Government interface
By Dave Birch posted May 19 2009 at 8:04 AM[Dave Birch] For e-government to take off, it is transparently obvious that population scale identification and authentication infrastructure (beyond e-mail address and alphanumeric passwords) will have to be in place. If not, the pain associated with every single online interaction with the public sector will grow far beyond the point where the bulk of the population will want to get involved and there will be a hard limit on the efficiency of the delivery of public services. No-one, surely, can be against that. Yet we don't seem to making much progress towards this. Even in cases (in the UK) where online service delivery works very well indeed (eg, vehicle tax), it does so in silos.
Now, many people will (quite rightly) point out that there is a fundamental danger to the idea of using a single identity across all services. There's a particular danger to using to the same identity across public and private sector services.
In yet another security breach, the US State Department said 400 passport applicants, and maybe more, have had information stolen. Passport applications containing personal information, including Social Security numbers, were accessed and used to open fraudulent credit card accounts. A fraud ring bought information from a government employee. The information was used to apply for cards. Cards were intercepted by another insider in the post office before they were delivered. The passport applicants had no idea their identity had been stolen.
[From National ACH: Government Employees Selling Identities]
Now, that's the kind of fraud that imagine was dismissed out of hand by the government's management consultants when they were procuring the system. "Insiders in the Post Office connecting to insiders in the State Department? Oh, come on! That's like a Tom Clancy novel, it will never happen."
It this sort of thing -- and it seems to happen all the time -- that means that many people react against the very idea of a government identity or a government identity management system, although I draw a different conclusion: we need a better (privacy-enhancing) design for a government identity management system, perhaps building on the schemes used in countries such a Germany and Austria where identities are cyptographically-partitioned between service providers.
(Obviously, I trust the Government even less. I'd much rather have O2 manage my ID than the Home Secretary. SIMs are more secure, cheaper and better-managed than the UK's ridiculous Stalinist ID card system).
[From Dean Bubley's Disruptive Wireless: Thoughts on managed identity services by mobile operators]
What we want, surely, is the best of both worlds. I want my SIM to hold a number of identities, including government ones, that I can choose to use on a per-transaction basis. And I don't think it's far-fetched to expect this kind of modern infrastructure.