I am indebted to Dave Birch’s blog for the link to an excellent ZDnet report on a US Analysis of ID Fraud Reports. Dave and I often argue when we meet but I nearly always find his views stimulating rather than annoying and he makes some good points as to why those who know most about the practicalities of running ID systems are not interested in sharing their expertise – my words not his.
Where does this leave UK Government ID policy – given the growing political pressure to combat immigration and linked benefit fraud and health tourism by moving to continental style resident’s/entitlement cards? Also where does it leave the need to rebuild confidence in on-line security, particularly on the part of the small on-line retailers who are disproportionately subject to on-line fraud.
My immediate concern remains, however, whether the well-intentioned EU Cybersecurity initiatives will end up doing more good than harm. If data breach notification is already the most common means of stealing ID information how will demanding more of it help address fraud? Geothe said that the most dangerous force in thw world is “ignorance in motion”. The time to reset the agenda so that the real issues are addressed is now – not in a couple of years time when we will face a rearguard action. Hence the importance of the plans for scrutiny being made via the Digital Policy Alliance.
At this point it may be helpful to remind you whose tribal agendas have to be brought together if we are to make a reality of bringing ID related fraud under control in the UK. I know we have recently been told that Cabinet Office has “taken back responsibility for ID policy from DWP” but has Cabinet Office had the authority to do much more than “co-ordinate” and/or delay progress on what it does not like. Below is my attempt to “Map” the UK ID scene – I would be grateful for comment on the errors and ommissions:
Extract from Philip Virgo’s “Map”, aliasbrain dump, of Cybersecurity Players and Issues
Section 2.3.3 Identity Assurance (inc electronicIDs, Internet names and addresses)
Lawenforcement and Criminal Intelligence files of identities and aliases
NationalFraud Authority and “Fighting Identity Crime Together”
UKBorders Agency: identity of those entering/leaving, acquiringresidency/citizenship
SARS, Anti-Money Laundering and related IDs (see also Treasury)
Identitiesand aliases of those within justice systems, from prosecutions, throughcourts, prison and probation to criminal and civil records
Lead onEU e-ID initiatives
Exportcontrol orders and sanctions on foreign regimes.
Companies House: legal identities for Companies and Directors
OrdnanceSurvey and Land Registry: legal identities for properties
PostOffice/Royal Mail: address files
UKTI:programme to encourage inward investment in cyber and ID also ID/VISA issues for those it is seeking to attract
DCMS including via Ofcom, Phonepay Plus and Nominet
PhoneNumbers and Internet names and addresses.
GCHQ,CESG, UKTI (shared with BIS)
NINO andidentity of benefits claimants, incuidng those from other parts of the EU
NationalHealth Service Numbers and a wide variety of other reference numbers
BankingRegulation “Know your own customer rules”
HMRC:Legal identities of corporate and individual taxpayers and tax credit claimants
DVLA,identity of drivers and vehicles .
“Co-ordination”of identities for citizen dealings with Government
“Co-ordination”of identities for Government employees
ElectoralRegister (joint with DCLG and Local Authorities)
ID tokensin use across UK as common “proofs” of identity/age
Know Your Customer list:
Local AuthorityID Cards (15 use the Bracknell card)
Other ID/Authorisation Tokens andAccess/Transaction Cards
IDs andAccess Cards for public and private sector employees, contractors and agents:from Armed Forces, Police, Emergency Services, Councils, Utilities and othersto Charity Collectors
CustomerCards (with or without transaction bonuses)
On-lineID services Paypal, Google, Microsoft etc.
The list above may help explain why I have more than a little sympathy with those who are expected to produce a coherant policy other than “leave it to the market and use what works and is fit for the purpose in mind”. That is also why I am so cautious about EU ambitions in this space, given that so many wish to get revenge for world war 2 by doing to London what they have just done to Cyprus. I wonder why removing Luxembourg from the money-laundering and tax avoidance scene is such a taboo subject. Has is something to do with ….