About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Faking it | Main | Privacy TV »

ID-Day

By Dave Birch posted Mar 6 2008 at 9:58 PM

[Dave Birch] In any discussion about identity in the U.K. recently, the big unknown has been the government's proposed national identity card scheme. There was a lot of uncertainty about how exactly the scheme might work, what the timetable might, what the vision for the scheme was. I was therefore very excited to have been invited to come along in person to the think tank DEMOS this morning to hear the Home Secretary, Jacqui Smith, set out the government's plan. I was thinking that I don't often get the chance to talk to someone like Jacqui (ie, an incumbent in one of the great offices of state) and that she probably doesn't often get the chance to talk to someone like me (ie, someone who knows about national ID card schemes), so it would be an interesting exchange. The government published both a plan to deliver the ID scheme (well, most of) by 2017 and the Crosby report.

When I took my seat, it turned out I was next to Meg Hillier, the Minister for ID Cards, who was kind enough to introduce herself. She turned out to be a good sport...

Meg Hillier: Pleased to meet you, I'm Meg Hillier.

Me: Hello, I'm Dave Birch from the Digital Identity Forum, pleased to meet you. Oh, was it you who said that ID cards were a bit like internal passports?

Meg Hillier: Yes, it was an unfortunate turn of phrase. They're not, of course. There'll be no legal requirement to produce them.

Me: What, not even if you're buying a second home?

She was polite enough not have me thrown out so I was able to stay and listen to Jacqui. Anyway, the event was being recorded and broadcast so I thought I would add to the sum total of understanding by doing the same. I've taken Jacqui's speech as well as the question and answer session and made them into a special edition of the Digital Identity podcast that will be posted on our feed shortly. Have a listen to what she says and make up your own mind about it (alternatively, you can read the speech online).

By the way, it wasn't an idle boast inserted above (about knowing about national identity card schemes). Consult Hyperion is currently advising on its fourth national identity card scheme at the moment (or a European government) so I'd like to think that our opinions might count for something.

To be honest, I feel rather let down. I have been consistently in favour of an ID card scheme but I have been consistently critical of this government's plans. I want an ID card for eBay as well as Barclays, Facebook as well as Heathrow. Unlike many other countries, the U.K. is beginning its transition to the smart ID card world with a clean sheet of paper. We can have an ID card that does great stuff: we can use technology to deliver security and privacy in a new way. Yet after all the consultations and consultants, that's not what's been announced.

Look at the examples given in an Appendix to the Crobsy report. Austria, Finland, Estonia, Hong Kong and so on. All of them are already in action, delivering functionality that will be absent from the U.K. when the first cards are issued later this year. Only last week the German government announced that their ID card would use pseudonyms to protect online privacy. In Austria, they use sector-specific ID numbers to protect privacy. In many Scandinavian countries, the public/private integration is such that people can log on to e-government services using the banking authentication schemes. In Belgium, tens of thousands of people every week use their ID cards in PCs to check their own records. In Estonia, the ID application is being issued in SIMs by the largest mobile operator. I was looking forward to an identity card for the 21st century that would also be a testament to British design flair, engineering ingenuity and innovation. My feeling is still that a biometric register with an MBUN, sector-specific identifiers and mixed private/public provision of a system that provides cryptographically secure selective disclosure is what is wanted. That's not what we've got. And to rub it in, amongst the first news items I saw in when I opened up my laptop after the DEMOS event were that

The smart card can now be paired with the OpenID online authentication standard, enabling [Finnish ID] cardholders to use their cards for logging in to any website that accepts OpenID.

[From TrustBearer OpenID to Support Finland National ID Card]

and the absolutely amazing news (more to blog on this soon) that

Microsoft to adopt Stefan Brands’ Technology

[From IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer]

This is brilliant news for Forum friend Stefan and also for people who want to develop ID card schemes for the modern age. Meanwhile, back at DEMOS, I asked the Home Secretary whether people would be able open bank accounts just using an ID card (which would seem an obvious benefit) and her answer was -- if I've understood it properly -- "it depends". This seems disappointing to me: after three years and tens of million of pounds spent on management consultancy, surely a simple "yes" or "no" is not too much to expect?

Sir James Crosby's report, commissioned two years ago by the Treasury, accuses the government of adopting an "uncoordinated" approach to the problem of identity assurance.

[From ID card report criticises government's approach | Politics | guardian.co.uk]

I think he may be right. There's one slightly odd thing that came up in the session that I'm still wondering about. If you listen to the podcast you'll note that Jacqui forgot to answer my question about benefit claimants. In her speech, she says that:

Would Jean Hutchinson have been able to commit her crimes if she had been asked to give a photo and fingerprint as proof of her identity when she registered each new benefit claim? The answer is no.

[From BBC NEWS | Politics | In full: Smith ID card speech]

In the question time, I asked her if all claimants would have to do this. As Jacqui didn't answer, I was able to ask Meg, and she told me that not only will benefit claimants not be asked for fingerprints and photos, they won't be asked for ID cards either, so I don't think the scheme will have any effect on benefit fraud: either Jacqui was briefed incorrectly on this or I must have misunderstood Meg. I will try and find out and report back.

Incidentally, just to show party political balance, this afternoon I was invited to a talk to business persons by David Cameron, and I went to that too.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto

Comments

"I was looking forward to an identity card for the 21st century that would also be a testament to British design flair, engineering ingenuity and innovation."

... and that's exactly what the UK is getting - a testament to those consultants. As your examples show, we have to look abroad for really innovative thinking.

Sounds like you had an interesting time at the DEMOS event (though I'm not sure why something of this significance wasn't done in Parliament).

I share your thoughts on how we are being put to shame by developments in other countries. I think Sir James should have mentioned the approach being taken in Canada where there seems to be a strong recognition of the need to balance security and privacy and that it is not a zero sum game. (It's no coincidence that the Credentica team, Sxip and Kim Cameron are Canadian methinks).

I have commented on the Crosby report here: http://fishnchippapers.typepad.com/tomorrow_fish_n_chip_pape/2008/03/pondering-crosb.html and, whilst I don't agree with everything he has to say, I do think it's a better place to start. My fear is that it's just too late and the government is going to leave it to gather dust.

Very interested in the podcast - is it available online yet?

[Dave Birch] Yes, it's at www.chyp.com/podcasts.php

Regarding the question of benefit fraud,

"there are no plans at this stage to make the delivery of particular public services dependent on the production of an identity card."

- Meg Hillier (Parliamentary Under-Secretary (Identity), Home Office)
http://www.theyworkforyou.com/wrans/?id=2008-02-25a.188126.h

The comments to this entry are closed.