Robin Wilton's esoterica

Simon Moores has written a thought-provoking piece in silicon.com on what he sees as the "technical, fiscal and civil liberties" flaws in the proposed UK ID Card system. He's not exactly in favour, but then if he were, you would probably wonder why I (of all people) was citing him here! My favourite quotation was this: Tomorrow's solution to today's identity crisis is not to be found embedded on a plastic card. It's a far greater problem which demands a much broader understanding by politicians of the context of personal identity in a rapidly widening 21st century information space. Simon Moores is managing director of Zentelligence Research and vice chairman of policy development for the Conservative Technology Forum. Read the whole piece here.

William Heath's Ideal Government blog has some excellent analysis of the many threads (political, 'spin', technical, social and so on) of this complex issue. This entry on the shape of a constructive ID Card debate is a good place to start.

Well, it's hard to get the details I would like to see, just from the press coverage, but there are several phrases in the available reports which I find really unnerving. Here's the initial BBC article: Blair Defends Identity Card Plan Alarming statement #1: The Home Office will not put a figure on the cost of setting up the scheme, saying it is commercially sensitive. Hold on a minute: the "commercially sensitive" argument is used to, for example, avoid disclosing under the Freedom of Information Act details like the cost of a contract awarded under competitive tendering. If this legislation is only now going through parliament, how can commercial vendors have already reached the stage where they have competitive tenders or contracts to run the resulting system? This is a legislative measure which parliamentarians have described as "fundamentally changing the relationship between the citizen and the state". I think it's quite unacceptable to be trotting out a "commercially sensitive" defence against disclosing the cost case. Alarming statement #2: But the scheme will cost an estimated £584m to run every year - a cost of £93 per card, compared with an estimated cost of £85 per card in November. So, in return for being issued with a credential which (as it contains biometrics) should remain consistent as long as the biometrics do, I could have to pay £93 a year in perpetuity, and presumably more as usage of the card becomes pervasive and the cost of operating the over-all system rises accordingly. If the benefits of a national ID card are (as the Government has been saying so far) improved management of benefit fraud, healthcare entitlements, immigration and asylum, then (to put it baldly) what's in it for me? A more cynical person than myself might wonder if that's why Mr Blair and others have suddenly started referring to the ID Card as "a defence against identity theft". Elsewhere I'll come back to why I think that's a bogus characterisation... Alarming statement #3: 'The prime minister's spokesman said ... "People are recognising that identity is just as valuable as possessions," This statement is alarming because it perpetuates the erroneous view that an identity equates to a possession. If identity is a possession, then it is a very special class of one, and needs to be legally treated like other possessions of the same kind (such as real estate). This is something I discussed in more detail in this earlier blog entry: Give me back my identity! I understand that what I have done here is in no way a paragraph-by-paragraph analysis of the bill and how it has changed, but to my mind, these three examples are enough to seriously undermine my confidence (!) in it.

Link to BBC News article. The Home Secretary will today bring the Identity Card Bill back to the House of Commons. Apparently this is a version which has been revised to take into account the objections raised concerning the last Bill - although given the short time since the last attempt was withdrawn, and the fact that there was a general election campaign during most of that period, I find it hard to believe that the amendments will be either systemic or fundamental. And yet many of the objections could not be addressed without systemic or fundamental changes, not only to the Bill but to the Government's approach to the concept. Technically, it seems quite clear that the three major components of the ID Card architecture are extremely high-risk:

1. The system relies on smart card and biometric technology (the latter being still relatively unproven), implemented in the tens of millions of units and kept up to date with a corresponding re-issue process. Think of the investment Banks have had to make in systems and expertise to 'cycle' their smaller card-holder populations every 2-5 years;
2. It includes a centralised database of citizen data for all card-holders: controversial in principle; difficult to populate, maintain and secure;
3. The cards and database are of little use without client-side terminals to read and act on the ID data; but that population of readers doesn't exist, least of all in the citizen-facing public sector.

Further, if this were a commercial undertaking, one would be looking for a compelling risk/benefit case for going ahead, and trying to build a 'return on investment' model. As far as I can see, there is nothing to indicate that the benefits of the system can be measured, let alone shown to outweigh the cost. My previous posts on US high-tech security measures indicate there are plenty of ways to get this wrong. Let's see how different the revised Bill is - frankly, I am not optimistic.

As several people have noted, the UK Identity Card Bill which was dropped from the last government's legislative programme (cf. my earlier blog entry) looks like it is going to resurface briefly before being rubber-stamped through parliament in under a fortnight, according to this Guardian article. Looking around, it's hard to find any positive comment relating to these proposals - I noted criticism (much of it even constructive) from:

• Last December's House of Commons research report
• March 2005 House of Lords Select Committee on the Constitution
• The LSE report
• Joint Committee on Human Rights
• Home Affairs Select Committee
• APACS (Association of Payment and Clearing Services)

Oh, and The Register (I'll add the rest of the hyperlinks when I have a moment) Of course, I'm only interested in presenting a balanced, objective analysis of the subject :^) so if anyone has seen good reasons why the Identity Card Bill is a timely, practical and cost-effective legislative measure, please post a comment!

William Heath has a very useful blog/forum here: Ideal Government I recommend it if you want to keep your finger on the pulse of Identity Management in the UK public sector. I would be even happier if I were confident that the Bill was being shaped by the comments and suggestions expressed in the discussion.

Mark Dixon has a great post today about several of the major Identity themes which are currently hot:

• Kim Cameron's Laws of Identity
• The interface between architecture and 'real business requirements'
• The future of authorisation/access management middleware

Mark has sound ideas and is in a position to see them turned into practical reality. Definitely a blog to watch!

Following Kim Cameron's recent post linking to the recent LSE report on ID Card proposals in the UK, I thought it worth adding a pointer to the Parliamentary Research Report of December 2004 on the same topic. For some reason I can't access it at the original URL, here , but fortunately I had squirrelled a copy away just in case. Here it is: House of Commons Research Report. It does a very good job of putting the proposals in context, then sets out both the government's arguments in favour and some of the principal objections raised. In my view (as you would by now expect...), the proposal of a single centralised national ID register, populated with newly-issued credentials, is fundamentally flawed. People already have credentials which are already trusted to a quantifiable (if not uniform) degree, and the sensible approach is to federate existing credentials rather than try to impose a further 'universal' one.

Well, it's been a year now, as our CTO Greg Papadopoulos recently pointed out. Something weird's going down: Sun and Microsoft jointly host an update session and a demonstration of product interoperability. Here's the feature article, on sun.com . "Who'd a thought it?" (which, if you have no interest in interoperable authentication, is also the name of a good pub you might like to check out). Several of my hard-working colleagues, and their Microsoft counterparts, will today show the results of months of collaboration, in the form of interoperable authentication between Liberty (ID-FF) and Web Services Federation (WS-F) compliant products. The technology agreement between the two companies included the establishment of a customer advisory board, so that we could have some impartial input about what we should work on. (I can just imagine the alternative - two teams of slightly nervous techies, peeking shiftily at each other from opposite sides of the room... just like a school dance...). Anyway, interoperable authentication was high on the list, so we have, jointly, done it. Congratulations to both interop teams for all the work they have put in to take this from conception through specification and into the light of day! And that's a key point: "why a whole year?" has been the cry. Well, that cycle from vision to deployment is not always a quick one, and there were two pretty entrenched camps at the outset. However, I think this gives a really clear indication of what can be achieved where there's a will - and that will shows no sign of abating. What comes next, then? The effect of interoperability (or standardisation) is that it raises the bar for innovation and added value, which is a good thing. The more functions become interoperable and 'sediment' into the operating system or the server stack, the more we have to think (as vendors) about how to add value. As it happens, I think there's plenty still to do to bridge the gap between open, interoperable authentication and the pressing problems customers are expressing to us at the business level. For instance: how should customers implement this identity technology in ways which minimise the possibility of identity theft? How can we drive IT security more effectively through business-level policy control? How can we exploit federated identity to achieve better risk management? Openness is good; interoperability is good; obliging us to work harder at adding value is good... keep it up! Identity

... now, what was the question? Actually, forget it, I don't really care what the question was. The answer is still expensive technology. Here are two articles which caught my eye recently: One on the Real ID programme: "Real ID" cards And one on post-9/11 defensive technology: US hi-tech border controls I must be getting old. When I started learning about cryptographic products, they seemed to me to be a straightforward and definitive solution to an information security problem. These days I'm more cautious. Experience has already shown the current US administration that whipping out the cheque-book and ordering the latest gizmatronics probably won't fix the complex social, cross-border, geo-political problem of defending permeable borders against small-scale, high-impact threats. Instinct, though, is a cruel mistress with expensive tastes. The Real ID programme has a budget of 20 times what has already been spent on the border-screening technology.

The topic of "Identity Theft" is a hot one at the moment, so I think it's time to look a little more closely at some of the assumptions bundled up in that expresssion. First, a disclaimer: I Am Not A Lawyer (though obviously, opening with a disclaimer is a good step in that direction ;^).

That said, here's the position as I understand it: UK law distinguishes between two kinds of property: "real property" (or "realty"), and "personal property", (or "personalty"). Incidentally, that's where the US terms "realtor" and "real estate" come from: your "real estate" is that part of your personal 'estate' which consists of land and buildings. I freely admit that I don't know if that is mirrored in other legal systems, but I use the UK example in order to tease out a point which is relevant to Identity Theft.

So, personalty means things like your car, your camera, your collection of Durer etchings... realty is the land or buildings you own. The two kinds of property are treated differently when it comes to the law. If someone steals or damages your personalty, it's possible to compensate you with a replacement (a new camera) or with a cash payment (instead of, say, a unique work of art). However, if someone steals your realty, the only restitution the law recognises is for it to be restored to you. Compensating you with a cash payment is not considered adequate, and neither is giving you another piece of land instead.

"So what..." I hear you mutter...

Well, the point I want to make is that when we talk about "Identity Theft" we tend to treat identity is 'personalty'. We treat it like a possession which could be stolen, lost by a third party, and then replaced or repaired in some way. We need to be thinking of identity as realty, and (more important) legislating accordingly.

It makes little sense for a third party to pay me compensation if they lose or divulge my personal data - that doesn't help me much. What I need is to have my original 'identity' restored, its integrity intact. The trouble is, that's pretty hard to do, once the cat is out of the proverbial bag. Any remediation needs to look not just at 'giving my identity back to me', but cleaning up the consequences of the theft/loss. I don't claim to have an answer yet, but I do think that we are more likely to find one if we treat identity as realty than as personalty.

Just to illustrate the comments I made yesterday about RSS feeds, here's a link to a screenshot showing the Sage reader in action. Sage/Firefox screenshot I was going to include the graphic inline, but shrinking it sufficiently made it illegible. You should find it self-explanatory, but basically, on the left hand side you will see the Sage reader as a side-bar. The top section lists all the RSS-capable sites I have added; in a dangerously self-referential move, I have selected my own blog... The lower section of the side-bar lists the titles of the 15 most recent posts in the selected blog. The main panel shows the blog entries themselves in RSS form (i.e. without the blog style sheets, bookmarks &c you would see on the blog itself); clicking on the title of any entry will take you to that entry in the blog itself.

There are so many new things to get a grip on... no sooner have I started to get the hang of blogs (despite appearances to the contrary!) than I find out about RSS (Really Simple Syndication, for anyone else who is new to it). Suffice to say - if you occasionally use sites which are frequently updated, such as: BBC News blogs.sun.com but would like a more convenient way of seeing a quick summary of what's new, then RSS is likely to be useful for you. Thankfully, there is a great post here on Tim Yang's site to help one get the most out of RSS. Also, if you use the excellent Firefox browser, you can quickly and easily install the Sage RSS feed reader, which is a clear, easy-to-use plug-in. It lets you keep a bookmark-like list of RSS feeds, and click on each of them to see a summary of new posts on that site. Hope this helps!

I love this. I read it till my head spins, or my eyes start to revolve independently. Whichever shall be the sooner.

A slightly belated entry to thank Brian Davison of Napier University in Edinburgh. When Brian and I met at a Sun roadshow on Identity Management in the Public Sector, Brian invited me to come and address his third-year students on the Information Delivery course. It was a new departure for me, and it was an interesting challenge to 'write' for an academic audience rather than a commercial one. I hope they found it useful - or at least interesting! In the end, I opted to cover the same topics as I would for a customer, but leave out the sales pitch. So we looked at the following:

• Where's Identity going? What's at the edge of the network?
• What shortcomings are there in IDM the way it's done today?
• The nature of online trust
• How that might map onto portal-based delivery
• The elements of a federated ID system

The other factor, of course, was that with finals just around the corner, it might be that they would rather have been revising for their exams than listening to some visiting 'suit'. ;^) Everyone I spoke to was very welcoming nonetheless, so thanks again to Brian, and best wishes to all on the course for their forthcoming finals!

Whatever hype the Sun-Microsoft technology agreement generates, it's useful to see this clear report from where the actions is, via Greg Papadopoulos' blog. To my mind, the key point here is that we are allowing our customers to guide the way in which the two companies collaborate. I think that's a really healthy approach; it helps to ensure that there is always a 'lodestone' we can refer to if and when the debate gets snared in the subjectivities Greg refers to.

Sunset by the pond

On a cool summer evening -

A frog blinked at me.

Greetings once again from the UK, where I have just been flexing my democratic muscle. Just like last time, I was angered and depressed to see that my vote is not secret; that is, every ballot paper contains information which makes it possible to see who cast the vote on it. Here's the system: every eligible voter is sent a Poll Card notifying them of their polling station, which elections they are being invited to vote in, and some voting instructions. On my card is my name and address, a mystery 8-digit number, and a further code which is boldly labelled Number on Register. In my case (as my anonymity is shot to hell already...) this is IJ1-829. So, I arrive at the polling station and tell the monitoring officer my name and address. She crosses me off on the voting roll (so, one person, one vote...), and says to the person with the ballot papers "829". The ballot-slip person then writes "829" on the counterfoil of a ballot paper. Also on the counterfoil (and the ballot paper) is the number "80665". It is therefore a simple matter to cross-reference any ballot slip with its counterfoil, retrieve the Elector Number and look the voter up on the electoral roll. How democratic is that? I am forced to wonder, for instance, whether every voter in the recent elections in Zimbabwe could be similarly identified. This is 2005, for goodness' sake! It should not be beyond the wit of the electoral commission to implement a system which preserves the integrity of the poll and the anonymity of the voter! The current system fails to ensure my privacy, and gratuitously collects more data than is needed to fulfil the intended purpose. I'm not going to tell you how I voted, by the way. Not because it's a secret, but because you can probably find out for yourself. There must be a better way...