The need to rebuild identity integrity and democratic accountability

I have just read the report of the Association of Electoral Administrators on the future of electoral administration in the UK. We may be about to have a long overdue referendum on the choice between “first past the post” and casting our votes in order of preference (the alternative vote). But it is far more important to cleanse the UK election system, from the initial register to the processes for exposing and prosecuting malpractice and fraud (as in the stealing of local government elections).  

The AEA report is dry and sensible. But remember what lies behind it. The UK electoral register is one of the main start points (and reinforcers) for identity and benefit fraud. More-over, as was shown in Birmingham in 2004 and again in 2009 , it is all too easy for it to also be used as the start point for election stealing to reinforce control over inner city communities by a mix of organised crime and political extremists.

It unlikely that the Birmingham election in 2004 really was “the most corrupt since 1895”. Short of an election petition (read the AEA report to see how near to impossible it is to raise one) there is almost no way of exposing corruption in a system that has become ever more vulnerable. The budgets and tiemscales available to election administrators to check the register have been cut, year on year. Some council take the role seriously, Others do not. Meanwhile the mainstream political parties have come to rely on national mass media campaigns with telephone and e-mail canvassing, rather than local volunteers who might discover, by door-to-door canvassing, that dozens, perhaps hundred, of voters are supposedly living in flats or houses that have been derelict for years – and claiming postal votes.

Given the scale of funding cuts in prospect, it is essential that those making them, whether Ministers in Whitehall or Councillors in Town Hall, are seen to have a democratic mandate. If the new localism is to mean devolved decisions on important matters, it is essential that the consultations, let alone the contracts, are not stolen by local groups who have taken charge of the register and thus the routines for formal democratic accountability.

By comparison, debate over the US planned routines for identity governance, e.g “Trusted identities in cyberspace , is merely “interesting” – even though we may well have to live with the consequences as the databases containing our personal data (including our Internet access codes and footprints) move off-shore, perhaps at an accelerating pace as cost-cutting gathers momentum.

On monday the Identity Governance group of the Information Society Alliance has two meetings: one on electronic voter registration (looking at the systems in use of other nations) and the other on the overall principles. We have some very thoughtful papers to review. It is most unlikely that most Britons would wish to go down the Scandinavian route, tying voter registration to the resident’s card, but most of the world (including the developling world) now has more robust electoral registration systems than we do.

The wider issues are also getting seriously interesting. On the one hand are those who wish to see routines that would dovetail with those being developed in the US to meet their homeland security agenda. But six months ago I blogged on the need to recognise that the battle between the private and public sector over the control of personal identity goes back millenia (to the contrast between ancient Sumeria where the rulers were also under the God-given laws and ancient Egypt where the ruler was a God). At that time we were planning a relaunch of the ID governance group after several false starts: discussions hi-jacked by those who knew the “answers” (mainly to do with PKI, federated identies and third party trust services), but did not even understand most of the questions.  

I am pleased to say that this time round the group is now making real progress. It helps that HMG will probably have to cull most of its semi-incompatible ID systems, let alone its error prone personal databases, as part of the current round of cost-cutting. This makes it easier to persuade players to stop hunting the “holy grail” of best practice and begin by ensuring that the cull begins with those which fail to follow adequate practice.

I personally would like to see the essential applications moved across to use databases run by those who have demonstrated that they do know how to securely manage personal identities – based on robust registrations and transaction footprints under the “permission” of the individual.

But we now have a more balanced group, including from banking and finance (who began their transition to global electronic authentication routines over 150 years ago with the early cable systems) as well as government and its current and would-be suppliers. I am much more interested to hear what the group members think is practical. They, in any case, will be dictating the contents of the report, not me. I am also looking forward to future inputs from the professional bodies: especially from the Law Society on the argument that we should use the law of Tort , to claim damages from those whose negligence with our personal information idwnetities has caused us grief, rather than agonise over legislation.

However, I am even more interested in ensuring that we remain a functioning democracy. Hence the need to give priority to cleansing the electoral register, both as a key point of leverage in the fight against ID fraud and as the key to cleansing our electoral system.           

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

Unfortunatley everything seems corrupt in Birmingham. One of the biggest issues is the council itself, they are making so many mistakes and they try to cover them up by 'accusing' people as for example in housing benefits or council tax payments. They don't update files, overpayments occured and then accuse people for benefit fraud - they don't even care if they destroy people's lives just for hounderd of pounds as a result of their mistakes. This is a big failure for the council. They have to work together with DWP when someone reports changes and they should really go after some big cases and not easy target - working hard - first time in benefits citizens. And really what is happening to the employees that make all these mistakes? Propably nothing, just let them spend even more public funds in their 'expenses', it is not suprising that they spend £1.5m in taxis!!! just in a year...

Philip VIrgo comment: this posting was anonymous. I have no idea as to its accuracy or whether Birmigham is any better or worse than other councils or central government. But problems to do with the pain and suffering caused by inaccurate public sector records are unfortunately all too common. reports. Hence my many blogs on the topic of Information Governance querying how many databases (public or private) are fit for purpose whether or not they are secure e.g. https://www.computerweekly.com/blogs/when-it-meets-politics/2010/03/is-that-database-fit-for-what.html#more

Cancel
Philip Virgo: I personally would like to see the essential applications moved across to use databases run by those who have demonstrated that they do know how to securely manage personal identities - based on robust registrations and transaction footprints under the "permission" of the individual.

Agreed. A demonstrated ability to manage identities is required.

DWP admit that even after the clean-up of their National Insurance number database, there are still nine million records on it that they, DWP, can't account for.

HMRC's tax records for individuals, companies, partnerships and trusts are probably in better shape.

As are the Home Office's passport database and the Department of Transport's driving licence database.

The banks, though, always appear to be in a different league. They have the volumes. They have the incentive. They have a good track record.

They, the banks, rely on the credit rating agencies (among others) as do the utility companies. And the insurance companies. And the mobile phone companies. The supermarkets are starting to get there.

The Identity Governance Group will cast their net wide, no doubt, into the Pacific Ocean of the private sector as well as the Atlantic Ocean of the public sector. May I suggest a particularly close look at the mobile phone sector.

Philip VIrgo comment: The last point is particularly apposite because voice recongintion is the only technology with the potential to recognise that a trnasaction is being made under duress.

Cancel
Philip VIrgo comment: The last point is particularly apposite because voice recongintion is the only technology with the potential to recognise that a trnasaction is being made under duress.

Voice is the only technology with the potential to recognise duress. True or false?

CCTV can be used to distinguish suspicious behaviour (at an airport, say) from normal behaviour. True or false?

Lie detectors work. True or false?

The Intercept Modernisation Plan would allow the security services to spot the pattern of terrorist behaviour. True or false?

The eBorders scheme will make our borders safer. True or false?

Facial geometry allows the Identity & Passport Service to lock each individual to a single identity. True or false?

Flat print fingerprinting makes it impossible for non-EEA people who have already been rejected under one identity to secure a UK visa under another one. True or false?

Sharing data between UK central and local government departments, the EU and the US reduces crime. True or false?

The work of David Chaum and Stephan Brands demonstrates that the counterparties to a transaction can each prove their credentials while at the same time guaranteeing their unconditional anonymity. True or false?

PKI (the public key infrastructure) is the only working authentication technology. True or false?

It's very hard governing people. So hard that many governments have given up and decided to govern electronic identities instead.

We need to make them face up to their responsibilities. To the difficulties and constraints and limits. And to the power of people's experienced judgement, including the judgement of public sector workers.

We will not succeed in this attempt to bring government back in line with reality if we hand out unsolicited testimonials to dubious technology.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close