Identity Management – Who Decides?

Today’s DTI Conference on “Ensuring privacy and consent in identity management infrastructures” was a significant step forward for identity management and privacy in the UK. Amongst other things, it demonstrated that Government stakeholders are open to new ideas and, more significantly, they’re prepared to fund them. They’re also attempting to engage a broader audience of contributors from Industry, Government and Academia. I applaud that.

Some cynics would regard my views as optimistic, perhaps a little bit “on message”. That’s not correct. I’ve been a vocal critic of security in the National Identity Card programme, though I found little to fault in what I heard yesterday. I have high standards of expectation about both the level of security and the degree of consultation with the public. But I’m also realistic about the politics, the risks, the opportunities and the options. So I try to frame my criticism in the context of what’s reasonable, affordable and, most importantly, do-able.

Not everyone agrees me. Casper Bowden of Microsoft, for example, questioned the lack of privacy technology professionals in the room, suggesting that the assembled audience might not have sufficient knowledge to shape public policy and research. I disagree. What we need is a blend of visionary technologists, down-to-earth commercial users, experienced social scientists, smart marketers and experienced practitioners. That’s how you solve those difficult, complex social and technical problems.

I believe the UK Government is trying to get that balance right. It’s taken a while to engage some of the key stakeholders. But let’s keep that dialogue going. We must not let important societel subjects be hijacked by the tiny elite of privacy anoraks. I’d rather hear more from the battle-scarred practitioners of real identity management projects, and the social scientists who’ve spent their time trying to understand the motivations of the Echo boomers. We need to draw on a wide range of skills and experience to solve the numerous social and business problems associated with federated enterprise identity management. Please don’t leave such decisions to the handful of enthusiasts, the politically-correct brigade or the (hopefully) shrinking army of neo-Luddites.