【正文】 ystems and Innovation Group, Department of Management London School of Economics and Political Science Research coordinator: LSE Identity Project Intended content ? LSE Identity Project assessment of second s37 cost report ? Perspectives on the Crosby review of public and private sector Identity Management issues s37 Timeline ? 31 March 2022 Act Receives Royal Assent ? 1 April 2022 UK Identity and Passport Service created ? 6 October 2022 First s37 Cost Report ? Second cost report still missing s37 Report to Parliament about likely costs of ID cards scheme (1) Before the end of the six months beginning with the day on which this Act is passed, the Secretary of State must prepare and lay before Parliament a report setting out his estimate of the public expenditure likely to be incurred on the ID cards scheme during the ten years beginning with the laying of the report. (2) Before the end of every six months beginning with the laying of a report under this section, the Secretary of State must prepare and lay before Parliament a further report setting out his estimate of the public expenditure likely to be incurred on the ID cards scheme during the ten years beginning with the end of those six months. ? ?The requirement to publish six monthly cost reports to Parliament is not necessarily aligned with the programme’s lifecycle. As a result, it may not always be possible to provide updated costs estimates in each report?. Joan Ryan ? ?The costs will be presented, as we are mitted to doing, in the cost report, which will be published shortly, and in the Identity and Passport Service annual accounts for 202207. The hon. Gentleman can rest assured that the report will be before him soon?. Crosby Review ? Terms of reference – Review the current and emerging use of identity management in the private and public sectors and identify best practice. – Consider how public and private sectors can work together, harnessing the best identity technology to maximise efficiency and effectiveness. ? Announced as reporting back ?early next year? (2022) ? Now, – ?The Chancellor of the Exchequer has asked the Forum to produce a full report which will be delivered in late summer? ID cards scheme recent events What’s happened ? Increased openness about the Scheme ? Strategic Action Plan (December 2022) ? Details about enrolment centres ? NAO report on ePassports ? Intellect vs David Davis ? Cabi Office Report on Identity Risk Management for eGovernment Services (November 2022) ? Other issues A culture of openness ? James Hall – Two webchats – 14 November 2022 – 5 March 2022 ? Passport agency goes public on test errors ? UKIPS vision – To bee ‘the trusted and preferred provider of identity services’ ? Tony Blair – ?The National Identity Register will help police bring those guilty of serious crimes to justice. They will be able, for example, to pare the fingerprints found at the scene of some 900,000 unsolved crimes against the information held on the register? A culture of secrecy ? FOIA application for Gateway reviews to be made public went to Information Tribunal ? Home Office ?working assumptions? (via DWP) finally released – Offline PIN check The processing time for an offline PIN interaction from moment of inserting card into reader, to the moment a result is received is assumed to be 15 seconds. – Offline Biometric Process The processing time for an offline Biometric process interaction … is assumed to be 15 seconds. Strategic Action Plan ? Released as a written statement on the last day of Parliamentary session (19 December 2022) ? A radical redesign to address ?the most mon criticisms [that] they are highrisk and too expensive? ? ?Doing something sensible is not necessarily a u–turn? Key differences ? From a single, new database to multiple existing databases ? Dropping the use of iris biometrics Databases ? Original plan: New database, with high levels of security built in from start – Designed for volume of enrolments and verifications Nigel Seed ? ?Security is not going to be an add–on, it is being done now. We have not even gone out with our requirements. The security is embedded within my procurement team. … The security of the data centre itself is down to even very basic things like making sure it is not on or near a floodplain. We are looking at all that sort of stuff, right from very basic level access and flooding and losing it that way right the way through to hacking? Katherine Courtney ? Based around a single, ‘logical’ database that ?may involve a series of data storage solutions? ? ?I did not mean to imply that a solution might involve stringing a number of legacy databases together. That has never been part of