Eurim calls on government and business to collaborate on identity governance

The UK needs a credible policy framework for trusted, collaborative identity governance, says the Information Society Alliance

The UK needs a credible policy framework for trusted, collaborative identity governance, says the Information Society Alliance (Eurim).

The parliamentary IT lobby group has published a document highlighting the issues facing UK government and business.

"We would welcome feedback before making plans to draw it to the attention of all UK MPs and MEPs and using it as the start point for a major exercise to look at the issues that need to be addressed in this space to ensure that forward policy is practical, credible and has both public and professional support - as well as being likely to meet the stated objectives," cross-bench peer and Eurim chairman, Lord Erroll has told members.

The UK Identity Card legislation may have been formally scrapped, but regulatory initiatives around identity governance supposedly linked to fraud reduction, data protection, and anti-terrorism within the UK and EU, risk causing global organisations based in London to transfer their operations to more favourable locations, leading to potentially massive losses of tax revenue to the UK government, Erroll has told Eurim members.

"Co-operation between government and industry on identity assurance should, however, provide opportunities for both to drive costs and improve quality of service," he said.

According to Erroll, the most costly risk to government itself is the potential for organised crime to defraud the tax and benefits systems through identity theft, using electronic attack vectors and malicious code similar to that used against banking, unless effective identity governance structures and counter-measures are at the heart of new systems that are secure by design.

"Last year the National Fraud Authority estimated the cost of fraud to the public sector at nearly £18bn a year, and rising, which is more than four times the cost to financial services," he said.

There are large-scale, well-established and trusted identity governance systems in the private sector from which government can learn much, the Eurim document said.

Trusted, reliable identities are a prerequisite for security and accountability in the online world, and the Minister of State for Security has stressed the importance of having governance regimes that make the UK a location of choice for internationally trusted operations, the document points out.

"The failure to create and enforce such governance regimes will lead to the UK becoming overly reliant on systems over which we have little or no serious influence," the document said.

Assuring the quality of identity requires common policies and collaborative identity governance within and across government, business and individuals, said Eurim, and is achievable by learning from operational international networks of trust that already exist in the private sector.

Government needs cross-departmental identity governance policies that enable it to manage risk and interoperability, said Eurim, and by working with industry to implement standards-based identity governance frameworks that support world-class trust models, the costs can become affordable.

Coherent policy frameworks for trusted collaborative identity governance are fundamental to the transformation of government services, and to enable UK plc to continue to compete in the global economy, said Eurim.

"These can only be developed in full co-operation with the private sector, drawing on its experience of global as well as domestic interoperability," the document concludes.

Read more on IT risk management