There, but for the grace of Dave and Nick...

Do you remember the UK ID Cards scheme? You know, the government’s promised ‘gold standard’ of identity? The unforgeable, unbeatable, genius of authentication that was promised to do anything you want (so long as all you wanted to do was submit to an identity check by a public official)? The one that eventually cost us £450,000 per card? Ah, now you remember it.

Back in the heady days of 2005, a number of us warned that the idea of a ‘gold standard’ of identity was preposterous, and that the UK abandoned the concept of a gold standard in its fiscal policy for a number of reasons, one of the most important of which was the fact that underpinning your entire economy on a single asset is a ridiculous and unnecessary risk. Would you want to discover that the UK economy has collapsed because investors have intentionally pulled the rug out from under the gold market (as opposed just good old-fashioned fiscal mismanagement)? No. Would you want to discover that the country’s entire system of authentication and verification has to be abandoned because some idiot left a copy of the database on a memory stick in a pub car park? No. But we came very close to building that ID system, and in Puerto Rico they’ve just discovered what happens when your primary credential is no longer trustworthy.

Apparently in Puerto Rico, a birth certificate is the de facto ID document. It’s been normal practice for many years for public authorities and private organisations to take a copy of that simple, forgeable piece of paper when they transact with individuals, and to keep it on record for indefinite periods. Unfortunately, the Puerto Rican birth certificate is an immensely valuable document, since it can also be the gateway to US citizenship, and that makes it an attractively nickable credential that can be sold across Latin America.

Organised criminals soon cottoned on to this, and started raiding organisations – in particular schools – to steal copies of certificates, and selling them on. US authorities are quoted as saying that up to 40% of fraudulent applications for US passports use Puerto Rican birth certificates, and 12,000 individuals are known to be victims of this type of credential fraud. The Puerto Rican birth certificate has been rendered untrustable, and has had to be abandoned as their ‘gold standard’ of ID.

In response, and under pressure from the US, the Puerto Rican government has demanded that over 5 million individuals re-register for a new birth certificate that will be printed on a different document standard, and will not be collected by other organisations for ID purposes. It seems a little odd that they’ve replaced a stealable, replicable, forgeable, fundamentally weak credential with another stealable, replicable, forgeable, fundamentally weak credential, when they could have used electronic credentials to leapfrog underdeveloped nations such as the UK by creating a really useful ID infrastructure, but then I doubt they’ll be paying £450,000 per certificate either.

The sooner that we get away from this outmoded concept that the only way to prove our entitlements is a bit of paper – or a smartcard – issued by the State, and start adopting global, interoperable standard for open identity rights, the better. The Coalition government saved us from a move back to the gold standard in ID, and the ultimate inevitable collapse of a fundamentally flawed ID infrastructure. Sadly, they’ve yet to propose alternatives, and we’re floating around in an identity vacuum that needs leadership, standards and purpose. Where’s the government’s ID Tsar? Where’s our commitment to an Open ID initiative such as that created by Obama? I know it will be many years before it happens, but I can dream, can’t I?

In the meantime, I’m off San Juan to register for a birth certificate under my Latin alter ego, ‘Spanky Fernandez’*. Should be worth a few bob once the ID thieves figure out how to copy them over the next few weeks.

* – I once knew a chap by that name. If you’re reading this Spanky, sorry for stealing it.

Join the conversation

5 comments

Send me notifications when other members comment.

Please create a username to comment.

Fascinating story, and great analysis. I've taken the liberty of linking this as today's entry on the NO2ID news blog: http://www.no2id.net/newsblog Cheers, Andrew
Cancel
slight error in the article Toby reckons the cards actually cost £450k each and quotes an article in the register to back this up this is the revenue the government raked in from the 1500 or so deluded souls who bought into the scheme at £30 a pop quoted from the register article Toby refers to In 2006, the scheme was transferred to the newly created Identity and Passport service, which spent another £251 million on projects to establish identity cards, second biometric passports and other related programmes less the rough half mill revenue from the deluded means the scheme cost us about £250.5mill and divided by the number of deluded gets us to a cost of £167,000 per card issued which is still a hell of a lot of money to charge the nation for an individuals database entry and a piece of plastic and that was 2006, it was probably a lot more by the time the coalition slapped the home office hands away from the reins, but £450K is not the right figure what we need are accurate figures of what the scheme cost to the date that cards ceased being issued, then we'll know the right figure as I suspect £167K/card is a bit low but the article will be attacked and rubbished by those same deluded because of the £450K/card error
Cancel
Thank you for pointing that out - I'd taken the Register's analysis at face value. The lack of transparency was always one of the big problems with the scheme, and I doubt we'll ever find out exactly how much was spent and where. £167k per card is, after all, a bargain compared with £450k per card :-)
Cancel
Speaking of "joke" credentials I have just had a researcher contacting me for the origins of the "Dear Minister, I have just applied for a passport" letter that I carried a couple of years on "When IT Meets Politics". My reply is on https://www.computerweekly.com/blogs/when-IT-meets-politics/ I am getting intrigued by the growing number of proposals for "joke" electronic credentials. Nearly ten years ago a wrote an essay which envisaged a collapse of trust in electronic communications. We appear to be going down that route with a growing diversity of initiatives whose main merit is that they do not involve the waste of public money. Whether anyone should trust any of them is another matter.
Cancel
Population scale electronic authentification shceme? Never happen under this Government. They aren't interested in the slightest in the state doing anything like expanding into any sort of new area. Even if it has some sort of fiscal advantage for them. Quite the opposite. They are extremely interested in rolling back the state everywhere they can. The private sector will have to do it. Or a charity. Or a co-operative. Yeah. Like that's going to happen....
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close