Now, many people will (quite rightly) point out that there is a fundamental danger to the idea of using a single identity across all services. There’s a particular danger to using to the same identity across public and private sector services.
In yet another security breach, the US State Department said 400 passport applicants, and maybe more, have had information stolen. Passport applications containing personal information, including Social Security numbers, were accessed and used to open fraudulent credit card accounts. A fraud ring bought information from a government employee. The information was used to apply for cards. Cards were intercepted by another insider in the post office before they were delivered. The passport applicants had no idea their identity had been stolen.[From National ACH: Government Employees Selling Identities]
Now, that’s the kind of fraud that imagine was dismissed out of hand by the government’s management consultants when they were procuring the system. “Insiders in the Post Office connecting to insiders in the State Department? Oh, come on! That’s like a Tom Clancy novel, it will never happen.”
It this sort of thing — and it seems to happen all the time — that means that many people react against the very idea of a government identity or a government identity management system, although I draw a different conclusion: we need a better (privacy-enhancing) design for a government identity management system, perhaps building on the schemes used in countries such a Germany and Austria where identities are cyptographically-partitioned between service providers.
(Obviously, I trust the Government even less. I’d much rather have O2 manage my ID than the Home Secretary. SIMs are more secure, cheaper and better-managed than the UK’s ridiculous Stalinist ID card system).[From Dean Bubley’s Disruptive Wireless: Thoughts on managed identity services by mobile operators]
What we want, surely, is the best of both worlds. I want my SIM to hold a number of identities, including government ones, that I can choose to use on a per-transaction basis. And I don’t think it’s far-fetched to expect this kind of modern infrastructure.
That’s not to say that logging on is the only online problem. I recently (twice) gave up trying to apply online for a passport for one of my children. The first time, even I couldn’t understand the instructions (and I do know a little about this kind of thing) and got confused to the point of abandonment. The second time, I followed the instructions to save the partially completed application but when I tried to retrieve it I was told that it didn’t exist. I gave up, and got him a (cheaper) American passport instead. Now, unfortunately, most applicants will not have an American spouse to hand in these circumstances and thus will have to continue fighting their way through the online versions of paper forms. Efficient online delivery of public services isn’t just about the identity management infrastructure!
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
I want the option to authenticate myself to government online services using CardSpace or any other technology I choose. I don’t think that requires government-issued identity management systems or identities.
Having your identity stolen is no fun. It can cost you a bunch of money and lots of time and effort.