There, but for the grace of Dave and Nick...

Do you remember the UK ID Cards scheme? You know, the government’s promised ‘gold standard’ of identity? The unforgeable, unbeatable, genius of authentication that was promised to do anything you want (so long as all you wanted to do was submit to an identity check by a public official)? The one that eventually cost us £450,000 per card? Ah, now you remember it.

Back in the heady days of 2005, a number of us warned that the idea of a ‘gold standard’ of identity was preposterous, and that the UK abandoned the concept of a gold standard in its fiscal policy for a number of reasons, one of the most important of which was the fact that underpinning your entire economy on a single asset is a ridiculous and unnecessary risk. Would you want to discover that the UK economy has collapsed because investors have intentionally pulled the rug out from under the gold market (as opposed just good old-fashioned fiscal mismanagement)? No. Would you want to discover that the country’s entire system of authentication and verification has to be abandoned because some idiot left a copy of the database on a memory stick in a pub car park? No. But we came very close to building that ID system, and in Puerto Rico they’ve just discovered what happens when your primary credential is no longer trustworthy.

Apparently in Puerto Rico, a birth certificate is the de facto ID document. It’s been normal practice for many years for public authorities and private organisations to take a copy of that simple, forgeable piece of paper when they transact with individuals, and to keep it on record for indefinite periods. Unfortunately, the Puerto Rican birth certificate is an immensely valuable document, since it can also be the gateway to US citizenship, and that makes it an attractively nickable credential that can be sold across Latin America.

Organised criminals soon cottoned on to this, and started raiding organisations – in particular schools – to steal copies of certificates, and selling them on. US authorities are quoted as saying that up to 40% of fraudulent applications for US passports use Puerto Rican birth certificates, and 12,000 individuals are known to be victims of this type of credential fraud. The Puerto Rican birth certificate has been rendered untrustable, and has had to be abandoned as their ‘gold standard’ of ID.

In response, and under pressure from the US, the Puerto Rican government has demanded that over 5 million individuals re-register for a new birth certificate that will be printed on a different document standard, and will not be collected by other organisations for ID purposes. It seems a little odd that they’ve replaced a stealable, replicable, forgeable, fundamentally weak credential with another stealable, replicable, forgeable, fundamentally weak credential, when they could have used electronic credentials to leapfrog underdeveloped nations such as the UK by creating a really useful ID infrastructure, but then I doubt they’ll be paying £450,000 per certificate either.

The sooner that we get away from this outmoded concept that the only way to prove our entitlements is a bit of paper – or a smartcard – issued by the State, and start adopting global, interoperable standard for open identity rights, the better. The Coalition government saved us from a move back to the gold standard in ID, and the ultimate inevitable collapse of a fundamentally flawed ID infrastructure. Sadly, they’ve yet to propose alternatives, and we’re floating around in an identity vacuum that needs leadership, standards and purpose. Where’s the government’s ID Tsar? Where’s our commitment to an Open ID initiative such as that created by Obama? I know it will be many years before it happens, but I can dream, can’t I?

In the meantime, I’m off San Juan to register for a birth certificate under my Latin alter ego, ‘Spanky Fernandez’*. Should be worth a few bob once the ID thieves figure out how to copy them over the next few weeks.

* – I once knew a chap by that name. If you’re reading this Spanky, sorry for stealing it.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close