Where does this leave UK Government ID policy - given the growing political pressure to combat immigration and linked benefit fraud and health tourism by moving to continental style resident's/entitlement cards? Also where does it leave the need to rebuild confidence in on-line security, particularly on the part of the small on-line retailers who are disproportionately subject to on-line fraud.
My immediate concern remains, however, whether the well-intentioned EU Cybersecurity initiatives will end up doing more good than harm. If data breach notification is already the most common means of stealing ID information how will demanding more of it help address fraud? Geothe said that the most dangerous force in thw world is "ignorance in motion". The time to reset the agenda so that the real issues are addressed is now - not in a couple of years time when we will face a rearguard action. Hence the importance of the plans for scrutiny being made via the Digital Policy Alliance.
At this point it may be helpful to remind you whose tribal agendas have to be brought together if we are to make a reality of bringing ID related fraud under control in the UK. I know we have recently been told that Cabinet Office has "taken back responsibility for ID policy from DWP" but has Cabinet Office had the authority to do much more than "co-ordinate" and/or delay progress on what it does not like. Below is my attempt to "Map" the UK ID scene - I would be grateful for comment on the errors and ommissions:
Extract from Philip Virgo's "Map", alias brain dump, of Cybersecurity Players and Issues
Section 2.3.3 Identity Assurance (inc electronic IDs, Internet names and addresses)
Law enforcement and Criminal Intelligence files of identities and aliases
National Fraud Authority and "Fighting Identity Crime Together"
Borders Agency: identity of those entering/leaving, acquiring
SARS, Anti-Money Laundering and related IDs (see also Treasury)
and aliases of those within justice systems, from prosecutions, through
courts, prison and probation to criminal and civil records
Lead on EU e-ID initiatives
control orders and sanctions on foreign regimes.
Companies House: legal identities for Companies and Directors
Ordnance Survey and Land Registry: legal identities for properties
Post Office/Royal Mail: address files
UKTI: programme to encourage inward investment in cyber and ID also ID/VISA issues for those it is seeking to attract
DCMS including via Ofcom, Phonepay Plus and Nominet
Phone Numbers and Internet names and addresses.
CESG, UKTI (shared with BIS)
NINO and identity of benefits claimants, incuidng those from other parts of the EU
National Health Service Numbers and a wide variety of other reference numbers
Banking Regulation "Know your own customer rules"
HMRC: Legal identities of corporate and individual taxpayers and tax credit claimants
identity of drivers and vehicles .
UK OIX Group
"Co-ordination" of identities for citizen dealings with Government
"Co-ordination" of identities for Government employees
Electoral Register (joint with DCLG and Local Authorities)
ID tokens in use across UK as common "proofs" of identity/age
Local Authority ID Cards (15 use the Bracknell card)
Other ID/Authorisation Tokens and Access/Transaction Cards
IDs and Access Cards for public and private sector employees, contractors and agents: from Armed Forces, Police, Emergency Services, Councils, Utilities and others to Charity Collectors
Frequent Flier cards:
Customer Cards (with or without transaction bonuses)
On-line ID services Paypal, Google, Microsoft etc.
The list above may help explain why I have more than a little sympathy with those who are expected to produce a coherant policy other than "leave it to the market and use what works and is fit for the purpose in mind". That is also why I am so cautious about EU ambitions in this space, given that so many wish to get revenge for world war 2 by doing to London what they have just done to Cyprus. I wonder why removing Luxembourg from the money-laundering and tax avoidance scene is such a taboo subject. Has is something to do with ....