Technology now makes possible a society-wide identity infrastructure that simultaneously addresses the security...
and public service needs of government and the privacy needs of individuals, writes Jerry Fishenden, national technology officer at Microsoft.
It is important to achieve the right balance between the security needs of the public sector and the citizens' right to be left alone. Properly balanced, it will restore citizens' trust in proposed UK identity initiatives, and reduce data losses and ID thefts that arise from current practices.
Citizens need to be assured that any UK scheme will help protect their identity and personal information better. It is possible to create an attractive, government-backed identity protection scheme that is truly citizen-centric.
Three decades of research by information security professionals has led to a privacy-enhancing security technology called "minimal disclosure tokens". Using this technology, organisations can securely share identity-related information in digital form via the individuals to whom it pertains, in a way that ensures security and privacy for all parties involved in the data flow.
Minimal disclosure tokens prevent any unauthorised manipulations of protected identity information, not only by outsiders but also by individuals themselves. This is much like the way that plastic cards in one's wallet resist unauthorised manipulations (such as cloning, lending, and modifying) by their own holders.
In addition, such tokens allow individuals to see the information about them that is shared. It lets them selectively disclose only those aspects required to gain access to services, and can disclose identity information without leaving behind data trails that third parties can link and trace all of their actions to exploit for their own (illegitimate) purposes. For example, a token would allow a citizen to prove to a pub landlord they are over 18 without revealing anything else, not even their date of birth.
The privacy features of minimal disclosure tokens do not make Government services become anonymous or pseudonymous where previously there were not. Instead, they ensure that individuals enjoy high levels of privacy when interacting with government, potentially stronger than those they enjoyed in the paper-based world.
Citizens are likely to find such an approach to identity authentication and management increases their security and privacy and hence provides a more attractive proposition than is currently available. Yet at the same time it would enable them to enjoy joined-up government services without any associated risks to their personal information.
The alternative model, whereby government indexes everything off a single, centrally stored identifier that maps to all of an individual's programme identifiers - such as currently proposed - carries tremendous risks. It creates all-powerful central systems that can electronically monitor in real time all service accesses of individuals, and enables these central systems to surreptitiously access the accounts of any individual.
Furthermore, the central parties themselves become attractive targets for denial-of-service attacks and insider misuse. Centralised identity models have been shown to be a major source of identity fraud and theft, and to undermine the trust of those whose identity it is meant to safeguard.
Government still has a chance to regain the trust of citizens by implementing identity infrastructures that are genuinely citizen-centric, that enable the delivery of joined-up services, and that minimise and reduce the risks of data loss and identity theft. Industry is currently implementing all of the components necessary to implement such identity infrastructures. All it takes is the will to do it.