One of the biggest flaws in the National ID Scheme’s architecture is its failure to support peer-to-peer authentication in any meaningful way. The government has promoted it as a way to interact with government, UK border controls, proof of age scenarios, and… that’s about it really. However, this is a classic case of designing a system around the needs of a minority user group: those who lack other trusted credentials, or often come into contact with the authorities. It’s an approach that disregards the needs of everyone else.
Like most people with a ‘conventional’ lifestyle (i.e. someone who is not regularly in contact with police, UKBA or social services) I rarely need to prove who I am. My wallet contains two credit cards and a debit card, a few bits of plastic for club memberships (IoD, British Cycling, Britannia Rescue etc) and that’s about it. On a couple of occasions each year I have to dig out my passport from its safe storage in order to a) travel or b) prove who I am for a new financial services product (e.g. moving mortgage provider or changing mobile phone company). Those occasions aren’t an inconvenience for me, since I know when they’re going to happen, and otherwise my passport lives safely locked away.
In this context, a National ID Card – as envisaged by the government – is a complete waste of money for me. It adds no value over a passport, which I’ll still have to own for travel purposes. Furthermore, because the Identity & Passport Service has designed the scheme entirely around government needs, it has been rendered useless for anyone else. Only an organisation with a card reader connected to the National Identity Register can obtain a ‘trusted’ authentication, and that authentication is a one-way process – there’s no mechanism for the card holder to confirm they’re really dealing with an authorised official. In fact the card can’t even support Chip and PIN functionality, so it’s less trustworthy than the average credit card.
And it’s the failure to provide mutual authentication that is the most disgraceful aspect of the scheme’s architecture. Here’s an example. Yesterday I received a knock on the door, and a young Liverpudlian waved a bit of card at me, politely introduced himself as a young offender working in a rehabilitation programme, and asked if I might be interested in buying some household items from him. Now I have no way whatsoever of knowing whether such a scheme is legitimate, or if he’s just casing the house for a later break-in; whether the card is real or if he is the authorised holder; and whether I can trust him in this context.
(Bernard Hill as Yosser Hughes)
Now if I had a useful peer-to-peer authentication mechanism, I could have verified the legitimacy of his claims about organisation and employment; checked he was the cardholder; and would happily have purchased something. As it was, I politely sent him packing.
If the government wants an identity scheme that will genuinely engage with marginalised or disadvantaged groups; prove meaningful and valuable across the entire population; and build trust rather than facilitating flash and dash fraud; then it’s time to scrap the current approach and start again with something that reflects the needs of everyone, not just the Identity & Passport Service. Build it as a Psychic ID Card that can be applied across a range of scenarios without accumulating personal data or compromising privacy, and encourage individuals to invent innovative applications. But don’t lumber us with a scheme that costs billions and fails to serve the needs of those who need it most.
Oh, and if that salesman is reading – come back with proper ID and I’ll happily buy something from you.