Grasses up

[Dave Birch] If you haven't been over to Wikileaks, you should probably go and have a quick look before you read the rest of this post! There's an article about it in a recent New Scientist, talking about how "onion routing" is used to provide anonymity. So people (eg, whistleblowers in large corporations) can obtain genuine anonymity online. I'm in favour of this, generally speaking, and it's certainly necessary in a free society. But is it sufficient?

Suppose, for example, that I post a plausible-looking document that seems to show that the British Royal family are actually giant extraterrestrial bloodsucking lizards. How do you know whether it's a genuine leak or a double-cross? If, for example, there's a document purporting to be the Identity & Passport Service's National ID Scheme Options Analysis, how can you be sure that it really comes from them (just to pick a mischievous example) or was made up by someone at No2ID? If we as a society agree that some from of whistleblowing is a social benefit -- and yes, we must also accept that it means that some drug-dealing Nazi child pornographers will be able to take advantage of it too -- then we should have systems in place to deliver it. And that doesn't mean implementing anonymity.

Still practising

[Dave Birch] I went to a European Commission "epractice" seminar to share best practice about electronic identity -- and in particular the interoperability thereof -- in Europe. Consult Hyperion have been doing a lot of work in this area -- we were commissioned by the EU to study identity interoperability last year -- and so I thought it would be very useful to come along and exchange ideas. It was gratifying to discover that the conclusion of our work for the Commissin was congruent with the findings of all of the other studies for the Commission: not only is there no interoperability whatsoever at a European level, there's precious little of it at the local level either (ie, you can't use your HMRC login to log on to DVLA and so on). There were some studies that have gone down another level, and they discovered that one of the reasons for the lack of interoperability is that none of the European identity schemes are using a standard-based approach (with the except of SAML that is being used in a small number of schemes).

It was quite well-attended (there must have been more than 40 people there) and while there were a few familiar faces, I enjoyed the opportunity to listen to some new(to me) perspectives. One of the points made at the beginning was, I think, key not only at the international level but at the national level too. It was that the focus should be on interoperability rather than harmonisation. There is no need for everyone to use the same identity management scheme, identity cards, identifiers and all the rest of it. Hence one of the ways forward is to imagine a set of technology-neutral national gateways and interconnect through those gateways.

In the afternoon I went into the breakout to discuss mobile e-identity, which I'm becoming increasingly enthusiastic about. The reasoning is that in order to make some form of electronic identity useful to citizens, it has to do some interesting things. But a card can't do anything interesting things, whereas mobile phones can and --- and I think this is central to the discussion looking forward two or three years -- what's the point in issuing another smart card when the entire population has a mobile phone already.

ID cards, management, PKI

Another thing invented by lawyers

[Dave Birch] Over at SecureID News, Daniel Butler was asking whether digital identity can curb spam. Apart from reminding me that the first ever Internet e-mail spam came from a couple of lawyers in Phoenix -- who in April 1994 hired a programmer to post a message advertising their services around the U.S. green card lottery to thousands of newsgroups -- it also made me reflect yet again on why nothing is happening. The most obvious way forward would be to use encryption and signing: since both S/MIME and SSLv3 were standardised many years ago (in fact it's difficult to buy a mail package or web server that doesn't have them) it's a puzzle that we don't use them. Requiring all e-mail to be digitally-signed, and instructing mail servers to throw away any mail that didn't have a valid signature, would be an obvious way to stop spam from reaching inboxes, because it raises the cost of sending a spam e-mail from zero to very little: but that's enough.

identity, PKI

Population-scale PKI

[Dave Birch] The Land Registry, the government agency that records who owns Britain's land and buildings, has spent the past decade developing an e-conveyancing system to make buying and selling houses easier and more certain. It's going to be using PKI to secure the system. Authorised parties will be able to exchange information quickly, securely and reliably with each other and the Land Registry. Documents will be encrypted and "signed" with a digital certificate, and people will require a secure token, username and password to produce and read the documents. Final testing is underway and when it goes live, expected in early summer, it will be able to process up to 300,000 documents a day and support up to half a million security "certificates" from property professionals such as conveyance attorneys.

identity, PKI

Some best practices

[Dave Birch] The European Commission's ePractice.eu is hosting a free workshop on electronic identity in Brussels on February 14th. I'll be going along to hear three best practice presentations -- from Spain, Belgium and Estonia -- and to join in the discussion about how to learn from and build on them. See below for more details if you want to come along too.

ID cards, identity, management, PKI

Security on a grand scale

[Dave Birch] It's really difficult to keep big systems secure when they have lots of users. Especially when those users don't really care about security. And worse when there's no identity infrastructure. The textbook case study for years to come will be the "troubled" $25 billion-ish National Health Service "Connecting for Health" (CfH) system. It's travelling a predictably rocky road. NHS staff (which, from a risk analysis perspective, means everyone in the world -- the NHS employs over a million people) have complained they have not been properly consulted, system designers have argued it is foolhardy to keep patient records in one central database and security experts have warned that the system might (!) be vulnerable to unauthorised users. Some of the most stringent security measures in the IT industry have been devised to protect confidential information: staff have been issued with smart cards, for example. Of course, they don't actually use them to log in: they find the person with the highest level of authorisation, put their smart card into the system and then leave the card in until the end of the shift.

Technorati Tags: health, identity, security

John Bullard, Identrust

[Dave Birch] In this week's podcast, John Bullard talks about Identrust and its business model, creating interoperability between bank-issued digital identities to allow for secure electronic transactions between banks and businesses.

Technorati Tags: identity

Hard or soft?

[Dave Birch] I noticed an article about a large US bank planning to issue digital certificates to retail customers.  I wanted to pass on some of our experience in this area to explain why I don't think this is the best way forward for banks outside the US.

Technorati Tags: business, ID cards, internet