About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« The sorry state of id and authentication | Main | Two-faced, at the least »

It all comes back to liability

By Dave Birch posted Mar 14 2011 at 2:23 PM

I posted about the silo-style identity and authentication schemes we have in place at the moment and complained that we are making no progress on federation. Steve Wilson posted a thoughtful reply and picked me up on a few points, such as my "idea" (that's a bit strong - more of a notion, really) of developing an equivalent of creative commons licences, a sort of open source framework. He says

CC licenses wouldn't ever be enough. Absent new laws to make this kind of grand identity federation happen, we will still need new contracts -- brand new contracts of an unusual form -- struck between all the parties.

[From comment on Digital Identity: The sorry state of id and authentication]

But isn't that what CC licences solve?

It's complicated by the fact that banks & telcos don't naturally see themselves as "identity providers", not in the open anyway

[From comment on Digital Identity: The sorry state of id and authentication]

Well, I'm doing what I can to change that (see, for example, the Visa/CSFI Research Fellowship), but on the main point I happened to be reading the notes from the EURIM Identity Governance Subgroup meeting on 23 February 2011, talking about business cases for population scale identity management systems. The notes say that

It is alleged that the only body with the remit, power and capability needed for assuring and recording a root identity through a secure and reliable registration process is Government.

The notes then go on to talk about case studies such as the Nordic bank-issued eIDs though. These arguments are to some extent circular, of course, because the e-government applications in the Nordics are using bank-issued eIDs, but the only reason that the banks can issue these eIDs is because they are using government ID as the basis for KYC. In the discussion about this at a recent roundtable in that Visa/CSFI "Identity and Financial Services" series, someone made a comment in passing (and I'm embarrassed to say that I can't remember who said this, because I noted the comment but forgot the commenter) that all of this takes places in a model absent liability. That is, as far as I understand what was said, the government accepts no liability from the banks, and vice versa. So if the bank opens an account for me Sven Birch, using a government "Sven Birch" identity, but it subsequently transpires that I am actually Theogenes de Montford, then the bank cannot claim against the government. Similarly, if I used my bank eID "Sven Birch" to access government services, but it subsequently transpires that I am actually Theogenes, then the government has no claim against the bank. (If this isn't true, by the way, I would appreciate clarification from a knowledgeable correspondent.)

So what is the situation? Must we have a liability model, or can we all agree to get along without one. Or do you have to a have a more consensual society, or perhaps one with fewer lawyers per head of population?

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef014e86b414fb970d

Listed below are links to weblogs that reference It all comes back to liability:

Comments

The comments to this entry are closed.