[Dave Birch] I spent the day at the seminar on the business use of ID cards at the EEMA/Digital Identity Forum seminar sponsored by Consult Hyperion at the British Computer Society. The presentations are available from the EEMA web site so there's no need to go through all of them here, but I just wanted to make a couple of points that came out of the day. The event was kicked off by the Parliamentary Under-Secretary for Identity, Meg Hiller. Meg gave an overview of where the UK national identity card scheme is now, and where it will be going. She kindly agreed to stay for an extended question and answer session, and just to show how modern we are I've posted a couple of minutes of this up on YouTube
. She gave a couple of examples where businesses might want to use the cards, which was the point of the seminar. The example of video rental was once again to the fore, as well as banks. Meg also said that retailers could see the benefit of requiring an identity card to be presented for certain services and this set me wondering what kind of retailers these might be. I can see that retailers might need to know whether you are 16 to buy glue, or 18 to buy beer or whatever, but they don't need to know who you are. The more I thought about it, the more I thought that there is a real distinction between retail transactions where the retailer needs to know who you are, and retail transactions where the retailer wants to know who you are (and, conversely, in some cases you might want them to know who you are, because of warranties or something), and retail transactions where the retailer doesn't care who you are but needs to uniquely recognise you because of loyalty schemes or promotions. I have to say I was left unconvinced by the retail example. Her public sector arguments were much better, because it is a common an infuriating experience to have to keep giving your name and address and personal details to various departments over and over again. The example that Meg gave was of going through maternity services in the NHS, where she has to keep filling out the same personal information over and over again. I didn't think that was a good example, because the current government has spent TWELVE BILLION POUNDS on the computerisation of NHS patient records. It doesn't automatically follow that another few billion on the identity scheme would make any difference to her experience interacting with her local council, hospital or schools. Meg was also right to say that it's frustrating to have to fill out forms online, and indeed it is, but we had an afternoon presentation form the chief security architect at IPS, Andy Smith, and it was not clear to me from his description quite how the scheme is going to help here. Perhaps more technically-informed delegates could explain further.
I'm a very strong supporter of a national identity management infrastructure. One thing that I am particularly interested in is the use of a national ID infrastructure to enable disruptive innovation. Colin Whittaker from APACS, who was in the banking panel session with Richard Mould from Barclays and I, made a very interesting point when he said that he thought he major impact of new technology infrastructure tended to be through the unexpected consequences rather than the plans of the designers. I'm very sympathetic to this view, and so I tried to factor it in to my presentation on new business opportunities that might arise downstream.
I settled on two to explore for the afternoon session: the potential for identity infrastructure to cause disruption in the payment space by providing new entrants a means to operate simple payment businesses with a lower cost base and the potential for mobile operators to emerge as significant brokers in the identity business because of the synergies between the mobile phone and identity technologies for identification and authentication. Talking to people afterwards, I got the impression that there are plenty of people in the "ID card space" who hadn't really been looking into these kinds of new business ideas and they were very complimentary about the event, so on the whole we very pretty happy with the way the day went. And may thanks to Fiona at EEMA for all of her hard work in making it go so smoothly.
One other small point: Meg Hillier said, early in the day, that "we can never have 100% security" and this is correct. But when I asked the Home Secretary Jacqui Smith what the "break the glass" contigency plan was in the case of a security breach in the national identity system she told that there was no need for one because the scheme was secure, so perhaps Andy needs to get Meg more up to speed on the security architecture.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]