WRITTEN ON December 3rd, 2005 BY William Heath AND STORED IN Uncategorized
39. 6 Information Assurance: despite the difficulties of a fast moving and hostile world, underpinning IT systems must be secure and convenient for those intended
I reject the evil notion that this world which sustains us is hostile. It’sthe only life-support system we’ve got. It’s just that there are rules to sustainable and peaceful living and we’re breaking them. If we start from the wrong place when making our information-assurance plans we’ll exacerbate our problems, not solve them.
7. Identity Management: Government will create an holistic approach to identity management, based on a suite of identity management solutions that enable the public and private sectors to manage risk and provide cost-effective services trusted by customers and stakeholders. These will rationalise electronic gateways and citizen and business record numbers. They will converge towards biometric identity cards and the National Identity Register. This approach will also consider the practical and legal issues of making wider use of the national insurance number to index citizen records as a transition path towards an identity card.
This makes me uneasy. Why put government at the heart of identity? There’s a whole ecosystem of context-sensitive identity developed around government, which works OK for its particular purposes. There’s a market in risk management. Why put government at the centre, “providing cost effective services”? The Finns use e-services authenticated by their banks.
Why converge on intrusive and compuslory biometric cards and on a national register backed by a panoptical audit trail? It’s the kiss of death to trust in e-government, because it binds e-government to a series of offences: compulsion, enforcement through fines, intrusive and expensive biometrics, a massive audit trail which provides the basis for massive discrimination.
We should hear more about the national insurance database. How good is it? Does it work for DWP and HMC&R’s business? What steps could we take to clear it up?
The rest of the shared services, professionalism and leadership stuff is great.
It would be good if Para 44 could credit Kable as source for government IT spend.
Para 49: I dont think Central government agencies have ever yet worked out how to work with the local ones (Socitm, Solace etc). But it’s probably a healthy tension.
Para 50: I really dont know what “supplier management” policy works. But one could argue that a series of £50k prizes for innovative web services would have secured UpMyStreet, DirectionlessGov and all the MySociety projects. Perhaps a hundred such projects could have been funded from the money spent on any one of TransportDirect, Direct.Gov, UKOnline etc
4 Responses to “Transformational Government – shared services paras 39-50: comments”
Also, para 1, ‘fast-moving and hostile’ – I think the author is talking about the online environment in which IT systems operate, rather than the physical world. I think, given the rate of new virus appearances and the computer security technology arms race, the phrase is reasonable.
There’s this weird idea that putting information into databases somehow makes it more secure.
a) Massively correlated databases are inherently less secure than fragmented ones, simply because of the number of people who must have access to centralised databases. Clearly the more access, the easier it is to abuse – both by using the information in the database inappropriately, and by falsifying it (there are other security issues with these types of database, but this is the most obvious and least technical).
b) Putting information in a database, no matter how widely correlated, has little impact on the difficulty criminals will experience in manufacturing false identities. Using the national insurance number as the basis of identity is a fantastically good example of why this is so: it really isn’t very hard to get a national insurance number, as is illustrated by the fact that there are more NI numbers in use than there are people.
Once more, measures which supposedly protect us from crime are in fact useless against criminals and serve only to criminalise and inconvenience law-abiding citizens as well as exposing them to new types of crime.
Yes, OK. To call the world “hostile” is not evil; I withdraw that. What I wanted to convey was that to start with the premise that the world is hostile you must be alienated from the supporting environment we live in and are part of. This makes people do bad things (with a sense of self-righteousness). And that’s what makes the world seem hostile.
paragraph 7 is possibly the most scary thing I’ve read in 10 years of watching e-gov strategy stumble. It also seems to me to be several steps ahead of any of the public statements being put about regarding ‘voluntary’ id cards.