UK tests Identity Scheme with criminal data types

THE UK WILL TEST its ID card database with a data type designed for criminal records, but which is incompatible with its own design.

The Identity and Passport Service has borrowed millions of records from the US criminal fingerprint database, the Integrated Automated Fingerprint Identification System, operated by the FBI, to test the National Identity Register (NIR).

The IAFIS was built primarily to store records of "rolled" fingerprints, taken from suspects and criminals using old fashioned ink pads. Criminal databases use rolled fingerprints because courts require prints of a quality that cannot be obtained using electronic readers.

The Identity and Passport Service confirmed that it had signed an agreement to use the FBI's fingerprint data. But refused to give details.

However, an IPS spokeswoman said the FBI had supplied records that contained both "ten rolled fingerprint impressions and ten flat fingerprint impressions".

The NIR will be populated with records that contain flat fingerprint impressions taken from every adult British citizen. It will not contain rolled fingerprints of the kind used in the FBI's criminal database and Britain's own criminal fingerprint database, IDENT1.

The IPS spokeswoman refused to say why the IPS required rolled fingerprints to test the NIR when there were no plans for it to house such data.

Phil Booth, national co-ordinator of the No2ID campaign group, was alarmed at the use of rolled fingerprint data. He said it suggested the IPS had planned to allow criminal investigators to trawl the NIR on "fishing expeditions".

He feared that the IPS would try and check the flat fingerprint records stored with people's identity records on the NIR against the rolled criminal fingerprint records stored on IDENT1.

"What the hell are they playing at," said Booth. "The likelihood [is one] of false matches, false accusations, miscarriages of justice, and the reversal of the presumption of innocence. If you start treating a general-population biometric register as if it were a criminal database you are just suddenly saying the whole population had become a suspect."

A source close to the Identity Scheme told THE INQUIRER he was not aware that rolled fingerprint data had been acquired for testing, and it was unlikely because "the National Identity Scheme is using flats".

He suggested the rolled data might have been acquired to test the UK's Immigration and Asylum Fingerprint System (IAFS), which was the only IPS database that would use rolled fingerprint data, and which had been lumped in as part of the ID Scheme's procurement.

However, the IPS spokeswoman insisted the data was being acquired solely to test the National Identity Scheme, not the IAFS or any other system.

Freedom of suppression
The INQ tried to acquire details of the deal in April when it filed a Freedom of Information Request for a copy of the Memorandum of Understanding struck between the FBI and IPS for the exchange of test data. The IPS responded to the request only last week, some months late, and refused to reveal the details.

The IPS said it was keeping the MOU secret under 27 (1) (a) and 27 (2) of the Freedom of Information Act. The first allowed it to withhold information that "would be likely to prejudice relations between the United Kingdom and any other State".

"The information provided by the FBI is confidential and there is an expectation by the FBI that it will be held by IPS in confidence and not be made public," it said.

But had the FBI not told THE INQUIRER that it was supplying data to test the UK's National Identity Scheme, we wouldn't have known about it in the first place.

The other reason why the IPS refused to publish the MOU under FOI was that information was exempt if it was "confidential information obtained from a State other than the United Kingdom".

Yet The INQ had not asked to access the confidential fingerprint data supplied by the FBI to the IPS. It had asked merely for a copy of the terms by which the data had been supplied.

The IPS said it had balanced the public interest in disclosing information about the ID scheme against the government's interest in protecting its international interests.

On the one hand, it said: "Given the scale, the potential expense and the impact of the identity card scheme on the population, there is clear public interest in the disclosure of information which pertains to its architecture and implementation."

Moreover, " It is arguable that as Government becomes more transparent the public contribution to the policy making process will increase and will become more broad based. That transparency will make Government more accountable and therefore increase trust in it."

On the other hand, it said: "The effective conduct of international relations depends upon maintaining trust and confidence between governments and that those other governments involved would reasonably expect the exempt information to be held in complete confidence."

If it disclosed the information it would upset the US, make it untrustworthy in the eyes of other countries, and make it unsafe for the UK to share sensitive data with other countries, said the IPS.

The IPS' reasoning was then that the IPS' public accountability over the national ID system is less important than its international accountability. And that disregarded the question over whether the terms of the data exchange, or indeed that the exchange had happened at all, should be treated as a government secret. µ