behalf.

    2. Elmer Phud

      already getting there

      There is already a data-gathering project underway.

      It is masked as an improvement to the CRB process and you only need to be registerd once.

      It will cover most youth workers, teachers, loads of folks who come in to contact with children (no, not like that!) and it's being sold as a simple one-off.

      Chances are that an 'enhancement' will produce a 'registration card' to avoid any misgivings and to prove you are registered. It has been said that it won't be required for things like baby-sitting but the CRB scheme expanded with knee-jerk rapidity and I assume the same will happen in this case.

      Not long before the Tories get in and instead of ID cards we just get our NI numbers tattooed to our foreheads instead (with a barcode that links to our national register of information and allowances)

    3. Anonymous Coward
      Pint

      Take your pick

      "Don't vote? Don't bitch!" - Steve Earle

      "I never voted, so I never elected you. I have every God-damn right to complain about you!" - George Carlin

    4. Graham Marsden
      WTF?

      If you don't vote you can't complain when things don't go your way.

      Balderdash!

      I recently had an election missive through the door from the Tories. In it there was a mini-questionnaire which said "Which of these Tory policies do you support?"

      Err, excuse me? Where's the option for "None of the above"? Where's the option to say "Just because I may have voted for you does not mean I support all of your policies"? In fact where is there *anything* that lets us do more than vote for a particular coloured rosette but which allows whoever gets the most seats to claim that they now now have a mandate from the people to do X, Y and Z because one vote covers *everything* in their manifesto.

      Representative Democracy? Not in this country!

      1. PirateSlayer
        IT Angle

        I was

        I wanted to write some expletives on a bit of paper and send it back in their prepaid envelope...I was hoping that every envelope would cost them some money to receive.

        In the end I just though sod it...I'll just vote Lib Dem. That'll show 'em.

  6. Blofeld's Cat
    WTF?

    Good grief!

    Using existing databases will inevitably lead to problems, as anyone who has ever tried to get an existing "sales" database to work with an existing "accounts" database by writing "a new bit in the middle" will tell you.

    ("Well OUR customer IDs have SIX digits...", "But we have ALWAYS put their credit rating in the 'Telex number' field...", "Oh we NEVER fill that field in...")

    That card reader sounds suspiciously like the "new hardware" we used to prepare for trade shows.

    You know the sort - where you take the salesmen through the exact sequence of keys they need to press to make it appear to be doing something, and then tell them that under no circumstances must they let potential customers touch it.

    The rest of Hiller's comments remind me of a mammoth thrashing about in a tar pit for some reason.

  7. Stuart Moore

    Multi table...

    Sounds like they've got 3 tables, one for holding the large stuff, one for the small stuff, and a joining table... not sure that this tells us anything.

  8. Martin 47
    Stop

    of course its important

    Hillier emphasised the importance of the ID card to people who are "socially disadvantaged"

    because they are usually the people who change address the most and are the least likely to remember to tell the government so it means they can picked up and fined any, and every time, its convenient.

  9. Scott Broukell
    Megaphone

    I say .....

    put the micro-chips under the skin of every individual and link us all in real-time to the uber triple-databasen. I sooo want my phone to be a real part of me, a bio-mechanical organ, pulsing with data streams about my every thought and movement. What could possibly go wrong I say, I say what could possibly go wrong.

  10. Anonymous Coward
    Anonymous Coward

    ere what

    "She said that what was important about the identity card was the chip and suggested that in the future it may be possible to install the chip in another device, such as a mobile phone."

    Great, as a larger lout I enjoy stealing cellular telephones, but I haven't had much incentive to do so since I stole my last iPhone. Now that phones will come with a free identity I can sell to my dealer, I might have to break out the old half brick again.

    "Hillier emphasised the importance of the ID card to people who are "socially disadvantaged"."

    I don't care what Hitler says, my dole money does me fine.

    1. PirateSlayer
      Joke

      Device

      The "other device" I thought it was probably going to be installed on real soon is known as the "the human sternum". Question is when is hair going to be outlawed and when do I get my neck barcode?

      Bagsy 47.

  11. Anonymous Coward
    Stop

    But

    I still havn't been told HOW the ID card will fight terrorism.

    Although it worries me that the Gov will keep my data on a database, and worries me further that they have started making cards before finishing the database design, I could live with these things.

    BUT ONLY AFTER AN EXPLANATION OF WHY!!!

    Surely the Reg could interview someone to find this out?

    Anon because...oh look a black heli...

    1. Anonymous Coward
      Black Helicopters

      How?

      It won't. I'd write more, but I don't see the point. The terrorism thing is a red herring.

      Sorry, I just looked up the definition of rhetorical. Post anyway.

  12. Juan 2
    WTF?

    What biometric data?

    I went last week Thursday to do the application and I received the card in the post yesterday. So much for biometric data as they only took my photo and finger prints. I was not asked to pee in a cup or to fry my eyes in a lazer eyeball gazing thinghy, or do a blood donation.

    So, what's all the fanfare about? The paperwork only covered your name, address and citizenship. You have to divulge a lot more about yourself just to open a bank account, or buy something on credit.

    1. Uncle Slacky Silver badge
      FAIL

      It's not the card...

      ...it's the database. And congratulations, the govt can now fine you every time you forget to tell them your new address.

      AND THEY SEND THEM THROUGH THE POST!!!!!!???!!!???

    2. Anonymous Coward
      Anonymous Coward

      @Juan 2

      What biometric data? "took my photo and finger prints" That biometric, data you idiot.

      Good luck changing your fingerprints when your id gets stolen. Fortunately it's fairly easy to drastically change the shape of your face. If you decide you need such a service, I'd be happy to help.

      "pee in a cup" What?

      "fry my eyes in a lazer" Are you 12? Wtf is a lazer?

  13. Anonymous Coward
    Flame

    What?

    "Referring to many of her constituents who are without any form of identity document"

    They have no birth certificate, rental agreement, utility bill, bank card, benefit card, council tax bill or any number of other items which can collectively prove identity?

    If they are so destitute that they in fact do not have any of the above, how can the prove who they are in order to go on to the ID database? And if they can prove who they are now, then they don't need to be on the ID database!

    Stupid, stupid, STUPID Labour toady!

    This is YOUR FAULT you main-party voting morons!

    And if you didn't get off your fat ass to even vote, hang your head in shame you feckless turd.

    1. John Lilburne

      Voting? Fuck em!

      It makes no difference. One is very unlikely to base a voting decision on ID cards alone. Voting to keep the slimy tories out is not in any way a reason to assume that one is supporting this bit of State shite.

      Your vote means nothing, al it does is encourage the bastards.

      1. Anonymous Coward
        Anonymous Coward

        Keep the Tories out?

        What? I want the Tories, Labour AND the LibDems out. That means voting Green, UKIP, Independent etc. I agree that ID cards are not the sole issue, but they are a bloody huge one.

        I'd rather live as a free peasant than a rich slave.

  14. lukewarmdog
    Badgers

    Three databases

    "the third bit is the one that links the two"

    A database to link two other databases? Someone sounds confused.

    Bring on the GE, I'm more than ready to vote this government out, the next one can not be any worse.

    1. mmiied

      well now

      that shows a distinct lack of imagination

    2. Elmer Phud

      Can't be any worse?

      The next lot are merely softening the words and desparatly trying to invent policies that are different from this lot.

      The main difference is that the banker will really, really fuck us over with the Tories - with new lab they were only practicing. Don't forget who Cameron's mates are and who Boris is desparate to defend.

      Your choice is tis fucked or so well fucked you can't even complain about it.

    3. Anonymous Coward
      Anonymous Coward

      3 databases

      She's got a background in PPE - Politics, Philosophy, Economics, so what the f**k does she know about databases? Almost nothing I'm sure.

      So, it's not entirely her fault she doesn't know her arse from her elbow, but alas, she should have had someone explain it to her properly.

  15. The BigYin
    Flame

    FFS

    'Hillier said that the "9/11 had put the cast on the ID card" about terrorism'

    Hello, Hillier you chump. This is reality calling. The 9/11 terrorist travelled on THEIR OWN PRIMARY ID (passports). If the USA had had ID cards then they would have still gone ahead as, despite making no attempt to hide who they were, the were not stopped by the security services.

    So how the bloody hell will ID cards help? The security services couldn't even track those guys by their passports numbers! FFS!

    Argh!

    Britons - rise up and overthrow these threats to our nation!

    1. Ed Blackshaw Silver badge
      Boffin

      Reading between the lines

      When Hillier said "9/11 had put the cast on the ID card", what she meant was:

      "After 9/11, the populous was sufficiently panicked and easy to mould, that we were then able to sell the concept of an ID card as an anti-terrorist measure, rather than its real purpose as an authoritarian tool to monitor people."

  16. Anonymous Coward
    Anonymous Coward

    heh

    Fixed

    "She said that what was important about the identity card was the chip and suggested that in the future it may be possible to install the chip in another device, such as a surf"

  17. Jonathan
    Thumb Up

    3 databases

    3 tables... please!

    Database 1. "information which is broadly what is on your passport already"

    i.e. who you are

    Database 2. "There is the one that holds the fingerprints and facial image, the biometric data"

    i.e. how to prove who you are

    Database 3. "and the third bit is the one that links the two,"

    i.e. the very important bit.

    if i want to search for/browse/aggregate information on people I just need access to database 1

    if i am the police and i want to verify a given identity (stop and search) I just need access to database 2

    if i want to trawl for a fingerprint match I need access to all 3, so that i can work back to the record in 1, by getting a match in 2, via 3

    access can be controlled based on functional area, with reduced need around access.

    - council uses the database as its source on people in the area (or FKs its own database from it) and only for this.

    no connectivity at all needs to be setup to databases 2 and 3, hence "mr. council person" can't look at the biometric data (if he wanted to!) even if he "borrows" his good friends "mr. policeofficer"'s login.

    also....

    database 3: "the one that links the two"

    it will be an awful lot easier (design, development and especially TESTING) to add links to databases 4, 5, 6 etc. in future with the link info. split out.

    also, as the biometric data is hidden away in another database to which access can be totally independently controlled, why do databases 4-6 have to be government databases.

    - UKGOV PLC can supply uniqueIDs for everyone in the country, to commercial organisations, (theoetically) without UKGOVs own data being accessable.

    1. Jonathan

      database 4

      GCHQ monitoring of communications

      they have a record of a phone call between phone A and phone B

      - if the ID database(s) isn't going to end up having phone numbers in it I'm sure it will key through to the phone operators db's.

      So... they can get the ids of each person and create, in their own database a relationship between these people ("anonymously"... they won't have your personal details, just an ID number)

      they have a record of an email from email address X and address Y

      - again, just wait for it to happen, you'll havre to register the email address as belonging to you else.. well, they'll have the email address and the ip address and the ISP will be able to tell them .

      So... they can get the ids of each person and create, in their own database a relationship between these people (again, "anonymously"... they won't have your personal details, just an ID number)

      If the uniqueID of the person with phone A is the same as that of the person with email address X we have a nice little network of "anonymous" people and their relationships built up.

      Now, this person is arrested for terrorist offences... the security services update database E with the arrest which triggers a the GCHQ database to do a bit of PageRank or similar algorithm and pull in the details of "the interesting contacts" and the police know this persons contacts... with everything having been kept anonymous up until this point.

  18. Graham Marsden
    FAIL

    "people who are "socially disadvantaged"

    That would be all the people who are now unemployed because of El Gordo's inability to understand what happens when you try to fund Growth through Debt without actually *producing* anything...

  19. DragonLord
    Black Helicopters

    Problems with database 3

    As database 3 links the biometrics to who you are, wouldn't this be the most important and vulnerable of the 3 to hacking attempts. After all, if you can get into that database with write access, then identity theft takes on a whole new meaning.

    Have a criminal record you want to get rid of? Just point your biometrics to someone else. Loaded with debt, just become someone else.

    Ah well, I guess hollywood needed a new version of "the net" to broadcast, so why not persuade some smuck to implement it in real life.

  20. Guy Herbert
    Big Brother

    @ Jonathan 13:11

    I suspect you may be imputing too much common sense and "customer care" to the institutions involved.

    The reason originally adduced (see the Strategy issued end 2006) for using three (or two-and-a-half) existing databases rather than Mr Blunkett's single clean one, was cost-saving, not security. It is unlikely security (of your data) has ever been a consideration. The Whitehall rationale for the scheme in the first place was to enable massive data-sharing. And before it was disbanded/downgraded, the Independent Experts Group appeared to be saying in coded language that the IPS was utterly clueless about security.

    The idea that retrofitting three vast, used, civil service databases is cost-saving is clearly nonsense. My guess would be a combination of empire-building (the IPS gets its tentacles directly into other agencies, and is therefore much more difficult to uproot), and cost-*hiding*.

  21. The BigYin

    Evil plan

    Everyone name their home "DROP TABLE ?;" and variations there upon.

    That'll learn 'em.

  22. John Smith 19 Gold badge
    Thumb Down

    And now consider data growth.

    Start with a 70 million record database, which is quite substantial by quite a few yardsticks.

    Multiply by the number of updates/additions per year (we wont need deletions for at least a century) *including* death notifications and c1500 births a day over (say) 120 years just to be on the safe side.

    Don't forget the separate biometrics database. Image compression on passports is quite efficient so say 70m x 100k or 7TB

    And of course you'll be wanting to back this lot up on a regular basis.

    No wonder IBM got the contract.

    After all IBM Germany wrote the book on fine tuning a nationwide database to efficiently identify people for special treatment.

  23. David Ramsay

    So lets see ...

    If we refusniks refuse to apply for a card then we will lie outside the DB. We won't be able to get any form of benefit but then again you can always walk into Tesco's and walk out again with all the food you want and then they either arrest you but they won't be able to identify you or they will just ignore you as you are too much trouble - all those forms to fill out!!

This topic is closed for new posts.