I’ve got a Child Benefit question

Update: it turns out the answer to my question (‘why does the National Audit Office need my National Insurance number?’ below) is ‘they don’t’.

I feel like a bit of a jerk climbing onto the lost Child Benefit data bandwagon but I do want to ask a little question: one I haven’t seen answered anywhere else yet.

Why, I wonder, does the National Audit Office need my National Insurance number? I think this is more important than the loss of the data itself, which can be put down to human error (and is actually quite funny). The fact that anyone felt it appropriate (or necessary) to send my NI number (plus all that other personal data) to a government department that doesn’t actually need it is telling. It’s slapdash really. And it’s another nail in the coffin of the ID card, of course.

While we’re at it, allow me to remind you that the whole ID card edifice is based on the same kind of casual attitude to personal data. A perfectly serviceable ID card scheme – one that allows anyone to prove they are who they’re going around saying they are – could be built on a database containing no personal data at all (ask me how).

The fact that this hasn’t occurred to anyone in Government is dispiriting. The relevant civil servants and consultants haven’t seen fit to present such a ‘zero data’ ID scheme to Ministers because there’ll all working on the same ‘we might as well have it’ attitude to our data. Governments everywhere (name an exception) seem to instinctively desire inappropriate access to information about their citizens. And it’s this attitude, of course, that produced the latest cock-up.


  1. Well, it’s pretty simple:

    * Data subject shows up at Post Office (or other authorised ID issuing point) and produces nine different types of old-fashioned paper ID (whatever the scheme requires).

    * Person behind counter satisfies him/herself that the person on the other side of the counter is who they say they are.

    * Same person presses buttons on ID scheme terminal and is issued with a card. The card contains a unique number, the data subject’s name and any other personal data that might be useful *to the data subject* (like age or driving status) and even some biometrics if necessary – purely to tie the card to the person.

    * The unique number (and *only* the unique number) is sent to the big ID scheme database.

    * The card is now a fully-functional ID card, perfect for the elimination of ID theft and the demonstration of entitlement.

    * The big database functions only to prevent the issuing of duplicate cards.

    That’s it. Meets the *stated* requirements of the scheme but not the slapdash, gimme gimme gimme requirements of successive ID-junkie governments.

    The big database could, of course, hold further data: including, for instance, a second number derived from the user’s personal data (but not containing it). This would permit some additional checking of card validity etc.

    The important thing to know is that we really could have a fully-functional ID card scheme with no centrally-held data at all. Fat chance.

    (I bet you’re glad you asked!)

  2. I can see how this stops two cards with same number being issued, but not how it stops one person obtaining two or more cards.

    * I take a trip to post office number 1.
    * I produce my nine types of ID.
    * The satsified clerk issues me with a unique ID card.
    * The ID card is registered with the big database.

    * I take a trip to post office number 2.
    * I produce the same nine types of ID.
    * The second satsified clerk issues me with a second unique ID card.
    * The second ID card is registered with the big database.

    And so on.

  3. The weak link in both schemes is the ID issuer. No one has a good replacement for the doughty post office employee (or whoever) yet and the zero-data scheme has provision for protection against double-issuing (I hinted at it with the idea of a second number which would be derived from the user’s personal data: a match in the big central database would cancel both cards).

  4. So say I’m out of work. I make a benefit claim using ID card number 123… then I make another using ID card 134.

    The real weakness is being able to have as many cards as you like.

  5. I’m not really explaining this very well (I might have to get a man in). Anyway, the point of the second number is to prevent this kind of double registration. the zero-data scheme has exactly the same protection against double registration as the Big Brother version…

Leave a comment

Your email address will not be published. Required fields are marked *