The degree of concern and comment about identity cards in the UK makes Atos Origin wonder whether during the debate the plot has been lost. Our concern is that two different issues, secure individual identification and customer information collection, have been rolled together. In the ensuing polarised debate, a risk has arisen of chucking the baby out with the bath water if the scheme is stopped. This could have major implications for identity management and personal data management in general.
The issues at the national level are perhaps the result of problems unwittingly generated by past IT industry activity, where identity management and privacy have not been managed as tightly as they might.
To date the debate has been that individuals are losing their privacy through technologically enabled surveillance. The ID card has been held up as another step towards enabling greater surveillance. The other side of the debate states that we must trade some privacy to achieve security.
Loss of privacy for security need not necessarily happen. In fact, identity cards and their reference system, properly designed, represent the chance for the individual to take control and safeguard their identity. It can provide a necessary new public proof of identity mechanism, one that will work in many modern situations.
The IT industry needs to show that achieving enhanced identification will not increase surveillance. We must collectively design and regulate its use with personal privacy as a clear objective. The ID card itself should be regarded as a token much as we accept credit and debit cards and should not be an issue unless there is invasive tracking of its use.
The principal objection is the collection and collation of personal data to establish an identity and then subsequently maintaining personal details for the benefit of joined up government. Our experience suggests that once an IT enabled identity has been established there is no need to store these personal details. In fact maintaining separation of data across systems which have been accurately cross referenced aids on-going personal data security. Secure cross referencing still allows information to be drawn together on a controlled and as-needed basis. The option remains for the individual to agree to it being aggregated and shared if it benefits them.
We believe there are two key scheme components to be define when managing identity and personal data: first, how we manage, operate and control access to identification services, and second, separately, how transactional or general customer information is securely managed and accessed. Clear separation of these components to ensure personal privacy must be established from the outset of any scheme or system.
Our experience leads us to conclude that personal privacy requirements can be safeguarded through good IT design for all identity management projects, whether for a business or for the new UK ID card. Use of technologies such as biometrics, encryption, proper use of pseudonyms, and digital certificates can support this as evidenced in Austria. However, technology must be coupled with strong processes for regulation of identity services and personal data handling to deliver improved personal privacy and security.
Steve Baldry is principal consultant at Atos Consulting