Technology now makes possible a society-wide identity
infrastructure that simultaneously addresses the
security and public service needs of government and the
privacy needs of individuals, writes Jerry Fishenden,
national technology officer at Microsoft.
It is important to achieve the right balance between the
security needs of the public sector and the
citizens' right to be
left alone. Properly balanced, it will
restore citizens' trust in proposed UK
identity initiatives, and reduce
data losses and
ID thefts that arise from
current practices.
Citizens need to be assured that any UK scheme will help protect
their identity and personal information better. It is possible to
create an attractive, government-backed identity protection scheme
that is truly citizen-centric.
Three decades of research by information security professionals
has led to
a privacy-enhancing security technology called "minimal disclosure
tokens". Using this technology, organisations can securely
share identity-related information in digital form via the
individuals to whom it pertains, in a way that ensures security and
privacy for all parties involved in the data flow.
Minimal disclosure tokens prevent any unauthorised manipulations
of protected identity information, not only by outsiders but also
by individuals themselves. This is much like the way that plastic
cards in one's wallet resist unauthorised manipulations (such as
cloning, lending, and modifying) by their own holders.
In addition, such tokens allow individuals to see the
information about them that is shared. It lets them selectively
disclose only those aspects required to gain access to services,
and can disclose identity information without leaving behind data
trails that third parties can link and trace all of their actions
to exploit for their own (illegitimate) purposes. For example, a
token would allow a citizen to prove to a pub landlord they are
over 18 without revealing anything else, not even their date of
birth.
The privacy features of minimal disclosure tokens do not make
Government services become anonymous or pseudonymous where
previously there were not. Instead, they ensure that individuals
enjoy high levels of privacy when interacting with government,
potentially stronger than those they enjoyed in the paper-based
world.
Citizens are likely to find such an approach to identity
authentication and management increases their security and privacy
and hence provides a more attractive proposition than is currently
available. Yet at the same time it would enable them to enjoy
joined-up government services without any associated risks to their
personal information.
The alternative model, whereby government indexes everything off
a single, centrally stored identifier that maps to all of an
individual's programme identifiers - such as currently proposed -
carries tremendous risks. It creates all-powerful central systems
that can electronically monitor in real time all service accesses
of individuals, and enables these central systems to
surreptitiously access the accounts of any individual.
Furthermore, the central parties themselves become attractive
targets for denial-of-service attacks and insider misuse.
Centralised identity models have been shown to be a major source of
identity fraud and theft, and to undermine the trust of those whose
identity it is meant to safeguard.
Government still has a chance to regain the trust of citizens by
implementing identity infrastructures that are genuinely
citizen-centric, that enable the delivery of joined-up services,
and that minimise and reduce the risks of data loss and identity
theft. Industry is currently implementing all of the components
necessary to implement such identity infrastructures. All it takes
is the will to do it.