Identity

Discussion group about emerging industry best practice in online identity, the Home Office's plans for complulsory triple biometric ID register and ID cards for the UK, and the independent LSE Identity Project .

16 May 2008

CRM turned upside down and inside out

We can’t say who said it or where, but the other night we had a meaty dinner conversation (apologies to veggies). Customer Relationship Management (CRM) hasn’t fulfilled its promise, and new ways of doing things are emerging. To what extent may this hold important lessons for government and public services?

 

26 Apr 2008

Rubbish Japanese fingerprint video

Why is it that the spooky biometrics junkies who want to fingerprint, register and scan us make such rubbish, stilted videos which just feel like lies? And why do they use such satanic muzak? See

Suddenly Japan is added to the list of countries we have to find excuses to avoid visiting. Why is it that the antis have all the humanity, all the best gags and all the media skills? And feel as if they’re telling the truth? And who is more worthy of our trust - the stilted fibbers or the confident, empathetic artists with rocking taste in music?

 

17 Apr 2008

Does this InfoCards press release qualify PR person Kersti as a possible IdealGov author?

What do you do if an email appears in your intray from someone called Kersti Klami? I should add the subject line is perfectly repeatable in polite company. Anyway, I opened it and had a look. It turns out that she is a PR person working for some company called Racehorse or Fusion or something. Here’s what she has to say:

 

13 Apr 2008

ID: bid risk and the vulnerability of IPS

According to an August 2007 article in the FT, contracts will be awarded for suppliers to the NIS this Spring. Now. But will any suppliers bid? After all:

• The NIS may turn out to be a smaller system than suppliers expected and there may be less money to make out of it as a result. Crosby has ruled that the high volume of transactions that go through the banks and the big retailers are not on the menu. There is no reason for suppliers to expect the NIS to be involved in DWP benefit claims nor in the health service nor education. Scotland may refuse to use the NIS, and Wales, too. Its advocates always claim that the NIS will be used to prove everyone’s right to work in the UK but IPS failed to provide the ID checking service they promised. And it may be that, far from everyone aged 16 and over, only certain sections of the population will be fingerprinted.

• The timescales are stretching. Far from starting at the end of 2009, as previously planned, the NIS will not start to be rolled out in earnest now until 2012. And given IPS’s track record, suppliers would be well advised to allow for more delays.

• As the economy dips, people will want more assurance that their stealth tax money is being well spent. Hard to provide that assurance, when a number of prospective suppliers have already pulled out of the bidding, the House of Commons Science and Technology Committee are just as unimpressed with IPS’s plans as Crosby and the biometrics on which the NIS depends are unreliable.

• There are alternatives to the NIS. Identity assurance could be provided by the banks and/or the mobile phone companies and/or the utility companies and/or the credit referencing agencies. The NIS could become irrelevant. These other systems could be more effective and could come on-stream earlier than IPS’s 15-year timetable – a surprisingly relaxed timetable, given that we’re talking here about the UK’s response to crime and terrorism.

• Suppliers to the NIS would be victims of the lack of trust in the government identified by Crosby – they would be tarred with the same brush.

• IPS is not some unstoppable behemoth with a mandate to monitor everyone in the UK. On the contrary, it is a supplicant, in sales talks with prospective customers, and it hasn’t closed a single deal yet.

• Suppliers will be dependent on IPS and IPS are vulnerable. They are dependent on Labour and Labour treat the NIS like a political football. If the Lib Dems or the Conservatives come to power, the NIS will be cancelled, as its equivalent was in Australia, and suppliers cannot expect to be bailed out.

So now how sensible does it look for a supplier to invest in this project? Which sensible chief executive would commit the funds? Why? What return is sensibly to be expected? What price risk?

(This article is the summary of a longer paper on the subject, ‘A risk assessment for prospective suppliers to the UK NIS’, which first saw the light of day on IdealGovernment.com in November 2007.)

 

10 Apr 2008

Steady progress by the forces of sanity

No2ID pulled off a major coup with its mayoral hustings. Ken didnt show up and was branded a coward by the-man-whom-Ministers-are forbidden-from-calling-Boris, who promised to cut his ID card and “sprinkle it on my cornflakes”. Details from BBC below.

And CAAT has won a High Court ruling that the Government acted unlawfully when it curtailed a corruption investigation into BAE Systems’ Al Yamamah arms deals with Saudi Arabia.

 

08 Apr 2008

ID: outstanding questions on The Benighted Scheme

I dont really get this. An eyewitness made a contempory note of Meg Hillier telling the Home Affairs Select cttee

The National Identity Register, essentially, will be a secure database; ...hack-proof, not connected to the Internet...not be accessible online; any links with any other agency will be down encrypted links.

I understand the officials present were passing notes to try to get her back on message. What appears in the official record is is

The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will
be down encrypted links.

Why ws that toned down? If it’s not accessible online what is the use of it? Will people have to send CDs to each other? But if it is linked live to other agencies isnt that online?

Also, now we’re procuring the damn thing, do we know what will be on the card? Do we know how people authenticate the card, and what they can check?

I suspect it’s too much to try to get answers to all these questions. What would be really great is if we could get a list of all the outstanding questions about how the Benighted Scheme is supposed to work. Vey glad of any help and thoughts. Delighted to get contributions and clarifications form our loyal readers inside IPS.

 

03 Apr 2008

Biometric Bus Pass Arrives, but not as ID

My new “biometric” bus pass card finally arrived this morning – complete with a 16 page book of confusing rules which basically says that the rules are very complicated so we should always “ask the driver” whether our cards are valid for each particular journey!

For example, it seems that we can travel from the hospital in the next county before 09:30 or after 23:00; but not from the closer hospital in our county town! With a “companion” we can apparently travel to/from a much more distant specialist hospital; something we apparently cannot do alone!

In spite of the expense of this new scheme, this new card is little use as ID: Unlike the previous bus pass, this one has no space for the user’s signature (the back is covered with yet more rules). Also, the “passport grade” photo they demanded will often not look like the user – eg. No spectacles etc.

Surprisingly, in this era of “social inclusion” there are two types and colours of card – although both have exactly the same benefits: The “elderly” have a wide red stripe and the “disabled” have an orange stripe.

Wibbis:
1. New initiatives occasionally made life simpler!
2. Officialdom was not so keen on inventing new rules.
3. Some thought had been given to producing a multi-purpose card.

 

31 Mar 2008

How Would ID Cards Improve This?

I’ve written before about the importance of verifying a person’s “role” rather than their “identity.”

Today, someone wearing a baseball cap arrived “to read the meter.” Although he wasn’t wearing the usual Siemens uniform or driving a Siemens van, he claimed to be from Siemens. Eventually, he agreed to show his ID but it was from a different company, with something about Siemens written on the back. He then tried to push past me into the house.

We’re warned that “bogus officials” are operating in our area and that we should check callers. Any genuine meter reader should know that in this street, the electricity meters are not actually inside the houses! Becoming ever more suspicious, I was about to ask for his “office phone number” but he made a hasty exit.

So, how would the government’s proposed ID card scheme help with this type of everyday need for individuals to check the credentials of “officials.”

- Would a biometric ID card help verify someone’s official “role” or would it only show their name?
- Would a biometric ID card be any use in this situation or would “officials” still need separate “credentials” issued by their employer or sponsor?
- How could any government ID scheme be adjusted to help with this?

Story continues…

 

28 Mar 2008

No sign of NHS-ID System linkage discussions

I’m very surprised. DoH! tells me there is no correspondence between themselves and the Home Office about linkage between the Benighted ID System and probematic Connecting for Health. But it’s quite clear that Home Office made a major bid to forge such linkage, which was robustly rejected by the D’oH! Stuart Craig sens me a polite FoI reply:

Our ref: DE00000284182

28 March 2008
Dear Mr Heath,

Thank you for your email requesting, under the terms of the Freedom of
Information Act 2000, copies of communications between the Department of
Health and the Home Office about the relationship between the National
Programme for Information Technology and the National Identity Register.
Your request was received on 27 February and it has been passed to me for
reply.

I can confirm that the Department does not hold any information of the
nature you have requested. It may help if I explain that there are no
plans to disclose NHS patient information to the National Identity
Register, and no plans for physical or electronic linkage between what
would be two completely separate systems.

If you have any queries about this letter, please contact me. Please
remember to quote the reference number above in any future communications.

Can such a significant and robust exchange have left no audit trail at all? 

 

08 Mar 2008

More of the weeks’ ID stuff: catching up on Demos’s “FYI”

Demos were dishing out copies of their 2007 For Your Information report at Thursday’s ID speech. I hadn’t seen it before, and it’s quite good, tho it doesn’t condense very well into its executive summary.

It focusses straight on the issue of mechanised compassion and rules-based discrimination. That, the authors argue, is why we need a politics of personal information: there’s a tension between empowerment through information and control by information. It recommends that people must be put at the centre of their own information flows and protect their personal information. Government should get its act together on the issue, apply “cash-handling” disciplines to personal data. About the ID Scheme they say

There needs to be a serious, renewed debate about the identity card scheme, with the kind of engagement that should have happened at the start of the process. Otherwise, the scheme should be dropped.

Interesting piece of work. All these pieces of work - Crosby, FYI, the OECD piece - suggest a maturing of the debate.

I reckon the one piece of text that didn’t add much to ID life last week was the Home Secretary’s speech - the Demos director Catherine Fieschi’s intro was a whole stack better. And surely the seminal ID event of last week will turn out to be the Microsoft-Credentica deal. 

 

Reflections on the Crosby report

Soon after I’d signed to A&M Records the MD of a small merchant bank tried to explain the pop industry to me: “Essentially,"he said, “it all revolves around the bank.” In his long-awaited, much delayed & redacted and nearly buried-alive report Sir James Crosby views identity assurance from the same perspective.

He uses a banker’s vision of ID assurance to charge down the wholly government-centric view of ID management. The banker’s version is more enlightened than the Home Office/IPS/unmentionables version because it recognises up front that this must work for the data subjects. Crosby uses each of three terms - consumer, customer, citizen - in different contexts without elaboration. But he doesn’t seem to have talked to a lot of them per se.

Those hoping for robust public debate ID management or assurance will be delighted. Those who never wanted a debate but just wanted everyone to do what they’re told managed to delay things for quite a bit but now simply have to gnash their teeth and start to face reality. The confirmation of different perspectives in different Departments has belatedly brought government into a two-dimensional debate. There is of course more to come.

Here are a few specific thoughts on ”Challenges and Opportunities”.

Crosby makes a series of powerful points about switching from the “control” model of central ID management to more a consumer-led system of ID assurance. I made dozens of ticks in the margins about points like consumer acceptance and technological evolution, and even a few smileys.

In over a decade of looking for it, it’s the first time I’ve seen long-overdue presumptions for the deletion of unnecessary personal data and maximal anonymity in a government report. The Home Secretary said

Sir James strongly supports a universal identity scheme, including a role for identity cards, and makes a strong case for speedy and consumer-led introduction.

This may be. But the headline-news finding, (as I quoted below) is that he dismisses the Benighted Scheme as an irrelevance: it won’t deliver the customer-led ID assurance he says is necessary.

He writes as if he overestimates the extent to which people or businesses need to know each other. For example he says cash facilitated trade between people “who didn’t necessarily know each other” but he could have said “between people who longer needed to know or trust each other”. Cash works fine anonymously. And suppliers don’t always have to know their customers. I happen to know the opera- and cricket-loving Mr Patel who sells me newspapers but that’s an incidental pleasure and not germane to our transaction. He says Chip & PIN enjoys high levels of trust but, like the citizens of Peterborough, I’d rather hand over cash to Sri Lankans in a petrol station full of CCTV cameras.

He doesn’t seem to set out why one universal ID assurance scheme is so much more desirable than a series of overlapping schemes that work well. If there is to be just one scheme, are all the others to be exterminated somehow, or just fall into disuse?

He assumes that the output of a successful ID assurance scheme will inevitably be a mass of surveillance audit data for security purposes. This ignores the possibility of anonymous or privacy-protective schemes (such as Microsoft will soon be able to provide after its acquisition the same day of Credentica). This comes back to his own point about consumer acceptance. Given a choice, will consumers choose a scheme which is known to leak data to law enforcement over one that doesn’t? Or will it be like the phone system, where everyone can be tapped unless they go to extreme lengths of an encrypted phone or use Skype? Put another way, will consumers be as offended by ”Eingriffe in den absolut geschützten Kernbereich privater Lebensgestaltung” as the authors of the German constitution are?

He is much more focussed on social and economic benefits in an increasingly online world than the (now mostly long-gone) architects of the Home Office/IPS/Intellect/spook-central Scheme. His arguments about the benefits of increased usage really only apply to new business in the online world. It’s not as if more convenient systems of ID assertion are going to make us want more bank accounts, do more foreign travel or to apply for more jobs.

Anyway, a pretty cool piece of work in very challenging circumstances, so well done Sir James and the team. He forgot to credit Ruth, Scott and me for the presentation Kable worked pretty hard to put together for him and his team. But hey - it was fun to do, and his report echoes a lot of what we said.

 

07 Mar 2008

LibDem MP Richard Allan was ahead of his time…

You know this fab new suggestion that we can choose whether to have an ID Card or a passport after we’ve been interrogated, fingerprinted and enrolled on two different registers? I seem to recall someone suggesting three years ago the last people we needed to issue ID cards to were people with passports. But the government was too busy pressing ahead to listen....

 

ID news: it ain’t all bad….

Well, the British government may grind on in its inexorable path of unenlightenment. But Microsoft has bought Credentica’s U-Prove patents. And Stefan Brands (one of the very few potential saviours of this world, whom the British government studiously ignores) is now colleagues with Kim Cameron (one of the very few other potential saviours of this particular world, whom the UK government also studiously ignores but whom the more enlightened Scottish government lionises). Great move Kim and Microsoft! Well deserved Stefan! I look forward to a great deal of synergy and traction. 

 

06 Mar 2008

Home Secretary and the future of ID Cards

Ho hum. I’m listening to the Home Secretary with a heavy heart..

She’s a true believer, and finds it inconceivable there should not be a single secure way to secure our identity. She asserts that the control of who gets one or not is or government. There’s language of choice, but it only really means you can use an ID Card or a Passport (or maybe soon a driving licence) to link to your record on the register. There’s a timescale and stuff, and they think they’ve carved £1bn out of the costs (details will be in the statutory cost review). I’ll try to reproduce all the language of choice, benefit, ability to correct problems.

Ooh. Michael Keegan from Fujitsu has just asked when Easter 2007 is likely to fall. The Minister’s answer is....today, alongside this, and the Crosby report is in the room. So let’s have an Easter egg hunt.

UPDATE 1348. It wasnt there, but it’s on the web now. Crosby says in his press blurb

“Like never before we all need to be able to assert our identity with ease and confidence. Collectively, our ability to do so is of significant economic and social consequence. But first and foremost our identity belongs to us, no one else. The potential of any mass ID system such as ID Cards therefore lies in the extent to which it is created by consumers for consumers.

“I have had the privilege of listening to a very wide range of opinion [Yup. He listened to our, and was both polite and pretty forthright in his own views]. But Government departments and agencies, private sector companies, regulators, special interest groups and technology providers were all united on one thing. The future of identity lies in putting the consumers first. [Hurrah] For many, including Government, that calls for radical new thinking.” [Hurrah]

Speaking about the ID Scheme he says this

I have no remit to comment on the desirability or otherwise of this plan [Which must be a relief for IPS]. However, in my opinion, the Strategic Action Plan (2006) will not be the catalyst for the emergence of the consumer-driven universal ID assurance system envisaged by this report.

Man, that’s the REDACTED version, after 18 months’ delay and wrangling. How must the original version have been like?

Then he sets out his 10 principles

For that to be the case, I believe the design of any ID card scheme would need to be based on the following
ten broad principles:

1. The purpose of any scheme should be restricted to that of enabling citizens to assert their identity with ease and confidence. The scheme should set targets for the quality of assurance achieved at enrolment and verification, which should generally exceed those achieved elsewhere, and it should regularly report its performance against those targets.

2. The scheme’s governance should be designed to inspire the highest level of trust among citizens. It should be operated independently of Government (say, accountable directly to Parliament) and in principle its processes and security arrangements should be subject to the approval of the Information Commissioner, who should have the power periodically to review delivery.

3. As a matter of principle, the amount of data stored should be minimised. Full biometric images (other than photographs) should not be kept. Only non-unique digital representations of biometric images should be stored. Additional data accessed during enrolment and records of verification enquiries should not be retained. All data and systems should be protected by “state of the art” encryption technology. Citizens should “own” their entry on any register in the sense that it should not be possible, other than for the purposes of national security, for any such data (to include digital representations of biometrics) to leave the register without their informed consent.
Verification of identity should be performed without the release of data.

4. Enrolment processes should be different for individuals with different circumstances, and change over time so as to minimise costs and give citizens the simplest and most hassle-free experience consistent with the achievement of the published assurance targets.

5. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.

6. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.

7. Citizens who lose cards or whose identity is compromised should be able to rely on their cards being replaced or their identity being repaired quickly and efficiently and in accordance with published service standards.

8. Technically the scheme’s systems should be closely aligned to those of the banks (both initially and in the future) so as to utilise their investment, de-risk the scheme’s development, and assist convergence to common standards across the ID assurance systems and processes deployed internationally by banks and other national ID card schemes.

9. To engage consumers’ hearts and minds on the scale required, enrolment and any tokens should be provided free of charge.

10. The market should play a role in delivering a universal ID assurance scheme. This will improve the ease with which consumers can use the scheme and minimise costs.

I regard each aspect of these principles to be critical to the goal of creating the conditions for a consumer-driven universal ID assurance scheme to emerge and flourish.

This is going to need careful comment and scrutiny. It’s already happening on the mail lists. Help! Sam! We need a CommentonThis version! (Maybe he’s doing it already).

 

05 Mar 2008

Scene set for ID announcement tomorrow….

Just got a message from the Pea-Moss (who often has an uncanny insight into the inner thoughts of the tribe). He said

that Cabinet met for approximately 1 hour and 20 minutes this morning. The main items of discussion were; where we were on ID cards ahead of Jacqui Smith’s speech on Thursday and a presentation from Ruth Kelly on roads and congestions, outlining some of the main themes of her speech this morning.

What is a Cabinet discussion on identity like? Do they interrupt each other like Johannes Humphrissimus Maximus Interromptor? Do they listen to each other? Is there any reflective silence? Do they seek to be guided by divine will, by “what technology wants” or some global view informed by Mori of what is best for the country? Or is everything couched in terms of how the Opposition will attack them and how it will look in the Murdoch press?

Does the dimension of the online world feature in their perceptions of ID? Did Cameron’s laws get an airing?

Questions, questions, Anyway, it seems the Minister called Jacqui Smith will answer them tomorrow. I understand she’s making a speech at a think tank tomorrow morning. Perhaps she’ll speak in da House tomorrow also. It still feels like a long haul before we’re out of the woods on this one, and before the “absolut geschütztes Kernbereich unserer privater Lebensgestaltung” is out of danger.

The Pea-Moss also said [asked where the Government was in regards to ID Cards]

that it was best to wait for Jacqui Smith’s speech on Thursday which would set out the latest state of play. Asked for more information on the ID Cards discussion at Cabinet this morning, the PMS said that Jacqui Smith would set out the position on Thursday and it was best to wait for that. Asked if the position on ID Cards was somewhat different to the current one, the PMS said it was important for people not to get too far ahead of themselves; what Jacqui Smith would be doing on Thursday was providing a bit more detail on the implementation.

OK: we’ll wait in hope, and we won’t get too far ahead of ourselves. If all they’re talking about is implementing the existing plan-as-described we shall remain calm and constructive. We may have to let the Germans sort this out first, then copy what they did in 20 years’ time. 

 
Page 1 of 15 pages  1 2 3 >  Last »

Ideal Government

Let's say what we want from e-enabled government. Let's observe government first-hand. Let's say "Wouldn't It Be Better If" (WIBBI). Become an ethnographer of bureaucracy today! It beats getting frustrated with public services.

Categories

Comment

Anyone is free to comment. Or mail with an article if you want to be an author. I'll post it up and send you a password. This whole thing is supported by Kable.

Sponsor

Authors with password: click here to post

BLOGS etc
 Bruce Schneier
Jeff Jonas, IBM
Jerry Fishenden
Headshift
Ian Brown
Kim Cameron, MS
Matthew Somerville
Public strategist
Richard Allan
Robin Wilton, Sun
Sam Smith
Stefan Brands, Credentica
Toby Stevens, EPG
Whitehall Webby
Will Davies

CRITICAL FRIENDS
 Action on Rights for Children
Big Opt-Out
FIPR
Light blue touchpaper
NHS23
No2ID
Perfect e-democracy
Spy blog
Verified Voting

PERTINENT ART
ACLU privacy pizza
Very model of a notional identity
Swizz of the cards
Handelsman: NSA wiretaps
Handelsman: US spying
Wearcam
Googlezon
Three dead trolls
Stefanos Pantagis

ESSENTIALS
Cluetrain Manifesto
RAE Dilemmas of Privacy
NCC Playlist for public services
Sousveillance
Stefan Brands' book summary
Ross Anderson book

Engelbart Mother of all demos
OTHER ID/SECURITY
 ID theft spy
Planet Identity
Pledgebank for refuseniks
Home Office ID cards
Credentica
Ann Cavoukian, Ontario


MYSOCIETY & SAM'S STUFF
 MySociety/
They work for you
Fax your MP
DirectionlessGov
Comment on This

...and the original
Stand ID card campaign
PUBLIC SERVANT BLOGS
 David Milliband
Read my day
Lynne Featherstone MP
David Copperfield - police
Roy Taylor, Kingston
ReadmyDay
Bill Sticker - parking
Ealing Magistrate
Cllr Andrew Brown
Reynolds/Ambulance

MAPS MASHUPS WE LIKED...
 Plymouth Schools
Ben's UK speed cameras
5-day weather forecast
House sale prices
g-Traffic info
Place-O-Pedia

For Google maps mashups see
 Googlemapsmania blog

ADVISERS, NGOs
 Advice now
Advice Services Alliance
Advice UK
Citizens' Advice


Old stuff
RSS in government blog

Authors

Member List

Sign up for new articles

Locations of visitors to this page

Copyright

Creative Commons License - Some Rights Reserved Protect your Bits. Support ORG. Open Rights Group

Designed by...

visit ScoreCommunications Ltd

Statistics

This page has been viewed 1001001 times

Entries: 1523 | Comments: 2374 | Trackbacks: 206
Most Recent Entry: 05/16/2008 10:36 pm
Most Recent Comment: 05/16/2008 11:49 am

Members: 185 | Logged in: 0 | Guests: 52
Most recent visitor: 05/17/2008 04:32 am
Most visitors ever: 443 on 10/12/2005 02:21 pm