About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Don't call us | Main | Spot the looney »


By Dave Birch posted May 25 2010 at 7:56 AM

[Dave Birch] I was in the US recently, and had occasion to visit a number of office buildings. At some of these, in order to comply with security requirements, I was asked to provide "picture ID". A couple of times, I produced my UK driving licence, which the guards looked at and then handed back, waving me through, despite the fact that they couldn't possibly have known whether it was real or not. So what was the point? This is what is called "security theatre", where the people involved (in this case, me and the guard) are both acting out our scripts to show security to the people around us. No actual security is involved. Were I a devotee of Osama bin Laden trying to get in to one of these buildings, I would simply have my accomplice call to make an appointment (perhaps posing as a security equipment salesman) using the same John Smith and then show up with a Western Australian driving licence in the name of John Smith with my picture on it. In fact, I'd lay a pound to a penny that I'd get in with Narnian driving licence. What is going on? If I'm going to see a contact at BigCompany, could he just use his digital identity to sign my Consult Hyperion public key, thus creating a credential certificate that I could load into my phone and that the guard could read using his PC, and which his PC could then resolve up the certificate chain to determine, in milliseconds, that I am entitled to enter the building?

In fact, what would be the point of the guard at all? I could just wander up to the building and present myself to the door: the door would ask my phone for a certificate, the phone would present it, but only if I am holding it (by my voiceprint, for example). That wouldn't be theatre.

But the real world seems to value theatre more than security, because theatre is easy to understand but security is complicated, and very difficult to explain security to political advisors with politics degrees. And real security is constantly being subverted by politicians anyway, whereas since theatre isn't security, it doesn't matter how much of it you have, nor whether it is tragedy or comedy.

ENAC, Italy's civil aviation authority, wants airlines to accept ID such as driving, hunting and fishing licences.

[From BBC News - Ryanair may ground Italian domestic flights in ID row]

You can see how it will get difficult for airlines, ferries, car rental companies and other travel-related organisations if they required to accept all sorts of strange documents as valid travel documents. This has already led to problems.

A man has received an apology from the Home Office after his ID card was refused as he tried to board a ferry to Rotterdam.

[From BBC News - Apology after ID card is refused]

I thought this story was rather good, for a couple of reasons.

Mr Eastwood said: "When I approached check-in and flashed my ID card, the two girls on the desk looked at each other and said: 'We can't accept that'. It was like they had never seen one before."

[From BBC News - Apology after ID card is refused]

I'm sure they hadn't, but how they were supposed to tell it from a Portugese fishing licence I've no idea, and now that the scheme is about to be abandoned, there will be a few thousand of these cards in circulation and this problem will re-occur. This is why it makes no sense to have "smart" travel documents that are validated by people and not machines capable of determining their authenticity.

It's as confusing for the rest of the public. For reasons not germane to this discussion, my teenage son had to produce some identity as part of a commercial transaction before Xmas. His American passport was rejected. "I'm sorry", said the clerk, "we can't tell if it's real'. I couldn't resist asking "how can you tell if a British passport is real?" and the clerk said "we can't, but we keep a photocopy of it". Theatre.

Identity is a mess, and it isn't just in Europe, and it isn't just for travel.

I thought that the most interesting part of this story came further down. The Home Office, the British government department in charge of the identity card, said that they had notified travel companies about the new id cards last year, presumably including their description of the key authenticity tests, which was:

Physical checks can also be performed on the card. As it is made entirely from polycarbonate, it will have a distinctive sound when flicked, and the holder’s image will always be in grey-scale.

[From Digital Identity Forum: Gambling on ID security]

So since the government had created this new identity document and had informed the travel companies as its existence and mechanisms to establish its validity, who should pay when it is declined?

The Home Office has said they will refund him the travel costs and the price of the ferry tickets.

[From BBC News - Apology after ID card is refused]

Another cost of the ID card scheme that not even the LSE factored into their spreadsheets!

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Theatrical:


And of course, the "papers please" crowd have rarely given any thought to what real benefit will come even from a verifiable "identity" proof. Parliament has it right: check visitors for weapons; who cares what their name is?

The comments to this entry are closed.