Yes, I would have thought Directgov should be interested in any trusted third party registration/certification authority which could be added to the list at the front end of the Government Gateway which currently includes only the Chambers of Commerce.

But I could be wrong. They may have lost interest in the Government Gateway. It’s hard to tell. Because it’s hard to find any reports of the response to the PIN. Hard, but not impossible, see particularly post @ Mon, 20 Sep 2010 18:03:22 GMT.

It’s probably just me but I suspect that your post is at the other end of the spectrum from Ideal Government’s position. It’s a rave from the grave, a dusty and scratched EP found behind the bookcase, nostalgic but utterly outdated.

There is no imperative to help CIOs prepare the business case to spend money on computers. The old Total Place notion that local authorities should shape the character of the communities they serve is back to front. Public servants hiding behind their screens is like policemen hiding in their Panda cars or the station. The advocates of joined up services always predicated their case on the failure of public servants to understand their parishioners and know what they want. Which is a false allegation. The real imperative is to let experienced public servants exercise their judgement.

There is a government Prior Information Notice according to which “the UK public sector through Directgov is looking for information on the availability of all types of multichannel services that business and personal customers might use to provide satisfactory assurance of identity when interacting with public services”.

Business and personal customers can interact with public services most notably using the UK Government Gateway. Users may identify themselves by a user ID and password, chip and PIN, one-time password or digital certificate. As far as I can see, only one type of digital certificate is allowed, and that is issued by the British Chambers of Commerce. Even that only works with some browsers and some operating systems.

There is an opportunity there. WHO probably wouldn’t qualify as a trusted certification authority, its credibility seems to be dented by being dependent on Microsoft some time in the future and for the moment by not being able explain how its technology achieves the desired objectives of pseudonymous and anonymous use.

But what about WHAT, the William Heath Arena of Trust? If WHAT becomes a trusted certification authority – trusted by the public on the one hand and central and local government on the other – then it could be just the sort of supplier the Cabinet Office/Directgov is looking for, what with not having any money to spend and all.

(To be a bit more precise, actually, WHAT should be a registration authority, which establishes that the individual or legal person is who they say they are, the separate job of issuing a certificate should be undertaken by WHICH, the William Heath Identity Certification Hostel. To complete the set, there will also have to be a revocation authority, WHERE.)

Any interest in that Prior Information Notice?

Best wishes
dm

I’m not the person to ask whether these technologies are perfect. I’m arguing that we should put the best available technology at the disposal of the individual now and in future. That’s not expensive for government to do, because it’s not government that has to do it. Government does have a role, however, in playing its part – mostly as a relying patry – in such an ecosystem.

Whether we appear to have no money, as at present, or loadsamoney, as in the past, I wouldn’t obsess about it. What does seem worth obsessing about, money or none, is privacy. And identity.

Topically enough, there was a meeting recently for suppliers to discuss how government could make use of independent third party electronic identity service providers. The meeting was chaired by an excellent official, who speaks clearly, who writes clearly, who is fair-minded and who has the ear of senior politicians – decision-makers. Nothing random about him.

Eccentrically, the idea was deemed to be a non-starter without money. It is a shame you weren’t there to point out that the project could be funded by realism instead.

Looking for sources of value, the suppliers (not the official) wondered whether having access to everyone’s passport data and driving licence data might pay for the project. No, they decided, they already had better quality data anyway. Perhaps if they had taken into account Iain’s fishing licence data that might have tipped the scales (!).

Suppose a new identity service provider appears, the William Heath Organisation, WHO. And WHO offers pseudonyms and maybe even anonyms. How robust is that pseudonymity or anonymity? That is the question I keep coming back to. If Inspector Knacker turns up at WHO’s offices with a warrant and demands to know who some avatar is, in real life, here on terror firmer, how can WHO resist complying?

That’s the bit I don’t understand. Messrs Chaum and Brands offer unconditional anonymity. It sounds great. But how does it work? How can it work? I ask without hostility, armed only with ignorance and an eccentric desire to find out what people are talking about.

This jumped out at me because I have just been reading a draft of a forthcoming report from Socitm Insight on Information and Total Place.

The author has been through the Total Place pilot reports and demonstrates the size of the challenge current information management practice poses to prospects for joining up local public services. Time and time again good intentions were frustrated by incomplete or inaccurate data, use of different information standards, varying interpretations of the Data Protection Act, and a host of related issues that will be familiar to anyone reading this.

The report has been written to persuade leaders in public services of why top quality, relevant and timely information is necessary to making whatever follows Total Place a success, and to give Socitm’s constituency, ie CIOs and other information professionals the means to make a credible and convincing business case for investment in information management.

This wont change statutory problems (eg the poor DPA) or US data grabs. It wont solve every problem. We will all have to show more forebearance and the world will remain imperfect.

My point is the Coalition has not made a high-profile ID plan a priority. And the start point is not stressing about identity. Nor privacy. Nor is it – forgive me – pestering random officials with eccentric and hostile letters.

The start point is the necessity to save money. This will bring in a more rational approach to external/third party identifiers, quite probably including the mobile phone capabilities you have rightly mentioned in the past. This opens the path to the sort of benefits Iain rightly describes in his comment.

Can you unpack that, please, William?

How does the urge to save money usher in the right identity policy?

And what is the right identity policy? One that protects our privacy, it seems. But how does it protect our privacy?

We all know the notion that we should have control over who sees what bits of our data and everyone piously agrees that that should be built into identity assurance but it isn’t built in. If your UK bank details are shared with the EU and the EU shares with the US, you can’t just recall it from the US.

People keep saying “BankID” to me, and “Norway” and “pseudonym”. Do pseudonyms work in Norway’s BankID scheme? How? (I’ve asked you about pseudonyms before.)

“User-controlled digital identifiers within an identity assurance framework are prerequisite, and that is just what Cabinet Office is now quietly proposing.”

Maybe. But oddly enough, as they haven’t got any money, due to the urge to save it, it’s not going to start, even, let alone happen.