this screw-up entirely proves our competence (updated, updated again, update III)

Maybe I'm unnecessarily pessimistic, but I fully expect the ID card programme to continue despite yesterday's news of a massive leak of personal information entrusted to the government.

Having shrugged off every other objection to ID cards based in reason and past experience (notably that human error - rather than human malevolence - is a persistent and unavoidable problem), I expect the following arguments to be made when the dust has settled:

1. The leak of data from HMRC has absolutely nothing to do with the way data will be collected and stored by the ID card programme, even though it will still be a government IT programme run by humans (i.e. fundamentally prone to the same institutional and staffing screw-ups, even in the presence of clear guidelines or safeguards).

Having made the argument that this incident has nothing to do with ID card information, the government will simultaneously maintain that:

2. This leak of data proves the need for a secure way for people to confirm their identity.

This argument is known as the "our incompetence should engender further trust" position. Put simply, the very fact that civil servants can act stupidly (as per the human condition) and make identity fraud easier is proof that that civil servants (preferably not quite the same as the first set) should be allowed to have a massive database of biometric data for the purposes of fixing their own screw-ups.

Then, with a flourish, someone will suggest that:

3. This leak of data proves that the expense of the ID card programme is justified: our current systems are clearly outdated and need urgent improvement.

This one is also known as as the "only iris scanners at every tax office will set us free" gambit - adapted from the notion that ID cards will save us from everything from uncontrolled immigration to credit card and benefit fraud while whitening our teeth.

As I say, pessimistic.

Update: My predicted time-scale was far too modest. The non-denials have already started to arrive from the Home Office. The Guardian reports:

The Home Office insisted that the biometric elements in its database, the electronic fingerprints and facial scans, will keep it secure and proof against identity theft, even if there were to be a major breach and stolen confidential data. [...]

Legislation includes sentences of up two years for "an unauthorised disclosure" by staff from the database, and a maximum of 10 years for those who tamper physically or technically with it. Activity on the system will be audited, and an alert raised if an unauthorised action or attempt to access the register is made.

The immediate problem with this brand of reassurance is that the current breach was not an intentional theft, nor was it an attempt to physically or technically breach the system.

The screw-up was the product of authorised access by a man doing his job, albeit badly, not a cabal of evil hackers. It's not human malevolence we really have to worry about: it's human incompetence which gets us every time.

Updated again: I missed PM's Question Time today, otherwise I would have heard Gordon Brown arguing in favour of biometrics as a secure way for people to prove their identity (argument 2 in my handy list).

I'm also listening to someone on Radio 4 making a somewhat spurious case for the "need" to prove identity to the government, arguing that if you don't like the idea of someone pretending to be you then you should support ID cards.

While it's a subtlety that might have slipped past the government, it's possible to dislike the idea of identity fraud AND still recognise that ID cards are an illiberal waste of money that won't solve that problem.

Updated finally: I give in. Alistair Darling has now been heard arguing that with biometric information, this kind of data loss wouldn't really matter. That sound you're hearing, incidentally, is that of a million computer security specialists crying in pain in the night.