Sunday, October 30, 2005

ID, ID, ID ...

Jerry the Fish, Microsoft's UK National Technology Officer, published a good piece in the Scotsman the other day - I've linked to Kim Cameron's quote of it. Lord knows why Jerry chose that newspaper; maybe the majors south of the border wouldn't touch it? Circulation figures are listed as 67,000 in Sep 2005 (with a readership just over 200,000) - You can do better Jerry (and yes, I know that's 199,999 more people than read this blog) It's a good, strong piece that says, essentially, caveat emptor to the government, e.g.
The ID card itself also needs to be carefully designed to ensure it doesn't add to identity fraud problems by carelessly "broadcasting" personal information every time it's used. Using the same identifiers wherever we present the ID card is a highly risky technical design. Would you be happy if online auction sites, casinos or car rental company employees are given the same identity information that provides you with access to your medical records? It's unnecessary: we can already design systems that ensure the disclosure of personal information is restricted only to the minimum information required (a pub landlord, for example, needs only to know that you are over 18). Keeping identity information relevant to the context in which it is used is both good privacy and good security practice.
I've long worried about the card issuance process - after all, I see only flaws with the one banks use for credit cards (and, whilst they can create a reserve for credit losses, it's hard to see government adopting the same for ID losses) - but few seem to talk about the process for approving who can access data on the card. The checkout girl in the supermarket that checks your age presumably needs to have a card that says she's allowed to look at your age (i.e. I'd like to know that someone's checked out who she is and made sure that she can only look at my age when she's at the till, not when she's out at a bar); the doctor in the practice needs to look at more data, but again, I'd like to know that she's got a clear process for doing that and that the nurse in the practice surgery can't randomly look up data. This needs a lot of thought - and there are many on the web who are contributing to that debate. The crucial test is are they being listened to? After all, Jerry says:
if someone were proposing to build the most ambitious bridge the world had ever seen and engineers could see that it would fail, and suggest ways in which it could be improved, we would expect their views to be taken into account.
We know that Norman (Lord) Foster, for all his skills, still screwed up the Millenium Bridge across the Thames. It can happen to the very best. Funnily enough, today saw Ian Watmore talk openly about the potential for problems with the ID card in the Independent. There's a great photo of him, that you won't see in the online edition (there you have it - a reason to stay with the dead tree press), looking skywards. I think he's after salvation and divine aid rather but it may be that he was rolling his eyes at the thought that he might carry responsibility if the ID card programme doesn't go right. There are a couple of odd lines, like this one
The former managing director of the consultancy firm Accenture made some big changes on taking charge - like deciding to audit how much the public-sector spends on IT.
First, I'm not sure that's a "big change" and, second, it's not a change at all - it's been done before. Perhaps Ian has got a scientific way of doing it now by getting everyone to tell him how much they're spending on both capital and operational IT across all of government (I can see the paper forms required now). We always struggled in the past to get at "day to day" budget money (i.e. costs that a department or LA could incur without specific outside approval) versus programme money (that was separately itemised to the Treasury). Interestingly, the spend quoted, at £14bn, is around a £1bn more than I quoted when I used to spend time trying to add the numbers up. Remember, a billion here and a billion there and pretty soon you're talking real money. The estimates were made every couple of years though, based on spending review requests, capital budget allocation and review of deals signed through outsourcers. So not perhaps the first attempt but perhaps the latest and hopefully more accurate. And there's this too
"I can't say anything like I know anything is going to happen." Will it be delayed in the tradition of all great government IT projects? "I don't think anyone is naive enough to believe this is an easy project."
Given there's not really a start date yet (let alone a contract let) and he's talking about a pretty broad set of potential pilots, that sounds like a good answer. Let's hope no one is naive enough. I'm not sure government has built too many bridges recently so maybe we should find some folks who have.


  1. Anonymous7:04 am

    If English newspaper circulation is the issue, then it would be fun to see a Microsoft article battling for column inches on Page 3 to be read by 3.3M white van drivers.

    Given the Tories won't be in govt this decade, rule out The Torygraph's 0.9M readers. Why give the Guadnian (sic:Ed) readers ammo to oppose the scheme? So that leaves Murdoch's balanced view of the world expressed through his mouthpiece to just 699K Times readers - 6% of newspaper readers. Not exactly a mass debate.

    Perhaps, given Scotland's history of exporting innovation south of their border, starting there isn't such a bad idea after all.

    Meanwhile hats off to Los Angeles-based Flexilis in setting the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card, 69feet. Can't wait for the, er, secure US passport to arrive.

    The Black Hat

  2. Hi Alan; Sorry it has taken me a while to post this, but... I particularly appreciated two points you made in your post:

    whilst [banks] they can create a reserve for credit losses, it's hard to see government adopting the same for ID losses).

    Yes. I have been arguing for some time that you can't treat 'identity loss' the same way as you treat financial or property loss, and that it needs careful thought in terms of requirements, design, legislation, remediation and, for want of a better word, philosophy.

    Second: The checkout girl in the supermarket that checks your age presumably needs to have a card that says she's allowed to look at your age

    Yep. One of the huge implied assumptions in the ID card scheme is that there will be some massive leap of competence in the population of 'verifiers', both to know valid credentials from bogus ones, and to know what to do if a credential verification fails. I think that's a pretty shaky assumption.