[Dave Birch] This is a blog about electronic transactions, not politics, and I do not want to be accused of introducing a political perspective. But I think it is fair to observe that there are tensions in trying to balance the free movement of people within the European Union and the exigencies of a collapsing welfare state. I mention this only because I want to discuss the practicalities of identifying and authenticating people for the purposes of distributing welfare benefits. And, to avoid any suggestion of parochialism, let me start by noting that this is not a specifically British problem.
Once in the Netherlands, the Bulgarians registered as residents at addresses rented by accomplices, and then applied for rent and child-support subsidies. They were able to open Dutch bank accounts to receive the social subsidies, and then to return to Bulgaria and withdraw money from cash machines. The ringleaders took a cut of the proceeds.
The best part of this story, by the way, is in the denouement. The fraud was not uncovered, as you might have thought, by diligent investigation on behalf of Dutch taxpayers or the sophisticated quantum-computing anti-fraud neural network super-computer cluster at the Dutch DWP "Big Data" analysis centre…
The fraud came to light when some villagers complained to Bulgarian police that they had not received payments they had been promised as part of the schemes.
In Britain, the mounting panic over immigration and its relationship with welfare distribution is leading to what some observers have labelled knee-jerk irrationality. In particular, the minister "in charge of" the National Health Service (NHS) has found himself caught up a bit of row about all this sort of thing, between the scylla of ill-informed public outrage and the charbydis of soundbite politics. The minister, Jeremy Hunt, is responsible for
a new ‘do-it-yourself’ immigration law unveiled today as the centrepiece of the Queen’s Speech. It will require GPs, hospital staff and landlords to police the new legislation.
How a doctor or a landlord is supposed to determine who I am or what my immigration status might be I haven't the slightest idea. And if I were a landlord, I'm not sure I'd care. If someone turns up with a birth certificate (that I cannot possibly verify) showing me they were born in the UK or a Bulgarian passport (that I cannot possibly verify) telling me they are an EU citizen, I can just tick a box to say that I've seen the documents and I'm off the hook.
So what has this to do with thought leadership in secure electronic transactions? Well, there is an inevitable destination on the badly-folded roadmap in the hands of the government. The fundamental British distaste for state identity documentation (which I share) prevents rational discussion on the topic, but the truth is, in true tabloid headline style, "something must be done". Identity is a mess, and it's getting worse. In our world of retail transactions, identity is a cost and a source of chaos and frustration. But, clearly, since we still log in to our home banking and shopping services using email addresses and passwords just as we did fifteen years ago, the problem isn't bad enough to warrant concerted action. I wonder, however, if access to welfare might turn out to be the fraud straw that broke the identity camel's back, so to speak.
British citizens could be forced to carry ID cards to access free NHS care as part of crackdown on health tourism
This is not, as it happens, what the Mail's own story actually says. The story refers to an "entitlement card". There is a great difference between the two. For those not versed in the recent history of the UK's catastrophic attempts to introduce an ID card, let me simply highlight that when the then-Labour government introduced the idea of entitlement card in 2002 (Consult Hyperion were one of the organisations that responded to this consultation process – not that anyone ever paid any attention whatsoever), I thought it might be an opportunity to introduce a key Privacy-Enhancing Technology (PET) infrastructure for the new millennium and was rather in favour of the idea. The government, though, eventually abandoned the entitlement card idea. The Home Office under David Blunkett decided to introduce an identity card instead and in 2004 awarded a contract to PA Consulting as the "development partners" for such a scheme. This, which is what people are referring to when they talk about the "UK ID card", was eventually abandoned in 2008.
It was flawed from the start, and as a showcase for the British technology industry, it was an embarrassment: it provided none of the services that the identity cards systems in advanced nations (eg, Germany, Hong Kong, Estonia) provide and there was never any evidence that it would do so.
When I was asked to give evidence to the House of Commons Science and Technology Committee in 2006, I thought that the clear distinction between an entitlement card (good thing) and an identity card (not a good thing) might persuade the government to change direction and go back to the original Home Office vision. A properly-implemented entitlement card could be a key way to provide privacy in an online age, because it would shift the standard mental model of the citizen-state nexus from "who are you" to "what are you entitled to" with identity removed from many transactions completely. All water under the bridge now.
Meanwhile, across some other water, our neighbours in Eire had decided that an entitlement card was the right way forward and they began to draw up plans for what became known as the Public Service Card. (Before the e-mails pour in, let me be transparent: Consult Hyperion are consultants to the Irish government on this project.) The card went live last year and is seen by the Irish government as an essential component of its campaign not only to reduce welfare fraud but to deliver efficient electronic government. They are looking at extending its use in a number of directions.
The Department of Health is in discussion with the Department of Social Protection, The HSE and the Department of Public Expenditure and Reform on using PSC infrastructure in support of a health Identifier.
[From e-Government Reporting]
One obvious and privacy-centric way to do this is to use a cryptographically-strong one-way function to generate the health identifier from the PSC identifier (e.g., by hashing) so that when a citizen presents a PSC it always connects to the correct health records but if bad guys get into the health records they can't get back to the PSC identifier. These are well-known techniques and, to be honest, no different to the suggestions around entitlement cards that we made to the British government back in 2002.
My point is that it can only be a matter of time before UK has to introduce a similar kind of entitlement card, so doesn't it make sense to begin a sensible and measured planning process for this now — using the Cabinet Office Identity Assurance (IDA) framework — instead of being panicked into buying some sub-optimal collection from vendors at the last minute? Rather than build an electronic identity system that embodies the concepts and values of physical identity cards from a generation ago, surely it is better to design a fit for purpose identity infrastructure for the 21st-century and then provide physical smart cards that implement it. In this model, the privacy broker in the smart card and the mobile phone, watch or hat would be no different and the ubiquitous, standardised deployment ought to trigger the rapid evolution of value-added services on top of that basic infrastructure.
I don't want the government to develop some nutty jumbo IT system to help landlords, or doctors or anyone else. I want an infrastructure. The entitlement card concept from 2002 deserves to be brought out of the cupboard and dusted off and (with Consult Hyperion's response to the consultation taken as the core specification document) and then the implementation can re-architected for the new world of mobile phones, identity assurance and the interweb tubes.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
I contributed to the POST Note on Digital Identity (http://www.parliament.uk/business/publications/research/briefing-papers/POST-PN-434) and one thing I managed to get slipped in was a mention of anonymous credentials (which could be used as part of a privacy enhancing entitlement card). There’s a lot in the POST Note I don’t agree with (particularly the views of who is to blame for fraud, and the excessive emphasis on identity) but I think it has some good bits which have a chance at being read by policymakers.
[Dave Birch] A declaration of interest: I contributed to the POST Note too.
Cards are the most likely technology for part of what is needed, and must be optional then everyone wants one.
Isn’t there a Bulgarian equivalent of
https://play.google.com/store/apps/details?id=com.duncanwestland.chk&hl=en
Clever hashing can’t help if built on sand;
the missing infrastructure is a (distributed) database of residents and citizens. I suggest that one for jury service status, as that is a duty, is the right place to start (with adequate entropy in the identifiers).