Shome mishtake shurely?

| 2 Comments
| More

A very unpleasant little amendment to the Licensing Act (2003) is in front of Ministers for approval as a Statutory Instrument (SI). If you're not familiar with the process, a SI is a delegated legislation made under the powers of a parent Act, and it is very rare for a SI to be amended or changed - it is generally either approved or rejected when presented to Parliament.

The SI in question is there to address binge drinking by restricting licensees' abilities to offer discounted booze and encourage heavy drinking. Part 4 (2) of this particular SI refers to a licensee's policy, and reads as follows:

(2) The policy must require individuals who appear to the responsible person to be under 18 years of age (or such older age as may be specified in the policy) to produce on request, before being served alcohol, identification bearing their photograph, date of birth and a holographic mark.

I'd like to think that this is simply a bit of shoddy text drafted by a junior civil servant who hasn't thought it through properly, but that seems unlikely. The only acceptable proof of age in a licensed premises will be either a passport, a driving license or an ID Card. Licensees will no longer be able to use common sense, or to accept other forms of ID even where they are credible beyond doubt. Young drinkers won't dare go out without one of those forms of ID on them, and that will inevitably lead to a rise in the number of lost passports - something that Identity Minister Meg Hillier has been banging on about as almost the sole justification for the National ID Service for a long time now. It seems probable that this move is an attempt by a government that has almost no understanding of ID technology, and an active interest in undermining privacy, to force yet another justification for ID Cards through without proper scrutiny.

What this will do is create a fresh market for false ID cards. A card with a photo, hologram and date of birth is still relatively trivial to put together, and is the average member of bar staff really going to challenge someone who is in possession of what looks like it is probably a legitimate card? I doubt it. Just over a year ago I warned the BBC of the dangers of 'flash and dash' fraud that will arise from the misuse of ID Cards, and this is the first stage in making that situation come to pass.

For a long time those who have given more than the briefest of thought to the challenge of proof of age have understood the potential of ID technologies to be used in a zero disclosure way: to respond to a challenge without providing any information about the data subject. The relying party asks the system 'is the individual 18 years of age or over?' The system responds 'yes' or 'no'. No other information is released. Innovative organisations such as Touch2ID have put the concept into practice, and offer contactless proof of age cards that simply contain a biometric hash of the bearer's fingerprint. The licensee's reader asks the card 'is the bearer 18 years of age or over'? The bearer puts their finger on the reader, the biometric is compared with the hash on the card, and a positive or negative response is given. The card doesn't need a photo, or a date of birth, so the individual retains their privacy. The card is issued for free. If the card is lost then it's useless to anyone else, can't be used for identity fraud, and can be replaced for £2.50.

This ridiculous SI, which is another back-door attempt to undermine civil liberties and bolster the National ID Service, will pass on 6 April unless it is sent back by Parliament. You need to write to your MP to make them aware of what's hidden in the small print, and demand that the SI is redrafted before it's accepted.

[Hat-tip to Edgar for bringing this one to my attention]

[Declaration: I have no commercial or personal interest in Touch2ID]

2 Comments

  • It probably permits PASS scheme cards too. But that is small comfort, and the charities that provide PASS cards must have seen the day when the Home Office will disown them on the horizon when it started promoting the National Identity Card as a proof of age at the end of last year.

  • Great post, Toby (and well spotted, Edgar...).

    This is a classic example of why it is such bad practice to embed specific technologies in law. As you point out, the Touch2ID solution provides perfectly adequate assurance of age without the need for a hologram - and in a far more privacy-respecting way than the ID Card can.

    The (UK) State opted out of the gold standard decades ago - but that message clearly hasn't filtered through to those hawking the "gold standard of identity". The Home Office does not, oddly enough, have a monopoly on suitable technical solutions for proof of age. How shocking.

  • Leave a comment

    Disclaimer

    The views expressed in this blog are my own, and do not necessarily reflect those of any client or other organisation.

    Subscribe to blog feed

    Archives

    Categories

    Toby on Twitter

      Recent Comments

      Toby Stevens on Information Commissioner ... : I'm not aware of any specific discussion of Phorm ...
      Icsys on Information Commissioner ... : Hi Toby. I presume the Privacy by Design event we...

       

      -- Advertisement --