My column of 7 May (Wanted: an ID scheme we can trust) generated quite a few responses, which isn't surprising given the issues surrounding the national ID scheme. However, I feel it is necessary to separate the policy issues from the technological challenges; whether or not the proposed national ID scheme will work is an entirely separate matter as to whether or not we should have it in the first place.

The proper order of debate, I would suggest, is to first decide whether or not our society needs a national ID scheme. In my previous column I reluctantly suggested that it was time to consider this and there are many good reasons why we should do so.

If there is sufficient consensus in favour of a national ID scheme then the next question is to look at the level of safeguards that we would need. Obviously, the existence of sufficient safeguards will influence many as to whether or not we should have it in the first place. I believe the government is doing a very poor job of protecting the individual and I cannot see that changing. Without proper safeguards I cannot see myself supporting a national ID scheme.

The final issue is whether or not the technology that has been proposed is capable of delivering a national ID database. The problem here is that the government has an appalling IT track record. Large projects usually fail because nobody bothers to tell the designers what they want (or nobody knows what they want) and because too many objectives are bundled into one project.

The banks manage perfectly well to track an ID (an account number) with a series of "transactions". The volume of data is surely far beyond what the national ID database will need, so it must be possible to create a database that contains enough information to identify an individual. The problem, I suspect, is that the ID card project is being hijacked by different interest groups in order to meet sector-specific requirements.

If we are to create a national ID database then we should limit it to core data with appropriate safeguards and mechanisms for amending that data. If the NHS, for example, and I don't know if this is the case, has a problem interacting with the database (assuming that some thought at least has gone into its design) then let the NHS sort out its systems as an entirely separate project, and the same should apply to every government agency.

Finally, and this is not my idea, the government should seriously consider outsourcing the process of physically identifying citizens to the financial institutions that already carry out a lot of this work. After all, every time you open an account you have to prove who you are and most account holders are very quick to notify their bank of any changed circumstances.