There will be no new posts here. From 1st August 2011 all posts will be at the "Tomorrow's Transactions" blog so please update your newsreader accordingly.
Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion
This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.
Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.
There will be no new posts here. From 1st August 2011 all posts will be at the "Tomorrow's Transactions" blog so please update your newsreader accordingly.
PLEASE NOTE that this will be the last entry posted here. From 1st August 2011 all posts will be at the "Tomorrow's Transactions" blog only so please update your newsreader accordingly.
The government is battening down the hatches and repelling all boarders, even if they have e-tickets. And not before time!
Foreign intelligence agencies are carrying out sustained cyberattacks on the UK Treasury, targeting it with malicious emails and programs designed to steal information, the Chancellor, George Osborne, has revealed. He said that government systems are the target of up to 20,000 malicious emails every month[From Osborne: Treasury under sustained cyberattack | Technology | guardian.co.uk]
And that's not counting the ones from taxpayers, I imagine. Setting aside how ludicrous and meaningless this figure is, there is nonetheless a serious point. If Son-of-Stuxnet crashes the Treasury, that might well be a net benefit to the economy, but if it crashes the electricity distribution network, even I won't be laughing. We need effective cyberdefences. So what should the authorities do to bolster these defences? I would have thought that have some kind of working identity infrastructure might be a first step, and in that respect things haven't been going to well in the UK.
The Home Office slipped out the final report of the Independent Scheme Advisory Panel (ISAP) this week, more than a year after it was written. The ostensibly independent report, which reveals how the ID system had been compromised by poor design and management, was submitted to the Home Office in December 2009.[From Henry Porter - Home Office suppressed embarrassing ID cards report]
The report says that there were no specifications for usage or verification (which we knew - this was one of my constant complaints at the time) and, revealingly, that (in section 3.3) that "it is likely that European travel" will emerge as the key consumer benefit. This, I think, is an interesting comment. As I have pointed, what the Identity & Passport Service (IPS) delivered was, well, a passport. It had no other functionality and, given the heritage, was never going to have. Hence my idea of renaming it "Passport Plus" and selling it to frequent travellers (eg, me) as a convenience, and idea that really should have been taken more seriously by the coalition administration.
As an aside, the report also says (in section 5.5) that the "significant" number of change requests after the contracts had been awarded would likely increase risk, cost and timescale. Again, while this is a predictable comment, it is a reflection on the outdated consultation, specification and procurement processes used. Instead of a flagship government project heralding a new economy, we ended up with the usual fare: incomplete specifications, huge management consultant bills, massive and inflexible supply contracts.
The report repeated the same warnings ISAP had given the Home Office every year since the system blueprint was published in December 2006 by Liam Byrne and Joan Ryan, then Home Office Ministers, and James Hall, then head of the Identity and Passport Service (IPS).[From Home Office suppressed embarrassing ID cards report - 1/7/2011 - Computer Weekly]
How did it all go do wrong? Liam Byrne was supposed something about IT as he used to work for Accenture, as did the James Hall (Joan Ryan was a sociology teacher who later became famous for claiming more than £170k/annum in expenses). All in all, it was a pretty disastrous period for those of us who think that identity infrastructure is crucial to the future of UK plc, let alone the UK government. This is not to say that, despite all of the evidence (including today's fascinating FT piece on the UK government's equally disastrous NHS infrastructure project), that the UK is uniquely hopeless at developing identity infrastructure for the 21st century.
Thai citizens who applied for their first national identity card or who applied to have their ID card renewed, have been issued with a yellow slip instead of the new microchip-embedded "smart" cards. The reason behind the problem is that the Interior Ministry refused to accept the new "smart" cards which were supplied by the Ministry of Information and Communications Technology, claiming that they did not meet the prescribed specifications stipulated in the ministerial regulation.[From Bangkok Post : The silly saga of 'smart' cards]
Now, this may seem funny, but I ought to point out in the interests of international balance that there are, right now, in 2011, many people walking around branches of the British government with printed pictures of smart cards hanging around their necks. Yes, that's right: pictures of smart cards, rather than actual smart cards. I'm afraid our cyberdefences are more a cyber home guard at the moment.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
[Dave Birch] The German personal identity card is being introduced with an online framework. The eCard-API framework -- which is essentially collection of standards for services including e-passport, e-health and so on -- means that e-commerce, e-banking and e-government will be able to use the card to provide secure services to the public (although note that these third-party service providers will not have access to the on-card biometrics). The cards have a contactless interface: to use them online, customers will have to buy a USB contactless reader to plug in to their PC and then download the free "Burgerclient" software. Service providers who want to access data on the card have to mutually-authenticate, which means that they must present the card with a valid permission certificate (they get these from accredited certificate service providers, known as "Trust Centres"). If service providers want the use the card in a transaction, the customer must first confirm what data is beign read from the card then authenticate with a six digit passcode, thus providing convenient 2FA for online services.
SCM’s RFID-based contactless card readers form the core of Secure IT Kits that the German government will make available without charge to citizens, through its suppliers, to encourage the use of the electronic ID cards.[From Global IDentification: SCM Microsystems to supply German eID readers]
For Martha's sake! Germans not only get a useful ID card but they get free card readers for their PCs as well. Now that's what I call a networked nation. Germany has over 70% Internet penetration and, according to BITKOM (the German Federal Assocation for Information Technology, Telecommunications and New Media), five months before the official launch of card more than half of them had already stated that they wanted to use the card for home banking and access to public services. The Brundesdruckerei (Federal Printing Office) has already put forward a plan to allow citizens to load their electronic identities on to NFC-capable mobile phones in the future.
I particularly like the way in which the cards generate per-service provider pseudonyms, so that everytime the customer logs in to, say, Amazon, they would have the same "ID number", but the bank would see a different number and so would the tax authority or another store or anyone else. This basic partitioning was precisely the kind of intelligent design decision that I would have advised the UK Home Office to adopt, had they asked me.
Germany's new contactless National Identity Card... sounds rather like what the UK ID card was meant to do, but the policy and politics surrounding it were so poorly conceived and communicated that the concept was never likely to be a success.[From Electronic ID cards are rubbish? Don't tell the Germans - Computer Weekly Editor's Blog]
No! It was not an issue of policy and communication. The UK card was rubbish: it was just a different-shaped passport. You couldn't use it for e-business or e-commerce or, for that matter, business or commerce. The German card has been designed by identity experts and engineers, not by politicians and management consultants. We Brits didn't get an API or even a published interface.
I am not against ID in general: it serves valuable functions.
She then goes on to distinguish between identification and certification, as distinction that is missing from many ID card-related visions. She then makes a crucial point, one I that endorse wholeheartedly.
The valid functions of ID have a common characteristic: they provide advantages to the individual who holds the ID.
Indeed, an a central reason for the tragic trajectory of the UK ID card scheme was precisely that it did not. She then makes another assertion:
Who benefits from national IDs? The state, not the individual.
I'm afraid I have to disagree with Wendy on this one. Individuals can benefit from national IDs, if they are assembled in the correct way (ie, my way) and I have no objection from the state benefiting from them too (apart from anything else, I pay for it) provided that that precondition is met. But suppose a national ID infrastructure isn't put together in a 21st-century way? In that case, it still isn't only that state that benefits: criminals do too. As I said a couple of years ago:
If you were going to create a criminal enterprise based on bogus ID cards, who would you target? Probably the group with the least recourse to the law: illegal immigrants. This is exactly what has been going on in Malaysia, where a fake identity card issuing syndicate which cheated hundreds of illegal immigrants has been broken up by the police[From Digital Identity Forum: New identity crimes]
Of course, there's a problem the other way round as well, with illegal immigrants being given documents that they are not entitled to.
In Pakistan and Malaysia a high number of illegal immigrants become legitimate because they acquire a biometric card. Illegal immigrants get into the system usually at entry points of the country. Entry points are governed by human resource. And human resource can be corrupted.[From The Hindu : Life & Style / Society : A question of identity ]
I found a similar point being made in a story from the Yemeni News Agency.
When a Somali refugee who could not speak purely Arabic and insists that he is from Hjjah province, came to al-Thawra police station in the Capital Sana'a for ID, he was requested by the police station to present his documents. He was ready with his electoral card, neighborhoods' supervisor recommendation and ID copies of two witnesses as identification documents to get his Yemeni ID. As the concerned policeman wanted to stop the process of granting him the ID, his co-worker rejected that saying there is no excuse to stop or delay it because he has all the required documents and it’s the election committee's responsibility.
That's a different case isn't it? Why shouldn't people with the right papers get a national ID? The chap in question wasn't trying to bribe the police to give him an ID. Ah, but...
Police officers affirm that refugees can get IDs by giving bribes to concerned officials. These bribes are ranging from USD 500-1000. "Thousands of African refugees could obtain Yemeni IDs by bribing the brokers who have relations with civil affairs investigations and who in their turn allow the procedures to pass through," said a police station's officer. Many Africans had been arrested after finding out that they got IDs illegally, a policeman affirmed, but he did not mention the number, the place of their detention and the number of issues; whether they were referred to justice or not.
In fact what is going here is even more interesting: some officials not only allow illegal immigrants to bribe their way to the papers that will get them a national ID, but they have an absolute incentive to do so, which is that you can't vote without an ID cards.
An election committee chief in Hajjah province got surprised when he discovered that the number of the registered people in the electoral district is twice the population number.
The same problem crops up time and time again. Identity documents become the target of criminal enterprise and because they don't work properly they deliver terrific profits to the bad guys without really helping the good guys very much.
The most wanted are Serbian biometric passports, "which cost up to EUR 3,000", the article claims.[From B92 - News - Crime & War crimes - "Albanians pay EUR 3,000 for Serbian passports"]
You can see the problem. If the state relies on an ID card to regulate its relationship with citizens and that ID card embodies certain entitlements (that is, it is not simply an identity) then the incentive to get one shoots up, because once you have it then you are "inside the wire", so to speak, and can act with impunity. So long as the card actually works, of course.
About 10% of the 24 million MyKad identification cards issued since 2001 had been replaced after they were found to be faulty.[From 10% of MyKad identification cards found to be faulty]
If 1 in 10 ID cards isn't working properly, then people will get used to that fact, so if a criminal shows up with an ID card that doesn't work, the shopkeeper/doorman/whoever will assume that it's broken and take it at face value, so I could stick my picture on any old ID card, that put the card in the microwave to fry the chip. This isn't really progress, is it.
[Dave Birch] I was in the US recently, and had occasion to visit a number of office buildings. At some of these, in order to comply with security requirements, I was asked to provide "picture ID". A couple of times, I produced my UK driving licence, which the guards looked at and then handed back, waving me through, despite the fact that they couldn't possibly have known whether it was real or not. So what was the point? This is what is called "security theatre", where the people involved (in this case, me and the guard) are both acting out our scripts to show security to the people around us. No actual security is involved. Were I a devotee of Osama bin Laden trying to get in to one of these buildings, I would simply have my accomplice call to make an appointment (perhaps posing as a security equipment salesman) using the same John Smith and then show up with a Western Australian driving licence in the name of John Smith with my picture on it. In fact, I'd lay a pound to a penny that I'd get in with Narnian driving licence. What is going on? If I'm going to see a contact at BigCompany, could he just use his digital identity to sign my Consult Hyperion public key, thus creating a credential certificate that I could load into my phone and that the guard could read using his PC, and which his PC could then resolve up the certificate chain to determine, in milliseconds, that I am entitled to enter the building?
In fact, what would be the point of the guard at all? I could just wander up to the building and present myself to the door: the door would ask my phone for a certificate, the phone would present it, but only if I am holding it (by my voiceprint, for example). That wouldn't be theatre.
[Dave Birch] Well, it's bye bye to the ID card. In the end, I shouldn't think that my constant whining about the scheme made a ha'pence of difference and my time on the IPS Advisory Forum was probably wasted. I did make representations (invited, I hasten to add) to a couple of Conservative think-tanks in the run-up to the election, having previously made a number of representations (invited, I hasten to add) to the Government and its advisors. What I said was, in essence, that the Tory plan to scrap the ID card was almost as bad as the Labour plan to keep it. Neither the existing scheme nor the Coalition scheme (ie, nothing) actually solve any of the problems that the lack of an identity infrastructure creates and I absolutely predict that the lack of such an infrastructure will in turn create a major barrier to improving efficiency in public services: it's going to be really difficult to move government services online, introduce more self-service and reduce fraud without some form of identification and authentication system.
It's fair to observe that there a many people (eg, the LSE team who did the original detailed review on the Home Office's ideas) are enjoying their "told you so" moment. The old scheme, created by the Home Office and their development partners PA Consulting back in 2004, was never going to work. It was flawed from the start, and as a showcase for the British technology industry, it was an embarassment: it provided none of the services that the identity cards systems in advanced nations (eg, Germany, Hong Kong, Estonia) provide and there was never any evidence that it would do so. There were no specifications, no toolkits, no APIs. I should say that I don't blame the people working on the project over at IPS, many of whom I have great respect for: the project was doomed before they started work.
There has been no single narrative explaining what deficiency the card is supposed to address: instead, it has been sold as a cure-all remedy for a host of problems. One minute it was touted as tackling illegal immigration or benefit fraud; the next it was the magic bullet for terrorism and organised crime.[From FT.com / World - MPs deride £5.4bn cure-all]
Indeed, and the card that was built was not only pointless but functionless, implementing nothing more than the existing e-passport application. It wasn't as if they didn't have the money to scour the planet for the best advice.
In 1997/98, the Home Office's total spending on consultants was £7.6m. By last year, it had rocketed to £147.9m. Spending by the Identity and Passport Service - the arm of the department in charge of the ID cards project - has gone up in the same period from £237,000 to £30m.[From High price of launching ID cards as consultants cost us £150m | the Daily Mail]
I can well remember taking part in the "consultation process" at the time. I can also well remember feeling rather angry about it: no-one paid any attention (as far I could tell) to any ideas or opinions about the scheme or the vision for identity management, only about the procurement process. In particular, just as the Home Office never paid any attention to our submissions about the original entitlement card concept (more on this in a minute), they never paid any attention to any modern conceptions of identity and set about building an electronic version of the scheme was abandoned in 1952. An electronic version of a paper card and an electronic version of a card index. There was always an alternative...
Many people do think eID could and should be implemented without full identification, i.e. more granular disclosure with pseudonymity - see e.g. Dave Birch's brilliant and very readable paper "Psychic ID: A blueprint for a modern national identity scheme" (PDF).[From Tech and Law]
WH is much too kind, but there you go. Anyway, we are where we are, in an identity limbo. Where do we go from here? It's traditional for incoming administrations to want short and simple instant fixes, so here's a practical three point plan...
I say "Card", of course, because any such plan would distinguish between the identity application that might reside in a smart card, phone, watch, hat, badge or implantable microchip and the smart card, phone, watch, hat, badge or implantable microchip itself. So, my Entitlement Card might have an identity application on it and my mobile phone (SIM) might have an identity application in it and they both have public key certificates with the same link to my entitlement number (or whatever) in it. I'll have to turf out our original response to the entitlement card consultation process and tart it up.
The toolkit of technologies needed to do this -- everything from digital signatures to biometrics to NFC to OpenID -- is already in place. By going back to the original version of the government's pre-Blunkett plan, the government and the industry together can create a more targeted project that can actually contribute to UK plc. I have to say, as an aside, that Consult Hyperion's experiences advising the Irish government on their Public Services Card project has reinforced to me that focusing on a clear, simple and specific goal makes a very, very big difference to national infrastructure efforts of this kind.
[Dave Birch] What with an imminent election in the UK, there's been more talk about e-government and the future of online services.
A MyGov dashboard that allows every citizen to personalise the explosive growth of government services on the web was proposed today by Gordon Brown... Brown said MyGov, which will eventually replace DirectGov, will end the current frustration of web users needing to identify themselves separately for different public services.[From Gordon Brown proposes personalised MyGov web services | Technology | guardian.co.uk]
Whoa! Hold on a minute. How are the recalcitrant inhabitants of Middlesborough, forced online by the redoubtable Ms. Martha Lane Fox, going to identify themselves to their MyGov page, and how will this identification and relevant credentials be federated to the various government transactional services it will link to?
By the way, here's my mock-up of what the MyGov dashboard might look like.
[Dave Birch] I've mentioned (in a tedious, repetitive cycle) that there is a connection between national ID schemes, financial inclusion and payments. To put it crudely, if you "solve" the "ID problem" then the "payment problem" goes away. Let's set aside what any of those phrases in quotation marks actually mean for a moment. Let's also set aside the moral and social issues for a moment, and it is clear that:
If the payment system knows absolutely who you are (because of the ID card) then it becomes relatively easy to handle the funds transfer. The identification and authentication cost would, presumably, be shared between the payment application and lots of other applications.[From [ Digital Identity Forum ]]
Now, I'm certainly not saying that that is the best possible use of technology, and have bored for Britain on the subject of pseudonymity and suchlike, but I am saying that in some circumstances this might be the best overall solution to the problem of extending financial inclusion.
Residents in Oman will soon be able to make payments electronically even if they do not possess a credit or debit card — and it’ll be thanks to the launch of ‘e-purse’ scheme here. All they require is their ID or residency card... The new facility allows people, both nationals and expatriates, to store/load money in their national ID and residency cards and use them to make payments electronically.[From Khaleej Times Online - Electronic Payment Through ID Card in Oman Soon]
Since ID cards are mandatory in Oman, you can see the logic. What is point of giving people yet another card to carry around when they all have an ID card all the time? And given that getting the less well-off out of the cash economy is a relatively simple way to improve their lot in life, it's an obvious social inclusion strategy.
(Yes, yes, anonymity, I know. But let's set that aside for a moment as well.)
[Dave Birch] Some time back, the Minister for ID Cards Meg Hillier received some criticism for saying that the new ID card was just like a passport, but for use inside the country. In fact, I don't think it would really be considered a breach of confidence to report that I once sat next to Meg at an event of some description, and she told me that she thought it had been an unfortunate turn of phrase.
Hillier is relatively new to the ID card brief at the Home Office, and has come up with several improbable and/or unfortunate claims in recent months (e.g., "we should see an identity card, like a passport, in country")[From Transcript disappears minister's 'hack-proof' ID register claim • The Register]
But actually, she was completely correct in saying this. In the UK, the ID card scheme was (for political, not engineering, reasons) given to the Passport Service. They produced an ID card that was -- guess what -- a passport. The UK ID cards that have been issued so far implement nothing other than the ICAO standard for e-passports with Extended Access Control (EAC). I'm not knocking the Passport Service. If the ID card had been given to the DVLA then it would have ended up looking like a driving licence and if it had been given to the DfT then it would have ended up with an ITSO shell on it. My point is not to criticise the implementation decisions made by the Home Office and their ID Development Partner, PA Consulting, but to call for a different debate about identity and a greater vision for national identity management for the future.
I'll illustrate what i mean with one small example. The ID cards issued in the UK have a contact plate on them, but it is only for show, since there are no services accessible through the contact interface (for the technical, there is no Answer-to-Reset, or ATR). The cards implement the ICAO standard for e-passports and nothing more. The lovely gold square is a Potemkin Plate, only there to impress politicians. Meanwhile, in Germany, they are designing a card that implements online pseudonyms to support e-commerce and other such 21st-century functionality.
The Interior Ministry has confirmed that the introduction of the multi-function card will go ahead as planned on November 1, 2010.[From Germany set to introduce smart ID Cards in 2010 | Science & Technology | Deutsche Welle | 15.12.2009]
Why are the Germans able to introduce a national ID card that does something useful, while we are not? Are we stupider than the Germans? I don't believe that. We have worse programmers? Doubt it. It's a mystery. Of course, it might be that their system is designed by engineers to meet a clear specification, whereas no-one really knows what ours is supposed to be for, but who knows.