Little Brother is watching
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
"Government can and must be involved in identity. Not as Big Brother, but as a little brother helping and funding"
The government’s strategy on identity management is to partner with private sector identity providers. What does this mean, and what are the implications?
Alongside the NHS’s National Programme for IT, the former government’s failed ID card scheme has become emblematic of over-centralised, over-ambitious and, as some people see it, overbearing public IT projects.
The Conservative Party never made any secret of its disdain for the scheme, and the very first law passed by the current coalition government was to scrap it. Doing so will supposedly save the British taxpayer £1 billion over the next ten years.
But the coalition government also wants to cut the cost of public services, and that means going online. In November 2010, the government adopted digital champion Martha Lane Fox’s recommendations to make public services ‘Digital by Default’.
This policy requires a trusted system of identification to prevent fraud and other abuses. The government’s strategy to provide this, dubbed the Identity Assurance Programme, is to construct a federated system of identity that devolves responsibility for identifying the citizen to trusted third parties from the private sector.
In early November, Cabinet Office minister Francis Maude allocated £10 million to fund the Identity Assurance scheme. “We think government can and must be involved [in identity],” he said. “Not as Big Brother, in the way associated with ID cards, but as a little brother helping, supporting and providing [...] funding.”
The plan is to offer citizens a choice of different identity providers. It is not yet known exactly which organisations have signed up to become identity providers (IDPs), but among the obvious candidates are banks and credit rating agencies, which already deal in identity and risk. They might federate their identity systems in exchange for the opportunity to offer products and services.
The faults of the national ID card scheme are obvious in retrospect, but the risks involved in the new scheme are at this point less apparent. One nightmarish scenario could be if citizens of no commercial value to the IDPs could not be identified, and were therefore blocked from public services.
Hopefully, the government will identify and mitigate these risks, lest the Identity Assurance Programme becomes at best another totem of ideological folly and at worst a threat to universal access to government services.
Patrick Curry OBE, of the British Business Federation Authority, says the government’s approach to identity raises novel issues
With some notable exceptions, multinational attempts to reuse government-issued identities for commercial
purposes hasn’t worked. The UK and the USA are at the forefront of the opposite approach – reusing commercial
identity credentials for government purposes.
One issue in this model is establishing an identity in the first place. How do you know that the identity provider (IDP) was rigorous enough in proving an applicant’s claimed identity? Another issue is liability – what happens if something goes wrong? Governments aren’t in a good position to accept liability, but making the IDPs liable disincentivises their
participation.
Our government is working well with industry experts to address these issues, and to use sensitive information under strict control.
Toby Stevens, proposition manager for Identity Assurance at the Post Office, says challenges remain in defining the model
The key challenges facing Identity Assurance are: usability, since the open market approach is not easy for users to grasp; governance, to ensure that stakeholders understand the risks and know that they will be protected appropriately; and commercial model, so that companies have confidence that they can invest in the new scheme.
Setting standards should be relatively straightforward, so long as government commits to long-term use of clearly defined open standards that take into account industry needs and international interoperability.
Only when these issues are resolved will it be appropriate for government to publish its architecture. As any good CIO knows, there’s little point designing the system until the business need is clearly agreed.
