WRITTEN ON October 21st, 2005 BY William Heath AND STORED IN Uncategorized

I’m told I can’t say who said it or where but there’s been some movement on the ID cards/register policy and there’s considerable pressure for rather more. See below for more.

Senior industry and Whitehall figures outside the Home Office agree that the lack of a business case is a problem. The notion that we don’t yet understand enough about identity and what it means in an e-enabled world has wider credence than sceptics may have feared. There’s some acceptance, which may yet spread, that any government-backed ID solution need to be “acceptable to the consumer-citizen”.

And just as Kable found earlier this year there was insufficient clarity about how the Home Office ID system proposals would work in practice to inform a market-sizing exercise (not that the Home Office much cared) so now it is becoming clear that the same lack of clarity makes it impossibe to do a formal Whitehall risk assessment and security accreditation. This information-assurance issue is rather more serious, since the ID system would form part of the critical national infrastructure.

As a major IT project it requires formal sign off through the OGC Gateway process. There’s a named senior responsible officer whose neck is on the block. So a satisfactory formal risk assessment is essential.

There is the potential for the legislation to get through the Lords only to find one department irrevocably politically committed to introducing ID cards at loggerheads with other parts of government responsible for policing good practice in government’s acquisition and management of the critical IT infrastructure, who will block the project.

These major Whitehall-procedural snags sit alongside philosophical differences about the role of identity and stability of democracy when stresses on society will be greater than they are today, and deep technical questions about future generations of technology. As devices proliferate and biometrics evolve, what architecture will prove robust? There’s a strong case for holding our bets.

“I’m personally concerned about any system that claims to solve all problems in one go,” said one senior source. “You can’t have a gold standard which at the same time is easy to use for vast numbers of people. There tends to be a trade-off between ease of use and high security.” Instead, he argued, we need to discover the relationship between the individual and the state, and set out the principles that underlie the future architecture. In the US, such a deep-lying and non-partisan issue would require an amendment to the Constitution.

I spoke, from the “Ideal Government” standpoint, to ask for a user requirement for identity in e-goverment and an e-enabled world. It was a bit of a rough day in some ways – the room was full of people coming from very different standpoints, deeply holding quite different beliefs.

At least one senior Whitehall official has read Stefan Brands’ book (even if not understood it all, but which of us did? I only understood chapter one). This must be good news.

You need to keep calm sitting on a panel trying to create dialogue with someone who never returns your emails and who studiously ignored various important people who try to offer vital insights, indeed denies they have ever tried to get in touch. But man, did we stay calm.

The call for a user requirement was eventually echoed and carried the day. Along with the need for a business case, clarity, deeper understanding of technology and future trends, and better dialogue.

It’ll take good science and good manners. But we’ll get there.