The future of eID in Europe

In recent months the fuss about surveillance revelations has distracted attention from some good work in the European Commission to try to align and push forward a harmonised electronic identity and trust services approach. The problem of cross-border identity and trust services is a old one, and because of the competing influences of different legal regimes, divergent commercial interests, and the mix of standards out there, one which is still far from resolved. I last looked at this in detail in 2008, in a report for the Institute for Prospective Technological Studies.
The UK is particularly far from aligned with the broader European Union in this area because we lack a national population register, citizen identity cards, widespread use of notaries, or a common online trust infrastructure (PKI or similar). All the building blocks are available, but first we need to resolve the political and commercial issues around our national identity services (not to be confused with ID cards) before we start to worry about international interoperability. The Cabinet Office-sponsored Identity Assurance Programme (IDAP) is our best hope of achieving that outcome, but it’s still far from ready for the big time. International needs are being considered within IDAP’s scope of work, but first we need to make it work locally.
With that in mind, I was fortunate to contribute to a conference in Brussels last week on eID and Trust Services. The day was much more practical than many similar events, and the highlight was a speech by Prof Jane Winn of the University of Washington, in which she referred to Gall’s Law:’s_law
A complex system that works is invariably found to have evolved from a simple system that worked. The inverse proposition also appears to be true: A complex system designed from scratch never works and cannot be made to work. You have to start over, beginning with a working simple system.
This is so very true for eID: poor online ID services can take a good working system and destroy it completely for the sake of adding complexity. The most glaring example was the National ID Scheme, which was neither simple not evolutionary, instead preferring a ‘big bang’ delivery with little opportunity to prove the system first. IDAP is running small-scale proofs of concept (the ‘Alpha’ projects, some of which have only a handful of users) to explore basic concepts before it moves to larger implementations.
The European Commission is now running a survey to support its study activities, and I’d recommend that if you have an interest in this space then you should contribute before it closes at the end of November.