NO2ID

http://www.ips.gov.uk/cps/files/ips/live/assets/documents/13439_Safeguarding_Identity_w_opt.pdf



28 pages of transformational government with the NIR and biometrics at the centre (p.11) and the "consent model for sharing identity information across government agreed" (p.27) some time in the third quarter of 2010, just over a year from now.

(Hat tip William Heath, who, in turn, tips his hat to Philip Virgo.)

The best way to safeguard identity is....


not to let Government touch it with a bargepole.


The whole document is littered with examples of "I am pleased to have an ID card..." with the unstated "because boy has the Government made life a royal pain in the arse for anyone who hasn't got one"

In full compliance with, of course "The vision for the NIS is that it will become
an essential part of everyday life;"

No doubt these types like the idea of having to flash your ID card "to prove who you are" upmteen times a day. To me that is the purest vision of hell.

Translation: without IPS-issued credentials, you won't be able to do anything.

Indeed. Also, it is important to recognise that trust depends on two parties - the issuer and the 3rd party relying on the credentials. The financial services industry has already indicated that it sees little value in the use of these credentials, not least because IPS has given no indication that it has such faith in its credentials that it is prepared to indemnify commercial third parties for fraud resulting from fraudulent use of their credentials.

Given that one of the touted benefits of the NIS is to reduce identity fraud and that financial services industry is the primary target of identity fraud, the value of these credentials is significantly diminished.

And I'd say the value has always been low. The bankers tried to get the taxpayer to pay for / indemnify them for smartcards - chip and pin - in presentations around in the mid-to late-90s to PITCOM and others, and lobbied quite hard on the benefits (ahem, mostly as far as any fule cud see for them) ...... and got little or no takers.

There's an interesting footnote to both this report, and Alan Johnson's public utterances last week, including his Guardian CiF article here:

http://www.guardian.co.uk/commentisfree ... fraud-cost

Both quote the discredited government estimate of the annual cost of Identity Fraud at "over £1.2bn". But there are actually *two* discredited government estimates floating around out there. The £1.2bn figure comes from:

Cabinet Office, "Identity Fraud: A Study", July 2002, Annex B, page 73,
(URL used to be http://www.identitycards.gov.uk/downloa ... report.pdf, but it's been moved again, and I can't find it at the moment).

However, there is also a later annual estimate of £1.7bn, produced by the Home Office itself:

Home Office, "Updated estimate of the cost of identity fraud to the UK economy", 2 February 2006
(URL used to be http://www.identitytheft.org.uk/ID%20fraud%20table.pdf, but they've moved this one too!).

Both figures are utterly bogus:

* The 2002 report shows £370 million of identity fraud reported by APACS, the bank clearing service for plastic cards and cheques, but APACS itself says the real figure was only £20.6 million – about 6% of the government's claim.

* The Cabinet Office says identity fraud cost the insurance industry £250 million in 2002, but in June 2005 the Association of British Insurers told reporter Andrew Gilligan "I'm not sure where that figure comes from. It's not from us. ... Insurance fraud tends to be people claiming in their real names for false losses. ID fraud is not a particularly big problem in the insurance sector".

* The 2002 and 2006 reports both include £215 million for Missing Trader IntraCommunity" (MTIC) fraud, also known as Carousel Fraud, where goods are bought and sold by fictitious companies in different countries in the EU, with VAT which was never actually paid "claimed back" from EU governments. However, a spokesman for HM Revenue & Customs told Andrew Gilligan "We wouldn't normally describe MTIC fraud as ID fraud."

... and so on.

The Gilligan article is here:

http://p10.hostingprod.com/@spyblog.org ... illig.html

So, the interesting question is: why has the Home Office now disowned its own 3-year-old £1.7bn figure, widely quoted by Andy Burnham at the time, and reverted to the equally-bogus and 7-year-old £1.2bn figure? Is this carelessness, or something else?

I can't find it either. It seems to have been conveniently re-located.

I note that the fancy new content management thing they are now using has numbered pages, and I have a suspicion that when new versions are published, the numbers of updated pages will change.

I hope I'm wrong on this - otherwise links to pages will be breaking on a regular basis. Not good for a site whose purpose is in theory supposed to be informational.

Needless to say, I do have local copies of both documents. Anyone wanting a copy please PM me.

There's a copy of the 2002 study online here:

http://www.statewatch.org/news/2004/may ... report.pdf

The February 2006 estimate seems to have been withdrawn, but a 2006-7 one - to which the government currently seems to be referring - is here:

http://www.identitytheft.org.uk/cms/ass ... 006-07.pdf

The eagle-eyed amongst you will notice that they had to withdraw the estimates for money laundering and 'carousel' VAT fraud, though they retained inflated figures from APACs (who report "card ID-theft" as £30.5 million, down from £34m - not £201.2m) and the telecoms sector - and added in such things as the money IPS spent on its own prevention/detection systems! Which are, I guess, fraud of a sort...

Interesting - many thanks for the new reference. I'd automatically assumed that £1.2bn referred to the 2002 figure, and wasn't aware of the new 2007 figure.

It is not hard to see just how appalling these Home Office figures are.

First of all they have not made any effort to divide the private sector costs of ID fraud into the direct costs of fraud and the costs of countermeasures. This applies in particular to the APACS costs. Some public sector costs are also not distinguished in this way. It is clearly essential to distinguish between these two costs if we are ever to develop of clear policy and strategy on ID fraud.

As a starting point I have split these costs 50:50 where this division s is not given. With this split, the figures given show that the private sector lost about £630M on ID fraud and spent £112M on countermeasures. In contrast the public sector lost about £100M but spent £370M on countermeasures.

Spending nearly four times the cost of fraud on measures to counter it is an appalling misuse of taxpayer's money. Moreover if the Home Office truly believes that it can justify its expenditure by citing private sector costs, it then needs to justify what would be another massive taxpayer subsidy to the banking industry. In fact it is worse even than this since the banking industry has made it only too clear that it needs Home Office help with ID fraud 'like it needs a hole in the head'.

Of course the Home Office case is stronger now that we all own a large part of the banking sector. But is this a justification that the Home Office will wish to deploy? But who knows - maybe it is -- desperation is their forte when it comes to attempts to justify their truly idiotic ID card fantasies.

Brian Gladman