Broken Laws of Identity lead to system's destruction

Britain's Home Office has posted a remarkable video, showing Immigration Minister Damian Green methodically pulverizing the disk drives that once held the centralized database that was to be connected to the British ID Cards introduced by Tony Blair.  

“What we're doing today is CRUSHING, the final remnants of the national identity card scheme – the disks and hard drives that held the information on the national identity register have been wiped and they're crushed and reduced to bits of metal so everyone can be absolutely sure that the identity scheme is absolutely dead and buried.

“This whole experiment of trying to collect huge amounts of private information on everyone in this country – and collecting on the central database – is no more, and it's a first step towards a wider agenda of freedom.  We're publishing the protection of freedoms bill as well, and what this shows is that we want to rebalance the security and freedom of the citizen.  We think that previously we have not had enough emphasis on peoples’ individual freedom and privacy, and we're determined to restore the proper balance on that.”

Readers of Identityblog will recall that the British scheme was exceptional in breaking so many of the Laws of Identity at once.  It flouted the first law – User control and Consent – since citizen participation was mandatory.  It broke the second – Minimal Disclosure for a Constrained Use – since it followed the premise that as much information as possible should be assembled in a central location for whatever uses might arise…  The third law of Justifiable Parties was not addressed given the centralized architecture of the system, in which all departments would have made queries and posted updates to the same database and access could have been extended at the flick of a wrist.  And the fourth law of “Directed Identity” was a clear non-goal, since the whole idea was to use a single identifier to unify all possible information.

Over time opposition to the scheme began to grow and became widespread, even though the Blair and Brown governments claimed their polls showed majority support.  Many well-known technologists and privacy advocates attempted to convince them to consider privacy enhancing technologies and architectures that would be less vulnerable to security and privacy meltdown – but without success.  Beyond the scheme's many technical deficiencies, the social fracturing it created eventually assured its irrelevance as a foundational element for the digital future.

Many say the scheme was an important issue in the last British election.  It certainly appears the change in government has left the ID card scheme in the dust, with politicians of all stripes eager to distance themselves from it.  Damian Green, who worked in television and understands it, does a masterful job of showing what his views are.  His video posted by the Home Office, seems iconic.

All in all, the fate of the British ID Card and centralized database scheme is exactly what was predicted by the Laws of Identity:

Those of us who work on or with identity systems need to obey the Laws of Identity.  Otherwise, we create a wake of reinforcing side-effects that eventually undermine all resulting technology.  The result is similar to what would happen if civil engineers were to flount the law of gravity.  By following the Laws we can build a unifying identity metasystem that is universally accepted and enduring.

[Thanks to Jerry Fishenden (here and here) for twittering Damian Green's video]

Published by

Kim Cameron

Work on identity.

4 thoughts on “Broken Laws of Identity lead to system's destruction”

  1. Damn right Kim, and you called this correctly from day one.

    It is frustrating that our UK lawmakers refused to listen to and blanked out the best technical advice available to them (not least your own). They did feel that by calling these “laws” you were stealing language which was theirs, but that's a reflection of their own disastrous insularity. You could have called them principles I suppose, but it wouldn't have altered the substance.

    Time to try and get it right now……

  2. William, I have used the word “law” in the sense of a “scientific law” – and as far as I know, politicians don't own those, although they may on occasion imagine they do.

    For example: “A scientific law or scientific principle is a concise verbal or mathematical statement of a relation that expresses a fundamental principle of science [in the present case, computer science – Kim]… A law differs from a scientific theory in that it does not posit a mechanism or explanation of phenomena: it is merely a distillation of the results of repeated observation… The term “scientific law” is traditionally associated with the natural sciences, though the social sciences also contain scientific laws [Thus certainly, computer science – Kim] Laws can become obsolete if they are found in contradiction with new data.”

    Digital identity can only be modeled through systems, and the Laws of Identity are, so far, those constraining the characteristics of those systems. Our observation and inductive reasoning tells us that when you build identity systems that are not so constrained, they fall from usage (collapse). The collapse of the British Identity Card proposal was predictable in light of the Laws of Identity and represents another observation point causing us to want to retain those Laws as having predictive power.

    Politicians, policymakers and technologists should all take note.

Comments are closed.