Law enforcement worldwide should focus on developing an international identity verification system, according to INTERPOL secretary general Ronald K. Noble.[From INTERPOL: International ID verification system needed]
I agree, although I imagine my vision of this infrastructure and Interpol’s may differ in a few details. But governments, irrespective of the law enforcement agenda, should be enthusiastic too. In a September 2010 research notes on “eIDs in Europe”, Deutsche Bank say that
At the European level a number of electronic identity cards (eIDs) and the qualified electronic signature (QES) do already exist. Together they possess the potential to form another of the foundations of the internal market for financial services – especially for opening accounts.
Deutsche Bank go on to say that
A further obstacle will be that the design of ID cards does not fall within the competence of the EU and varies greatly from one member state to the other. To date, there are e.g. no harmonised European definitions for the topic of “identity” or “identification”. This means that in the medium term the issue for the trailblazers in this segment is likely to be enhanced cooperation.
(Note to foreign readers: remember when reading that paragraph that “competence” in EU-speak does not mean the same thing as it does in normal language: they don’t mean that the Commission would be hopeless at designing eID systems, although I’m sure they would be, but that it is not their problem — it is a problem for national governments to solve.)
So how do we move forward then? Is it time for an ESTIC, a version of the US National Strategy for Trusted Identities in Cyberspace (NSTIC) that adds European values to the technical infrastructure to create something that the public and private sectors can use to transform (I mean this seriously) service delivery? This would rest on corporate identities (eg, your bank identity) being extended across corporate boundaries and into government — as is already the case in Scandinavia — and implies a much greater degree of public-private sector co-operation than we have seen to date.
What kind of private sector co-operation might we see in the short term? Consumer standards are in flux, with OpenID, Information Cards, OAUTH and so on all swirling around on the Internet. At the eema European e-Identity conference, Microsoft’s Identity Architect and Forum friend Kim Cameron gave a typically excellent presentation and raised a few issues that need to be considered to make for effective co-operation:
- Legal and governance factors dominate the technical interoperability and Kim was absolutely right to say that we need to get these guys involved right away.
- Kim said that developers need to be able to “bet on identity” in order to make it part of their roadmaps.
- I agree with Kim that minimal disclosure technology is fundamental to a successful federation infrastructure.
- He also raised a point that deserves reflection: can identity metasystems “survive adoption”? What he meant was that suppose a scheme such as OpenID becomes standard and everyone starts to use it. Have we thought through what it means?
I have been thinking so more about Kim’s last point, as have other people:
If my government would be my OpenID provider, they could basically track all instances where I log into a web site. Very bad, and luckily nobody is thinking of this (yet).[From Ralf Bendrath: Dangerous Moves: OpenID and Government-Issued ID tokens]
So was Kim right to say at eema that given the complexity of the problem, it’s unreasonable to expect it to be fixed quickly? For people like me to call for digital identity infrastructure in the mass market is unrealistic? Well, yes, but it isn’t being fixed quickly, we’ve been talking about it for years.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]