[Dave Birch] I was invited to speak at a seminar, organised by eema, on the UK e-ID card.  The seminar covered progress to date (which didn’t take long, as the IPS speaker dropped out) and the impact on business applications.  This was a useful and illuminating discussion because of the spectrum of organisations represented around the table, ranging from the Department for Work and Pensions to BT.  There was a super discussion about privacy in the afternoon, featuring Ben Laurie (with his Open Rights hat on), Pete Bramhall (from HP) and Gus Hosein from Privacy International.  There’s an integral relationship between identity and privacy in the electronic world and so I always enjoys these discussions, especially since none of us were called on to define what we mean "privacy" (or, for that matter, "identity").

Technorati Tags: , , ,

Gus (who is at LSE) went first.  He mentioned that the LSE’s recent report on privacy, comparing the situation in various countries around the world, ranks the U.K. along with Singapore and Malaysia at the bottom of the international privacy league.  His main points were about the strange situation in the U.K. whereby the collection of personal data is becoming the norm rather than the exception, which was certainly food for thought but I’m not sure if many people round the table were that interested.

I have to say I was quite surprised how quickly the ensuing discussion around the table collapsed into a "black and white" discussion about privacy and became really rather animated.  Perhaps it’s unique to England, but the topic of ID cards has lost none of its capacity to excite passions, which in a way is rather disappointing.

Pete made some good points about the relationship between privacy, data protection and security, including an observation which got a few nods around the table: citizens of the countries that scored best in the LSE survey actually already have ID cards, but they also have strong constitutional protections around the storage and use of their data.  In the UK we have data protection legislation, but the system runs mainly on trust.  He pointed us a survey (which I think he said was part of the Trustguide effort) showing that people in the UK don’t trust the government to be an identity service provider, so who would they trust instead?  Banks, World of Warcraft, Churches?

Ben’s angle was "narrow but important": you want to minimise what you disclose but as you give away all your little snippets of information to one person after another, so the snippets can be linked.  Most credential technologies (eg, X.509) are linkable since each credential looks exactly the same every time you use it.  He reassured the audience that the cryptographic technologies to provide unlinkable credentials already exist and, what’s more, work.  He used the examples of Credentica and some work going on under the EU Prime project using the IDEMIX technology.  As an aside, he also passed on an excellent definition of three-factor authentication: something you were, something you’ve lost and something you’ve forgotten!

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: