When IT Meets Politics

Philip: It's late and I havent read it carefully. But the whole statement is built on the assumption that goverment should be our identity provider for online services.

But I think there's a strong case to be made that it should not. It concentrates too much power.

Our personal data is our own, and it's valuable. We dont want it to become concentrated in government, out of our control.

We want a competitive market in user-friendly and flexible online identity provision services. This policy is about coercion, not choice. It says its about empowerment, but it's not.

Far better to say:

"People need to access stuff online, including government services. Therefore we're announcing that from today we'll accept a range of independent identifiers for all our various services. But if you want a sensitive service it'll need to be a secure one.

"As new ID services become available we'll be happy to add them to the list of accredited services."

William - Two points:

(1) We don't want the data to be concentrated anywhere - events have shown that the only sure defence against massive data leaks is not to have massive data.

(2) Who does the accreditation and against what standards?

> (1) We don't want the data to be concentrated anywhere - events have shown that the only sure defence against massive data leaks is not to have massive data.

Quite agree. Personal data is best left to the greatest possible extent to those who care most about it and know it best: the data subject

> (2) Who does the accreditation and against what standards?

I guess it's best done by whoever picks up the liability if it goes wrong. The standards will have to evolve and emerge. But today I think we'd say a Google, Yahoo ID is convenient but doesnt provide any security. An Amazon or PayPal one is still quite convenient and provides some level of assurance (but not of uniqueness). A bank logon (esp with card reader) is getting quite good...