My central â€œahaâ€ in studying the British governmentâ€™s proposal was that the natural contextual specialization of everyday life is healthy and protective of the structure of our social systems, and this should be reflected in our technical systems. A technology proposal that aims to eliminate compartmentalization rejects one of the fundamental protective mechanisms society has evolved. The resulting central database, where everything is connected and visible to everything else, is as vulnerable as a steel ship with no compartments – one perforation, and the whole thing goes down.
Then he goes on to add:
It's a tremendously important point. Our lives are naturally, usefully, and importantly segmented. In 1959, Erving Goffman discussed this in the (still important) “Presentation of Self In Everyday Life.” (Wikipedia article, or some excerpts… I know. Books. Get over it, there's some useful stuff stored that way.)
His basic thesis is that we play roles: “school principal” or “mother” or “doctor” or “bribe-accepting Congressman,” and that each of these roles has its own quirks and presentations, and it is useful and important to separate them. An identity system that doesn't support that in powerful ways is far less likely to be adopted.
Paul Squires at Here, Now responds by starting to offer concrete examples of things we might expect of an identity card system that was designed to be maximally secure and protective of the privacy of its citizens.
This is great. We need to take it further and continue to brainstorm what is actually possible in the realm of identification, rather than remain mired in a framework defined by outmoded notions representing lowest-common-denominator technology and the minimal privacy/security bar.
This is in effect what I was trying to say here and itâ€™s a very important part of why an ID Card system on the scale the Government is attempting to force through will be doomed to failure. I had a very similar discussion IRL a few days ago with someone who is favour of ID cards (in principal) and I donâ€™t think the scale of this is fully appreciated.
Quite simply – the data revealed by a scan of my ID should be different, depending on what Iâ€™m doing at the time AND who the reader is. Obviously my doctor should be able to read different information from that of my local policeman, which will be completely different from the barman who needs only to verify my age (this is law 2 of Kim Cameronâ€™s laws of identity). The fact that the police should also be limited in what they can read under any situation is also going to be vitalâ€¦ Additionally if Iâ€™m operating in the course of my business then personal information shouldnâ€™t be revealed, but my business details could be. The context HAS to work two ways to form a minimum subset of data that can be revealed in a situation.
Why does all this seem so obvious to me?