UK’s Criminal Records Bureau and ID Cards trial a big success

The UK’s Criminal Records Bureau (CRB) and the Identity and Passport Service (IPS) have completed a trial with 96% of passport holders and 87% of ID Card Holders (not real ones, trial ones, the first cards won’t be issued until 2009) marking it as a great success. You can read about it here:,3800010403,39168609,00.htm?r=2

I have personal experience of the old system. I volunteered as a helper at my son’s scout troop (well beaver cubs actually) and had to undergo a CRB check before I’d be permitted to work with children. I had to fill out a form with biographical information to identify me, and put my passport number on the form. I then had to take the form along to the lady who runs the troop. It was her job to check the photograph on the form matched my face, and then, most importantly, to check that the passport number on the form, matched the one in my passport. A 2-way binding if you will. Me-to-passport via photograph. And passport-to-form via passport number. In fact, she got distracted as she flicked through it with the amount of country entry stamps  and visas in it. If you only ever do European travel, you are unlikely to ever get a stamp in your passport if you live here. So for an unseasoned traveller to a see a passport full of them was for her, unusual. Long-haul travel invariably results in a stamped passport, however she showed her naivety in this area by saying “they never stamp mine – they always just wave me through”. It distracted her enough, that I don’t believe she did a proper check that the number on my passport, matched the number on the form. A human failure. But also, her relative lack of sophistication with the whole passport scenario-thing, makes me ask myself – how bad a fake could I have passed off to her, and ended up with a clean CRB record? She clearly had so little experience in handling passports that the system is now quite riddled with holes.

 For the record, I do not have an entry on the CRB. But if I did, I could have easily circumvented the current system.

The trial involved a mixture of online and physical presence. I suspect more than anything, it is the mixture of technology (in the online environment), convenience (you can forget your identity documents, but still proceed, at home) and physical presence (you have to visit a registration agent) that makes this system a success. 

I think it can be improved by looking in particular at 2 of Kim Cameron’s laws of identity. Human Integration and COnsistent Experience across contexts. So that the user uses an online system that includes the human asa component of the system (an Identity Selector), and alsoprovides for a consistent login experience, no matter if they are loggin in to the CRB system, the IPS  service or their  favourite music download site. If the experience is ALWAYS the same when they log in, any anomaly can immediately be thought of as suspicious. This would certainly help in these cases where the consequences of getting it wrong are so dramatic.



2 Responses to “UK’s Criminal Records Bureau and ID Cards trial a big success”

  1. 1 Not really me 18 February, 2008 at 9:56 am

    Great success for whom? Not a great success for citizens who want to go about their normal business privately. Yes, if you want to work with children or vulnerable adults you should have a check. But the “ID cards” (or more correctly National Identity Register) programme is about government control, massive cost and limited benefit, even before you get to the more fundamental point that we do not have freedoms through government grant. The government should serve the people, not the other way round. The Programme is flawed in design, is almost certain to waste a lot of money, and is an affront to the UK’s claim to be a free society.

  2. 2 planky 18 February, 2008 at 4:54 pm

    Hmmm – I think we are in agreement about this, as is most of the nation. But if it *does* go ahead, many people like me, want to ensure the system is designed properly. We’d prefer it not to happen, but if it does we don’t want a honeypot sat there waiting for attackers to gain access. We worry about things like non-partitioning of the data. If the system is breached, under current proposals, with all the data in one place, everybody in the nation could be affected. Partitioning the database in to small chunks would at least limit any damage.

    I’m wondering what you have a problem with – the National Identity Register or the National Identity Card. They aren’t the same thing, though the ID card will contain a key to unlock parts of the register.

    Most of the biographical data on the National Identity Register about you already exists in a DWP database called the CIS database. It is this data that will initially feed the NIR (or may even become the NIR). Additional data such as cryptographic keys (used to unlock the data, and validate its authenticity in transit etc) will be added. Probably the most controversial data that will be added is so-called biometric data. But I believe I have entries that show biometric data can be “morphed” over time. So the notion of “10 fingers and a face” or “2 thumbs and a face” (whichever gets chosen) can be gradually eroded by a vexatious citizen anyway.

    I was at a conference recently and heard something particularly scary – the idea of a “DNA mouthwash”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: