Whatever else in the ID Card programme has changed, one message seems to have persisted throughout – that the National ID Card will be the ‘gold standard’ of identity. Relying parties from the commercial sector, we have often been told, will flock to it in recognition of its reliability.
It now seems that for some commercial organisations, the proverbial mountain will be coming to Mohammed. Rather than operate its own enrolment centres the Home Office apparently plans to invite high street retailers to provide the enrolment service – at least to the extent of capturing applicants’ fingerprints, photograph and, eventually, £60 fee.
Like any unexpected mid-flight course correction, this may raise questions and make some passengers uneasy.
For instance, under this arrangement, who would be liable if there was some error in the enrolment process, or if a mis-match later emerged between the holder’s attributes and the data submitted via the enroller?
Are retail staff likely to have the level of training and expertise which would equip them to detect attempts to subvert the system? And if they were to detect such an attempt, would they have the wherewithal to abort the process, report the attempt and take the appropriate enforcement actions against the applicant? That seems to me to make an awful lot of assumptions.
If those assumptions turn out to be unfounded, the entry point into the ID Card system could well be compromised – and if the chain of credential issue is weak at its first link, we know what happens to the rest.
A former mentor of mine, Tom Honey, used to say of the e-commerce projects we were working on at the time: “you can have it now, or secure, or in budget: pick any two”. It looks to me as though Jacqui Smith has opted for ‘now and in budget’.