New Zealand has rejected physical identity cards, central databases and data matching in creating its national identity scheme, one of the scheme's architects told the RSA Europe conference in London on 24 October.
Vikram Kumar, manager of programme strategy for all-of-government authentication at the country's State Services Commission, said that the scheme, on which planning started six years ago, uses two strictly divided identity systems, run by different agencies, to ensure data cannot be joined up across government.
"I think the moves by the UK in particular, and Australia with the Access card [an entitlement card for health and social services], has increased the level of concern about what a national identity card should and should not do," he said. The British government has focused on joining-up data in its equivalent scheme, such as checking fingerprints provided against unmatched prints held by the police.
The two parts of New Zealand's federated identity management scheme are the Identity Verification Service, provided to those applying for a passport or right of residence, and uses four data fields: name, date, place of birth and gender. The Government Log-on Service, for all e-government services, uses a username and password.
The latter saves New Zealanders from having to remember a string of passwords, or collect a necklace of tokens, Kumar said. However, each agency assigns its own internal reference number, or persistent pseudonymous identifier, making it very difficult to join-up data across agencies.
Kumar said privacy was paramount in planning the scheme, which is voluntary and has gone through several privacy impact assessments. "There was a realisation early on in the piece that if you talk about identity and national identity systems, you have to address privacy up-front, pretty comprehensively," he said. "People are very quick to describe things as Big Brother."
One of the privacy requirements is that all data must be kept within New Zealand, as countries, including the US, can demand information to be disclosed if it is within their borders, regardless of user agreements. They can then require that disclosure be kept secret.
As well as tackling privacy concerns directly, Kumar said the New Zealand scheme has benefited from being led by the State Services Commission, the service provider arm of government, rather than being a political project.
Kumar said data-sharing can be approved by the citizen, and can greatly speed up the operation of processes which involve multiple government departments, such as applications for student loans. He said consent for data-sharing was not required for criminal investigations, but was needed when people are the customers of the state, and will never be used when people are holding the state accountable.
Currently, no biometrics are employed in day-to-day use of the scheme, although photographs provided in applying for passports and the Identity Verification Service are scanned and used in a one-to-many check. Kumar said voice recognition, which would involve people receiving a call on a pre-registered number, could be added in future.
When asked if he believed New Zealand's experiences provide any lessons for Britain, Kumar answered diplomatically, "Every country has to come to up with its own answer. I do not know the UK answer. This works in New Zealand, but I do not expect the New Zealand answer to work in the UK either."
This article first appeared on the web-site of Infosecurity magazine, http://www.infosecurity-magazine.com.