Crosby changes the nature of the ID debate

No wonder there was such a massive attempt to bury or re-write the Crosby report. The release of his report on the same day that David Davis launched a stinging attack on the lack of priority being given to action on e-Crime entails a major change of rationale as well as of implementation strategy. Don’t settle for the press cover. Read the report.

The heading of the summary of “Challenges and opportunities in identity assurance” encapsulates the message beautifully:

“Identity is “the new money”.

It is the consumer’s identity.

Significant economic and social advantage …is available through “universal” ID assurance schemes … which also deliver the strongest security outcomes

“Universal” schemes demand high quality assurance which calls for … a combination of biographic and biometric data … and a number of “independent” verification factors … with scale being the critical success factor

The UK is witnessing a profileration of ID schemes … with common standards the preserve of the banks ”’ … inconsistent results in the public sector (particularly in relation to employee verification) … and a rapid growth in identity fraud

The market place is not delivering the best outcome for consumers

Experience outside the UK highlights … the limitations of ID cards issued as “security” tokens … and the importance of banking systems and standards

To realise the greatest economic and social benefits every aspect of an ID card system should be designed from the consumer’s perspective …”

Then comes the linkage to Government plans – both the “sting” and the “balm” to sooth the pain – a new justification for ID cards – but also a genuine one:

“in my opinion the Strategic Action Plan (2006) will not be the catalyst for the emergence or otherwise of this plan. I believe the design of any ID card scheme would need to be based on the following ten broad principles: [list] …

Action on verifying employee’s idenitity and identity repair services is essential …

Quite legitimately the Government may not regard its ID cards scheme as the best way to stimulate the creation of the universal ID assurance system as envisaged in this report. Even if this is the case, I strongly recommend …

1 – Working with the private sector, Government should take all necessary steps to ensure that, as soon as possible, consumers have access to a “one stop” agency for the swift repair of compromised idenitites across the public and private sector and

2 – Govenments should commit to the development work across private sector databases necessary to ensure that all employers can quickly and confidently satisfy “right to work” and related regulations for their employees.”

I recommend that you also read the full text of the Home Secretary’s speach to Demos and also the Green Paper calling for action against E-Crime which the Shadow Home Secretary was delivering at the E-Crime Congress at the same time: to over 500 top law enforcement officials from around the world plus the Heads of Security for much of the City of London and the remaining UK-based-multi-nationals.

The contrast between the £3.5 million spend on the 58 staff of SOCA E-Crime (non-classified answer to a direct question from the Home Affairs Select Committee) and even the reduced £4.5 billion spend on ID cards announced by the Home Secretary, could not be more stark.

I do, however, rather like the new “justification” which reminds me of the IDPM evidence to Michael Howard’s consultation on ID Cards, repeated by IMIS when Labour ran their consultation.

It called for the first people to carry any UK ID card, to test the system, to be all those officials (Health and Safety, Council, Surveillance etc.) who claim right of access to you home or business or your computer systems. The card should also carry a phone number, idenitical with that in telephone directory and newspaper adverts (i.e. not cheaply spoofable by e-criminals), to enable “us” to challenge and identify “them”.