Want to save 10 billion pounds?

Ideal Government has just posted this story by David Harrison, of the Sunday Telegraph, who apparently has some inside information about the upcoming LSE report on the British Identity Card. It seems like the British debate has gone from off again to on again:

An identity card scheme that costs just £30 per person – compared with £300 per person under the Government's proposals – will be unveiled this week.

The plan, drawn up by the London School of Economics after six months of research, would also limit the Government's access to information on the card to a few basic details – while the Government wants to hold much more personal information on a national database.

The LSE report is highly critical of the Government's ID card plans

The LSE's proposals will reignite the debate over compulsory ID cards just before the Government's Bill introducing the cards has its second reading in the Commons later this month.

A 180-page LSE report says that its proposals would satisfy the need for a national ID card to help to combat identity fraud and illegal working and allay fears that the right to privacy would be seriously undermined by a “Big Brother” state.

The report says that the scheme, would reduce the overall cost of ID cards to £2.25 billion, a fraction of the £12-18 billion that the LSE says the Government's scheme will cost.

Under the proposals, the Government would have access to only a few details – the holder's name, date of birth and photograph, plus an encrypted card number and a unique “national identification number”.

The scheme would be more acceptable to the public because it gives individuals the right to decide whether to store any other information on the cards, according to the report.

The Government's ID cards Bill faces strong opposition from many Conservatives, Liberal Democrats and rebellious Labour backbenchers struggling to explain to their constituents why, in the words of one rebel, “we should spend £18 billion on ID cards when our local school has no money for books”.

Opponents are concerned about the cost of the project – which the Treasury says has to be “self-financing” – and about loss of privacy and fears that a future government could misuse the data.

The LSE report is highly critical of the Government's plans, describing them as “a potential danger to the public interest and to the legal rights of individuals”.

The technology envisioned for the Government's scheme is “largely untested and unreliable” and would need expensive security measures, particularly as private and public sector organisations would have access to it, the report says.

The LSE claims that its scheme is cheaper and more secure. Prof Patrick Dunleavy, a member of the LSE's ID card advisory group, said: “This is as small, robust and cost-effective an ID card as anybody could get away with in the world we live in today.

“The card will work better than the Government's scheme because people will want to use it. It is also more secure because the cards will carry much less information so there will be fewer problems if they are lost.”

Prof Ian Angell, the head of the LSE's Department of Information Systems, and also a member of the advisory group, said that any identity card system should be built “on the basis of public trust rather than compulsion and coercion. An ID system will only work if it is supported by all citizens”.

The Government's proposals had “fatal weaknesses”, he said. “The system outlined in the Bill will be insecure and costly. Our new blueprint addresses these problems by creating a system based on proven technology and citizen control. We want this to be the subject of as public debate.”

Under the government scheme all citizens would have to register for an ID card at one of about 70 regional centres. Details they would have to disclose could include bank accounts, proof of residency and address, birth certificate, passport number, NHS number, National Insurance number and a credit reference number.

In the LSE's model, individuals will have to provide only a few details, but their application forms would have to be endorsed by three referees – a doctor, lawyer, teacher or police officer for example – who have known the applicant for a long time.

Crucially, the referees will have to include a professional identity detail – such as a doctor's or JP's registration number or police number – to deter fraudulent applications and hold them accountable.

To obtain the card under the LSE scheme an applicant would go to a job centre, post office or other authorised centre. There he or she would enter an electronic kiosk that takes a digital photograph and embeds it into the coded application form.

Once endorsed by the referees, the form is handed in at a post office where the applicant chooses a biometric test – fingerprint or iris scan – for extra security. When the card is ready, the test and photograph are used to confirm that the card is handed over to the right person.

At this point the card is still inactive. The holder then takes it to a “trusted third party” – a bank or post office for example – where the applicant is well known. There a copy of the data is taken and stored securely.

The card is then connected to the Government's temporary file. If the codes match the card is validated and all data is deleted from the government file apart from the name, code and card number.

The holder then has a secure card with a secret code, back-up held by the third party, and a minimum of data is held by the Government.

The LSE says that this “localised” scheme is much more secure than the Government's because the data, apart from a few details, is spread out among thousands of “trusted third parties” and not contained in one central database. “There is no master key,” a spokesman said.

Professor Ian Angell's comments are quite in line with the thinking in the Laws of Identity. I wonder what kind of fall-out all of this will have on how British citizens look at cyber identity.

Location as an identity claim

Here's an interesting piece from Dave Kearns

I was on a teleconference with O'Reilly Group‘s Tim O'Reilly and Nat Torkington discussing the upcoming Where 2.0 Conference which will focus on mapping and location technologies when a thought occurred to me – could location be a factor in a multi-factor authentication scheme?

The “where” of IdM has often referred to the platform or device that someone was using to access a resource, but suppose a GPS was used in order to indicate the physical location of the user?

For a cell-phone user, the GPS might not be needed if the location of the cell tower was “close enough” (i.e., area of a city rather than street address).

I could see this being used in a graded authentication scheme to reduce or deny access based on a possibly adverse location (e.g., someone trying to access a Pentagon database from Uzbekistan).

I don't know if there are any products that do this, if any or planned or if it's even feasible – but it's worth a thought.

This is one of the very scenarios I see us as enabling by moving to “claims based identities”. So yes, I see it as planned at an architectural level.

Once you get your head around expressing identities as sets of claims, you can easily imagine expressing a user's location as one of those claims. In the identity metasystem, the relying party could indicate in its policy that it requires several sets of identity claims– one indicating who the user is, and another indicating where the user is. The claims might come from different authorities (e.g. an enterprise and a trusted location provider). These would be implemented as two Security Token Services (claims transformers). Both sets of claims, taken together, would identify the user from the point of view of the relying party.

I've spoken recently with a number of Europeans for whom location is fast becoming a central issue. Various national and international agreements mean that exposing information across international borders increasingly opens enterprises up to audits by additional (foreign) governments. This problem is particularly accute in banking – and has many ramifications. So the need to ensure that some data is only accessed within national boundaries is fast becoming a real driving issue.

As a side note, this example captures one of the most interesting things about the identity metasystem we are proposing. Independent third parties can innovate and create claims transformers (STS's) of the kind described here and just plug them in to the fabric. People can then consume their outputs just by putting in a URL and deciding to trust them (payment might be a good idea too).

To my mind this is a very significant aspect of the ecosystem. In other words, people can add pieces that really take us towards new capabilities without having in any way to change the way the broader system works.