Back to school

Dave Birch has done an excellent job of describing a point that is oft-discussed in identity/privacy circles: that we in fact rarely need to identify ourselves. Government ministers bang on about how good citizens need to identify themselves many times each day. Utter poppycock. We need to prove entitlement to a service, or authenticate ourselves as the legitimate recipient, but we rarely need to identify ourselves. Please can we sit down with the policymakers and educate them on some of the most elementary principles of ID before they start writing user specifications for massive database systems? (Of course if we educated them properly, the systems wouldn’t be massive in the first place).

I get particularly annoyed when I’m asked for inappropriate credentials. Government offices will very often request a credit card so that I can prove who I am when going into a building. What exactly does that prove? That I’m capable of stealing a wallet or making a false credit card? My solution is always to respond to a request for an inappropriate credential with an inappropriate credential: my favourite cards are my National Rifle Association membership (that always leaves security guards with a dilemma) or my CLAS membership (a little piece of laminated card that in theory says I have security clearance, but in practice has nothing to bind it to the bearer other than a name on the front).

Of course the politician’s response to this problem is to day that it proves the need for an identity card. Oh no, it doesn’t. It proves the need for an identity metasystem, and that’s a very different beast indeed.