Sir Jerry?

I chose the article below, entitled “Microsoft slams UK ID card database”, out of more than 10,000 blogosphere and magazine references to Jerry Fishenden's recent piece in the Scotsman (I carried it here.) What an amazing demonstration of the way the Blogosphere can light up when someone says what needs to be said.

Jerry is the National Technology Officer for Microsoft in Britain, and I really commend him for trying to convince the British Home Office to back away from a plan which doesn't at all seem to have been thought through technically or embody the Laws of Identity.

On my recent visits to England, I didn't encounter one individual with an IT background who approved of the current Home Office proposals – whether they were high ranking government officials, industry experts, consultants or people interested in public policy. And I met many hundreds.

Here's the content of the article.

Microsoft‘s national technology officer has attacked the UK government's plans for a centralised database supporting the proposed national ID card scheme.

Jerry Fishenden told that current plans for a centralised database with large amounts of information on each person are a mistake, and could lead to “massive identity fraud”.

He went on to criticise the IT industry for not clearly voicing the real concerns.

“It is unnecessary to build a system with all the data in one place,” he said. “The Home Office should be basing the design on the knowledge that any system of that size will be breached, most likely by criminal gangs with huge resources.”

When asked why he was making such statements on the day the Commons voted on the ID Card Bill, Fishenden said only that the IT industry had so far not been getting its views across properly.

“When we attend meetings with the Home Office I have noticed that industry representatives do not voice their concerns very much. Only outside the meetings do you hear their concerns,” he explained.

Fishenden pulls no punches concerning the industry's lack of input so far. ” I do not think that the IT industry has been coherent and consistent enough about the way the ID card system is conceived,” he said.

“Any ID system needs only to keep information that is appropriate to a particular search in one location. That way you reduce the impact of loss or theft by decentralising the data.”

Part of the problem could be because the Home Office liaises with a number of IT industry groups, notably Eurim, Intellect and the British Computer Society (BCS).

Fishenden maintained that his views are supported by the BCS, which has made similar representations to the Home Office.

“The IT industry needs to find a language in relation to privacy and identity to talk to the wider community,” said Fishenden.

Critics may see the attack as a means of pulling the programme more in the direction of Microsoft's view of IT systems.

Fishenden sees no conflict of interest in saying that “decentralised IT is part of Microsoft's philosophy. It's all part of our shared services agenda.”

Again, hats off to Jerry Fishenden – I look forward to seeing him and shaking his hand. I hope one day he will be one of those knighted for bravery, valor, and defense of Britain's identity information. And I continue to hope the Home Office will look at some of the ways they could use cryptography and distribution to build a much safer system capable of achieving the goals they seek without tempting entropy.

Published by

Kim Cameron

Work on identity.