Meg was absolutely right
By Dave Birch posted Feb 4 2010 at 5:07 PM[Dave Birch] Some time back, the Minister for ID Cards Meg Hillier received some criticism for saying that the new ID card was just like a passport, but for use inside the country. In fact, I don't think it would really be considered a breach of confidence to report that I once sat next to Meg at an event of some description, and she told me that she thought it had been an unfortunate turn of phrase.
Hillier is relatively new to the ID card brief at the Home Office, and has come up with several improbable and/or unfortunate claims in recent months (e.g., "we should see an identity card, like a passport, in country")
[From Transcript disappears minister's 'hack-proof' ID register claim • The Register]
But actually, she was completely correct in saying this. In the UK, the ID card scheme was (for political, not engineering, reasons) given to the Passport Service. They produced an ID card that was -- guess what -- a passport. The UK ID cards that have been issued so far implement nothing other than the ICAO standard for e-passports with Extended Access Control (EAC). I'm not knocking the Passport Service. If the ID card had been given to the DVLA then it would have ended up looking like a driving licence and if it had been given to the DfT then it would have ended up with an ITSO shell on it. My point is not to criticise the implementation decisions made by the Home Office and their ID Development Partner, PA Consulting, but to call for a different debate about identity and a greater vision for national identity management for the future.
I'll illustrate what i mean with one small example. The ID cards issued in the UK have a contact plate on them, but it is only for show, since there are no services accessible through the contact interface (for the technical, there is no Answer-to-Reset, or ATR). The cards implement the ICAO standard for e-passports and nothing more. The lovely gold square is a Potemkin Plate, only there to impress politicians. Meanwhile, in Germany, they are designing a card that implements online pseudonyms to support e-commerce and other such 21st-century functionality.
The Interior Ministry has confirmed that the introduction of the multi-function card will go ahead as planned on November 1, 2010.
[From Germany set to introduce smart ID Cards in 2010 | Science & Technology | Deutsche Welle | 15.12.2009]
Why are the Germans able to introduce a national ID card that does something useful, while we are not? Are we stupider than the Germans? I don't believe that. We have worse programmers? Doubt it. It's a mystery. Of course, it might be that their system is designed by engineers to meet a clear specification, whereas no-one really knows what ours is supposed to be for, but who knows.
I'm in favour of a national identity management system, and i think that all things considered, a smart card is a pretty good way to deliver it. Other than that, there's no overlap between my thinking and the UK government's approach. The UK government, its management consultants and suppliers have together come up with something simultaneously expensive and pointless.
We have Payments Council and a National Payment Plan (NPP). The Payments Council has already made some interesting, and for the sector quite radical, strategic changes: the successful introduction of the Faster Payment Service (FPS), phasing out of cheque guarantee cards and setting 2018 as the end of cheque clearing in the UK. Perhaps one option for an incoming administration might be an Identity Council and a National Identity Plan (NIP).
What would such a plan contain? Well, just as the NPP set out where the stakeholders felt that the country should be in a decade, so a NIP would set out the same. There might be some targets for reducing identity-based crime according to some agreed measures, proposals to abolish older forms of identity that are no longer useful and a programme for looking at new technology. Crucially, though, it would provide a means of establishing what potential solutions there might be (of which an ID card might well be one) and how they would fit together in a roadmap.
One critical component of the plan is a better base model of identity -- a paradigm, if you like -- for the rest of the plan to work with. Far be it from me to blow my own trumpet, but this model should be founded on a differentiation between real, digital and virtual identity. Such a model already exists.
Many people do think eID could and should be implemented without full identification, i.e. more granular disclosure with pseudonymity - see e.g. Dave Birch's brilliant and very readable paper "Psychic ID: A blueprint for a modern national identity scheme".
[From Tech and Law: PETs - Stephan Engberg's response]
Should the incoming Prime Minister call, we stand ready to serve our country however we may.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Meg's wisdom is more clearly revealed with each passing day.
Obviously, the reason why the UK chips are non-functional is that, if the architecture depended on them, the card would not meet one of Meg's other functional criteria: namely, that young ladies should be able to slip it into their shoe when heading to clubs which might require a convenient [sic] proof of age. Doing that prior to a long evening of frenzied dancing would put the chip at risk - so best just not to use it in the first place.
Posted by: Robin Wilton | 04/02/2010 at 06:18 PM