Thought for the day: Who do you think you are?

Simon Moores asks, will your ID card paint a true picture?

Simon Moores  

Where do you start in compiling information for citizens' ID cards? How far to do you go? Simon Moores suspects the end result will still be open to abuse.




With national identity cards only a matter of time, I’m confused and not really certain who I am any more, so perhaps the arrival of a piece of plastic displaying my photo and thumbprint will clear up any doubt that I am, after all who I think I am and not who the government thinks I am.

In the IT industry, we very much think of identity in terms of authentication and authorisation. Are you acting as an individual or as an employee of someone else? Are you a citizen of the UK or are you a member of a specific group or organisation?

Once this has been established in a rather arbitrary manner, then we need to be authorised, as in holding a driving licence or having the right to enter certain buildings, access systems and networks and sign or authorise documents, payments, tax returns and all the other pieces of red tape that define modern existence.

Increasingly then, identity management is used to streamline and eliminate business processes and is integrating the individual into the legal and regulatory processes of society. In places like Kuwait and Bahrain, this is taken for granted, as the citizen ID card defines one’s place and privileges in a way that might send shudders down the spines of privacy groups in Europe.

Back in the West, many of us outside the Home Office are still agonising over a large number of overlapping initiatives, public and private, local, regional, central and international. 

Parliamentary group Eurim argues that in the UK, the key difference appears to be between private-sector models, where the consent of the individual is paramount, and public-sector models, where there is little or no consent. Instead, the sharing of data collected under statutory (or other) powers is commonly banned unless explicitly permitted.

While the issues of personal identity are central to the growth of e-commerce, the modernisation of government and the fight against computer-assisted crime. Eurim argues there is also much confusion as to which of these are intended to be linked and, if so, how. Objectives, priorities and timescales, let alone funding, legal frameworks and target audiences, vary.

Identrus, which provides ID authentication within global e-commerce, points to the implications of identity theft, which has grown more than 60% since 2001 and is expected to cost businesses, governments and individuals more than $300bn this year.

Who, asks Identrus, will vouch for you? In terms of authentication, what proof will establish that you are who you say you are? Who will store and safeguard your information and how will it be transferred into a mobile mechanism?

And when it comes to authorisation, how will disputes will be resolved, will it be legally binding and what liability coverage will be provided at a time when, in the US, people have had to declare themselves legally dead because someone else has stolen their identity and the other person has outstanding warrants for their arrest.

I’m not convinced about ID cards but I don’t have a solution either. If North African terrorists can make it into the UK on the basis of a forged French ID card, I’m rather wondering why we’re bothering.

What do you think?

Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security .

For further information on Zentelligence and its research, presentation and analyst services visit

Read more on IT risk management