sbisson: (Default)
sbisson ([personal profile] sbisson) wrote2005-06-06 12:58 pm
  • Add Memory
  • Share This Entry
  • Current Mood: cynical
  • Current Music: Supertramp - The Very Best Of Supertramp - The Logical Song

If you're going to do ID cards...

...at least do them right.

Digital identity guru Kim Cameron points to Ideal Government's link to a Sunday Telegraph report on the LSE's proposals for an alternative, user-controlled approach to IS in the UK. An approach that not only allows you to control what information is stored, but also allows you to control where it's held, and how much of it the government gets access to.

Oh, and it's also £10 billion cheaper than the government proposals.
An identity card scheme that costs just £30 per person - compared with £300 per person under the Government's proposals - will be unveiled this week.

The plan, drawn up by the London School of Economics after six months of research, would also limit the Government's access to information on the card to a few basic details - while the Government wants to hold much more personal information on a national database.

<snip>

A 180-page LSE report says that its proposals would satisfy the need for a national ID card to help to combat identity fraud and illegal working and allay fears that the right to privacy would be seriously undermined by a "Big Brother" state.

<snip>

Under the proposals, the Government would have access to only a few details - the holder's name, date of birth and photograph, plus an encrypted card number and a unique "national identification number".

The scheme would be more acceptable to the public because it gives individuals the right to decide whether to store any other information on the cards, according to the report.
Hmm. Cheaper, user-controlled and more secure? I doubt we'll see it happen, then...
Flat | Top-Level Comments Only

[identity profile] nalsa.livejournal.com 2005-06-06 05:10 am (UTC)(link)
I love this proposal, I think it's an excellent idea - if we have to have an ID card at all, of course - but (as mentioned at [livejournal.com profile] spyblog) the way of acquiring "referees" is open to abuse, and for that reason the proposals may well be laughed out of consultation.

I find it mildly amusing that this came out a week after LSE published a report reckoning that ID cards would cost 300 quid per person, too.

[identity profile] sbisson.livejournal.com 2005-06-06 05:13 am (UTC)(link)
I understand that it's all actually the same report - this is just a leak of another section!

[identity profile] nalsa.livejournal.com 2005-06-06 05:16 am (UTC)(link)
Oh, right! Ok, I wasn't aware of that; it's a carefully managed release, then. Excellent; seeing as the LSE has had input with No2ID, I'll look forwards to seeing the full report when it comes out...
zotz: (Default)

[personal profile] zotz 2005-06-06 05:19 am (UTC)(link)
Interesting. Thank you. I was talking to Kate about ID cards last night, actually. I'll have to make sure she knows about this.
vampwillow: thinking (thinker)

[personal profile] vampwillow 2005-06-06 05:25 am (UTC)(link)
but (sfaiacc, ymmv, etc) the issue is not the *cards* but is the backedend *database* that it, of neccessiry, will link to in order for the card to be validated.

Without a backend database the cards are trivial to forge, so it is a given that it has to exist.

The database will - on the government's requirements - be accessible to Police / NHS / Schools / IR at least, and at most levels of staff in some manner which probably gives approaching half the households in the country some mechanism for accessing some of the data.

As such, the ID card's "National Identity Number" becomes the key into all government systems and, by probable extension in the same manner that banks and finance firms now demand NI numbers, by most commercial businesses as a unique identifier.

Therefore all the scroats have some direct or indirect access to the database can take your number and extract the database's information for illegal use elsewhere.

The ID card system is another segment of the Big Brother approach this 'left wing' (sic/sick) government wants to have to control the population, alongside black boxes in cars to know where you are and what you are doing, etc.

</rant>

[identity profile] sbisson.livejournal.com 2005-06-06 05:58 am (UTC)(link)
The thing with the LSE proposal is that it confirms to most of the canonical Laws of Identity (see Kim's blog for more details and an upcoming piece by [livejournal.com profile] marypcb in the Guardian).

1) The government doesn't control the data. You choose where it's held and by whom.

2) All the government has is your name and an encrypted ID number which allows access to specific information - and you control their access.

So it's your personal ID, not theirs - and they can only use it as an authorisation tool.

I can see the point you're making, but there's little difference between this and what we have today - in fact this approach allows you to see what they're doing with your information.

The key is what's known as Zero-Knowledge Cryptography, where the card offers authorisation information rather than full details. So if it becomes a driving license, all it would say to a police officer is that you are allowed to drive a car. Not where you live or what you do...

[identity profile] megadog.livejournal.com 2005-06-06 06:34 am (UTC)(link)
I feel it axiomatic that there should be a fourth addition to your criteria - that of subject-interrogable audit-trails [so a data-subject can see who has looked them up].

Of course this will never be allowed.
vampwillow: (Default)

[personal profile] vampwillow 2005-06-06 06:44 am (UTC)(link)
"an encrypted ID number which allows access to specific information"

ahuh. having specced (or seens specs on) various governement systems in the past, and with the knowledge of what data the NIN would act as a 'key' to, I'd still say that the data isn't under the person's control at any point, nor is the release of same.

ps. the police already have access to DLVA info and I hardly think they would accept a backward step of having less information than currently!

[identity profile] sbisson.livejournal.com 2005-06-06 07:00 am (UTC)(link)
The point here, is that there is no need for information systems beyond the current ones...

(and I've done my share of helping the Police with their enquiries. Or should that be with their cross-region information sharing systems)
vampwillow: (anime_red)

[personal profile] vampwillow 2005-06-06 08:55 am (UTC)(link)
"there is no need ..."

Hello Squire ... I've this lovely bridge here ... Yours for a tenner

[identity profile] ciphergoth.livejournal.com 2005-06-06 06:49 am (UTC)(link)
I really want to read the details of the proposal. I'm not in favour of ID cards, but there are some interesting real-world security problems they could solve if done right, so I'd love to know whether this proposal solves them without the down side.

[identity profile] moral-vacuum.livejournal.com 2005-06-06 08:26 am (UTC)(link)
Rather like the new road-pricing proposals, we are seeing the government in one of its periodic fevers of techno-joy. I do wish they'd stop it...

[identity profile] wendyg.livejournal.com 2005-06-07 04:11 am (UTC)(link)
*wendyg points to the last paragraph of http://www.theinquirer.net/?article=22122

Timing is everything. Many of the various public meetings PI has had over the years at the LSE on crypto first and then on ID cards have had mentions of ideas like these. I think the detail they've worked out came from Stephan Brand's thesis resarch originally.

wg
Flat | Top-Level Comments Only