WRITTEN ON September 27th, 2010 BY William Heath AND STORED IN Identity, Save Time and Money

Mydex‘ new White Paper out today has a section at the back that sets out the implications of personal data stores such as Mydex for public sector services, identifiers, personalisation and security. The text of that section is below. You can download the whole Mydex White Paper here.

Mydex: A Manifesto for UK Public Services

One area government IT has made progress is with public data, with the “power of information” policy and the data.gov.uk portal, which recognises the value of ‘unlocking’ data held by the Government for reuse by added value service providers.

Next we need a comparably radical rethink on personal data. This starts with a return to the role of personal identifiers and intermediaries set out by UK officials a decade ago, and as recently adopted by the Obama Administration. This means:

• assume that access to on-line public services will be through a market or ecosystem of accredited third-party identifiers (issued for example by a range of existing online services, credit bureaux, or banks
• drop the false notion that it’s generally essential to know who people are
• challenge the assumption that personal data is “owned” by service-providing departments to be shared at their convenience
• instead, recognise that the individual is not only the rightful owner, but also the only technically feasible point of integration of exponentially growing volumes of personal data, and therefore the only possible place where “personalisation” can happen
• recognise furthermore that structured, scalable personal data managed by individuals is set to become the source of immense new economic value, and that the individual is a rightful
beneficiary.

This change in mindset includes a specific challenge to secret parts of government entrusted with keeping Britain safe. A safe society isn’t the outcome of dysfunctional public services designed to aid surveillance.

Britain has a far better chance of being secure with public services designed to work for individuals and front-line public servants, which respect human rights and dignity. When the data are cleaner, the relatively small number of exceptions stand out more clearly.

On-line identifiers need to work under the user’s control, with minimal disclosure and revealing information only to justified parties. They need to be consistent and convenient (see Kim Cameron’s “Laws of Identity”).

In the short term the UK can copy the US administration: announce that future access to online services will be via third-party identifiers, and then provide for the emergence of a “trust framework” so a range of identifiers are accredited for suitable purposes. Many services can be accessed anonymously, and for many more all that is needed is a consistent user experience. It’s not always necessary to identify people to check their entitlement.

But sometimes individuals will need to invoke stronger identification credentials online: for “Know Your Customer” processes or to meet the most stringent visa requirements for example.

Government IT therefore needs to anticipate a world where individuals are equipped with

• highly evolved personal data stores
• the ability online to invoke strong authentication or verification
(e.g. proof of qualifications, licences, credit, nationality or identity)
• selective disclosure, i.e. the ability to share the minimum necessary in a particular circumstance.

This doesn’t require major new procurement. It means:

• review each main service function to take into account the role
of user-driven records for health, education, welfare, transport, or
other areas such as the Census or the London Olympics
• quickly participate in at least two live prototypes of user-driven
services across multiple organisations supported by independent
online verification services
• where there is benefit, re-engineer the public services (health,
education etc) users can drive new services.

Just as the existing “Power of Information” has created new APIs to allow structured public data out of government systems to create new value, so this “empowered citizen/customers” agenda will see new APIs that allow structured personal data in. This means public services can be driven and personalised by users, and new service packages created for them by third parties.

This “empowered citizen/customers” agenda might even reveal a revised role for the National ID Register as a voluntary service offering online verification as part of a trust framework, for the most demanding cases.