WRITTEN ON March 6th, 2008 BY William Heath AND STORED IN Foundation of Trust, Identity, What do we want?

Ho hum. I’m listening to the Home Secretary with a heavy heart..

She’s a true believer, and finds it inconceivable there should not be a single secure way to secure our identity. She asserts that the control of who gets one or not is or government. There’s language of choice, but it only really means you can use an ID Card or a Passport (or maybe soon a driving licence) to link to your record on the register. There’s a timescale and stuff, and they think they’ve carved £1bn out of the costs (details will be in the statutory cost review). I’ll try to reproduce all the language of choice, benefit, ability to correct problems.

Ooh. Michael Keegan from Fujitsu has just asked when Easter 2007 is likely to fall. The Minister’s answer is….today, alongside this, and the Crosby report is in the room. So let’s have an Easter egg hunt.

UPDATE 1348. It wasnt there, but it’s on the web now. Crosby says in his press blurb

“Like never before we all need to be able to assert our identity with ease and confidence. Collectively, our ability to do so is of significant economic and social consequence. But first and foremost our identity belongs to us, no one else. The potential of any mass ID system such as ID Cards therefore lies in the extent to which it is created by consumers for consumers.

“I have had the privilege of listening to a very wide range of opinion [Yup. He listened to our, and was both polite and pretty forthright in his own views]. But Government departments and agencies, private sector companies, regulators, special interest groups and technology providers were all united on one thing. The future of identity lies in putting the consumers first. [Hurrah] For many, including Government, that calls for radical new thinking.” [Hurrah]

Speaking about the ID Scheme he says this

I have no remit to comment on the desirability or otherwise of this plan [Which must be a relief for IPS]. However, in my opinion, the Strategic Action Plan (2006) will not be the catalyst for the emergence of the consumer-driven universal ID assurance system envisaged by this report.

Man, that’s the REDACTED version, after 18 months’ delay and wrangling. How must the original version have been like?

Then he sets out his 10 principles

For that to be the case, I believe the design of any ID card scheme would need to be based on the following
ten broad principles:

1. The purpose of any scheme should be restricted to that of enabling citizens to assert their identity with ease and confidence. The scheme should set targets for the quality of assurance achieved at enrolment and verification, which should generally exceed those achieved elsewhere, and it should regularly report its performance against those targets.

2. The scheme’s governance should be designed to inspire the highest level of trust among citizens. It should be operated independently of Government (say, accountable directly to Parliament) and in principle its processes and security arrangements should be subject to the approval of the Information Commissioner, who should have the power periodically to review delivery.

3. As a matter of principle, the amount of data stored should be minimised. Full biometric images (other than photographs) should not be kept. Only non-unique digital representations of biometric images should be stored. Additional data accessed during enrolment and records of verification enquiries should not be retained. All data and systems should be protected by “state of the art” encryption technology. Citizens should “own” their entry on any register in the sense that it should not be possible, other than for the purposes of national security, for any such data (to include digital representations of biometrics) to leave the register without their informed consent.
Verification of identity should be performed without the release of data.

4. Enrolment processes should be different for individuals with different circumstances, and change over time so as to minimise costs and give citizens the simplest and most hassle-free experience consistent with the achievement of the published assurance targets.

5. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.

6. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.

7. Citizens who lose cards or whose identity is compromised should be able to rely on their cards being replaced or their identity being repaired quickly and efficiently and in accordance with published service standards.

8. Technically the scheme’s systems should be closely aligned to those of the banks (both initially and in the future) so as to utilise their investment, de-risk the scheme’s development, and assist convergence to common standards across the ID assurance systems and processes deployed internationally by banks and other national ID card schemes.

9. To engage consumers’ hearts and minds on the scale required, enrolment and any tokens should be provided free of charge.

10. The market should play a role in delivering a universal ID assurance scheme. This will improve the ease with which consumers can use the scheme and minimise costs.

I regard each aspect of these principles to be critical to the goal of creating the conditions for a consumer-driven universal ID assurance scheme to emerge and flourish.

This is going to need careful comment and scrutiny. It’s already happening on the mail lists. Help! Sam! We need a CommentonThis version! (Maybe he’s doing it already).