Time to Look Again at ID

With a general election in the offing, the question of Internet voting has risen its head once again but the big problem with it lies in “verification” by which I mean, is that a valid vote, is that an actual individual who is entitled to cast their vote electronically ?

For people like the Speaker of the House, Bercow to gaily indicate that it will happen in 5 years, is entirely stupid because he is seriously underestimating one of the key elements that makes any democracy valid, “That the count itself can be trusted”, even the most repressive countries have elections based upon one person one vote, but it doesn’t make them a democracy and there have been abuses of postal voting.

A Question of Identity

The issue is both important and pressing in a number of ways as technology has outstripped existing ‘processes’ so, we do need to revisit some past projects concerning proving identity and examine what we now need to do because doing nothing, is not really an option. The problem is that the Internet has been far more disruptive to the old ways of doing things than people could possibly have realised only 15 years ago and we are constantly playing catch up, time that we got ahead of the loop.

There have been various government projects on the issue of identity, the most recent and notorious being the ID Cards under the Blair Government. However if I remember rightly and before that under the Major Government, there was a project to introduce a ‘Benefits Card’ related to an individuals entitlement to State Benefits. http://www.nao.org.uk/press-releases/the-cancellation-of-the-benefits-payment-card-project-2/

The main problem with all of these initiatives is best summed up in the following headline: “The Speaker’s Commission on Digital Democracy wants to transform Parliament into a digital-friendly institution”

The reason why all these projects have failed in the past and any future ones are also likely to flounder, is that they were/are far too narrow in the thinking behind the scope of the project and consequently fail to grasp and deal with the fundamentals behind reaching their objective. The failures are wholly the result of intellectual failures in the first place, the inability to focus in on the one key element common to all potential “stakeholders” namely SECURITY of identity.

Stakeholders

To be frank, I don’t like the word “stakeholders” because it has been too often misused and has acquired a degree of “gobbledygook” but, as a description of “people with skin in the game”, it will have to do so let’s press ahead to describe who these people are: There are essentially three main categories which you might envisage as being three sides of a triangle, us as users, the organisations that need secure transactions and finally, the administrators that oversee a secure system.

One

You and me. When we do on-line banking or shopping, use our debit or credit cards in a shop, register to vote, register at a GP surgery, tax our car, obtain a passport or driving licence, buy or sell investments, ensure that our property is properly registered in our name, pay taxes, claim rebates or State Benefits we are entitled to, for all of these situations and many more besides, we all want and need a secure personal identity.

A secure and safe ‘electronic’ ID of some kind does offer maximum convenience to us as ‘users’ but obviously we need to be assured that it is reliably safe and does not hand all our personal data over to one organisation to use as it wishes and without our consent.

Two

The organisations that need secure transactions. This is a very clumsy phrase but it is one that is not often heard in the context of “Secure Personal ID” which is as surprising as it is shocking.

The focus of the Benefits Payment Card was largely paying State Benefits through Post Office Counters and most likely failed mainly because a viable infrastructure just wasn’t available then back in the Nineties. The Blair ID Card was focused on driving licences, passports and fancy ‘biometrics’, it also suffered from lots of BS and hyperbole which mainly demonstrated that politicians generally are not technically equipped to take such spending decisions.

Both of the above were undertaken using public money directed at very narrow Government objectives. To the best of my knowledge, at no time did they tap into non governmental stakeholders who were already spending many millions on a similar thing and also had a vested interest in establishing secure personal identities. Obviously here I’m talking specifically about the credit card businesses and other financial institutions who have had very many years constantly updating their business practices against the commercial background of an ever changing world in which they do business.

Three

The third side of the triangle would be made up of an organisation that administers and monitors any system that bridged the State and Commercial interests, it would need to be a totally independent body and devoid of any political or commercial interference. Although I am not laying out any kind of detail on what this might need to be, there are a couple of features that I can touch upon to illustrate some key requirements.

Ignoring American Express and Diners who may have their own systems, globally there are two credit card clearer s, Visa and Master Card who provide all the transaction services to the card issuers who are mainly banks and other financial institutions. Obviously both of these are purely commercial businesses and therefore primarily owe allegiance to their shareholders, this is not a model that would be appropriate to the kind of organisation that would be administering British identities.

The key point here being that if you were to set up such a body, in an age of global terrorism there could be pressure to disclose confidential information to the security services but, such agents of the State should not be able to plunder such information at will therefore the ‘Body’ would need to be a legal entity subject to Parliamentary Charter of some kind and constructed with Civil Liberties in mind. Access to information would need to be subject to Court Orders and on a case by case basis. Such an organisation would need to be funded by charges laid on the organisations that use it be they government departments or commercial organisations.

Technical Sketches

It would be foolish to launch into detailed technical descriptions at this stage of the game, any project that looks at this would need to spend a couple of years interviewing and ‘listening’ to interested parties before even suggesting how it might be done but that said, it is worth lobbing a couple of “technical grenades” into the pot early on if more as questions than answers.

One of the notable features missing from the ID project under the Blair government was a “Security Model” which was surprising as there were many who questioned the project on civil liberties grounds as well as ID cards being Continental and “Not British in anyway”. To explain, a security model is not a piece of software, it is simply stating “Who can see what information and under what circumstances”, pretty basic stuff, they should have done that first, it is a key exercise that only requires pencil, paper and brain.

At the time, I along with many of my colleagues in IT, never got round to looking at the civil liberties issues because there appeared to be another glaring technical mistake being proposed, a Single Database ! As every database will eventually get hacked, one never relies on a single database, you retain the principle of distinctly separate “silos of information” or deliberately using multiple data sources to validate identity, rather like the variable teeth in any physical key, there is a good reason for these things !

Our current method of identifying people in terms of pension and all other State Benefits is the National Insurance Number which is well known to be totally insecure, some years back someone discovered that there were over 10 million more numbers issued than there were ever people ! It might well be time to think totally differently, forget the idea of a physical card, something based on mobile phones, even a ‘phone number for life’ issued at birth might be a better platform.

At this stage, I am not proposing any particular technology, I’m more interested in a debate about what is needed and in broad principle, the shape such a solution might take, the important thing is to get the public engaged in the idea.

Why Bother ?

The idea of an ‘Identity Card’ conjurers up the agents of the State be they Police or others, stopping you on the street and demanding that you prove who you are, all very Nazi and negative. However, turn the concept around to a “Clear Proof of Our Identity” that is valid for transactions with both the State and commercial organisations and we have a very different feel about the whole thing.

There are obvious benefits for dealing with the State because it not only can make all transactions far more efficient but also, far more flexible thus cutting down on the costs of administering such systems and allowing for pretty instant flexibility so that Benefits adjust seamlessly to the changing circumstances of the individual. Clearly once you have a system, other ‘State’ systems that need identity be it a bus pass, a driving licence or passport and even voting can be dealt with efficiently too.

The same system can also be used for banking, credit cards, loans, leases and so on in the commercial sphere. Whether using Facebook, Twitter, any social media, buying goods and services on line, we give away a lot of personal information already, we may well just accept that and engineer greater security into an overall system that provides better protection from fraud and eases our way through life.

Time to revisit Proof of Identity.

6 thoughts on “Time to Look Again at ID

  1. Alfred

    There is a suggestion in your post of making the same mistake as that made by the Blair government, of trying to make it into an ID Card that did everything. Why not follow the USA example where the basic requirement is for photo ID, an build on that. The USA ID Card (yes they do have one) is the driving licence for which, following 9/11 people have to provide a considerable amount of information before they can obtain the driving licence. This is, essentailly, a photo ID Card in a landscape format.
    For the non-driver, there is the non-driver, driving licence, which is exactly the same, except in portrait format.
    Try doing anything in the USA, except voting strangly enough, without photo ID and you will find that you don’t get very far.
    We now have a photo Driving licence and could easily extend this to include one for non-drivers in similar fashion.
    Let’s follwo this example, keeping it simple. The system is already in place.

  2. baldy Post author

    Having lived and worked in the US for a time, I am familiar with how things play over there but however badly I have expressed the idea, my main thrust is that a reliable electronic ID is rapidly becoming a necessity rather than an option and the only way to construct that is to build a solid foundation in the first place. As I mentioned above, quite apart from a far too narrow objective, the Blair ID project was dead at inception because of the use of a single database plus the total absence of a Security Model.

    My point would be that if we were to go down the path of creating a secure ID, we would need to build solid foundations first, do that and you can hang any number of individual “applications” from it in any sequence and over any period of time. Think of it this way, you design and build a lock plus a corresponding key mechanism then test that it works reliably long before you fit it to any particular door.

    Sure, do that part properly and you have built a railway track on which you can carry any number of passengers you like on but that is the only way you can produce a solid design, from the inside out not, from the application in.

  3. Alfred

    Yes, but …. 🙂
    Let’s first be clear about the requirement and keep it simple. Not load every department’s wish list on top of the ID card so that it sets out to cover every single piece of information possible.
    Having worked in government IT, large government databases scare me because I understand government culture and worry that even your safeguards would be flawed in the implementation.

    I’ve also been the victim of an error in a government database. I was found guilty and convicted of a crime that not only did I not commit, but knew absolutley nothing about until after the process. Wrong name, wrong address, so, of course, I remained blissfully ignorant until the bailiffs were about to descend on the wrong house. I don’t wish that experience on anybody. The error was swiftly rectified when I found out, but to this day, only in part. The error still lingers in the depths of some associated databases.

    I’m in favour of ID cards, but let’s keep them very simple. Increased IT complexity often leads to increased likelihood of error.

  4. baldy Post author

    Dear Alfred

    Don’t disagree at all, as an IT contractor my two worst experiences were with “Government related IT” – it’s a culture thing I guess ! So I don’t disagree with what you are saying but in your mistaken identity story you are pointing to the fundamental weakness of a project like an ID card being instigated and run by either the private sector or government alone. An equivalent story to yours is all too common when it comes to people applying for credit, being refused because of a mistaken identity and that refusal being “recorded” and attached to their real identity…a nightmare.

    However the point is that in both the private and public sector, there is a real need for a better “system” and a more efficient way of doing things and the only way to do this is quite simply to separate the specific need be it a credit check or criminal records check from the “means” of validating identity. My analogy of a key is important because as you know, keys work with teeth, the exact pattern changes from one lock to the next however, the disadvantage of a physical key is that once cut it remains forever this is not the case with a digital key.

    The system would work on a simple Yes/No challenge using a random pattern based upon information held in a number of different databases. EG. Electoral Roll, NHS Number, NIC number, Bank Account, Credit Cards, Driving Licence, Land line Telephone, Mobile Telephone, Post Code, House Number… Each of these are separate silos of information, each silo provides a tooth for the key but each request of ID polls say 3 pieces of information from 8 or 9 ‘silos’. None of the databases share their information with each other all are separate and integral, all already exist and each only has to create a gateway for a Yes/No poll.

    In other words, no specific applications such as passports, driving licences etc exist within the ID Card itself which would be an invitation to chaos if allowed to happen. If there was an actual physical identity card, all it would do is validate the individuals identity and nothing else because that is all that is required. If you are familiar with Internet Banking and ‘Pin Sentry’ devices that enable you to access your account on-line, that is really what I’m thinking about.

    Earlier I said I had a nightmare with Government IT but there was one bonus I did get out of one contract, a former Civil Servant turned contractor who virtually taught me Prince 2 live on the project. It cemented my understanding and abilities in project management but frankly, I never used it again !

  5. Alfred

    It would be good if this discussion got a wider airing. We do need something like this.

    (Ah, Prince 2. That brings back memories. Its major use was to enable people to pass exams in Prince 2. So often it seemed to be used without that vital ingredient – intelligence.)

  6. baldy Post author

    Dear Alfred

    Yes it would if only to get it structured properly to obviate all the pit falls you and I know are there lying in wait for the unwary.

    Your comments on Prince made me crease up with laughter, how right you are ! The former Civil Servant I mentioned earlier, because his background was CS and he had mastered Prince, used it in a way it was never intended, he bent it to the ‘culture’ and ensured no one had the opportunity to stall the project.

Leave a Reply