Identity Assurance warrants more public debate

With his signature bow tie and transatlantic accent, Estonian president Toomas Ilves is not quite what one expects the head of a former Soviet state to be like.

But Estonia is a special case, in many ways. For one thing, the country is arguably the world’s most sophisticated adopter of e-government.

As Ilves explained to the London Conference on Cyberspace in October 2011, 90% of the country’s tax returns are filled in online, 25% of votes in this year’s elections were cast online and 76% of the population regularly uses the Internet. “Information technology and its use by the state is at the core of our modernisation strategy,” he said.

Cabinet Office minister Francis Maude, who was hosting the conference session that Ilves spoke at, paid tribute to Estonia’s example of what can be achieved by offering public services online.

What he didn’t mention was the fact that the UK coalition government’s approach to e-government differs in one very significant way to Estonia’s.

Central to the Baltic state’s e-government programme is one of the most widely adopted national identity registers in the world. More than 90% of the country’s 1.1 million inhabitants carry a state-issued ID card. It is used not only to access online public services, but also to authenticate banking transactions and purchase tickets for public transport.

For Ilves, the ID card scheme has been pivotal to the success of Estonia’s public sector modernisation. “If you want safe and secure e-government, you can’t do it without an ID card,” he said at the London conference.

However, that is exactly what Maude and his colleagues intend to do. With its Identity Assurance Programme, the government plans to devolve responsibility for identifying citizens to private sector organisations, such as banks or credit rating agencies. It is currently developing a federation hub that will allow these identity providers to integrate with government websites securely.

It makes sense that the UK needs to take a different approach to that of Estonia. Creating an ID register for 60 million-plus people is a very different challenge to building one for just over a million. And there is every sign that government is aware of the privacy and identity management issues associated with this approach, and is taking them seriously.

Nevertheless, we are moving from a situation where responsibility for authenticating citizens (so they can access the public services they are entitled to) is the duty of the state to one where it is up to profit-seeking organisations to decide who can be trusted.

This could have far-reaching consequences for citizens, especially those who have fallen out of the typical sources of identity confirmation – employment and residency – and who are therefore most reliant upon public services. And yet, there has so far been little discussion of this significant change to one of the core mechanisms of our society.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...