The Scottish Identity Card Scandal:
Campaign News - 2017


Scottish ID Card


2011 2012 2013 2014 2015a 2015b 2015c 2015d 2015e
2016 2017                      

132. Scotland on Sunday, 8 Jan. 17 - SNP accused of 'running scared' of 'super ID database' plans, Scott MacNab

Lib Dem MSP Liam McArthur urged the Scottish Government to end its silence over the controversial NHS proposals

Liam McArthur MSP

The Scottish Government has been accused of "running scared" over controversial proposals for a "super ID database" in Scotland after dithering for almost two years on the plans.

The proposals would see a sweeping extension of the NHS central register (NHSCR), allowing 120 public bodies to obtain information from it. A public consultation into the plans closed in February 2015.

Ministers have played down concerns and insisted the only change being made to the register ... is the addition of individual's postcodes. Claims of a super ID database have been flatly rejected.

But opposition parties are now demanding that the Scottish Government end its silence on the issue and set out its plans.

Liberal Democrat Orkney MSP Liam McArthur said: "It has been two years since the SNP launched their consultation on creating the super ID database. Despite repeated questioning in parliament, the Scottish Government is unable or unwilling to provide the most basic of answers.

"SNP ministers are clearly running scared. Their proposals for an intrusive super ID database were criticised by experts. All the opposition parties backed the Liberal Democrats in a vote condemning ministers' plans to establish this through the backdoor, without proper parliamentary scrutiny..."

The proposal would see public bodies allowed to access data through an individual's NHS number, including HMRC for tax purposes. Everyone born in Scotland or registered with a GP north of the border has a Unique Citizen Reference Number held in the NHSCR...

Jim Killock, executive director of Open Rights Group, said: "The Scottish Government should come clean and admit these plans were a mistake and that they shouldn't have attempted to sneak them in through a minor consultation."...

Almost 90 per cent of respondents were opposed, including privacy watchdog the Information Commissioner, the Chartered Institute of Taxation and the Law Society of Scotland, which all warned the proposals may be illegal.

The scheme also was rejected by the British Medical Association, Royal College of GPs and Royal College of Physicians and Surgeons.

A Scottish Government spokesman insisted there were no plans to create a super ID database.

"We are considering consultation responses and will set out the way forward on this, and related issues, in due course," he added.

http://www.scotsman.com/news/politics/snp-accused-of-running-scared-of-super-id-database-plans-1-4334266


133. Scotland on Sunday - Online Forum, 15 Jan. 17 - Readers' responses to item 132 above

It would be a massive folly to develop a huge single database. Why? Simply because the data could never be sufficiently secure - whether from hacking, from theft, from copying and/or from unauthorised use by the professionals.

corrigenda

A friend of mine was puzzled when she received an email from her dentist confirming an appointment ...she hadn't given her email address to either the dentist or GP's surgery. The dentist couldn't, or wouldn't, say how they had got her details. She had, however, applied for a bus pass - a few months ago - which required an email address to be provided. Coincidence - or an example of data sharing?

Inchgower


134. The Scottish Parliament, 22 Feb. 17 - Question from Clare Haughey

Question S5W-07384: Clare Haughey, Rutherglen, Scottish National Party, Date Lodged: 21/02/2017
To ask the Scottish Government, further to the answer to question S5W-03160 by Shona Robison on 7 October 2016, whether it has reached a decision on how it will take forward its response to the consultation on the proposed amendments to the National Health Service Central Register (Scotland) Regulations 2006.

Answered by Derek Mackay (22/02/2017):

Ministers have listened carefully to the arguments made during the consultation on proposed amendments to the LEARS Act Regulations, and have concluded that it would not be appropriate to broaden the range of bodies prescribed in legislation who can share data with the National Health Service Central Register, even subject to strong controls. Ministers therefore do not intend to take forward the amendments to this effect originally proposed.

Ministers do believe that it is desirable that a member of the public, who wants to access public services online, can be given the chance to demonstrate their identity easily – and be confident that no-one else is able to pretend to be them, and that their privacy is guaranteed. This becomes ever more important as the Scottish Government takes on new powers, prepares to deliver new services, and aims to make these services as convenient, accessible and user-centred as possible.

Ministers therefore intend to work with stakeholders, privacy interests and members of the public to develop a robust, secure and trustworthy mechanism by which an individual member of the public can demonstrate their identity. Any such mechanism will have to be entirely consistent with the Scottish Government's Privacy Principles, so that members of the public can be confident that their privacy is being protected.

Current Status: Answered by Derek Mackay on 22/02/2017

http://www.parliament.scot/parliamentarybusiness/28877.aspx?SearchType=Advance&ReferenceNumbers=S5W-07384

In summary, the proposal to extend the role of the National Health Service Central Register (NHSCR) to act in effect as a national identity register for Scotland has been withdrawn.


135. Scotland on Sunday, 23 Apr. 17 - Put privacy first and ID system can be a boon, Jim Killock

the ID card that was scrapped

Many people will be pleased to see the death of SNP plans to use the Scottish NHS Register to help collect income tax and verify the identities of citizens signing up for online government services...

However, Scotland still has the legacy of a potentially very intrusive national identity system that has grown up in a highly ad hoc manner and urgently needs an overhaul – perhaps even dismantling entirely...

The UK ID system was deemed dangerous by campaigners because it had the clear intention of linking people's personal information across government. The ID Card would be linked to a Unique ID number, which would be attached to every record about you in government...

The ID Card was never really the problem with Labour's system, it was the impact of tracking people across every interaction with the government.

The same kind of thinking appears to have been applied in Scotland. Everyone in Scotland is assigned a "Unique Citizen Reference Number" (UCRN) at birth, under a legislative duty assigned to National Records of Scotland. This UCRN was to be utilised by the online "myaccount" logins, and the NHS, linking your activity made across each Scottish Government department.

The UCRN is already employed by the Scottish Entitlement Card, currently used as a bus pass, local library card and for student services in many colleges.

Between the Scottish Entitlement Card, UCRN, myaccount and repurposing of the NHS Register, the Scottish Government would have in place all the key elements of the UK Labour ID system: a voluntary ID Card; persistent linking of data across government, an online login system and a national ID database with the home address of nearly everyone in the country. All this despite its own Scottish identity principles insisting "persistent identifiers" like the UCRN should not be used...

The promise of the current Scottish Government to review the way they approach identity and authentication is very welcome. It needs to look at all of these issues, and move on from the top-heavy, centralised model of the early 2000s...

A truly Scottish identity system could protect rights and provide a major boost to the economy, rather than lumber Scotland with an expensive and unaccountable echo of the Blairite past.

http://www.scotsman.com/news/opinion/jim-killock-put-privacy-first-and-id-system-can-be-a-boon-1-4426705


136. Scotland on Sunday, 9 July 17 - ID numbers 'can improve lives' of children in care, Tom Peterkin

An academic has argued that introducing ID numbers would help to build up a picture of the health of children in care.

Baby in arms

Experts specialising in looking after Scotland's most vulnerable youngsters have urged First Minister Nicola Sturgeon to consider issuing children with a personal ID number to help monitor their health, education and interactions with social work.

Research involving the Scottish Government-funded Centre for Excellence for Looked After Children in Scotland (CELSIS) has suggested the introduction of a personal number would help tackle the health and education disadvantages suffered by children in care.

Experts behind the research acknowledge that introducing an ID number that is common to health, education and social work records and is retained throughout an individual's life would prove controversial for those concerned about potential breaches of privacy...

A paper involving experts from Strathclyde University-based CELSIS found that it was difficult to compare the health of looked-after children's teeth with those of children not in care. A child's looked-after status did not tend to come up on health records...

Although the Scottish Government has said it has "no plans" to introduce personal ID numbers, [Professor Phil Wilson] said the idea would enable professionals to improve services for the most vulnerable and therefore should be looked at by Sturgeon's review into children in state care...

Wilson said the research had shown that Scotland had exceptional data in a variety of areas, but it was difficult to get an overview of an individual because they were held in different systems...

Sharing of information about children, however, is a political hot potato. The Scottish Government's controversial named person scheme fell foul of European human rights legislation, which objected to sharing of information without permission.

Yesterday Lib Dem leader Willie Rennie said he opposed the idea on the grounds that it could risk individual liberty...

Rennie said: "The SNP government has had an unhealthy attraction to super databases without wider consideration of the risks to individual liberty or security of personal information. We have seen the inherent insecurity of government and business IT systems in recent months. That should be a warning to any government."

A Scottish Government spokeswoman said: ..."There are no plans to introduce a system of ID numbers for looked-after children."

http://www.scotsman.com/news/id-numbers-can-improve-lives-of-children-in-care-1-4498771


137. Scotland on Sunday - Letters, 16 July 17 - ID numbers for vulnerable children a gift to hackers, Dr John Welford

Unique personal ID numbers have been proposed for children in care as a way to lessen disadvantage

Vulnerable child

Once again we see the arguments trotted out for introducing unique personal ID numbers and data sharing to assist the most needy in our society ("ID numbers 'can improve lives' of children in care," News, 9 July).

Unfortunately, this can so easily become just a veiled request for ID cards and an increasingly repressive state. But at least the academics presenting this proposal recognise that it "would prove controversial" for those concerned with privacy. However, I wonder whether they've considered the practicalities of introducing such a scheme.

Setting up a national registration service is hugely expensive. But also there are severe data security implications. And this is particularly relevant at a time when we're seeing how cybercrime increasingly puts all confidential information at high risk. Even data security specialists struggle to keep up.

Meanwhile, as the researchers seek to make it simpler to access their valuable "linked" data, they'd also be doing the same for the criminals. The truth is that it's safer to maintain the data in its unlinked state. Compartmentalisation, i.e. not putting all one's eggs in one basket, remains a very sound security principle.

Having a unique ID number has similarities to using a single password for all logins. Highly convenient, but a gift to the cybercriminal.

[Not online]

This letter was submitted in response to the preceding article, item 136.


138. The Journal (Ireland), 12 Oct. 17 - 'We were bad, what Ireland is doing is 10 times worse' - International experts unimpressed with Public Services Card, Cianan Brennan

A public meeting on the Public Services Card yesterday heard that the more data protection in Ireland changes, the more it stays the same.

Baby in arms

YESTERDAY, THE IRISH Council for Civil Liberties (ICCL) held a public meeting in Dublin to discuss the Public Services Card and the attendant national biometric database.

The PSC has been garnering headlines for nearly nine months now, with the government's plans to expand its uses from beyond its Social Protection roots into the realms of driving test and passport applications (for starters) garnering heated criticism.

The ICCL event, held in Buswells Hotel across from Dáil Éireann, brought something new to the table in the form of a handful of international experts in privacy, whose impression of Ireland's privacy standards are far from positive, with one speaker declaring Ireland's plans for the PSC to be "10 times worse" than what occurred in Scotland with that country's National Entitlement Card....

Yesterday's event saw those who have been banging the drum for a review of Ireland's data protection regime, namely Digital Rights Ireland's TJ McIntyre and Simon McGarr, reiterate their concerns both regarding the legal basis (or lack thereof) for the PSC's expansion and Ireland's prickly legal history with State databases....

The talk brought two academic doctors from the UK, Tom Fisher of Privacy International and John Welford of anti-database group NO2ID, together to discuss their own take on the Irish situation.

Welford, who has spent much of his retirement fighting the establishment of the National Entitlement Card in Scotland, was particularly strident.

"I was highly motivated to come here today, I'm horrified by what's going on in Ireland," he said. "What's going on in Scotland is bad, but Ireland is 10 times worse."

Scotland's National Entitlement Card (NEC) was first introduced in 2006...

He said that the NEC was first intended to replace the existing bus pass, with the larger plan being to then link the card to a citizen's data account.

"The pattern is always the same," he said, that is: a card with an innocuous title, the gradual change of what the card is primarily intended to be used for (mission creep), and then the coercion of citizens into using it whether they wish to do so or not (the need for someone to have a PSC in order to apply for a passport for example).

Apart from anything else, he said, "in the era of cyber crime it's suicide to create these large government databases. It just gives criminals something to aim at."...

Fisher, meanwhile, suggested that the introduction of powerful databases are "not a question of who you trust now.. It's about who you can trust in 30 or 40 years. Who will be in power then? Trump is a perfect example. You don't know who's going to be in charge," he said."...

Fisher hearkened back to the UK's second attempt at a national ID card (the first was introduced in World War II and rescinded in 1952), which took five years to be introduced by Tony Blair (who became enamoured of the idea in the wake of 9/11), which ended disastrously with the card being abolished by now-Prime Minister Theresa May in 2010.

Tony Blair couldn't understand why the introduction of an ID card should be so controversial. But it is.

http://www.thejournal.ie/iccl-public-services-card-3641440-Oct2017/


139. Irish Times, 12 Oct. 17 - 'Massive privacy issues' in State's public services card scheme, Elaine Edwards

Public meeting hears project has 'parallels' with database of 1.3 billion people in India

Baby in arms

Campaigners against the UK's abandoned national ID card scheme have said there are "massive privacy issues" around the public services card (PSC) that is being rolled out in Ireland.

They compared the scheme to a database of 1.3 billion people in India, where even dating websites now require people's national identity number.

Dr Tom Fisher of Privacy International, and another long-time campaigner involved in the UK's NO2ID group, told a public meeting in Dublin that citizens had to consider what future governments might do with the data held on them.

The meeting was hosted by the Irish Council for Civil Liberties and Digital Rights Ireland after concerns were raised about the cards and the underlying Government databases in recent months. About 2.8 million public services cards have been issued.

Privacy and legal experts have questioned the legality of the cards, which will in future be mandatory for certain services, such as obtaining a passport or a driving licence. They will also soon be required for checking entitlement to dental benefit and for accessing school transport services, and their use will continue to expand.

The Irish Times reported in August that one woman had been refused her pension for 18 months because she refused to register for the card...

Dr Fisher said Ireland had to "look into the future" with such a scheme, particularly where there was a biometric database with information that would identify someone for the rest of their lives.

He said the Aadhaar identity number introduced in India in 2009 and now held by about 1.3 billion people, also had a legislative basis that was "questionable" and there were some "striking parallels" with the Irish scheme.

Aadhaar began as a requirement to access basic benefits, including social welfare benefits, but then began to increase in scope almost constantly, he said...

Simon McGarr, solicitor with McGarr Solicitors and Data Compliance Europe, said a compulsory ID card and associated biometric database were now being introduced across the population here "by fiat, not by legislation"...

Dr John Welford, co-ordinator of the NO2ID scheme in Edinburgh and a campaigner against Scotland's national entitlement card, said he was "horrified" by the scheme in Ireland.

He said the State needed to look very carefully at what it was doing and that campaigners had to question what the underlying identity register was going to link to. This could potentially include citizens' health records, local authority records, taxes, driving records and passports.

Liam Herrick, executive director of the Irish Council for Civil Liberties (ICCL), said that over the last year, the organisation had received quite a lot of correspondence from members of the public increasingly concerned about the use of the public service card scheme.

In August, the ICCL wrote to Minister for Finance Paschal Donohoe to set out a number of concerns, including whether the card was now mandatory.

Mr Herrick said the lengthy response from the Minister, which said the Government had been very open around current and future plans for the card, did not really address the core concerns.

https://www.irishtimes.com/news/social-affairs/massive-privacy-issues-in-state-s-public-services-card-scheme-1.3252742


140. Irish Times, 22 Aug. 17 - Woman's pension cut after she refuses to get public services card, Elaine Edwards

Pensioner in her 70s, who is owed €13,000, asks department to prove card is mandatory

Baby in arms

A woman in her 70s has not been paid her State pension for 18 months because she refused to register for a public services card.

As a result, she is owed some €13,000.

The woman, who did not wish to be named, told The Irish Times she felt "bullied" following several letters from the Department of Social Protection inviting her to register.

Many public bodies have increasingly been using the card to validate people's identities for the purposes of delivering services. About 2.75 million have been issued to date but Ministers have insisted the card is not "compulsory".

However, civil rights groups have described it as a "national identity card by the back door"...

She said when she first learned that she was entitled to a non-contributory pension of €166 per week, as well as her contributory pension, officials had called to her house to verify her details, including her marriage certificate.

However, the department cut the non-contributory pension off when she refused to register for the card. She went through an appeals process in efforts to restore the weekly payment but her appeal was declined...

Asked whether the card was now mandatory, the Department of Social Protection said welfare legislation required a person "to satisfy the minister as to their identity and allows disqualification from receipt of a benefit in the event that it is not done".

It was not possible for a person to satisfy the minister as to his or her identity without being registered in a process which "results in them being issued with a public services card". The registration process is known as 'SAFE 2'...

"The decision to suspend or stop a payment is never made lightly. However, where a customer does not "satisfy the Minister in relation to identity as required" as per the legislative requirements outlined above, a payment can be stopped or suspended."...

In March last year, the card became a requirement for all first-time passport applicants. It was introduced as a requirement for applicants for citizenship in September 2016 and as a requirement for driver theory test applicants last June.

It will shortly be required for all passport and driving licence applications...

https://www.irishtimes.com/news/social-affairs/woman-s-pension-cut-after-she-refuses-to-get-public-services-card-1.3194216


141. Irish Times, 16 Oct. 17 - Woman's pension to be restored in public services card row, Elaine Edwards

Woman's payments were cut off for 18 months as she refused to register for the card

Baby in arms

A woman whose pension was cut off for 18 months because she refused to register for a public services card is to have her payments restored and will be paid arrears of over €15,000.

The Department of Social Protection suspended the woman's pension in January 2016 after she declined to attend appointments to register for the card. She appealed the decision to the independent appeals office but that was rejected.

She was subsequently referred to a solicitor by digital privacy group Digital Rights Ireland after her case was reported in The Irish Times last August.

A higher-level appeal against the earlier decision was subsequently allowed and the woman has now been informed that her pension will be restored...

Solicitor Rossa McMahon said: "I am pleased to confirm that the chief appeals officer has allowed my client's appeal against the cancellation of her non-contributory pension. Her pension will now be restored and she will be paid the arrears which have been withheld from her since January 22nd, 2016. I am instructed that my client does not intend to register for a public services card."

It is understood the appeal succeeded because proper procedures were not followed in cancelling it...

She had told officials she would get the card if they could show her it was "mandatory" but nothing had been produced to show her that this was the case.

The card is to become a requirement from later this year for all people seeking an Irish passport, including a renewal. It will also be required from next year for all those seeking a driving licence and there are plans to extend its use for other services, including student grants and school transport...

About 2.75 million cards have been issued to date but Ministers have insisted the card is not "compulsory".

However, civil rights groups have described it as a "national identity card by the back door".

https://www.irishtimes.com/news/ireland/irish-news/woman-s-pension-to-be-restored-in-public-services-card-row-1.3256965