UK ID Cards scrapped – but what next?

Home Secretary Alan Johnson has taken advantage of his recent arrival to announce a change of policy: ID Cards will now not be compulsory… for anyone other than foreign nationals working in the UK.
Though, if I remember correctly, it remains illegal under EU law for any Member State to require the citizens of another Member State to carry its (the former State’s) identity credential… so actually that means “foreign nationals other than citizens of other EU States…” and possibly European Economic Area/European Free Trade Area States (Norway, Iceland, Liechtenstein and Switzerland) as well, I don’t know. “EU Member State” is one of those categories which seems neat and tidy at first glance, but turns out to get a bit fractal the closer you peer at it. Apparently the Falkland Islands, Greenland and Nouvelle Calédonie are not Member States, for instance, despite being overseas dependent territories of countries which are. I apologise in advance to their worthy inhabitants, but I’m not even going to look up San Merino, Andorra and the Vatican…
But I digress. The point is, by the time you rule out UK nationals and “citizens of the European Fractal”, I wonder what percentage of the inhabitants of these islands you’re left with, who may legitimately be challenged to produce an ID card. However, adoption of a voluntary citizen card, by the rest of us, is unlikely to achieve critical mass unless there is already a sufficient infrastructure (of authentication devices, for instance) to stimulate the development of a service provision ecosystem, which in turn make such a card worth carrying. Carrying that logic through to its conclusion: I cannot, in the current circumstances, see a Home Secretary committing to the investment required in such an infrastructure in the hope that it might stimulate enough demand for the scheme to pay for itself in the end.
When you then consider that anyone who still counts as a “foreign national working in the UK” will have to have their own country’s passport, and probably a visa, work permit and/or other documentation in order to get in and stay here, Mr Johnson’s announcement is probably sufficient to make the roll-out of any ID card fall below critical mass. What would be the point? A database record, indexed to the individual’s immigration record on entry, would satisfy the same purpose without anyone having to issue, carry or check a plastic card.
All that having been said, Mr Johnson’s announcement signals less of a policy climb-down course-change than it might appear. There is, for instance, no change to the plans for a National Identity Register, and anyone applying for a UK passport will continue to have their details entered in that repository. Similarly, there’s still no apparent change to the policy on DNA retention, despite the European ruling earlier this year… though perhaps it’s a little unreasonable to expect two major climb-downs course-changes in quite such short succession.

So where do we go from here? Despite successive Home Secretaries’ determination to confuse the two, the National Identity Register and the National Identity Card were never the same thing, and a National Identity Scheme can quite viably continue without anyone having to carry the “terrifying, small… plastic card“. The question, then, is what the government plans to do with the Scheme once its plastic card has been virtualized – NIS 2.0, perhaps… (sorry).

I think it’s fair to say that the ditching of said plastic cards removes an element which added enormous complexity for questionable benefit. My hope is that that will free enough “policy-bandwidth” to make something sensible and constructive out of the government’s citizen ID policy henceforth. For instance, perhaps this signals a shift away from the hierarchical, paper-credential view of citizen identity and towards one based on the selective management and disclosure of attribute-level assertions.
Perhaps we are ready to move away from the policy of:
“Tell me who you are, and I’ll look up everything about you” and towards one of
“Approve a minimal disclosure of just enough data to let me grant you access, deliver this service, establish this entitlement…”.
That would be a shift indeed, and one which could reflect a far more privacy-positive approach. It may be that I’ll have the opportunity to find out tomorrow, at a meeting of the All Party Privacy Group in Westminster.