WRITTEN ON March 8th, 2008 BY William Heath AND STORED IN Foundation of Trust, Identity, What do we want?

Soon after I’d signed to A&M Records the MD of a small merchant bank tried to explain the pop industry to me: “Essentially,”he said, “it all revolves around the bank.” In his long-awaited, much delayed & redacted and nearly buried-alive report Sir James Crosby views identity assurance from the same perspective.

He uses a banker’s vision of ID assurance to charge down the wholly government-centric view of ID management. The banker’s version is more enlightened than the Home Office/IPS/unmentionables version because it recognises up front that this must work for the data subjects. Crosby uses each of three terms – consumer, customer, citizen – in different contexts without elaboration. But he doesn’t seem to have talked to a lot of them per se.

Those hoping for robust public debate ID management or assurance will be delighted. Those who never wanted a debate but just wanted everyone to do what they’re told managed to delay things for quite a bit but now simply have to gnash their teeth and start to face reality. The confirmation of different perspectives in different Departments has belatedly brought government into a two-dimensional debate. There is of course more to come.

Here are a few specific thoughts on “Challenges and Opportunities“.

Crosby makes a series of powerful points about switching from the “control” model of central ID management to more a consumer-led system of ID assurance. I made dozens of ticks in the margins about points like consumer acceptance and technological evolution, and even a few smileys.

In over a decade of looking for it, it’s the first time I’ve seen long-overdue presumptions for the deletion of unnecessary personal data and maximal anonymity in a government report. The Home Secretary said

Sir James strongly supports a universal identity scheme, including a role for identity cards, and makes a strong case for speedy and consumer-led introduction.

This may be. But the headline-news finding, (as I quoted below) is that he dismisses the Benighted Scheme as an irrelevance: it won’t deliver the customer-led ID assurance he says is necessary.

He writes as if he overestimates the extent to which people or businesses need to know each other. For example he says cash facilitated trade between people “who didn’t necessarily know each other” but he could have said “between people who longer needed to know or trust each other”. Cash works fine anonymously. And suppliers don’t always have to know their customers. I happen to know the opera- and cricket-loving Mr Patel who sells me newspapers but that’s an incidental pleasure and not germane to our transaction. He says Chip & PIN enjoys high levels of trust but, like the citizens of Peterborough, I’d rather hand over cash to Sri Lankans in a petrol station full of CCTV cameras.

He doesn’t seem to set out why one universal ID assurance scheme is so much more desirable than a series of overlapping schemes that work well. If there is to be just one scheme, are all the others to be exterminated somehow, or just fall into disuse?

He assumes that the output of a successful ID assurance scheme will inevitably be a mass of surveillance audit data for security purposes. This ignores the possibility of anonymous or privacy-protective schemes (such as Microsoft will soon be able to provide after its acquisition the same day of Credentica). This comes back to his own point about consumer acceptance. Given a choice, will consumers choose a scheme which is known to leak data to law enforcement over one that doesn’t? Or will it be like the phone system, where everyone can be tapped unless they go to extreme lengths of an encrypted phone or use Skype? Put another way, will consumers be as offended by “Eingriffe in den absolut geschützten Kernbereich privater Lebensgestaltung” as the authors of the German constitution are?

He is much more focussed on social and economic benefits in an increasingly online world than the (now mostly long-gone) architects of the Home Office/IPS/Intellect/spook-central Scheme. His arguments about the benefits of increased usage really only apply to new business in the online world. It’s not as if more convenient systems of ID assertion are going to make us want more bank accounts, do more foreign travel or to apply for more jobs.

Anyway, a pretty cool piece of work in very challenging circumstances, so well done Sir James and the team. He forgot to credit Ruth, Scott and me for the presentation Kable worked pretty hard to put together for him and his team. But hey – it was fun to do, and his report echoes a lot of what we said.

Comments are closed.