Tuesday, May 03, 2005

fyi LSE report on the British ID Card Initiative


Pointer to blogpost:

Kobielus kommentary:
A good report, assessing the proposed UK Identity Cards Bill on many levels.

What I liked most about the report is the thoroughgoing dissection of the complete identity metasystem (to borrow a phrase from Cameron) that the bill, if enacted, would establish in the UK. The bill calls for an identity metasystem with the following components:

• National identification register
• National identity registration number
• Collection of a range of biometrics such as fingerprints
• National identity card
• Provision for administrative convergence in the private and public sectors
• Establishment of legal obligations to disclose personal data
• Cross-notification requirements
• Creation of new crimes and penalties to enforce compliance with the legislation

The report’s assessment of the proposed identity metasystem is balanced—indeed, too balanced, in the sense that its main assessment is a bit too wishy-washy, attempting to appeal to both camps with studiously non-committal committee language: “the establishment of a secure national identity system has the potential to create significant, though limited, benefits for society.” “Significant, though limited”? Yeesh, come now, what are the potential benefits: significant or insignificant? Make up your collective minds.

Contrary to what Cameron implies in his post, privacy issues are only one set of objections that the committee articulates. More broadly, the committee states that “the proposals are too complex, technically unsafe, overly prescriptive, and lack a foundation of public trust and confidence.” Indeed, the most significant arguments against the bill are that it wouldn’t achieve the chief public interest objectives that its proponents cite:

“Many of the public interest objectives of the Bill would be more effectively achieved by other means. For example, preventing identity theft may be better addressed by giving individuals greater control over the disclosure of their own personal information, while prevention of terrorism may be more effectively managed through strengthened border patrols and increased presence at borders, or allocating adequate resources for conventional police intelligence work.”

One weakness in the report is it doesn’t define a workable alternative to the bill that would address the objectives of the bill re national security, counter-terrorism, identity and benefit fraud, crime prevention, immigration controls, etc. However, on page 74 they cite the French government’s call for “decentralized storage of data” and “distributed identifiers” to address the privacy concerns:

“Instead, the French Government calls for the creation of an ‘identity federator’: ‘the most successful solution consists of creating an identity federator, enabling the user to use the single identifier to access each of the services of his or her choice without either the government databases or the identity federator itself being able to make the link between the different identifiers.”

Is this proposal related to the Liberty Alliance use of opaque pseudonyms for identity/account linking across circles of trust? Sounds interesting. I wish the UK report had gone into greater detail on this and other federated approaches for privacy protection with a secure distributed identity metasystem. I wonder how the UK bill could be rewritten to address these concerns:

• No single national identification register—rather, one or more citizen-chosen decentralized identification registers (public and/or private, managing all user identity attributes or specific sets of attributes) per citizen, with the registers federated to each other and linking citizens’ various decentralized accounts through exchange of opaque pseudonyms, hence preventing third-party surveillance and aggregation of identity data across distributed environments
• No single national identity registration number—rather, citizen-chosen identifiers that are unique to their chosen or designated identification register or registers
• No collection of specific mandatory biometrics such as fingerprints—rather, collection of citizen-chosen biometrics that are stored and managed by their chosen register
• No national identity card—rather, issuance of register-specific portable identity credentials on hardware tokens (smartcards, USBs, wallet cards, etc.) that protect citizen-chosen privacy-sensitive data from release and keep track of what third-party has requested and been provided access to which token-managed data and when for what reasons
• No provision for administrative convergence in the private and public sectors—rather, private and public sector organizations can choose to rely or not rely on various identification registers for various data associated with various users for various applications
• No establishment of legal obligations to disclose personal data—rather, establishment of legal obligations of implementation of controls to protect personal identity data from unauthorized acquisition, disclosure, and use
• No cross-notification requirements—full stop
• Creation of new crimes and penalties to enforce compliance with the privacy-protection sections of the legislation

Or something along those lines.