Recently in ID Cards Category

Transparency skin deep for IDv2.0

| No Comments
| More
The thing rendered most transparent by the Cabinet Office transparency programme is the transparency programme itself: you can see right through it.

This became apparent when Prime Minister David Cameron dropped his pants over the News International phone hacking scandal. The government has made a principle of transparency where it suits, and a patsy where it does not. That's a shame, because there are things like the ConDem's next generation ID scheme that would really benefit from the sort of transparency the government made a commitment in its coalition agreement.

The promotional blurb for the Cabinet Office transparency programme declared its power to "strengthen people's trust in government" and "encourage greater public participation in decision-making."

Computer Weekly had this in mind when it sought details of Cabinet Office dealings with industry over the next generation ID scheme. Just like Labour's horrifying, original ID scheme, the ConDem scheme is being concocted in secret meetings with industry. Of particular concern is power it may give banks and markets over people's personal data.

But Cabinet Office refused the information because, it said, collating it would take too much effort. We bet it didn't take much effort to get the ideas from industry in the first place, nor to keep them informed about their progress.

Government actually finds transparency very easy to do when it suits.

Within hours of News International chief executive Rebbecca Brooks resigning under pressure from the phone hacking scandal on Friday, the Prime Minister had (under fire over the suspected intimacy of his friendship with her) published a list of meetings he had with the press in the last year. It was good to get this cleared up before police arrested her at the weekend. (UPDATE *)

Yet appeals under Freedom of Information law for details of government dealings with private business show how opaque government continues to be. We only know about the next generation ID scheme because Computer Weekly exposed it.

Now we know about it, we are refused further disclosure. We will likely not here more about it till the plans are finalised. So much for greater public participation in decision making.

ConDem transparency policy has always been opportunistic. Forged in the shadow of the 2009 expenses scandal, it has given us little more than open data, which was already afoot under Labour and quite conveniently serves serves the ends of the Big Society programme - that is, the dismantling and fire sale of public sector.

That's not to say that when this government's transparency programme was unveiled in the May sunshine after the 2010 general election, the Cameron and Deputy Prime Minister Nick Clegg didn't believe what they were saying.

"For years, politicians could argue that because they held all the information, they needed more power," they said in the coalition agreement.

"Technological innovation has - with astonishing speed - developed the opportunity to spread information and decentralise power in a way we have never seen before. So we will extend transparency to every area of public life," they said. What is really astonishing is just how shallow this transparency programme is.

UPDATE 22 JULY 2011

Oops. This story originally said that the Prime Minister's disclosure revealed only two meetings with Brooks, and did so in a way that implied this was convenient to him:

"Lo and behold, he had only two meetings with Brooks, though more than any with News International as a whole," it said.

It did in fact reveal seven meetings with Brooks, three with the Murdochs and about 36 per cent of press meetings (26 in total) with News Corp. overall.
 

Cabinet Office refuses disclosure of IDv2.0 plans

| No Comments
| More
So much for the "astonishing speed" with which the Prime Minister David Cameron and his Deputy Nick Clegg said technology was "spreading information" and "decentralising power" when they launched their transparency programme in May 2010. They were going to strengthen the FOI Act. What is really astonishing is just just how antiquated the FOI act still is.

The FOI Act allows public bodies to refuse requests that may take more than £600 of someone's time to answer. That's a lot of time and since most things are stored electronically nowadays, it's a lame excuse.

That doesn't stop public bodies from refusing FOI requests on the excuse it would take them too long to answer. It's sometimes simply inconvenient for departments to produce requested information. A case in point is Computer Weekly's request for information about the Cabinet Office's next generation ID Scheme, which is already shaping up to be as controversial as New Labours' ID Scheme ever was.

When your humble correspondent makes a request that may on the face of it seem like a lot of work, he calls on a widely ignored power of the FOI Act to avoid the sort of situation that usually occurs: where the department responds to the request a month later with a terse refusal on the grounds that it would take too long to answer it.

That power is the "Duty to provide advice and assistance" to which public bodies are held accountable under Section 16 of the FOI Act.

The Act describes the duty as follows: "It shall be the duty of a public authority to provide advice and assistance, so far as it would be reasonable to expect the authority to do so, to persons who propose to make, or have made, requests for information to it."

Whenever your correspondent has appealed for help under this FOI provision, it has always been to seek advice about formulating a reasonable request for information and not one that is likely to be rejected because it would cost too much answer.

This appeal is always ignored

Punch card.pngAs it was when Computer Weekly's asked Cabinet Office for details of its dealings with industry in respect of its next generation ID Scheme.

CW asked for details of report authors, meeting minutes, board members, distribution lists and schedules relating to its draft plans. It's a fair variety of information, but should be readily available in electronic form.

So, we said to the Cabinet Office, please advise us how much of this information we can request without being unreasonable: the last thing we want is for you to come back weeks later only to say you won't give the information because the request is unreasonable.

And what did the Cabinet Office do? It came back weeks later and said you can't have the information because the request is unreasonable.

We suspect the Cabinet Office is telling porkies and that its problem is not that the request was unreasonable but that it was inconvenient. It would have detailed the full extent of industry's part in formulating the ConDem government's next generation ID scheme.

As has been shown here, Freedom of Information is often a misnomer. The system operates to the advantage of departments that want to block the publication of information. They continue to do so in betrayal of the Cabinet Office's own transparency program, which purports to aspire to improve government decisions by increasing public participation in them.

Far from being an instrument of transparency for the networked age, FOIs are like using punch card computers in the 1970s.

Latest technology allows Cabinet Office to answer FOIs with astonishing speed.pngWhen you wanted to make a query of a mainframe computer system held by those few with power and money to have mainframe computer systems, you would have to punch out a card with your query coded in a way that could be input by its operators. The card would get sent off and you'd get a response weeks later. If you'd made a mistake, you'd have to go through the whole rigmarole again. That's what the ConDem's mean by transparency. It's quite astonishing!

How Gov aimed to exploit personal data trade

| No Comments
| More
The £3bn trade in tip-offs about people caught in car accidents has exposed the seedy side of the personal data market. Seedier still are draft government plans to cash in on this bonanza when it ought to be sticking to the Tory manifesto promise to give people a right to call the shots over their own personal data.

Plans to replace Labour's ID scheme with a private sector system of identity assurance, which Computer Weekly revealed Cabinet Office had floated to industry in April, have led inevitably to a proposal for the private sector to become more active as custodians of people's personal data as well. This is already happening to a large extent but, much to people's dismay, the private sector seems less interested in being custodian than exploiter.

In the Cabinet Office plan, British citizens would be represented by electronic identity and attribute agents (attribute being jargon for an item of personal data) in a "marketplace in trusted data provision."

"The 'trusted attribute service' economy is based on the exchange of attributes (aka claims) which are data items from a trusted source relating to an authenticated individual," said the Cabinet Office draft technical blueprint.

"They also provide a mechanism for third parties to expose such data, and operate in a market for that service," it said.

It went on to say how government could cash in on the billions already being made in the market for personal data. The idea was that people build a network of trusted relationships online and personal data supplied from members of their network can be assembled in combinations of ever-greater numbers of attributes to meet higher and higher levels of security clearance. Companies providing that data could charge for it, like police forces and insurance companies have been charging ambulance chasers for tip-offs when people are caught in a car accident.

"Government attribute providers" would under the Cabinet Office plan exist in all major government departments and feed personal data about the citizens in their charge to private sector identity and attribute agents.

"Possible examples" of data the government could trade included "nationality", the "right to work", and verification of national insurance and driving licence numbers.

"The government could potentially charge the private sector for this service," said the draft plan.

That might simply involve verification of data: whether someone is a benefit claimant or a disqualified director, or a confirmation of their nationality. In the virtual world, a yes/no answer is indistinguishable from the actual transmission of a string of data such as: "unemployed, disqualified director, from Jamaica".

These were draft plans presented for discussion. Though it is not unknown for the government to trade in people's data. DWP had for example been giving BT access to its national insurance database under arrangements that have not been disclosed.

The Cabinet Office Identity Assurance Scheme could not rely on a private sector ID market if it did not engage in actual exchange of personal data with private sector providers. The draft plan proposes people should have control over the trade in their data. But it is tempered by a warning that this may not always be possible.

That, as has been demonstrated by the example of the insurance scam, is the element of the coalition government's private sector ID scheme set to match in dread Labour's Big Brother: a market in which people's "attributes" are traded in such a frenzy that it inflates prices, leading people to be fleeced simply for being "known", pestered by vultures like ambulance chasers, and with who knows what other unforeseen consequences.

An answer to this problem has been proposed by the personal data model government has piloted at Brent and other councils, and with which the DWP and Cabinet Office have been closely involved.

That is the Mydex model, in which people are given the means to control their own personal data in their own personal agent: deciding who gets to see it, who gets to use it and on what terms. It would even give people the means to flog their own data, making them the primary agents in any market.

If that sounds too good to be true, its because the market is already getting carried away with itself. Banks are getting in on the act, as if early evidence hasn't already shown how the personal data market can inflate to the detriment of ordinary people without their help.

The government needs to act quickly to carry its pre-election promises on civil liberties to their logical conclusion. That does not mean making a song and dance about dismantling Labour's ID scheme only to throw everyone's identities to the dogs in the private sector. That means ensuring people have the means to control their own personal data, wherever and however it is held.

G-Cloud: introducing the neo-database state

| No Comments
| More
Now the Home Office has destroyed its prototype ID database in a publicity stunt, the government is putting the finishing touches to plans that would put the real Identity Scheme databases at the heart of a powerful government data sharing system.

The Government Cloud (G-Cloud), an ambitious Cabinet Office scheme to share IT resources and data across the whole of government, is seeking to remove all technical and organisational barriers to public sector data sharing.

Reports published last week by the Cabinet Office describe how G-Cloud will exhume the data sharing systems that underpinned ID Cards, along with the fatal data security risks that went with them. The principles will be applied to all government data. The plans have been overseen by the same executives who oversaw the ID Scheme's data-sharing system, the ill-fated CISx.

Damian Green Destroying ID scheme Hard Disks - February 2011 - 500 by 415 dpi.jpgThe reports state that the only limits to data sharing between government departments in the G-Cloud would be those imposed by law. It is presumed that whatever sharing is required will be permitted.

The principle was established a year ago in the G-Cloud Vision, which was drafted by Martin Bellamy, the same civil servant who advised ministers to proceed with the CISx as one of two core components of the ID scheme.

Bellamy's Vision cited the CISx as an example of the sort of data sharing that would be possible within the G-Cloud. The CISx plan had involved turning the Department for Work and Pensions Customer Information System database (CIS), which contains personal details of everyone in the country, into a system that could be accessed across the whole government.

"As it develops, the G-Cloud will become the repository of a significant portion of Public Sector data," it said.

Linking data

Bellamy's Vision laid out architectural principles explored in greater detail by G-Cloud working groups under the coalition government last year. The most fundamental was that the government should seek to ensure that data items were harmonized across government so they could be linked.

The G-Cloud seeks to harness the power of the internet to create a network of interchangeable and interoperating systems. It is envisaged that the near entirety of public computer systems would be assimilated by the G-Cloud programme in 10 years.

John Suffolk clarified the vision before he stood down as government's chief information officer last year. The government CTO Council would oversee the development of common data standards G-Cloud required.

"These standards will also ease the process of sharing data between different public sector organisations," he said.

After Joe Harley was appointed CIO in January this year, his division of the Cabinet Office put its stamp on the most up-to-date of the draft G-Cloud plans, the G-Cloud Services Specification.

The specification took the idea of G-Cloud as crucible of government data sharing and rebranded it as system for "Information Access". This involved different public bodies sharing one another's applications in order to access one another's data.

Threads and shreds

It used precisely the same language as the year-ago G-Cloud Vision to describe the framework within which G-Cloud data sharing would operate.
 
"This service will only be permitted where statute allows the data to be shared with the requesting public body," said the reports.

The only other data sharing proviso would be that "information assurance requirements for the data are adequately supported across the G-Cloud," they said.

Shredded ID Database parts - Home Office - February 2011 - 5433789496_eeb5941e9b.jpgThis lesson will be fresh in the minds of those in the Cabinet Office putting the finishing touches to the G-Cloud strategy. Harley was CIO at the DWP when the CISx plan was devised and was still there when it was scrapped last year. Ian Watmore, his boss at the Cabinet Office, spearheaded the Transformational Government strategy by which the Labour government had sought to increase public sector data sharing. The CIS got a special mention in the Transformational Government strategy as well.

The Home Office said last week its minister Damian Green (pictured) had destroyed Labour's ID database. But he only destroyed the temporary system the Home Office erected in a hurry so it could get ID cards on the streets before the 2010 election. It had still not proceeded with integrating the real ID databases because it was still trying to work out how to resolve their excruciating data security problems.

The photographs of Green shredding hard disks on an industrial estate in Essex were a publicity stunt staged to destroy a publicity stunt. It was always said the ID cards were a only a token of the sort of computer systems that have already become well established instruments of government.

The databases still exist. The government still has a plan to integrate them. And the security problems inherent in public sector data sharing have still not been resolved.

DWP spent £5m on ID database it never built

| No Comments
| More
The Department for Work and Pensions spent over £5m on an Identity Cards database so poorly conceived that it was never built.

The department spent three futile years designing the database after the Identity and Passport Service (IPS) commissioned it 2007. It was to be one of two key ID databases and would form the backbone of a system to share personal data about British citizens across the whole of government. But poor planning, inter-departmental disagreements and data security risks prevented it from being developed.

The DWP refused to reveal how much it had spent designing the aborted ID system, called CISx. The DWP press office said it would only answer questions if forced to do so by a Freedom of Information Request. The answers Computer Weekly obtained under FOI revealed how much money the government wasted on the IPS/DWP plan before it officially pulled the plug last summer.

"The cost of establishing the CISx service and developing the technical changes to CIS to enable data sharing and the storage of additional data items totalled £5,200,000," a DWP spokesman wrote in an FOI report.

The plan involved transforming the DWP's Customer Information System (CIS), which has 90m records of living and dead British citizens, into a biographic reference for government department wanting to check people's credentials and record more of their personal details.

The DWP spokesman said the department could still make use of some of CISx design work in its legacy CIS database, which is still used by more than 200,000 civil servants.

"Standards and policies that were developed have or will be used to support ongoing CIS activities," he said.

Ungovernable

He also gave an insight into the inter-departmental problems that led the ID CISx plan to flounder. The system was so ambitious that numerous government departments where required to govern and fund it, with the work being done by the DWP's Information Systems section. But their inability to co-operate caused the IPS to order the DWP plans be torn up in 2010.

The spokesman said some of those departments appointed as joint owners of the DWP CISx had contributed to its development costs.

"IPS and the Driver and Vehicle Licensing Agency (DVLA) reimbursed DWP the cost of developing the original CISx service assets, apart from the development of a financial management tool for the use of CISx services by OGDs (other government departments), which was paid for by DWP...IPS also paid for the development of technical changes to CIS."

The DWP made no reference to HMRC, one of the other departments that had been appointed joint owners of CISx. Neither did it specify amounts paid by each department.

The DWP had tried to establish an innovative means of governing the development and operation of its cross-government system. Such a system had never been built before. The governance model was untried.

The DWP elected to act as though it were an IT services company. Other government departments in on the CISx plan would become commissioners. The governance model proved unworkable.

"CISx proposed a Commissioner/Provider model and shared governance arrangements, with users of CIS acting as Commissioners and the DWP acting as the Provider," said the DWP spokesman's email.

"The DWP has decided not to adopt this model to avoid overhead costs that would otherwise need to be borne by the Commissioners and because experience led the Department to conclude that the model did not provide significant benefits over existing governance arrangements," he added.

The DWP accepted the IPS' request for the CISx in 2007 after establishing loose agreement over the system of governance with IPS, HMRC and DVLA.

DWP ID Plan - read the Restricted report

| No Comments
| More
Why would the DWP have supported the hair-brained Home Office plan to commandeer its computer assets for the Identity Card Scheme? Vanity, of course.

You can see what the DWP thought of the plan by reading the restricted policy document that comprised its approval, Use of the Customer Information System as a shared, cross-Government asset.

Thumbnail image for DWP CISx Preliminary Feasibility - report cover - Use of the CIS as a shared cross-Government asset.jpgThe DWP fawned over futile ID plan. "Pioneering," they called it. You may remember, the idea was to take Europe's largest public database of personal records, the DWP's Customer Information System (CIS), and bolt it onto the ID system to create a biographic record of everyone who carried an identity card.

It was to be the first project of its kind in the history of government. It would put the DWP at the vanguard of the Labour government's Transformational Government strategy.

"Using CIS as a shared cross-Government asset puts DWP in the lead in the Transformational Government Strategy and cross-Government co-operation. Sharing CIS supports some of the Government's most important strategic goals such as joined-up Government and the re-use of assets. It allows the release of efficiencies across the system and supports delivery that is more focused on customer needs."

Thus enthused Martin Bellamy, the DWP's then Pensions IS director. To be fair on Bellamy, who is now ICT Director for prisons, he did say the obstacles should be cleared before the work went ahead. So why did he and the IPS recommend going ahead without first eliminating those problems that, it would later transpire, were insurmountable?

Bellamy's preliminary feasibility study gave the cross-departmental green light despite the plan's gaping holes.

But the final word came from the Identity and Passport Service, whose official Feasibility Study gave ministers the confidence to approve the flawed plan. We'll come back to that later.

For now, one might say that hindsight is all very well, and feasibility is an art, not a science. Feasibility Studies are technical manifestos: a declaration of intent; a conspectus of what consensus there is to have something done. The art of the feasible is always a gamble.  Done properly, however, it gives the odds; it doesn't attempt to swing them.

Advisers foretold ID's doom

| 3 Comments
| More
The Identity Card Scheme offers a lesson in the infeasibility of IT systems held to political ransom. The cost of failure was too high for the Labour government. So the Home Office pressed on Quixotically with the system, despite never overcoming its critical weaknesses.

The picture that has emerged with the publication of last week's Independent Scheme Assurance Panel report is one of a government department hashing together on the fly a system of a size, complexity and sensitivity never before attempted. It may have been too big to fail, but it was also too much to handle.

The Home Office was obliged over the years to issue empty assurances that everything was under control and that it was addressing the repeated warnings given by ISAP. Can you handle a project of this size and complexity, asked ISAP in 2007. Yeah, 'course we can, said the Home Office - we've recruited some more executives.

In failing to deliver on those assurances, the department gave an indication of the amount of strain its IT experts must have been under. Working on a panacea project must be like happy-clapping at a cult.

The inconvenient imperfections of the ID plan were spelled out clearly in ISAP's 2007 report, compiled in the year after the Home Office cut the ribbon on the system blueprint and set their IT chumlies off on their futile quest.

After three years of development, the problems still had to be addressed. And very little of the blame could be put on the poor techies building the system. The snags were political. The fault was incompetent ministerial direction.

Writing on the wall

Data security risks identified in 2007 were never brought under control. And much else ISAP and good sense required of the ID project in 2007 was never fully addressed.

Public trust essential to the scheme was never secured. Inter-departmental differences over the accountability, funding and ownership of the cross-government system architecture were never settled. A "robust and transparent" system of data governance was never established. The system requirements were never properly defined and neither were its benefits, though both were crucial, it was and is commonly said, before the system could be properly designed.

Vital skilled staff were never recruited. A system of competent organisational governance was never established. Cross-government support was ever obtained and a cross-government standard of identity data and management was never agreed.

It was being built, against ISAP's advice and accepted wisdom, on "shifting sands". And contracts with suppliers were let, to satisfy a political timetable, despite these crucial preliminaries not being clarified.

This must have been especially awkward for the Home Office and may explain why it disbanded ISAP in 2009. No matter that the oversight panel was set up after the Home Affairs Select Committee said in 2004 that the Gateway review process (through which the Office of Government Commerce usually seeks to prevent embarrassing IT failures) couldn't be trusted to oversee a "project of this scale". Don't worry, said the Home Office, we'll set up an independent oversight board.

Had the Home Office given ISAP more credence, a lot of time and money may have been saved. The panel's first public warning put the writing on the wall: data loss will lead to a loss of public trust that, it implied, would be the project's ruin. There were real risks of data loss, it said. Something had better be done about it because people won't stand for it.

Mind bending

This was to be done with a PR exercise that would win public trust by showing how security concerns had been addressed. People would be told the system's tolerance for errors. Said system would have not only to be "robust" but also "well respected".

The problem was swept under the carpet. Civil servants were being sacked for snooping on the Customer Information System (the DWP database that was to form the biographical core of the ID system) before the scheme began. They were still being sacked after the scheme was scrapped in 2010. The DWP's precautions were shoddy, the security leaks were proving unmanageable and the DWP refused to reveal the error tolerance of the CIS. It may not even have known.

You have to wonder how the ISAP overseers felt about it all in the end. Nokia CEO John Clarke, Cranfield Professor Brian Collins, ex-First Direct Bank CEO Alan Hughes, BAA IT director Malcolm Mitchell, and ex-HSBC Bank CIO Fergie Williams: these sort of people are not used to being fobbed off.

Being from the commercial world, they are also accustomed to developing systems that rely for their success on customer choice. Paradoxically, they advised that the ID scheme would only succeed if everyone was forced to use it. This exposed the lie in Blair's ID sales patter, the come-on-you-know-you-want-it approach to civil security: everyone was going to get it anyway, whether they liked it or not.

Sad ending

"To be successful," the ISAP said, "the scheme has to become the government's (and the commercial sector's) primary means of identifying individuals and controlling updates to and use of their data."

It sounds preposterous now. Citizens no more like the Home Office watching them for their own good than foreigners like having bombs dropped on their heads for their own good.

The ID scheme gives us one other amusing paradox to ponder. From ISAP's perspective, it demonstrated how a lack of transparency in public policy and execution led inevitably to costly failure. Yet had the government come clean about the risks, it may never have won the public's support in the first place.

Transparency is the only hope we have of overcome the endemic problem of public databases being snooped.

What support people had given ID was befooled. The sands shifted so much under the ID scheme that it's hard to say what it was meant to do in the first place. Someone should nose around the Home Office with that very same question in mind. When they come across its fascistic database of identity-carded foreigners they might ponder whether it would ever have been approved either had the opening sales gambit not been ID-for-all.

Papers please!

| No Comments
| More
The House of Lords has been scrapping Identity Cards this last fortnight. Sort of.

It's not simply a matter of "scrap the ID scheme", as the coalition government promised. It's like one of those magic tricks: the Identity Documents Bill will make ID cards vanish but - tadaah! - the government will still be holding the powers that made them so objectionable in the first place.

This ID scrapping bill won't be enough "to stop the development of a 'papers please' culture in Britain," says No2ID in its brief on the legislation.

That 'papers please culture is the one in which bus conductors have been replaced with revenue inspectors. It's the one in which a jolly whistle and the ting-ting! report of a portable ticket machine have been replaced with the hiss of a walkie talkie and the rustle of bomber jackets as they huddle round.

No2ID takes particular offence at how the ConDem's ID legislation will make it a criminal offence with up to 10 years imprisonment to try and carry off a false ID.

There are no end of reasons why someone might justifiably goof some busybody official into thinking they are someone they are not. They might want to send Transport for London's heavies the the wrong way for a start.

Or they might want to get lashed before they are 18. No2ID reckons the last government lost no time in seconding its terrorist-nabbing ID legislation to the task of bagging underage drinkers.

Yet the strangest thing about the ConDem's ID Doc's Bill are in is its Clause 10. And they are its data sharing powers. The ConDem's will with this bill introduce a wide power for linking disparate data sources to passport records, to keep them for police intelligence and to extend them at the home secretary's discretion. Just the sort of powers they protested about in opposition.

IBM will meanwhile continue operating the stump of the ID system, the National Biometric Identity Service (NBIS) database, as a database of foreigners. Liberty notes rather politely the "divisive and objectionable" fact foreigners will still have to carry ID cards in Britain.

It as though the nation has forgotten the plot to The Great Escape, though it is possibly the most replayed movie in history.

Not that you can compare British officials to Nazi commandants. The ID Docs Bill doesn't give them the power to take you into the woods to have you shot if you have the wrong papers. They will merely have the power to send you to prison for 10 years.

ID v2.0 - the ConDem Pitch

| No Comments
| More
Want to know how the Identity Scheme will look under the ConDems?

Mydex, the company providing the technology for the government pilots* spelled out the vision for ConDem ID v2.0 at Socitm 2010.

We recorded the pitch. You can hear it using the podomatic player below.


The Cabinet Office tells us it dusted off the Crosby report for the occasion. Crosby said in 2008 that if the government wanted a sensible ID scheme it should leave it for citizens to sort it out themselves with the private sector. Be done with this big brother database, said Crosby between the lines. So the government kicked his report into the long grass. And it seemed like we'd never hear of it again... 

Until the  28 August, when the coalition government certified its commitment to a liberal identity scheme in the Official Journal of the European Journal.

It called for companies who can furnish people with a proof of identity the government can use to deliver them services. It wanted ideas for the...

"...establishment of the provenance of identity, verification of a person against an identity, verification of the authority to conduct the transaction, validation of personal data related to the identity, fraud prevention, malware prevention, and assurance of appropriate security when accessing a public service through all channel types including but not limited to online and telephony."

The DWP's Tell Us Once is taking the lead on this. The idea is after all to allow people to look after their own personal data, instead of having the government do it for you, or to you. Just as Crosby recommended. How extraordinary it now seems that it may have been any other way.

Jerry Fishenden, the LSE fellow and Cameronean think-tank compadre, says these plans are so old they go back to the December 2000 plan for an E-government Authentication Framework.

The US has since leapt ahead with the same ideas. They'll probably be doing our ID systems for us before long.

Fishenden's written a paper about what the yanks are doing and why we're now doing it too: it's called The Obama Effect, apparently.

* being run the the DWP, HMRC and Brent, Croydon and Windsor & Maidenhead Councils

ID cards are dead, long live ID

| No Comments
| More

As the government acts to scrap the identity card scheme, it has already begun work on a replacement.

Or working with a replacement, as the case may be. Because the alternative to megalomaniacal Labour's flagship Big Brother project is not a government project at all. It is private.

And it's based, appropriately, in Bethnal Green. Home of the Libertines.

That was the birth place last week of Mydex, the Community Interest Company that calls itself the world's first personal data store.

The Cabinet Office, DWP, and Brent, Croydon and Windsor councils have joined the pilot. It will do a form of federated ID management. It's what will get after Labour's ID scheme is dismantled.

There's a faction of government that has long waited for this moment, if you are to believe Mydex Chairman William Heath.

"It's great fun talking to people in the Cabinet Office Central IT Unit who remember these plans very well," he told the Socitm conference last week.

"Because the whole post 9/11 security agenda took online identity down a very strange path. Clearing the decks with that means the end of a lost decade. And it means we can get back to a more sensible path, which is user-centric, federated identity management."

Business as usual

The Cabinet Office is at this very moment dusting off plans for federated identity that Heath reckons have been on the shelf since they were last government policy in 2000.

It will involve private companies validating people's identities and issuing certificates of proof on request. Mydex has established a biographical data store of the sort that was going to form a part of the National Identity Register.

It proposes instead to put people in control of their own personal data store, deciding who can get at it, when and under what conditions.

Heath proposed it as the Big Society does personal data. Since everyone takes responsibility for managing their own data, the cost of maintaining it, the organisations required to do so, and the risk of Chinese whispers, unkempt stores and an insalubrious trade in personal data are all reduced.

The government's Tell Us Once programme has been associated with the pilot. The DWP is working with the IPS to consider its implications for identity.

ID be back

Something like Mydex would work as an ID system storing authentication tokens provided by trusted third parties like, perhaps, the GP surgery. Or the local authority. Or indeed the IPS.

Mydex propose people will use it to get parking permits, guarantee their credentials for job applications, let people see the results of their CRB check, register births & deaths, make planning applications, prove their age, planning applications, update the electoral roll, get a TV license, and tell anyone who wants to know about a change of address.

Imagine the money saved on the census, says Heath, if it merely polled people's personal data stores electronically.

(And imagine no longer having the embarrassment of the British democratic census being run by US defence industry giant Lockheed Martin - though it would be a convenient way to register deaths if we have the same company poll people as bomb them).

Borg authentication

What will replace Labour's ID scheme may not be totalitarian, but it will be total.

We shall have to see how the government legislates to legitimize and perhaps obligate people to release data from their personal stores before we can see what the catch is.

The worrisome complaints the likes of No2ID and Liberty have about the Identity Documents Bill, through which the government is seeking to couch its repeal of the Identity Cards Act with provisos, give some clues as to how libertarian a future we will enjoy.

The name given it by the Harvard University project to which Mydex is connected is vendor relationship management. Heath calls it user-centric identity. There are different priorities on different sides of the pond. Meddler management will do.

Subscribe to blog feed

Archives

-- Advertisement --