The significance of the Identity Assurance programme

Dear David

You recite straightforward facts almost as if they were a conspiracy. But since you now do it in Computer Weekly, which is a respected neutral forum, let me just once set out my part.

Five years ago a small group of us became convinced that individual control over key personal data was an important missing dimension that would be helpful in addressing our concern about the national ID scheme and the database state. This included me and Alan Mitchell, who had written the book Right Side Up and created a "Buyer-centric commerce forum". We wondered why the shift to VRM hadn't happened already, given the case for it is strong in terms of economics, tech and human rights. And we wondered what business model would let us pursue the idea.

One idea was Ctrl-Shift (based on a business model similar to Kable which did research and analysis of government IT). Another was Mydex: a social enterprise with the CIC legal form (ie a private business limited by shares but regulated to be asset-locked and limited in what it does with profits, putting the majority back to its community purpose).

They did start in the same place, and Alan and I were involved in founding both.

I've referred to this many times, including on the Ideal Government blog which you know very well having written for it many times. Ctrl-Shift carries a note about our relationship. We do not exactly deploy Bilderberg-style levels of secrecy.

As both businesses started to gain traction I stopped any executive role for Ctrl-Shift (though I remain a shareholder as you rightly observe). Alan is flat out busy with Ctrl-Shift and does not have any executive role with Mydex though he remains a co-founder, director and shareholder.

Mydex has been generally unsuccessful with TSB bids, but we did complete one useful project with Voxgen for voice authentication which may prove very helpful for more secure access control.

What's really biting you? If you set out your questions and concerns I'll try, as I have offered before, to answer them. You've got my email address (I still get your press releases) and probably my phone number.

This is a big change we are all embarking on. Midata and ID Assurance are both a big deal. It does call for well-informed, sceptical vigilance. It's not a time to "shut up and stop criticising" and no-one is saying that; rather it's a time to be more critical and more effective in how we're critical.

Let's understand what the real issues are, and see how the businesses involved measure up to what's being asked of them. This calls for careful scrutiny of technical and legal aspects of the services, and of the underlying intentions, core activities and governance of the businesses involved.

I agree about the term "Identity Provider" btw. We think it's more about proofs of claims: being able to acquire and reuse them. But what the customer wants...

#1 of 3

Dear Toby, thank you for your response.

The public may be right to have only a fragile confidence in eCommerce. You assume that it is possible to create on-line trust. That’s begging the question. It may be inherently dangerous to do business on the web. That’s a problem. And there may be no solution to it.

The public has been promised sometimes an ecosystem and sometimes a market in identity assurance. Either way, we’ve been promised competition and only the best adapted species will survive. Markets are fairly rough and nature, of course, is unsentimentally ruthless. To find the successful identity assurance solutions – the trustworthy ones – we need a chaotic period of competition. We need precisely the range of privacy-protecting and “ugly” solutions that you decry.

You mention Finland and Estonia. They may have arrived at population-scale trust schemes and digital-by-default public services. And private sector services, too. They may have done, I don’t know, but I do know that it was thanks to Estonia’s reliance on digital-by-default that Russia was able to bring the country to its knees in 2007 with nothing more sophisticated than a distributed denial of service attack. If that’s the price of a population-scale trust scheme, no thanks.

In your 16 October 2012 essay How I learned to stop worrying and love identity assurance you make a long list of the faults in the old National Identity Scheme (NIS). The public knows nothing about the scheme the Post Office intends to bring to the government’s Identity Assurance Programme (IDAP). So we can’t tell whether your scheme avoids the problems of the NIS. Can you tell us? Will the Post Office scheme:

1. Be ill-conceived
2. Be illiberal
3. Have tens of thousands of end points
4. Have hundreds of thousands of users
5. Create a central database recording a “deep truth” about everyone
6. Record every interaction between people/businesses and the state
7. Be a panopticon
8. Defend us against terrorism and crime including illegal immigration
9. Make our lives easier
10. Be a secure solution
11. Be a tailor-made solution rather than requiring three ill-fitting silos to be pressed into service
12. Allow public servants to snoop on us
13. Be any more accurate than today’s large databases, with their duplicates and omissions and false/out of date data
14. Require us all to carry a material plastic card
15. Require us all to maintain the dematerialised digital equivalent, a personal data store
16. Protect our privacy. If so, how?
17. Serve the needs of the public rather than civil servants
18. Provide a federated identity scheme
19. Abide by the best practices which emerge from the open identity exchange
20. Be based on private sector identity providers only, no public sector bodies.

It’s your list, not mine. Apart from No.15. How does the Post Office scheme measure up? Is it more desirable than the NIS? You start with a big problem – in the DWP/Universal Credit application of IDAP, the government is paying for everything and may expect as a result to control everything. As you work your way down your checklist, do you still love IDAP, or do you start worrying again?

[Note: Paragraph removed by Toby Stevens 22/11/12]

#3 of 3

Dear William, thank you for your response.

Ctrl-Shift, we are led to believe, is a champion of VRM, vendor relationship management. And yet, while it recommends Mydex, Ctrl-Shift repeatedly fails to make clear that the two companies are arguably “associated”, as defined by HMRC. In which case, that is a poor example of VRM – what looks like independent advice is anything but, the public is being misled.

Mydex is about “proofs of claims”, you say, i.e. credentials. What are Mydex’s credentials? How can Mydex offer people control over their personal data? That control is not in Mydex’s gift, it is not Mydex’s to grant, the offer looks misleading.

How does Mydex propose that people should gain control over their data? By giving it all to Mydex and storing it in a PDS which will be continuously updated with their transactions. And it’s not one-way traffic – the suppliers’ records will be updated whenever necessary, e.g. on change of address. This looks more like losing control than gaining it.

Mydex claim that people will benefit from having their transaction data analysed by a new class of apps in what Ctrl-Shift call “the quantified self space”. The company seems to be luring people to share their data with more and more strangers, further diluting their control.

How much would it cost to subscribe to these apps? No-one knows. But it wouldn’t be free and that point is not made clear in Ctrl-Shift’s public pronouncements, or Mydex’s, or in the public pronouncements of the Department for Business Innovation and Skills (BIS). Again, this is a poor example of VRM.

The data people would be expected to hand over includes their user IDs, their passwords and the answers to secret questions – all the data normally asked for on websites where identification is an issue. How do we know that? How else can our PDSs be permanently updated with transaction data if they’re not logged on to our bank accounts, mobile phone accounts, Amazon accounts, HMRC accounts, and so on? Also, the department for Work and Pensions (DWP) tell us so in their press release about the UK’s putative identity providers: “... providers will be required to ... minimise the number of usernames and passwords a customer will need to remember ...”. People will be asked to give their “keys” to Mydex and/or any of the other six identity providers. In other words, they will be asked to hand over control, the opposite of the Mydex prospectus.

How safe would people’s data be on Mydex’s servers? Or the servers of Mydex’s sub-contractors? What are Mydex’s credentials? Why should Mydex be regarded as a trusted third party? The difficulties of keeping data safe on the web are barely mentioned by Ctrl-Shift, Mydex and BIS, at least when they are promoting midata. It looks as though these three organisations are luring an unwary public into danger.

It is disingenuous to ask “what's really biting you?”. That has been made clear since at least 9 June 2001. It has also been made clear on my blog in about 20 posts starting with this one on 16 November 2011.

“If you set out your questions and concerns I'll try, as I have offered before, to answer them.” But the questions have been set out, they haven’t been answered and your latest offer on Twitter was first deleted and then qualified by subsequent direct messages. Perhaps, in the name of respectability, the public will now be favoured with some answers.

Re comment @ November 25, 2012 2:34 AM

vendor relationship management: http://en.wikipedia.org/wiki/Vendor_relationship_management

associated: http://www.hmrc.gov.uk/manuals/ctmanual/CTM03710.htm

the quantified self space: http://us1.campaign-archive1.com/?u=aa987c7a122436a4607c471a0&id=77dfccefb5&e=caef247d87

identity providers: http://www.dmossesq.com/2012/11/identity-assurance-convenient-itll-make.html

9 June 2001 (should be 9 June 2011 10:00:31): http://forum.no2id.net/viewtopic.php?f=2&t=35514

16 November 2011: http://www.dmossesq.com/2011/11/ed-davey-problem-solver-midata.html

David

I have offered to speak with you directly. That offer is still open. Having made it, I don't propose to debate your misconceptions here or anywhere else online. I blocked you on Twitter - as I said I would - simply because you chose to continue sniping at me rather than engage in a reasonable conversation, as we have done in the past.

William

Mydex is offering certain services to the public and it makes certain representations about those service in public. Giving users control over their data, for example.

I have raised certain questions in public about those representations (for example, above @ and others listed above @ November 25, 2012 2:34 AM) and the longer Mydex goes without answering them in public, the odder it must look to the public.

I am asking critical questions about midata and Mydex (recommended by you @ November 20, 2012 8:42 AM above) and have been for a year or so now, without any answer.

How could blocking me from your Twitter account stop me from asking those questions? I trust that the strategies adopted in midata and Mydex are more effective.

Answers. In public. Highly recommended. Good strategy. Worthy of the name "VRM". Credentials, please.