ID card debate hijacked

I wonder if the Home Office is regretting its MyLifeMyID website yet? The Drupal-based website, aimed at 16-25 year olds (for some reason?), isn’t having trouble attracting traffic… but unfortunately, a large chunk of its traffic is using the site to actually organise an anti-ID Card campaign.
This topic was always going to attract ‘undesirable’ use; and I’d personally have advised against an open forum model. But having made the decision to go ahead with it, I don’t think the requirement to fill in a complex registration form (age, gender, location, ethnicity) before commenting was smart.
I still believe there’s a case to be made for an ID system of some kind, based on the potential benefits to public services, if the technical hurdles can be overcome – or at least mitigated. We need ministers (or officials?) to accept there’s a massive engagement task here, probably the biggest currently on the government agenda; and to embark on a slow, sustained process to demonstrate that all the issues are being taken seriously, and that individual citizens will see real, direct, personal benefits as a result of it. And to accept that the public’s answer may still be ‘no’.
I’m not sure this site has done a lot to advance the cause.

Independent review wants free ID cards, minimal biometrics

I’m surprised how little coverage I’ve seen of the long-awaited report by Sir James Crosby (ex boss of Halifax/HBOS) into ‘Challenges and opportunities in identity cards assurance’, published last week by the Treasury. (See press release, full doc as PDF.) It makes a number of interesting proposals, none of which merited a specific mention in the press release.
Absolutely correctly, Sir James says the potential of any such scheme ‘lies in the extent to which it is created by consumers for consumers.’ He points to a ‘fundamental’ distinction between ‘identity management’, where systems are built for the benefit of the database manager (ie government, in this case); and ‘identity assurance’, which ‘meets an important consumer need without necessarily providing any spin-off benefits to the owner of any database’.
The national security aspect becomes a pleasant side-effect. As he rightly notes, ‘a consumer-led universal scheme would better deliver on national security goals than any scheme with its origins in security and data sharing.’
Effectively, he calls for a ‘Chip and PIN’ card with a photograph on it: three independent factors – something you have, something you know, and something you are’. ‘It is the combination of such independent factors, rather than their technological complexity and individual strength,’ he writes, ‘which largely determines the resilience of the verification process.’ Well, it’s certainly got simplicity in its favour.
He says explicitly that ‘full biometric images (other than photographs) should not be kept‘; that the scheme should be operated independently of Government; and that it should be provided free of charge. But no matter how welcome and compelling his recommendations might be, there’s little sign of the Home Office swaying.
If you’ve got any interest in this subject, I urge you to read (at least) the executive summary of the Crosby report. It’s the most articulate and balanced review of the subject that I’ve yet seen. And it’s a subject we all need to care about. Nothing right now cuts as deeply to the heart of civil engagement – both in terms of what it is, and how it gets rolled out. And the signs aren’t yet good.

The problem with ID cards?

For all the critiques I’ve ever read of ID cards (or more accurately, an identity database), I always find myself asking one question at the end. Are you against them because:

  1. it simply can never be done securely?
  2. the technology isn’t there yet?
  3. you just don’t trust the current government?
  4. you just don’t trust any government?
  5. you just don’t trust anyone?

I don’t pretend to know enough about the ugly back-end technology (as described in this Dizzy Thinks post) to form much of an opinion on points 1 and 2. But I wonder if the majority of opposition doesn’t come down to options 3, 4 or 5.
Better service in the modern world comes down to the exchange of electronic data. Think of that every time you don’t spend 5 minutes waiting at the checkout while someone writes a cheque. Or every time you order from Amazon. I can’t believe it isn’t possible to do this properly in the public sector too.

Could the banks run ID cards?

Writing for ConservativeHome at the weekend, the Telegraph’s Robert Colville recalls his colleague Rachel Sylvester’s revelation (uh, OK…) that ‘Sir David Varney, Gordon Brown’s adviser on “public service transformation”, supports vast databases to tailor public services to individual need – “a joined-up identity management system” that acts as “a single source of truth” about every individual.’
Whilst I claim no technical expertise on the subject, I’ve long been of the opinion that some kind of centralised – or certainly, joined-up – identity register is inevitable, and indeed desirable. Too often this debate gets confused with identity cards; police stop-and-search powers; or even less helpfully, the War on Terror. It is unquestionably ‘ludicrous’ if, as Rachel Sylvester’s piece noted, ‘somebody has to contact 44 bits of the state when a relative dies.’ It would mean an end to the (alleged) shame of means-testing; those in need would get what they’re entitled to, automatically. But I understand people’s concerns about the security of that single repository of data; if someone cracks your DNA or retina scan, for example, you can’t just replace it like a stolen credit card.
This all comes down to trust – and the truth is, people don’t trust government IT. But government isn’t the only area this kind of ‘crisis of confidence’ affects. Just look at the queues outside Northern Rock branches, the minute people suggested you couldn’t trust that bank’s financial position. The first run on a bank in 150 years, we’ve been told repeatedly.
Banks face exactly the same issue of trust. Every month you hand over all the money you’ve earned to your bank, and you trust them not to lose it. They don’t stash it in a box in their big vault with your name on it. Your personal wealth, or the roof over your head is nothing but a cell in a spreadsheet. The banks’ only currency is trust, trust that they won’t screw up your spreadsheet. Like government data, it’s impossible to secure it 100%. But unlike the government context, the banks have a competitive reason – in fact, a life-or-death reason – to ensure it’s as secure as it humanly, possibly, conceivably can be. Otherwise, the queues will be outside their branches… and you can’t imagine Gordon and Alastair wanting to nationalise another one in a hurry.
Robert Colville’s ConHome piece presents it, wrongly in my view, as a choice between ’empowering citizens’ and ‘amassing information on them’. But I do agree with his point about the ‘decentralising spirit’ of ‘Public Services 2.0’; and that may be the key. Identity data doesn’t necessarily have to be centralised in government; or then again, as technology like OpenID seems to hint, it doesn’t have to be ‘centralised’ at all. Since we all already have a relationship with a bank, aren’t they the natural people to provide this kind of service? After all, what is a bank today other than a provider of a data security service?