[Dave Birch] When you’re discussing the future of identity in the U.K., it’s impossible to avoid talking about the national identity card scheme. What individuals, organisations, companies decide to do about identity depends to a great degree on what the national scheme looks like. So what should it look like? Should we even have one? My personal view is that the government should not scrap the proposed scheme but that it should radically rethink it. It should postpone introducing the physical ID card and focus instead on allocating a unique national identity number, backed by biometrics, to each citizen—that is all that needs to be held in a national register. I’m also in favour of using the “Austro-Canadian” idea of sector-specific numbers, with one-way cryptographic mapping from the national identity number stored on the register to the sector identity numbers stored in databases.

Technorati Tags:

I must sound like a broken record on this but the fact is that technology can build a better ID card. What’s more, building a bad national identity scheme is worse than having no national identity scheme. And one step on the road to a bad scheme is confused requirements, mixed goals and unrealistic expectations. Take for example the simplistic proposition that a (non-mandatory) identity card would reduce identity theft. In the U.S., a detailed Department of Homeland Security cost-benefit study on the REAL ID Act found that, having borne costs of $17 billion dollars to implement REAL ID, society would see a reduction of $1.6 billion in costs from identity fraud over a ten-year period. That is not effective protection, getting back a dime’s worth of security for every dollar you spend. And that study doesn’t even consider the potential increase in identity fraud driven by the greater benefits from committing the crime and the greater availability of personal data when a centralised government databases are hacked or breached.

Another hallmark of a bad scheme is secrecy. The procedures, protocols, software and databases should all be transparent. It should be clear to all exactly how the system works and exactly what it does. In particular, limitations should be built-in through cryptography rather than set by committee or ombudsman. It seems like paranoia (not the game, the mental state) to put this in a post, but if you’re building a national identity scheme for the next few decade you ought to at least consider the potential for the system to be abused. The Economist puts it nicely:

On the face of things, the information age renders impossible an old-fashioned, file-collecting dictatorship, based on a state monopoly of communications. But imagine what sort of state may emerge as the best brains of a secret police force—a force whose house culture treats all dissent as dangerous—perfect the art of gathering and using information on massive computer banks, not yellowing paper.

So let’s not collect the information in that way. Let’s build a national identity utility for everyone to use — the state and the citizen, the business and the charity — instead of building a giant database for the state to use and, inevitably, abuse.

I will, in the great tradition of this blog, send a year’s online subscription to the splendid Prospect magazine to the first person to reply to this thread with the name of the enlightened editor of said organ who commissioned the piece on identity from me. Also in the now traditional fashion, the offer is open to all except for employees of Consult Hyperion, blogmeister Jane and members of my immediate family. There are no cash alternatives. Oh, and no-one can win more than one of these blog competitions per year.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

4 comments

  1. > but the fact is that technology can build a better ID card.
    We can only build a better ID card if better ID is defined, along with its uses. Nobody that I know of has done that, at least successfully, in terms that are universal, useful and buildable.
    Maybe this is the time to introduce Zooko’s triangle (c.f. google). We have thought about this problem, and it is way tougher than governments and their big consultancy companies give credit for. As they mostly approach the issue as a political problem, and not a society problem, whatever they build will be wrong, at some level, according to the way society uses naming and identity.

Leave a Reply to Dave Birch Cancel reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: