OGC releases Gateway Reviews of ID Card project

On one of my bookshelves, there’s a copy of Peter Wright’s memoir, Spycatcher. Published in 1987, the book spurred the then government into frenzied attempts to ban it. Those attempts were fatally undermined by the government’s inability to prevent publication elsewhere – and eventually in 1988 the Law Lords ruled that the book no longer contained anything which could be classified as a secret. I got my copy during a visit to the States in 1987, early enough that I probably broke the law by bringing it back to the UK – though apparently had I declared my contraband on re-entry, customs officers would have been under no instruction to confiscate it.

Oh, how wicked I felt. That sense of mischief faded fairly rapidly as I read the book, though, and the sheer banality of much of its contents became apparent. Don’t get me wrong, it was interesting enough… but to anyone brought up on espionage fiction later than the Joseph Conrad or Erskine Childers vintage, it was all pretty tame stuff. Even real life, in the form of the unfortunate Georgi Markov (assassinated with a poisoned umbrella in London, ten years earlier), outstripped most of Peter Wright’s revelations about MI5’s domestic counter-espionage operations. And did its publication shake our national security apparatus to its very foundations, impairing its very ability to protect us from the foreign menace? Not noticeably, no.

Wind forward two decades, and after a lengthy legal struggle, the Office for Government Commerce (OGC) has finally acceded to a request originally made in early 2005 for the “Gateway Reviews” of the ID Cards project to be made public. The wrangling over whether or not the reviews could be published went to the Information Commissioner, thence to the Information Tribunal, and ultimately to the High Court – and according to SpyBlog cost the OGC at least £120,000 in legal fees, not to mention the administrative time and effort.

Naturally I fell on the released documents in a state of high excitement, eager to see what damning findings they contained. To put it briefly, there is no smoking gun. The Gateway reviews do not contain the secret details of the ID Scheme’s fatal flaw, or evidence of diabolical intent on the part of the Scheme’s proponents. That’s not to say they include no basis for criticism: see SpyBlog’s succinct analysis here for a clear indication of some of the shortcomings revealed.

The reports do contain clear evidence that the fundamental objectives of the scheme evolved substantially between the two reviews (notably, from “Entitlement” to “Identity” cards) – but then, that much has been blatantly obvious despite, or perhaps because of, the whirl of departing and arriving Home Secretaries over the years.

One can also see the review team’s concerns about the complexity of the project in organisational and technical terms, and gauge whether subsequent moves have mitigated those risks.

Finally, the first review in particular also includes revealing comments about who the scheme’s principal beneficiaries are expected to be, and what level of user consent is assumed. There is no mention of the sharing of citizen data – something which is now surely an unavoidably large feature of the landscape.

None of these revelations, though, is fundamentally surprising – though it would be newsworthy if subsequent releases showed that the reports had been ignored as the policy and its implementation were taken forward.

In the Spycatcher case, arguably, far worse than anything which resulted from publication was the damage done to the Government’s credibility by its frantic attempts at a ban. Its pursuit of the matter through the courts made it, and the law, look increasingly asinine.

In the Gateway Review case, the OGC has been at pains to state that its decision to abide by the High Court’s decision does not set a precedent.