Gissa proper National ID Card

One of the biggest flaws in the National ID Scheme’s architecture is its failure to support peer-to-peer authentication in any meaningful way. The government has promoted it as a way to interact with government, UK border controls, proof of age scenarios, and… that’s about it really. However, this is a classic case of designing a system around the needs of a minority user group: those who lack other trusted credentials, or often come into contact with the authorities. It’s an approach that disregards the needs of everyone else.

Like most people with a ‘conventional’ lifestyle (i.e. someone who is not regularly in contact with police, UKBA or social services) I rarely need to prove who I am. My wallet contains two credit cards and a debit card, a few bits of plastic for club memberships (IoD, British Cycling, Britannia Rescue etc) and that’s about it. On a couple of occasions each year I have to dig out my passport from its safe storage in order to a) travel or b) prove who I am for a new financial services product (e.g. moving mortgage provider or changing mobile phone company). Those occasions aren’t an inconvenience for me, since I know when they’re going to happen, and otherwise my passport lives safely locked away.

In this context, a National ID Card – as envisaged by the government – is a complete waste of money for me. It adds no value over a passport, which I’ll still have to own for travel purposes. Furthermore, because the Identity & Passport Service has designed the scheme entirely around government needs, it has been rendered useless for anyone else. Only an organisation with a card reader connected to the National Identity Register can obtain a ‘trusted’ authentication, and that authentication is a one-way process – there’s no mechanism for the card holder to confirm they’re really dealing with an authorised official. In fact the card can’t even support Chip and PIN functionality, so it’s less trustworthy than the average credit card.

And it’s the failure to provide mutual authentication that is the most disgraceful aspect of the scheme’s architecture. Here’s an example. Yesterday I received a knock on the door, and a young Liverpudlian waved a bit of card at me, politely introduced himself as a young offender working in a rehabilitation programme, and asked if I might be interested in buying some household items from him. Now I have no way whatsoever of knowing whether such a scheme is legitimate, or if he’s just casing the house for a later break-in; whether the card is real or if he is the authorised holder; and whether I can trust him in this context.


(Bernard Hill as Yosser Hughes)

Now if I had a useful peer-to-peer authentication mechanism, I could have verified the legitimacy of his claims about organisation and employment; checked he was the cardholder; and would happily have purchased something. As it was, I politely sent him packing.

If the government wants an identity scheme that will genuinely engage with marginalised or disadvantaged groups; prove meaningful and valuable across the entire population; and build trust rather than facilitating flash and dash fraud; then it’s time to scrap the current approach and start again with something that reflects the needs of everyone, not just the Identity & Passport Service. Build it as a Psychic ID Card that can be applied across a range of scenarios without accumulating personal data or compromising privacy, and encourage individuals to invent innovative applications. But don’t lumber us with a scheme that costs billions and fails to serve the needs of those who need it most.

Oh, and if that salesman is reading – come back with proper ID and I’ll happily buy something from you.

[And for the under 40s, if the word ‘Gissa’ means nothing to you then here’s Bernard Hill’s seminal character who coined the phrase ‘Gissa job’]

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Toby Stevens article has one problem; it is far too reasonable. The government's ID card scheme is mired in very old fashioned thinking about central databases and terminals accessing data under tightly controlled conditions. One does wonder if the eminent consulting firms retained to advise on the system ever pointed out its manifold defects. They fall into three areas. Firstly the reliance on a massive biometric database is misplaced. Even Home Office boffins have deep reservations about the reliability of a biometric ID verification system with 60 million records. Second, the public is deeply uneasy about the IPS' insistence on keeping records of every occasion on which the database is accessed. They can shout as loud as they like that they are keeping the information for the cardholder's benefit, but no-one believes them (we all know that it is possible to have a system which does a good job of verifying ID but keeps no records). Lastly, as Toby Stevens says: the vastly expensive, intrusive and technically backward government system solves a problem very few people actually have. Most of us can get on fine without this system - although a modern system with the functionality suggested by Stevens would be very popular.
Blast, I'll try to be less reasonable next time :-)
It's worse than that - not does the NIS not support mutual authentication, it also doesn't support any sort of remote authentication. You have to physically hand "your" ID Card (which actually belongs to the Secretary of State) over to the official to whom you're identifying yourself. The Scheme does not even support remote authentication with itself - changing anything other than trivial details in "your" National Identity Register entry would involve a trip to a government office for a face-to-face interview. It also doesn't support identifying corporate entities like companies, for purposes like filing corporate tax returns online. If you can't fingerprint it, the NIS can't identify it. There's a bit more detail and some references in this article wot I wrote:
I wrote a tender recently for an ID card system for use in the educational sector in a Middle Eastern country. The first thing built into the process was flow was a mutual authentication system with added value of "two man/four eyes" authorisation. Anything less would have been completely useless and open to abuse. Any IT consultant worth anything would definitely know that. I mean, if someone phones you up and says they are from some government department and please hand over all your details, you would hardly do that (I hope). Makes me wonder who was advising the government on this subject. Whoever they are, they need to get back to the basics of IT systems design.