I’ve been learning more about British Identity Cards. Here is how the BBC covered introduction of the legislation by Home Secretary David Blunkett, who said polls showed 80% of the population supports the initiative.
The proposed Bill is short (sixty pages) and makes an interesting read – if you are an identity freak. The typical Labour Member of Parliament talks about it this way. The Conservative Party supports the initiative too (though it worries that it is tainted by Labour's sponsorship…) At the other end of the spectrum, the Liberty human rights organization (no resemblance to the American Liberty Alliance) is critical for several reasons – including cost and the lack of protection from “feature creep”. The BBC's ‘briefing page” is here.
The plan is to phase the card in over time, and although its use is initially optional, the bill lays out procedures to make procurement of a card mandatory for various “groups of persons”. Everyone would be required to have a card by 2013. People will use the card in order to gain access to government services – or when required to do so by the appropriate authorities.
The British card is so far very much framed for use in the brick and mortar world. It ties citizens to an entry in a centralized “registry” that would contain the following information (details are here):
- personal information: names, birth date, current and previous addresses
- identifying information: photograph, signature, fingerprints, other biometric info
- residential status: nationality, terms and conditions of entitlement to remain in the United Kingdom
- personal reference numbers: national identity number, national insurance number, and the numbers on ID cards, passports, immigration documents, work permits, driving license, and other documents issued
- record history: circumstances surrounding changes in information; date of death
- registration and ID card history
- validation information
- security information: personal identification number, password, questions and answers used for identification
- records of provision of information: all kinds of information about the circumstances under which information from the registry was disclosed to others
Reading the Bill, there is no obvious discussion of use of the cards for identification in the virtual world. Yet it is inevitable, going forward, that as more governmental services are offered through electronic means, the government identity card will become a digital identity for use in dealing with Government services.
We can thus say that from the point of view of creating a universal system of digital identity, initiatives such as this one are essential features of the emerging landscape. A universal system should be able to integrate governmental identification in the appropriate contexts, which in turn will vary on a national basis according to what the British Information Commissioner calls “the relationship between state and citizen”.
The issues of identity in the Brick and Mortar world are outside the scope of the discussion I am animating here. But it seems the British Government could benefit by looking into the Fourth Law of Identity, and actually taking more advantage of the cryptographic capabilities of state-of-the-art cards. So far, it seems that the new identity cards, despite the presence of a nice golden chip, are conceived of just like their old-fashioned plastic predecessors.
The government says it is far too early to have worked through the specific implementation that will be deployed – and that it is still open to proposals. So maybe technical thinkers in Britain will be able to convey some of the technological options which can better achieve the purposes behind this initiative.
After all, David Blunkett says, “ID cards will mean people have to give the state less information about themselves.” And Tony Blair says that ID cards would “protect rather than erode civil liberties”. This is actually possible if the card is thought out better. But there is a lot of work to do.
For example, the card could emit unidirectional identifiers for each division of government. Though unidirectional and relevant only in the world of a given department, the identifiers would uniquely identify a person as qualifying for services. In such a scheme, one's health records would not be keyed directly to one's driving license or income taxes, because the card would produce a different, but still official, identifier for each department. The various departments could then be made accountable for storage of only that information which concerns them. And a breach of one of these systems would result only in the breach of a small subset of a citizen's information, directly addressing the legitimate concerns of the Information Commissioner.
At the same time, the full set of unidirectional identifiers associated with a given person could be made available through another closely guarded system. The security of this system could be based on separation of duties – such that some procedure would need to be followed to obtain knowledge of the set of identifiers emanating from a single ID card. Armed with this set of unidirectional identifiers, an authorized investigator could assemble relevant information from all the departments stewarding specific knowledge. By combining cryptography, networking and web services, this kind of distributed system would provide information in as timely a manner as the one currently proposed.
In this scenario the state obtains the ability to garner the information it needs while protecting the privacy of its citizens and without creating a central storage site that would be nothing if not an information-disaster-waiting-to-happen. As a technologist I worry that the registry, as currently described, has been devised without regard to the laws of entropy. Why create a single system that knows everything and thus needs to be accessible by far too many people given the value of its contents?
Somehow I am certain that no political person or senior civil servant would want to be the father of a system embodying so much risk when the same results can be achieved without any risk at all. I hope that as the project goes forward this thinking can be communicated to those involved.
