Day: August 9, 2006

New British report on identity card technologies

There is a new report by the British House of Commons Science and Technology Committee entitled, “Identity Card Technologies: Scientific Advice, Risk and Evidence“.

For those new to this blog, the ongoing discussion of a British Identity Card interests me not only because of what it means for Britain's future, but because it is a crucible in which to watch the Laws of Identity play themselves out. The initial proposal broke a number of them – with, so far, the predicted results.

Here is the summary from the multi-party Committee's report:

This Report is the final of three case studies considering the Government’s treatment of scientific advice, risk and evidence. It focuses upon the Home Office’s identity cards scheme, which uses various technologies including biometrics, information and communication technology (ICT) and smart cards. We considered this scheme in order to explore the ways in which scientific advice, risk and evidence could be managed in relation to technologies that are continually developing.

This inquiry has found several areas in which the Home Office’s treatment of scientific advice and evidence appears to be following good practice: the establishment of advisory committees, the use of Office of Government Commerce (OGC) Gateway Reviews and the development of risk management strategies are examples. We welcome the Home Office’s commitment to implementing the scheme gradually rather than using a “big bang” approach, which could jeopardise the success of the programme.

We have also identified weaknesses in the use of scientific advice and evidence. We are disappointed with the lack of transparency surrounding the incorporation of scientific advice, the procurement process and the ICT system.

Potential suppliers are confused about the extent to which the scheme will be prescriptive and when technical specifications will be released. Whilst the Home Office has attempted to consult the wider community, stakeholders have complained that consultations have been unduly limited in scope and their objectives have been unclear.

As a result, the wider community does not have the level of confidence in the scheme that could reasonably be expected at this stage. Whilst the Home Office has determined some aspects of the scheme such as the biometrics, it has left other aspects such as the structure of the database undetermined. Its decisions demonstrate an inconsistent approach to scientific evidence and we are concerned that choices regarding biometric technology have preceded trials. Given that extensive trialling is still to take place, we are sceptical about the validity of costs produced at this stage. We note the danger of cost ceilings driving the choice of technology and call for the Home Office to publish a breakdown of the technology costs following the procurement process.

The identity cards scheme has at least another two years before identity cards begin to be introduced and the scheme has not yet entered its procurement phase. There is still time for the Home Office to make alterations to its processes. We encourage the Home Office to seek advice on ICT from senior and experienced professionals and to establish an ICT assurance committee.

Whilst biometric technology is an important part of the scheme, it must not detract from other aspects of the programme, in particular ICT. It is crucial that the Home Office increases clarity and transparency across the programme, not only in problem areas. We also emphasise that if evidence emerges that contradicts existing assumptions, changes must be made to the programme even if the timescale or cost of the project is extended in consequence.

Peddalo sir? Of course, just leave me your ID card …

Being on vacation, surrounded by bizarre identity phenomena, I liked this post by Jerry Fishenden, Microsoft's National Technology Officer in Britain 

If anyone doubts the extent to which ID cards will be demanded for the most trivial of reasons, my recent experiences on holiday in the Ardennes amused me. On going to hire a peddalo on a lake for myself and my family to inflict some gratuitous self-humiliation on ourselves, I was asked for my ID card.

“I don't have an ID card”, I explained – at which point they asked for my passport. Which I was not carrying with me.

Oh uh – it was not looking good. Was I going to be prevented from some harmless family entertainment on the lake due to the lack of a proper identity document? I couldn't but help observing beside the cash till (in full public view and easy reach) a collection of ID cards and passports provided by other peddalo tourists.

However, it turned out that they wanted the ID card/passport from me purely as some sort of sureity for the hire of the peddalo. I negotiated a cash deposit of 15 Euros instead.

But the episode did highlight to me the risks involved with any ID card that has physically printed on it a wide range of sensitive personal information – who knows what some unscrupulous peddalo hirer might do with that useful information whilst it is in their custody? Let alone someone with a more serious criminal intent.

Even odder, on returning the padlock key for the peddalo after completion of a few half-hearted circum-navigations of the lake, I was offered a choice of ID cards and/or passports to take from the pile beside the till. Until I reminded them that I only needed my 15 Euros returned – not someone else's identity document (kind as it was of them of course to offer me alternative identity documents – and free of charge at that).

The ease with which anyone with an ID card or passport meekly complied with the request and handed them over to a peddalo-hiring stranger also illustrates the extent to which people become complacent about where and who asks for such credentials. Of course, happily most of the time the people that ask us will have the best of intentions. But we still need to design our identity documents with the assumption they do not.

All the more important then that we have the time to ensure any ID card (and the personal information it provides access to) is designed to protect us against casual acquisition and misuse.

While you pondering this one, take a look at Jerry's very thought-inducing piece, “biometrics: enabling guilty men to go free? Further adventures from the law of unintended consequences“.

He focusses on the fact that biometrics are progressively becoming public information, as are many other aspects of our identity.  Because they are being stored in an ever-widening circle of computer systems and without serious security precautions, they may in fact lose the power to convince and convict.  We need to understand these issues if we are to understand the role of biometrics in identity.

The law of unintended consequences seems to be making itself felt a lot these days.

 

Will industry rescue the identity card?

IT Week recently ran a story quoting Simon Davies, director of Privacy International, that has raised an eyebrow or two in the blogosphere.

Industry may need to lead the way if the UK is ever to get a national identity card scheme that can deliver significant security and efficiency benefits.

That is the view of Simon Davies, one of the academics behind the London School of Economics’ controversial report last year on the cost and viability of the government’s ID card scheme. Davies told IT Week that now leaked emails from Whitehall officials have revealed their doubts about the viability of the scheme, the private sector may have to step in to save the project.

“I’ve believed for some months that a ‘white knight’ consortium from industry is needed,” Davies said. “Companies that can see the benefits of the ID card idea should approach the government about effectively taking over the project.”

The Home Office has long argued that the introduction of ID cards will deliver many business benefits, such as more efficient identity verification processes, less fraud, and more secure e-business transactions, and has maintained that it has been working closely with business leaders about how the technology should be used.

Speaking in her office at the newly formed Identity and Passport Service (IPS) earlier this year, Katherine Courtney, director of business development for the government’s ID card scheme, argued that while much of the coverage of ID cards has focused on the ability to tackle fraud and terrorism, it will also deliver such significant business benefits that “we will all be asking ourselves in 10 years’ time how we ever got along without them”.

Courtney added, “Because of the mobility of society and the development of the digital economy, people are leading more complicated lives and want to be able to conduct their personal administration more easily and out of office hours. These changing social trends mean that the capability to prove your identity is vital and this scheme will deliver the enabling technology [to do that].”

The Home Office is talking to public-sector bodies, such as the police and the NHS, and private firms, including banks, retailers, e-businesses and other large employers, about how they could use ID cards. The theory is that if everyone has a national identity card that can be checked against a central register containing biometric and personal details, tapping in a personal PIN code or undergoing a biometric scan will quickly replace the need to photocopy utility bills or show a passport for tasks such as enrolling for a doctor or applying for a loan.

Perhaps unsurprisingly, firms have broadly welcomed plans that the Home Office estimates will save the private sector £425m a year through streamlined identity verification processes and reduced exposure to fraud. In fact, these benefits could prove so significant that organisations will offer incentives for customers to have cards, according to Ed Schaffner, director of enterprise security at IT supplier Unisys – one of the companies likely to bid for part of the Home Office contract…

“The cost of identity fraud is built into the cost of any service,” Schaffner said. “So businesses and banks can say that if you use this card to verify your ID you can have a discount.”

A spokesman for one bank also said identity cards could make it easier it to serve disenfranchised sections of society, such as migratory workers and students, who are less likely to have currently accepted forms of identity proof such as utility bills and passports.

Another way the Home Office hopes the cards will deliver significant benefits for businesses and consumers is by enhancing the security of online transactions. The Home Office argues that asking customers for an ID card number and PIN code that can verify identity against a national register would give organisations a more secure means of identifying online users.

It is a technique already used in Belgium, where 2.5 million people currently hold electronic ID cards and government agencies and banks are using information on the cards to authorise online access to their services. Chatrooms have also started to use ID card checks to ensure age limits are enforced.

In future, attaching card readers and fingerprint scanners, such as those already found on some laptops, to PCs could further strengthen security. If the technology proves as secure as the Home Office promises, retailers and banks would be able to authorise far larger online transactions than at present.

Like many observers, Jeremy Beale, head of e-business at the CBI, has concerns about the technical challenges the scheme will face, but he also argues that a working system could bring huge benefits. “ID cards are not so much a disruptive technology as a stabilising one,” he said. “Firms have been saying for years that they want a single secure standard for online identity verification, and if the government manages to deliver it there could be huge benefits for online commerce.”

But Davies added that despite these potential benefits the government has not been doing enough to form a partnership with industry and technology suppliers to develop a workable ID card system, and it is therefore time for business leaders to take a more proactive role. He argued that management of the scheme should be taken from the Home Office and handed to the Treasury and the Department of Trade and Industry (DTI). “Industry has been left high and dry [by the government’s failure to make its plans clear], and the DTI should be able to rebuild trust with industry,” he said.

Alan Rodger of analyst firm Butler Group said there is a growing belief among some identity management experts that the government should leave the scheme to the private sector. “There is a feeling from some that we should let the market sort it out,” he said. “It would allow the problem [of securing individuals’ identities] to be tackled without the need for huge public investment.”

Separately, Davies argued that now some senior civil servants have expressed fears that the project is likely to fail, the government ought to publish all its reports on the feasibility of the scheme. “It is now all about trust,” Davies added. “The government has to restore some faith in the project.”

Simon, who has been a relentless and towering force in the privacy movement, responded to his critics as follows:

It’s important to recognise that context can be lost in any media report. In this case the quotes are accurate, though of course not complete. I’ve made similar remarks to conferences over the past six months, and for good reason. While it would have been nice to have seen the full conversation published, we all know that’s not the way media does its business.

I doubt that anyone who has followed the UK ID card debate, or indeed the debates in other countries, would have any doubt about where I stand on identity. My views are well known, mainly because government has made a point of repeatedly expressing them in public. I don’t resile from anything I’ve everr done or said on the subject.

As for these particular remarks, I will clarify the position.

1. You will know through the recent leaked emails that it is government, rather than Privacy International, that has lost the plot over the ID card. The Home Office is in disarray and Treasury wants it scrapped or severely limited;

2. You’ll also know from the leaked Market Soundings report that industry no longer supports the goverrnment’s scheme. I’ve know that for more than a year. Industry wants a manageable project that has a light structure and that carries public trust;

3. Into this context comes the idea that industry wanting to pursue the “right” approach (no compulsion, no central register etc) now have the opportunity to do so. Companies like EDS will always support the government line. Others are moving quickly to establish an alternative position.

4. The idea of the “White Knight Consortium” has been around since mid 2005, when it was first discussed at an industry-wide meeting of the Enterprise Privacy Group. I supported the idea then because it seemed the best way to derail the government approach.

I don’t see any need to defend myself, other than to observe how odd it feels to be hailed one day as the master strategist behind the ill-fortunes of the scheme, and the next to be condemned as a guy who lost the plot.

The “plot” is something I have well and truly in mind, and maybe you just need to reflect a little more on what I’m supporting and why I’m supporting it, rather than lashing out. Strategy and tactics on an issue like this are long term game-plans.

I've met Simon – in fact he's a privacy mentor for me.  It's true he's put a few noses out of joint over the last couple of decades.  No wonder – he was so far ahead of the rest of us in his thinking.  Talk to him for two minutes and you can see that he has worked with these issues for a long time, and understands them in a many-sided way.

Incredibly, in 1994, when people like me didn't yet have a clue we might encounter privacy issues with digital technology, he had already written Touching Big Brother – How biometric technology will fuse flesh and machine.   I don't throw out the word visionary lightly, but read this article and wonder.

Through his work at the London School of Economics he has spent a lot of time talking with cryptographers and computer scientists to understand what can actually be done to replace current systems with ones which really are privacy enhancing.  After all, does anyone think the current situation represents a Nirvanna?  Not me – I've seen too many of the existing systems.

It's true that through unlikely initiatives such as the proposed UK Identity Card system, replete with panopticon observation post and massive centralized database, the handling of our personal information and threat to our privacy could actually get worse than it currently is.  But I don't think this type of initiative will succeed – it's like building a sixty-foot man.

So, surely, it is just as possible that we can take advantage of the increased awareness around these issues – and the amazing new technological possibilities that have emerged in the last few years – to allow government and business to become more secure and more privacy enhancing than they currently are.

Given the proper adult supervision by privacy advocates and policy experts, industry could, as Simon says, bring to life alternatives to the Dr. No blueprints that have emerged so far. 

It may still be hard to imagine a national (or international) conversation that includes notions like “directional identity”, but I think it will come.  Governments will inevitably see that the way to best strengthen their own security is to build strong social consensus by protecting the privacy of citizens at the same time they look after the interests of the state.

As always, the key here is “User Control and Consent”.  Citizens have to want to use the system.  Close behind are “Minimal Disclosure” and “Directed Identifiers” and all the other Laws of Identity.  Any successful ID card will have to be more attractive than the status quo – proving it is a step forward, not backward, and winning support.