March 4th, 2012
|07:48 am - You got your wish, ID sceptics|
There was a massive fuss about secure online identity at the last election (the ID card debate). I argued that there was an unavoidable need for a secure transferable personal identity to allow people to access online services, without giving their personal data repeatedly to a wide range of commercial companies. British people should have an assured identity, our details should be entered once only, kept behind a firewall. In my opinion this should be managed on a public basis, not commercially. The alternative is to be tracked by large companies like Google and Microsoft, which have no democratic accountability.
In my opinion the 'anti-ID' techies were stupidly misguided in opposing this. Classic example of people with good specialist knowledge but poor political judgement. They got hysterical about 'Government ID card scheme'. At the time I argued over and over again - mainly with Lib Dems - that they were over-estimating the dangers of a public service, and under-estimating the dangers of privatisation. The point is that your ID will be tracked, if you exist online at all (for example make payments or take a phone call). The questions remain - how many organisations will hold your core details, and what safeguards are in place. Putting it in the public sector was safer, with greater checks on exploitation.
Now the current government is ready to tender for exactly the same thing. There was always going to be ID scheme, because government IT can't work without it. Now it is going to be handled for commercial gain by Google.
"The federated identity model is really the next government answer to the ID cards that have gone before. It's open, it's federated, it's market-led"... The identity assurance service will essentially be a market of competing private sector identity providers that will sell ID assurance services to the public sector, enabling organisations to identify who they are dealing with during government transactions.
I will concede that the communication of the need for ID was mismanaged by the previous government. I think that's because politicians were as ignorant about IT as the Lib Dem techies were about the realities of politics until it hit them in the face. There was a gulf between them which prevented them from communicating.
I was an ID Skeptic, and i still am. I worked in an organisation who specialised in federated identities and Identity and Access Management, and even amongst these guys (some of whom were involved in scoping the schemes) there was disagreement about how feasible it was to accomplish what the previous ID card scheme claimed to want to achieve.
The main and obvious issue was the Anti-Terrorist angle. This was clearly toss. The ID card scheme was no more about preventing terrorism than it was about secure shopping on line. It could not deliver much more than passports or driving licenses in that area.
My main concern was not so much with the hacking and theft of data, as although that is significant risk with a honeypot of data such as this would represent. While hiding it behind a firewall is all well and good, the fact is that there would be so many points of entry to these databases, and so many many people with privileges to add, move and change the data that simply managing the mass user access to manage and control users and roles centrally was a massive, and incredibly expensive, challenge in and of itself.
There were many other technical challenges and issues with secure distribution, biometric issues and non-repudiation, but frankly if we threw enough money at it and standardised equipment nationally enough we could probably work around these. But the cost would be phenomenal, and the benefit for the public a lot harder to define convincingly.
I don't see that they are planning to let Google track the data based on that article, perhaps I'm being naive. That would be problematic anyway, because there are significant issues with the data being held or accessed offshore, particularly since the safe harbour agreement which the USA signed up for (as they don't meet the criteria for holding data as defined in the Data Protection Act) doesn't let them have access to a whole lot of information. I'll watch with interest..
I was hoping for a hard push back on this, which is why I phrased it like I did, so thank you. There is an issue with holding all data in one honey pot (great phrase) but the alternative (spreading personal data over many different services) also has significant risks. All the issues you raise should have been debated, and should be out in the open right now too. The debate before the election was dumb and emotive, and avoided, ironically, all the real issues. It may even be that if the techies did put their minds to the real issues, and put a case forward, privatisation might be the best model for government ID. I doubt it, but I think a case should be made.
But the fundamental issues don't alter - whether we are looking at a commercial or public solution. For instance, we either have no use of biometric systems, or we have personal biometric data stored somewhere. It must be one or the other.
You are right it may not be Google, they are simply advising at the moment. My feeling is their friendly advice is a precursor to making a tender, but I could be wrong. Nevertheless personal sensitive data will be stored - it must be stored - and distributed in some way. Therefore the resource to do this must be provided somewhere, and all the problems you rightly identify will have to be addressed. But now they will be addressed by private companies.
I think there are two main dangers: commercial cost-cutting and acceptance of risk, leading to some disaster a couple of years down the line. Secondly, the abuse of data trust by companies with trans-national interests and no democratic accountability. The latter is more of a stretch, but I think both are real issues.
Thanks for raising a topic that inspired me to want to push back!
I think the main issue is right at the beginning, at the scoping stage. Your point that personal sensitive data will be stored and distributed hits right at the core of the problem. What personal sensitive data is it that needs to be centralised and why? What benefits will it confer to centralise it? In some cases, such as criminal records, centralisation and data sharing is completely logical and self evidently practical. But what about medical or educational information? Should all data held in the public sector be centralised, and in the same manner? In the same location?
Personal sensitive data is already stored, for every one of us, in a multitude of places. And, in theory at least, the places in which it is stored have safeguards, policies and procedures appropriate to the sensitivity and value of that data based a full and appropriate risk assessment. So while our medical records are private, and valuable, the risk of someone attempting to steal them (excepting corporate espionage i.e. life insurance purposes) are small, and the value of the data to the personnel who have access, e.g. receptionists in doctors surgeries, pharmacists, etc, is limited. Data protection around our tax records, or perhaps our criminal records is protected entirely differently, based on a completely different threat profile, and the protections and vetting for staff with access to this is different in turn.
Obviously this isn't fool proof, and all systems are subject to human error and malice from time to time. But when you place all the data in the same location, you move control from one based on physical roles and access in the real world to technical controls on human-defined role based access, and hope like hell that no-one who works in a doctors surgery is any good at hacking and escalating their privileges.
To clearly identify what data should be centralised needs a very cold, methodical look at what they want to achieve, for every single set of data they want to consolidate, and with a separate risk assessment for each area (a massive, massive consultancy job - private sector). The truth is that the government already uses an enormous amount of private sector expertise to design, implement, consult and assess on any number of projects, they have to because that's where the expertise is.
Now may be a good time to truly assess and consult, gather information and consider what benefits can be gained by federating identities in specific areas of the public sector. But with the economy in it's present state, I can't see it's the time for spending the money needed to do it properly, and if it can't be done properly it shouldn't be done at all.
As for Biometrics, they're very useful for lots of things, as long as you account for the false positives, false negatives, and percentages of the population for whom any individual form cannot be effective. They should be used advisedly as one way of confirming identity, not as a definitive way of establishing identity.
The process of Tendering always exposes an organisation to the risk of commercial cost cutting, but it is at least transparent, and a well constructed tender with appropriate and knowledgeable staff should be able to see whether a response is viable or pipe dreams. Abuse of data trust is pretty strictly regulated, and I'd be more worried about that if I saw legislation in to amend the Data Protection Act or expand the data flow allowed where safe harbour agreements are in place, which would need to preceed any trans-national data management.
Edited at 2012-03-04 09:53 am (UTC)
None of the issues you raise are wrong, but they are not issues which go away if the ID system is privatised. They aren't arguments for or against privatisation in my opinion - they are just issues which need to be considered whether ID systems are run for profit or not. Take one issue - false positives in biometric systems - that is a thing, it's a thing whatever system we end up with. It's not an argument against a public not-for-profit system, nor is it an argument against a commercial tendered system.
So my argument isn't 'There are problems, therefore a commercial solution is impossible'. It's that the problems are independent of the public/private sector debate - the issues you raise were treated before the election like an argument for privatisation, as if the dangers would disappear once the multinationals stepped in. But the risks are still there.
There's a separate issue, which is that given these risks which we both agree exist, who is best placed to provide a safe service. Like with the NHS and welfare and education, and now the police, the Tories and Lib Dems think that a private sector solution is best. I don't think their case holds up. But the risks themselves are the context for the argument, they aren't arguments themselves. They aren't arguments for my case either.
Agreed. And in the experience I have, which is by no means exhaustive, I would prefer to see a public sector run solution informed by private sector consultancy and expertise. What I've observed of public sector handling of sensitive data is that it can actually be done very well. My observations of private sector are far from exemplary, and in general the processes and procedures are far more mature, defined and specific in Public sector than in Private.
I wasn't there before the election, so wasn't aware of that angle of approach. Damn stupid and would have enraged me if I'd seen it, so possibly better that I didn't. Can't imagine any appetite for national identity schemes in New Zealand somehow.
So we basically agree. Vehemently.
You can probably tell I used to have to answer correspondence on this subject, I've got all my 'yes-buts' backed up from before.
I'd have been perfectly happy with an ID card. The sheer difficultly of doing things like opening a bank account demonstrates just how hard it is to prove your identity theses days.
henry had to apply for a provisional driving licence long before he actually wanted to learn to drive, purely because it was an acceptable form of ID.
Being able to access the correct medical records quickly is obviously beneficial.
I think my priority is what is easiest because I am so bad at getting myself organised.
|Date:||March 10th, 2012 10:09 pm (UTC)|| |
The identity assurance service will essentially be a market of competing private sector identity providers that will sell ID assurance services to the public sector, enabling organisations to identify who they are dealing with during government transactions.