A key reason for the collapse of the ID card proposals was lack of agreement across Whitehall, let alone Townhall on objectives. In consequence it could not be used as an “entitlement” card to expedite access to mainstream public sector benefits. In consequence there was no benefit to the citizens. Current attempts to reduce the number of ID systems in use across central and local government face similar problems. Might the “answer” be to give up, use existing private sector systems that will do what is needed for the applicaton and allow better solutions to evolve over time.
The definitions of “identity” and “trust” used by those advocating comprehensive, integrated systems mask assumptions based on the “needs” of the clients of those proposing them. thus it is alleged, with little or no evidence, that “solutions” originally to stop the US security services shooting each other or would-be rescue teams after a 9/11 style terrorist incident are of value to others, like airlines, banks or on-line retailers. Meanwhile the systems used by the latter are ignored, as are different definitions of identity and trust.
Current debate also masks different business objectives and cases within the groups – including between the tribes of Whitehall.
Thus “unique carbon life forms” (one of my favourites among the many definitions of identity that are little/no practica/ value) may well have multiple identities in the eyes of DWP when it comes to claiming benefits and none in the eyes of HMRC when it comes to paying taxes. There are good operational reasons why this should be so. These include the timescales for authorising transactions, the nature and scale of risk and the consequences of error. This presents particular problems with regard to meeting expectations that the DWP Universal Credit will use HMRC records for real-time calculations.
Meanwhile we have a growing number of organisations seeking to promote a growing variety of electronic IDs for a growing variety of uses: many claiming their solution is catch-all ID that everyone else should use.
The Information Society Alliance (EURIM) policy study team looking at Information and Identity Governance therefore plans to begin by looking at the different types of stakeholder, what they say they need and why. The aim is to then collate the “needs” for their different applications to help help make sense of the “market” for ID systems. That should lead on to the governance principles that might be used to encourage good practice, particularly with regard to inter-operability when transactions or travellers cross boundaries, whether regulatory or geographic.
I say the “team” will be doing this. In fact we hope to use Masters students at some of the post-graduate institutions working in this space to do most of the work under dual supervision: academic and professional/commercial. We hope this will be easier to organise in practice than in theory because the professional/commercial supervisors we have in mind have also been academic supervisors and the academic supervisors we have in mind are often retained by our commercial supporters. The bigger problem is likley to be to structure the work programme to fit academic timetables. [That raises the interesting question as to why so much research still has to be scheduled to fit the harvest season].
Among the most interesting questions for study are:
* Why do we need unique identities, electronic or otherwise ?
* Why should we wish to collate the disparate identities we already have ?
Those who think the answers are self-evident nearly always begin with sets of assumptions that are probably not shared by the majority of mankind. They may not even be shared by the majority of on-line retailers – who are more interested in our money and our repeat business than in our identity.
So who actually wants us to use single identities?
Given the publicity for the loss or compromises of files personal details and details certificates, is it not rational for the individual to want multiple electronic personas with different balances of ease of use and security for different types and values of transaction?
And as for all that guff about our willingness to give out personal data over social networking sites – how much of is really “us” and how much is different personas for different groups of friends, family, teachers, potential employers?
And does an advertiser really wish to sell to “us” or to our persona ?
And do the different parts of government really want the same ?
That leaves those who wish to impersonate us as the main beneficiary from all those attempts to join up identity. And they are, of course, leading the way.
So what can we learn from their success?
And how could/should we vet the Masters student who volunteers to study this topic ?