New Zealandhas rejected physical
identity cards, central databases and data matching in creating its
national identity scheme, one of the scheme's architects told
theRSA Europeconference in London on 24
October.
Vikram Kumar, manager of programme strategy for
all-of-government authentication at the country's State Services
Commission, said that the scheme, on which planning started six
years ago, uses two strictly divided identity systems, run by
different agencies, to ensure data cannot be joined up across
government.
"I think the moves by the UK in particular, and Australia with
the Access card [an entitlement card for health and social
services], has increased the level of concern about what a national
identity card should and should not do," he said. The British
government has focused on joining-up data in its equivalent scheme,
such as checking fingerprints provided against unmatched prints
held by the police.
The two parts of New Zealand's federated identity management
scheme are the Identity Verification Service, provided to those
applying for a passport or right of residence, and uses four data
fields: name, date, place of birth and gender. The Government
Log-on Service, for all e-government services, uses a username and
password.
The latter saves New Zealanders from having to remember a string
of passwords, or collect a necklace of tokens, Kumar said. However,
each agency assigns its own internal reference number, or
persistent pseudonymous identifier, making it very difficult to
join-up data across agencies.
Kumar said privacy was paramount in planning the scheme, which
is voluntary and has gone through several privacy impact
assessments. "There was a realisation early on in the piece that if
you talk about identity and national identity systems, you have to
address privacy up-front, pretty comprehensively," he said. "People
are very quick to describe things as Big Brother."
One of the privacy requirements is that all data must be kept
within New Zealand, as countries, including the US, can demand
information to be disclosed if it is within their borders,
regardless of user agreements. They can then require that
disclosure be kept secret.
As well as tackling privacy concerns directly, Kumar said the
New Zealand scheme has benefited from being led by the State
Services Commission, the service provider arm of government, rather
than being a political project.
Kumar said data-sharing can be approved by the citizen, and can
greatly speed up the operation of processes which involve multiple
government departments, such as applications for student loans. He
said consent for data-sharing was not required for criminal
investigations, but was needed when people are the customers of the
state, and will never be used when people are holding the state
accountable.
Currently, no biometrics are employed in day-to-day use of the
scheme, although photographs provided in applying for passports and
the Identity Verification Service are scanned and used in a
one-to-many check. Kumar said voice recognition, which would
involve people receiving a call on a pre-registered number, could
be added in future.
When asked if he believed New Zealand's experiences provide any
lessons for Britain, Kumar answered diplomatically, "Every country
has to come to up with its own answer. I do not know the UK answer.
This works in New Zealand, but I do not expect the New Zealand
answer to work in the UK either."
This article first appeared on the web-site of Infosecurity
magazine, http://www.infosecurity-magazine.com.