About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Balancing security and privacy, part 97 | Main | Biometrics 200n »

What a cunning stunt

By Dave Birch posted Oct 28 2009 at 9:19 PM

[Dave Birch] I am, very literally, green with envy. I count myself as a reasonably good speaker, and I try to use narrative and historical examples to explain key principles. But nothing beats a good demo, and I saw an excellent one today, one that I wish I'd thought of!

At the Intellect conference on Identity & Information in London today, Edgar Whitely from the LSE gave a terrific presentation. He was pointing out that the principle of data minimisation in identity systems is important, but he did it in a particularly arresting way.

Here's what he did.

He showed this recent newspaper photograph of the British Home Secretary, Alan Johnson, showing off his new ID card and holding it up to the camera. This version comes from The Guardian....

Alan Johnson reveals the design of the British national identity card

Alan Johnson reveals the design of the British national identity card. Photograph: Stefan Rousseau/PA

As you can see in the picture, for reasons that will be not fully explained in a moment, the UK ID card has the holder's full name, date of birth and place of birth on it. These three data points are sufficient to uniquely identify the overwhelming majority of the population. So Edgar went to the Identity & Passport Service birth certificate ordering service and put in the details from the Home Secretary's card. He then paid his £10 and... with a suitably theatrical flourish, Edgar produced the copy of the Home Secretary's birth certificate that he had been sent in the post. Note that Edgar hadn't done anything wrong. As James Hall, the head of IPS who was on the same panel, pointed out, in the UK anyone can order a copy of anyone's birth certificate. He said that if you are a celebrity then hundreds of people will order copies of your birth certificate every year, which had never occurred to me. I'm sure James is right, but it does seem a little odd that people who want to commit identity theft will simply have to look at their mark's ID card to get started.

Edgar hadn't used the birth certificate to open a bank account or get a driving licence or anything, he was just making the point that if we don't adopt the right principles (eg, data minimisation) for identity systems, then we run the risk of making identity theft worse. It was a great presentation and a super stunt. Well done.

Anyone familiar with my deranged rantings about psychic ID (ie, virtually nobody) will be familiar with the general point: a characteristic of a 21st-century ID scheme is that it should only give up information necessary to enable a transactions, nothing more or less. So, if you are authorised to ask my ID card whether I am over 18 or not, that's all it should tell you. Not my name, not my address, not my age or date of birth. Just whether I am over 18 or not and that's it.

The current ID card scheme does not have this key characteristic, not for any functional reason but because the ID card and passport were jumbled up for a political purpose -- the purpose being, as far as I know, to make it harder for an incoming administration to scrap the scheme -- that constrains the design and implementation. Since the government wants the ID card to be used as a travel document within in the EU, it has to have certain human-readable information on it. That's why it gives away the key data points that make it tempting for criminals to kick-start their identity theft antics.

Actually, since there are no readers, criminals won't bother doing this. They will just make bogus ID cards. I firmly predict a booming market in fake ID cards just as soon as the real ones hit the streets. Oh, wait...

The fake cards ranged from provisional and regular driving licences to UK, German and other European ID cards, and contained holograms and chips.

[From Cheshire couple jailed for selling fake ID cards - Chester Chronicle]

This means that people were manufacturing fake UK ID cards even before the real UK ID cards were actually issued. You can see the criminal logic behind this: people are vaguely aware of ID cards, but don't know what they look like, so if you're 20 and you want to get into an over-21 nightclub, a fake ID card is an obvious purchase. How much will people pay for them?

Well, here's a useful data point, which comes from the terrific scandal surrounding Baroness Scotland, Britain's Attorney General, who was discovered to have been employing an illegal immigrant.

Ms Tapui revealed that the out-of-date forged visa stamp in her passport was acquired by a Russian acquaintance for a £180 fee. She obtained the stamp after twice being refused a visa by the Home Office, which nonetheless took no action to deport her.

[From I didn't show Baroness Scotland any passport, says housekeeper in sensational new allegations | Mail Online]

So for spreadsheet purposes, we can assume that a bent ID card that has "permission to work" or whatever written on the back is worth a couple of hundred quid. As long as employer makes a photocopy of it, they are in the clear, so everyone is happy.

There has to be a better way. For a start, the ID card has a contactless interface, so it would be trivial to write an application for phones with an NFC interface (eg, Nokia 6212s) that would read the card, go online to the (currently non-existent) web interface to IPS, check that the card is valid, and then display the relevant details from the chip on the phone screen. Since all employers, and all bouncers, need to have a mobile phone anyway, they might as well get one with an IPS application on it that validates cards.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference What a cunning stunt:


I generally support this line of thinking (i.e. minimal disclosure) but the problem is that you lack economic clout to make the argument to get such a scheme adopted widely — especially in digital networked systems (i.e. social web sites or applications).

It may take government intervention to force such a system, but as it turns out — a card that provides minimum disclosure in practice is often less useful than you might hope — and the bearer is often requested (or demanded) to provide additional information — name, provenance, email address, and so on — to receive basic levels of service.

It has less to do with identity and authentication than it does the recognition of economic value of knowing who you are and how to contact you after you're gone.

The comments to this entry are closed.