Being on vacation, surrounded by bizarre identity phenomena, I liked this post by Jerry Fishenden, Microsoft's National Technology Officer in Britain
If anyone doubts the extent to which ID cards will be demanded for the most trivial of reasons, my recent experiences on holiday in the Ardennes amused me. On going to hire a peddalo on a lake for myself and my family to inflict some gratuitous self-humiliation on ourselves, I was asked for my ID card.
“I don't have an ID card”, I explained – at which point they asked for my passport. Which I was not carrying with me.
Oh uh – it was not looking good. Was I going to be prevented from some harmless family entertainment on the lake due to the lack of a proper identity document? I couldn't but help observing beside the cash till (in full public view and easy reach) a collection of ID cards and passports provided by other peddalo tourists.
However, it turned out that they wanted the ID card/passport from me purely as some sort of sureity for the hire of the peddalo. I negotiated a cash deposit of 15 Euros instead.
But the episode did highlight to me the risks involved with any ID card that has physically printed on it a wide range of sensitive personal information – who knows what some unscrupulous peddalo hirer might do with that useful information whilst it is in their custody? Let alone someone with a more serious criminal intent.
Even odder, on returning the padlock key for the peddalo after completion of a few half-hearted circum-navigations of the lake, I was offered a choice of ID cards and/or passports to take from the pile beside the till. Until I reminded them that I only needed my 15 Euros returned – not someone else's identity document (kind as it was of them of course to offer me alternative identity documents – and free of charge at that).
The ease with which anyone with an ID card or passport meekly complied with the request and handed them over to a peddalo-hiring stranger also illustrates the extent to which people become complacent about where and who asks for such credentials. Of course, happily most of the time the people that ask us will have the best of intentions. But we still need to design our identity documents with the assumption they do not.
All the more important then that we have the time to ensure any ID card (and the personal information it provides access to) is designed to protect us against casual acquisition and misuse.
While you pondering this one, take a look at Jerry's very thought-inducing piece, “biometrics: enabling guilty men to go free? Further adventures from the law of unintended consequences“.
He focusses on the fact that biometrics are progressively becoming public information, as are many other aspects of our identity. Because they are being stored in an ever-widening circle of computer systems and without serious security precautions, they may in fact lose the power to convince and convict. We need to understand these issues if we are to understand the role of biometrics in identity.
The law of unintended consequences seems to be making itself felt a lot these days.