WRITTEN ON September 21st, 2010 BY William Heath AND STORED IN Design: Co-creation, Design: user-oriented, Foundation of Trust, Identity, Save Time and Money

Does it matter that the Coalition hasn’t published a post-ID-Scheme identity policy yet? I dont think so. It’s no more helpful to obsess about identity than to obsess about privacy. These things are important, but the overriding Coalition priority is to save money.

Happily, the urge to save money will usher in the right identity policy and in turn protect our privacy.

The area to focus on is data logistics. When Alan Mitchell and I browsed through hundreds of complaints about public services recently we observed that very few are about privacy and none at all about problems with identity. But the vast majority point to poor information logistics. The key person – official, professional, or the unhappy individual – just didn’t have the right information at the right time.

This causes irritation, frustration, offence, and vast expense. It’s extremely annoying for individuals not to be able to get hold of information they need, to have the wrong information, or to have to give the same information over and over again. It’s unjust, time-consuming and possibly worse to get the wrong treatment or service because the service cant get the information or has the wrong information.

It’s unnecessarily expensive for public services to attempt to maintain hundreds of different records about the same person (but neither feasible nor desirable to amalgamate them into panoptical mega-records). If you provide services on the back of incomplete and inaccurate data there’s every chance the service will be poor and unnecessarily expensive.

And it’s hard to plan and prioritise if you’re not in touch with your customers and people try as far as possible to withhold data from you. If we built churches using the last census there would be a few Jedi cathedrals lying empty.

If we can fix this (and we think it can be done) then people can get better, more responsive service, restored individual responsibility with a path to empowered self-service. HM Treasury also gets a triple dose of cost savings.

It means restoring control over personal data to the individual and building trust on the side of the individual.

User-controlled digital identifiers within an identity assurance framework are prerequisite, and that is just what Cabinet Office is now quietly proposing. Better privacy is a by-product (and a legal requirement, let’s not forget). But the compelling reason to pursue better data logistics with user-driven services is saving money.

10 Responses to “It’s not about identity. Or privacy. It’s about saving money”

Iain Henderson wrote on September 21st, 2010 10:34 pm :

Absolutely…. And on top of the savings that will come from better data logistics, there will be a further round of savings from the applications that run on top of data integrated by the individual. If i’m the point of integration, then it’s pretty much the same web based, self-service application set that runs everything from car parking permits, to fishing licenses, to planning or mortgage applications. Think of how much could be saved by switching off all those localised, silo-ed current ways of doing these things….

David Moss wrote on September 21st, 2010 11:45 pm :

“… the urge to save money will usher in the right identity policy …”

Can you unpack that, please, William?

How does the urge to save money usher in the right identity policy?

And what is the right identity policy? One that protects our privacy, it seems. But how does it protect our privacy?

We all know the notion that we should have control over who sees what bits of our data and everyone piously agrees that that should be built into identity assurance but it isn’t built in. If your UK bank details are shared with the EU and the EU shares with the US, you can’t just recall it from the US.

People keep saying “BankID” to me, and “Norway” and “pseudonym”. Do pseudonyms work in Norway’s BankID scheme? How? (I’ve asked you about pseudonyms before.)

“User-controlled digital identifiers within an identity assurance framework are prerequisite, and that is just what Cabinet Office is now quietly proposing.”

Maybe. But oddly enough, as they haven’t got any money, due to the urge to save it, it’s not going to start, even, let alone happen.

William Heath wrote on September 22nd, 2010 8:12 am :

David – you dont need money to start to accept third-party identifiers, you just need realism. User-controlled identifiers support privacy because there is no common identifier. They support psedonymity.

This wont change statutory problems (eg the poor DPA) or US data grabs. It wont solve every problem. We will all have to show more forebearance and the world will remain imperfect.

My point is the Coalition has not made a high-profile ID plan a priority. And the start point is not stressing about identity. Nor privacy. Nor is it – forgive me – pestering random officials with eccentric and hostile letters.

The start point is the necessity to save money. This will bring in a more rational approach to external/third party identifiers, quite probably including the mobile phone capabilities you have rightly mentioned in the past. This opens the path to the sort of benefits Iain rightly describes in his comment.

Vicky Sargent wrote on September 22nd, 2010 8:27 am :

‘The area to focus on is data logistics’

This jumped out at me because I have just been reading a draft of a forthcoming report from Socitm Insight on Information and Total Place.

The author has been through the Total Place pilot reports and demonstrates the size of the challenge current information management practice poses to prospects for joining up local public services. Time and time again good intentions were frustrated by incomplete or inaccurate data, use of different information standards, varying interpretations of the Data Protection Act, and a host of related issues that will be familiar to anyone reading this.

The report has been written to persuade leaders in public services of why top quality, relevant and timely information is necessary to making whatever follows Total Place a success, and to give Socitm’s constituency, ie CIOs and other information professionals the means to make a credible and convincing business case for investment in information management.

David Moss wrote on September 22nd, 2010 10:25 am :

Central and local government had an identity policy until the election in May. Then they lost it. There will be no ID cards and no National Identity Register. That matters. It is not a non-problem, as Philip Virgo demonstrated yesterday in a brilliant tour d’horizon.

Whether we appear to have no money, as at present, or loadsamoney, as in the past, I wouldn’t obsess about it. What does seem worth obsessing about, money or none, is privacy. And identity.

Topically enough, there was a meeting recently for suppliers to discuss how government could make use of independent third party electronic identity service providers. The meeting was chaired by an excellent official, who speaks clearly, who writes clearly, who is fair-minded and who has the ear of senior politicians – decision-makers. Nothing random about him.

Eccentrically, the idea was deemed to be a non-starter without money. It is a shame you weren’t there to point out that the project could be funded by realism instead.

Looking for sources of value, the suppliers (not the official) wondered whether having access to everyone’s passport data and driving licence data might pay for the project. No, they decided, they already had better quality data anyway. Perhaps if they had taken into account Iain’s fishing licence data that might have tipped the scales (!).

Suppose a new identity service provider appears, the William Heath Organisation, WHO. And WHO offers pseudonyms and maybe even anonyms. How robust is that pseudonymity or anonymity? That is the question I keep coming back to. If Inspector Knacker turns up at WHO’s offices with a warrant and demands to know who some avatar is, in real life, here on terror firmer, how can WHO resist complying?

That’s the bit I don’t understand. Messrs Chaum and Brands offer unconditional anonymity. It sounds great. But how does it work? How can it work? I ask without hostility, armed only with ignorance and an eccentric desire to find out what people are talking about.

William Heath wrote on September 22nd, 2010 3:41 pm :

Individuals are getting screwed. We need to offer them the best tools we possibly can. How good are Brands’ technologies? Best ask Stefan. It seems likely to me we’ll be using them in 12-18 months if Microsoft keeps to the better part of what it has promised (putting U-Prove into Higgins etc).

I’m not the person to ask whether these technologies are perfect. I’m arguing that we should put the best available technology at the disposal of the individual now and in future. That’s not expensive for government to do, because it’s not government that has to do it. Government does have a role, however, in playing its part – mostly as a relying patry – in such an ecosystem.

David Moss wrote on September 24th, 2010 8:30 pm :


There is a government Prior Information Notice according to which “the UK public sector through Directgov is looking for information on the availability of all types of multichannel services that business and personal customers might use to provide satisfactory assurance of identity when interacting with public services”.

Business and personal customers can interact with public services most notably using the UK Government Gateway. Users may identify themselves by a user ID and password, chip and PIN, one-time password or digital certificate. As far as I can see, only one type of digital certificate is allowed, and that is issued by the British Chambers of Commerce. Even that only works with some browsers and some operating systems.

There is an opportunity there. WHO probably wouldn’t qualify as a trusted certification authority, its credibility seems to be dented by being dependent on Microsoft some time in the future and for the moment by not being able explain how its technology achieves the desired objectives of pseudonymous and anonymous use.

But what about WHAT, the William Heath Arena of Trust? If WHAT becomes a trusted certification authority – trusted by the public on the one hand and central and local government on the other – then it could be just the sort of supplier the Cabinet Office/Directgov is looking for, what with not having any money to spend and all.

(To be a bit more precise, actually, WHAT should be a registration authority, which establishes that the individual or legal person is who they say they are, the separate job of issuing a certificate should be undertaken by WHICH, the William Heath Identity Certification Hostel. To complete the set, there will also have to be a revocation authority, WHERE.)

Any interest in that Prior Information Notice?

Best wishes

David Moss wrote on September 24th, 2010 9:25 pm :

Vicky Sargent @ September 22nd, 2010 8:27 am

It’s probably just me but I suspect that your post is at the other end of the spectrum from Ideal Government’s position. It’s a rave from the grave, a dusty and scratched EP found behind the bookcase, nostalgic but utterly outdated.

There is no imperative to help CIOs prepare the business case to spend money on computers. The old Total Place notion that local authorities should shape the character of the communities they serve is back to front. Public servants hiding behind their screens is like policemen hiding in their Panda cars or the station. The advocates of joined up services always predicated their case on the failure of public servants to understand their parishioners and know what they want. Which is a false allegation. The real imperative is to let experienced public servants exercise their judgement.

William Heath wrote on September 26th, 2010 12:23 pm :

Very interestin PIN, I agree. I wonder what replies they got. I dont think the new identity services that emerge will have anyone’s name on them. I’m interested by the US Open ID Exchange OIX, coupled with the capabilities of OpenID and Information Cards and the work of bodies like Kantara and Project Higgins.

David Moss wrote on September 26th, 2010 3:57 pm :

William @ September 26th, 2010 12:23 pm

Yes, I would have thought Directgov should be interested in any trusted third party registration/certification authority which could be added to the list at the front end of the Government Gateway which currently includes only the Chambers of Commerce.

But I could be wrong. They may have lost interest in the Government Gateway. It’s hard to tell. Because it’s hard to find any reports of the response to the PIN. Hard, but not impossible, see particularly post @ Mon, 20 Sep 2010 18:03:22 GMT.