Quite.

So what’s the point of an ID card in this scenario? Someone turns up at my office claiming to be John Doe, ID number 123456. I call up the Hillier Hotline and ask “is ID number 123456 Mr. John Doe” and they say yes. I’ve still no idea whether it is John Doe or not and nor do they, since neither of us has any way of verifying the card or authenticating his use of it. So you may as well save two billion quid and just issue people with numbers, not cards.

For example Meg Hillier said in the evidence William linked to that, “If you are an employer and someone presents to you with their passport, you would make a phone call to … But they would then check that as verification: “Is this a real passport?”, and you would get that, yes, or, no, answer.” Not very clear!

An Identity Checking Services Presentation says, “Visual Check – Checking whether the card photograph matches the card holder; Card Authentication – Checking whether the card is genuine and unaltered through the chip [presumably equipment is needed for that]; Pin Check – A higher level of proof by entering the PIN [this too]; Online [Oh!] / Telephone Verification – Checking through temporary codes generated by the chip or shared information [that too] … On-line or 3-way checking (using biometrics for example) should be used only where the situation justifies or requires it.”

(Would the prevention of illegal working justify it, I wonder?)

The IPS website says, “The identity verification service will provide a way for accredited organisations to check an individual’s identity” but it too doesn’t say how.

If he connects to the Identity Checking / Verification Service, how does he do so and what information will he get during that transaction? Will he need to be ‘accredited’ and what will that involve? Will he need to sign up to a ‘Code of Connection’?

Who knows?

It isn’t at all clear, to me anyway, and I’m concerned that the lack of clarity is symptomatic of a deeper problem – that they don’t know either!

How do DWP and Council Tax staff access the CIS (because that’s what the ID scheme is based on) from their offices and homes at present? Something like a VPN? Or the ‘Government Connect Secure Extranet’?

Then how is an employer (eg, me) supposed to verify the identity of an employee? If I can’t access the service via the Internet, will I have to install some kind of special terminal connected to the government secure intranet or similar? That can’t be right.

I imagine they removed ‘hack proof’ because there is no such thing and Meg Hillier realised she had inadvertently misled the Committee.

I have (at least) three outstanding questions (and subquestions): which government departments, such as the DWP, have signed up to use the scheme, what will they use it with, and how will they verify someone’s identity* for each particular use; what then will be the total cost to the public sector of using the scheme**; and if, as Meg Hillier said, “No personal data, for most of the transactions, would be revealed”, what personal data would be revealed in what particular transactions?

* The Home Office’s Borders, Immigration and Identity Action Plan says there will be a number of ways to check someone’s identity: visually, looking at the card and its owner; checking the authenticity of the card; asking for a PIN; a ’shared secret’; or a fingerprint.

** It seems worth looking at the estimated cost of the NHS IT project – now approaching £20bn, but originally £5bn (some sources say £2bn!). Health Minister Lord Warner said of this, “The latter figure covered only the national contracts for the systems’ basic infrastructure and software applications”, and not the additional money needed to train staff, integrate existing systems and so on. The DWP will need fingerprint readers if it’s going to check fingerprints, so how much will these cost, for example?

Highly ambitious even to contemplate answers to “all these questions”. I’d be amazed were the Home Office to give a straight coherent answer to any one question. It seems to resent even the possiblility of criticism. Here’s Meg Hillier to the Cambridge Evening News last week:

The two things I would say to the N02ID campaigners are first, the act of Parliament has been passed and ID cards will be brought in. Secondly, if they have a passport I don’t know why they are worrying as they are already on the passport register – ID cards will work in a very similar way.

That’s a very old-fashioned view of procurement William. In today’s modern go-ahead public sector there’s no need to work out how something will work (or, indeed, whether it will work) before you procure it.

Anyway, just to be helpful, I was at a presentation from IPS recently where they said that Deloitte, Ernst & Young and PA Consulting are handling all of the client-side consultancy on the project so it’s probably best to ask them.

Bit of a worry that, if you ask me…