How to make an ID card useful

[Dave Birch] At the Intellect Identity Management Group meeting today (Chatham House rules), there was a presentation on the current situation with regard to identity cards in the UK followed by a discussion with industry representatives.  One part of that discussion was about the potential for "radical redesign" of the UK’s proposed national ID card scheme.  I think what is meant by this is an attempt to cobble together something from existing databases (eg, national insurance) that can be called a new scheme but would save lots of money.  But what should the goals of a redesign be? A potential list was put forward, including helping to prevent identity theft and helping to get e-government off the ground and it got me thinking that surely what the government wants is for UK residents to actually want an ID card rather than have to bully them into getting one.  But what kind of things could it do?  Most of the interactions with central government are infrequent (eg, filling in your taxes) and most of the interactions with local government (eg, booking at the leisure centre) don’t need high security, so an ID card wouldn’t make much of a difference to any of these "use cases".  But if an ID card is viewed as a digital identity, then the question becomes one of binding it to higher value virtual identities that need protecting: your Second Life identity, your chat room identity, your iTunes identity maybe.  How can an ID card support those identities?  If it’s not mandatory, then no-one will want unless it supports them in useful ways.

Technorati Tags: business, ID cards

This is an issue in Japan, where fewer than 1% of citizens have availed themselves of the many benefits of the (optional) national smart identity card.  The chairman of Japan’s Next Generation IC Card System Study Group has indicated that a new eID card is being considered by a high-level committee of government officials and corporate representatives.  The new big idea is to create a "personal account" for every citizen — to store health records, insurance information and pension stuff — with access controlled through the eID card (citizens would have an e-government virtual identity bound to a digital identity stored in their eID card).  The health component is seen as being particularly useful in Japan where annual medical costs are 32 trillion yen (US$300 billion) and increasing by a trillion yen every year. More than 1.6 billion health care-related paper documents are created each year: the new big idea includes replacing these with PKI-protected electronic records by 2010: a doctor could encrypt data about a medical test using the citizen’s e-government virtual identity so that only the citizen could decrypt them (why, I’m not sure, since if I get run over a bus I’d rather hope that the paramedics might be able to access relevant data without having to revive me for my PIN first).  It goes without saying that the Japanese vision is a multi-application vision, as all modern identity card visions are, so it would allow banks to put payments applications on the card or transit companies to put ticketing applications on the card.  I’m not sure how appealing this vision is in Japan, where everybody seems to want to put these applications on their phone, but it’s technically possible for sure.

The Australian government is also exploring ways to make their ID card useful.   Their "Human Services" Minister Joe Hockey has stated that Australians could pick and choose whatever personal information they want on the proposed public services entitlement card, so long as the government retains two-thirds of the storage capacity.  So on a 32Kb card, let’s say there’s 12Kb left over for data and of that the citizen is allowed 4Kb.  That’s a few usernames and passwords.  I’d quite like an ID card that stored them so I never had to remember them again.  But how would it interface with my laptop or my machine at work?  The Japanese, as always, illuminate the path: build contactless interfaces into devices and then you can wave your ID card (or, more likely, your phone containing your ID application) over your laptop to log in to things.

This is not especially far fetched.  NFC is a consumer technology and movers and shakers such as Phillips and Sony expect to build NFC into everything from mobile phones to televisions.  Now imgaine that when you subscribe to Sky it’s actually your Sky virtual ID that holds the relevant credentials.  When I am visiting your house I can treat you to a football match that I have purchased by waving my ID card at your television: my Sky virtual ID takes up temporary residence in your TV.  That’s the kind of usefulness that the government needs to put forward to create vision that the public can understand.  Charging people a pound to verify their age to get into a pub is not.