You have to admire the government's confidence. Despite a lack of general support for their ID card scheme, they don't seem to mind providing yet more ammunition to those against the scheme. Yesterday's story (http://www.bcs.org/server.php?show=conWebDoc.20391) on the theft of 3000 blank epassports would probably be the last nail in the coffin of a scheme plagued by secuity worries but no doubt they'll reassure themselves that it isn't relevant and won't happen again. Yet stealing 3000 cards is bound to be easier than stealing 3000 passports.

If the question is: "A solution to what, exactly?" I would suggest the answer could be any of: a) Political over-control of the populace b) Spending (wasting) vast sums of money with 'friendly' consultancies or c) Proving the 'powers that be' don't have a clue in what is needed or how to put it in place Recalling the thought "Don't put down to malice that which can be explained by pure incompetence" IMHO, naturally

I'm not for a second suggesting anyone should remain silent on the issues surrounding ID cards, but instead debating the extent to which BCS is the right vehicle for certain issues. For those who are fundamentally opposed to ID cards, there are organisations they can join and support like Liberty and NO2ID, who have a strong voice in the debate. BCS has a responsibility to take part in the debate, but as the voice of professional judgement in our sector rather than campaigner. As The Register implied, GPs are not experts on environmental issues by virtue of their professional status. The BCS has areas where our members are collectively an authority (and judged on that authoritative status), and areas where by virtue of our professional status we are no more qualified than the occupants of the Clapham Omnibus. Knowing, recognising and adhering to the boundaries of our expertise and authority is very important... and in the case of ID cards, quite difficult.

I think that we are all missing the point here, which may explain some of the confusion. In the UK individuals actually have no official 'identity', so to try to produce a 'token' to tie an identity that doesn't exist, to any individual is not going to work. Anyone working in this field knows that when we have to establish 'authority' the first task is to check that the individual and/or business exists within the 'community'. Once that is established we can then move on to try to identify the individual with whom we have contact as that individual and as a representative of that business if necessary. Before identity cards become possibile we must establish an index of all individuals (companies are already registered with companies house) and, I suggest, the only way to do that is to register a number of biometric identifiers such as DNA, finger-prints, appearance and other parameters that will absolutely identify each individual. Remember we can change our names and addresses as we please. I have no problem with that but others may differ. To summarise, you can have no identity card until you have an identity.

It's genuinely misleading to talk about ID Cards rather than the National Identity Scheme. In fact, by drawing the fire of the "no" lobby, the physical/mental image of a card is probably doing the scheme as a whole a favour... and the loudest critics seem to be playing along nicely, thank you. If you want a passport from 2011/12 then you'll need to get onto the central register and provide your "second biometric" as the next generation of passports will have these (fingerprints I believe but I guess they could be iris scans or whatever). According to the published delivery plan, we'll all have to sign up if we want to travel overseas and we can then decide whether to have a passport or ID card or both. If the ID Cards (bit of the) scheme were to be scrapped - as per present policy of the Conservatives - the central database/register would still be there with all the big brother concerns associated with anyone hacking into that. It would at least be helpful for critics to be clear which bit they are moaning about - the physical card we might have to show, the token which may allow or deny us access to services, or the central register we are likely to get anyway. As you can see, I'm sitting comfortably on the fence here, trying to clarify the terms of the debate rather than pitching in with an "I don't care what it is - I don't like it so take it away" contribution.

Thanks for all the comments. Those who've mentioned that I failed to differentiate between the ID cards and the NIR, have a good point. They are distinct, and have different issues, but I think most of the time they are regarded as one package by the media...and the public. Perhaps that needs to change, but I think campaigners on all sides have decided that education as to the distinction is simply too hard...

There are two different dimensions in which it is proper for the BCS to respond on the identity register issues. First the ethical dimension: if we are a professional society rather that just a special-interest pressure group, we have a responsibility to take a stance on the ethics of major projects within our area of professional expertise; as we have no clear information on what the register is for (because ministers and civil servants keep us very much in the dark, whether by intent or through incompetence) we may well want to say that to build such a dangerous database with no clear description on its purpose and limitations on its use is unethical. We may want to advise our members that the society feels that it would be improper for professional members to support this project in any way. Or we may not - but we should decide what view to take a professional society with a concern for the ethics of tasks undertaken by our members, and not refuse to take a view on the grounds that it's parliament's job to decide not ours, as was suggested previously; that would be to discard any claim to be a profession which recognises ethical behaviour as part of its responsibility. Second the technological dimension. Gene Spafford's stated view on computer security seems to me pretty accurate: ''The only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards, and even then I wouldn't bet on it.'' We as IT professionals know the state of the art in secure database building; some of us, as security professionals, know the non-technological issues of keeping something secure if hundreds or thousands of people have to have access; most of us are aware of governments appalling record in managing data securely and of the total lack of understanding of the issues displayed by senior civil servants. Many of us are professional engineering managers, and know the problems of letting contracts and planning projects based on vague armwaving and waffle instead of clearly understood objectives and requirements. Surely we should be saying loudly and clearly, on technical professional grounds, "this is absolute nonsense and should not proceed". But perhaps the society is part of the establishement and must not rock the boat - it wouldn't do to upset all those politicians and senior civil servants. Maybe that's where the response came from? It's good that this second article is rather more robust that the first and suggests a readiness to rock the boat if it needs rocking.

Should the BCS comment on an issue of civil liberties? Actually, I think the answer to that as it stands is no, but the issue of identity cards is not about civil liberties purely and simply. Identity cards would be the physical parts of a computer system. The questions about what they should have on them ( biometric data, for example ); how the cards should be used - so, would it be reasonable to be arrested for not having a card in your possession; and even what they should be made of are not really BCS issues. Of course, an identity card system would only be of use if it served as a system for tracking and monitoring people, recording where they were and what they were doing. This involves computer systems being used invasively with people, and so this is an issue for all computer professionals. It also involves the government having a lot of computerised data on people, and, given their recent history, this is an issue for everyone to be concerned about - including the BCS. So it is right to comment on this, from the perspective of computer professionals - within our speciality. It is right to comment from the perspective of project management. It is right to raise concerns when the plans seem to be flawed and dangerous. We would be wrong to not comment.

I can't see a better place to post about the latest monumental Home office security breach so here goes. It has huge implications for the ID card database security (or rather lack of it). How can anyone accept that the government is safe with our personal data when they routinely send out unecrypted thumb drives with massive amounts of sensitive personal data this time of all criminals. The contractor managed to lose the tiny drive or we would never have heard about it. I am sorry, but heads must roll this time! And we should be campaigning for that outcome. Until these massive security failures are punished the suits will not pay attention. And drudges will be free to grab and go with data willy nilly. Data walking with 32GB thumbnail drives readily available consumer items is inevitable unless the OS is configured never to allow removable media to dock with a PC. Or at the very least to require hardware encryption and a secure password. I would really like to see the BCS beat up the government hard on this one. Ministers will repeat the platitude that they have "learned" lessons when in reality they have swept it under the carpet and prayed yet again. Full marks to Keith Vaz MP for being on the today programme this morning berating this lastest and most monumental security breach. Where was the BCS spokesman? I had a look at our latest security news hoping for a more recent thread to attach these comments to only to find that "latest" stopped dead on 7th Feb 2007. If the BCS website cannot manage to keep up to date on security issues what hope is there? http://www.bcs.org/server.php?show=nav.8306 This is a sidebar link from content dated May 2008. I am not impressed with government IT security or the way the BCS maintains its website. Security matters; it is not some optional add-on for major databases. The BCS supine response to repeated government security lapses does us no credit whatsoever. Get a grip and sort it out for heavens sake!