IAAC produces its diplomatically devastating “identity roadmap “

WRITTEN ON July 8th, 2006 BY William Heath AND STORED IN Uncategorized

The Information Assuarance Advisory Council (IAAC) is now foussing on identity assurance and has produced a Roadmap for Identity Assurance in the UK.

Like the IAAC website (which has strange scrolling news you can never quite click on) it’s a bit clunky. Bits of it never got edited. But it’s also hard-hitting in an understated sort of way. It makes sweeping assumptions like

In today’s world most interactions between citizens, business and administrations revolve around the concept of identity

which one wants to unpack (eg to assert that many transactions are justifiably ananymous or pseudonymous, and it’s important to assert that this is absolutely fine).

But what I like about IAAC (a bit like inter-faith work with Muslim zealots) is that because they come from such a different place, it’s very satisfying when you find common ground with them. So although there are a lot of line edits I’d offer (some points of debate), there is plenty of solid common ground to be found in this new report. They even use the phrase “foundation of trust” throughout, which I pushed hard at them when I spoke at their meeting last autumn.

IAAC is strong in its call for an inclusive and effective debate (which by implication it says we have not had). Fresh from interviwing Kim Cameron I’m struck that in IAAC’s “dimensions of IMS” there is no role for the user, whose interests are paramount. Unless it’s tangible and comprehensible to users, and they like it, the system fails. It would be good to hear more about ease of use, design, even reification.

It’s cautiously worded, with circumlocutions. For example IAAC says

However, the costs of enforcing data protection to organisations, in particular those in the private sector, can be incommensurate with the costs of non-compliance with privacy protection regulations.

I think this means that where privacy is concerned it’s often cheaper to break the law. It’s also non-specific about UK ID plans: Gov Connect, the Government Gateway, the notorious Home Office ID system and other such as the Scottish Executive’s plan.

But behind these circumlocutions it spells out the gravity of the ID system decision the UK has taken (which we can only imagine was taken by the PM on his sofa with barely any more thought than he gave to the national programme for IT in the NHS.

One senses these are careful, technically aware people, perhaps naturally on the authoritarian side, and sensitive to political messages – the sort of people it would be great to enagage in the very debate that this paper is calling for.

Leave a Reply