About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Budapests | Main | You've been fingered »

eema e-ID

By davebirch posted Nov 17 2006 at 2:25 PM

[Dave Birch] I was invited to speak at a seminar, organised by eema, on the UK e-ID card.  The seminar covered progress to date (which didn't take long, as the IPS speaker dropped out) and the impact on business applications.  This was a useful and illuminating discussion because of the spectrum of organisations represented around the table, ranging from the Department for Work and Pensions to BT.  There was a super discussion about privacy in the afternoon, featuring Ben Laurie (with his Open Rights hat on), Pete Bramhall (from HP) and Gus Hosein from Privacy International.  There's an integral relationship between identity and privacy in the electronic world and so I always enjoys these discussions, especially since none of us were called on to define what we mean "privacy" (or, for that matter, "identity").

Technorati Tags: , , ,

Gus (who is at LSE) went first.  He mentioned that the LSE's recent report on privacy, comparing the situation in various countries around the world, ranks the U.K. along with Singapore and Malaysia at the bottom of the international privacy league.  His main points were about the strange situation in the U.K. whereby the collection of personal data is becoming the norm rather than the exception, which was certainly food for thought but I'm not sure if many people round the table were that interested.

I have to say I was quite surprised how quickly the ensuing discussion around the table collapsed into a "black and white" discussion about privacy and became really rather animated.  Perhaps it's unique to England, but the topic of ID cards has lost none of its capacity to excite passions, which in a way is rather disappointing.

Pete made some good points about the relationship between privacy, data protection and security, including an observation which got a few nods around the table: citizens of the countries that scored best in the LSE survey actually already have ID cards, but they also have strong constitutional protections around the storage and use of their data.  In the UK we have data protection legislation, but the system runs mainly on trust.  He pointed us a survey (which I think he said was part of the Trustguide effort) showing that people in the UK don't trust the government to be an identity service provider, so who would they trust instead?  Banks, World of Warcraft, Churches?

Ben's angle was "narrow but important": you want to minimise what you disclose but as you give away all your little snippets of information to one person after another, so the snippets can be linked.  Most credential technologies (eg, X.509) are linkable since each credential looks exactly the same every time you use it.  He reassured the audience that the cryptographic technologies to provide unlinkable credentials already exist and, what's more, work.  He used the examples of Credentica and some work going on under the EU Prime project using the IDEMIX technology.  As an aside, he also passed on an excellent definition of three-factor authentication: something you were, something you've lost and something you've forgotten!

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]


The comments to this entry are closed.