The Department for Work & Pensions (DWP) has announced the first seven Identity Providers (IDPs) who will be eligible to provide consumer-facing services within the government’s new Identity Assurance Programme (IDAP). IDAP will be critical to the delivery of DWP’s flagship Universal Credit programme, so that individuals can engage with the Department online, by phone, and face-to-face, without the need to prove who they are every time they try to transact.
The selected IDPs include:
- Post Office
Many of these bidders will be acting as prime bidders into the framework, with sub-contractors providing specific components of their solutions, and it is possible that their IDP services might be delivered under partners’ brands to ensure that they are attractive and recognisable for consumers.
The selected IDPs have not been awarded guaranteed IDAP work: at this stage they are on the framework for IDAP services, and will now need to compete within forthcoming call-off competitions which will fix the price to be paid by DWP for their services (DWP anticipates paying selected IDPs a fixed fee per registered customer per annum). Those IDPs who are able to deliver within the call-off will then develop their solutions in preparation for a test phase in August 2013, and the first pilot project in October 2013.
The IDPs also face the significant challenge of collaborating to form a delivery Scheme, which will provide the necessary contractual framework to ensure self-regulation and interoperability, and enable external certification of IDP services against defined standards through tScheme. The Scheme will also provide a shared branding (in much the same way that Visa or Mastercard do for payment cards) so that consumers can easily recognise a certified IDP service.
The selected IDPs represent the first tranche of providers, acting as pathfinders for a wider identity assurance market. Their exclusivity to deliver IDP services on behalf of DWP will last for just eighteen months (although DWP’s contracts are expected to run for four years), after which time DWP is able to bring further IDPs into the framework, most likely under the aegis of the Scheme developed by the first IDPs.
It is also anticipated that HMRC will come to market for IDP services in 2013, and the Revenue hosted a public consultation with potential IDPs over the summer. Whilst HMRC has committed to work within the overall IDAP approach, it is likely that they will require services not defined within the DWP framework (e.g. business identity assurance), and potentially wish to use a different incentivisation model from DWP, and for that reason it is widely expected that a fresh competition to select further IDPs will be held early next year.
Over the coming weeks we will be reporting on aspects of IDAP delivery which have until now been undefined or subject to confidentiality agreements; if you have specific questions about the programme please post them in the comments section and we will focus upon them in future pieces.
(Declaration of Interest: I have been supporting Post Office’s ID Assurance work)
(Edited 13/11/12 to amend an incorrect statement about provision of services in different delivery channels).
The past week has seen a surge in media coverage of the government’s new Identity Assurance (IDA) programme, as the Department for Work & Pensions prepares to announce the first group of Identity Providers (IDPs) to be awarded services under their procurement framework. Those who know me will be aware that I played a minor role in trying to persuade the last government to change it’s plans for ID Cards, and that I became known as an opponent to that scheme; but for the past two years I’ve been engaged by the Post Office to support the shaping activities around the the development of the Identity Assurance programme.
So what persuaded me that IDA is a good idea?
The National Identity Scheme was possibly one of the most ill-conceived and illiberal public sector programmes that the UK has ever seen. The government legislated an architecture that would create a tens of thousands of endpoints, used by hundreds of thousands of users, all linked in to a central database that would provide a ‘deep truth’ on every person in the UK. Every interaction with the State would disappear into that melting pot, which would become a panopticon of our lives.
ID Card supporters promised that the scheme would defeat terrorism, stop illegal immigration, put an end to serious and organised crime and make our lives easier, but each of these objectives fell by the wayside as the project developed. They promised it would be hosted in a secure database but then had to fall back to distributing the data across three silos, none of which were designed for the purpose. They promised it would be secure, whilst simultaneously having to dismiss public servants by the dozen for misuse of existing data sources. They promised it would be accurate, yet needed to legislate compulsion that we would update our own records. They promised that carrying an ID Card would not be compulsory, whilst mandating registration and usage of that card.
Like many, the National Identity Scheme radicalised me. It provoked me into speaking out against the government, something which I had never considered before. As I worked with the likes of the London School of Economics, the Information Commissioner’s Office, and (oddly) the Identity & Passport Service, I believed I’d channelled my inner privacy advocate. But over time I came to realise that in fact my objections stemmed not from a civil liberties motive, but as a taxpayer: I was angry that the government was willing to pay something between £6bn and £17bn (depending upon who you believed) for a system designed to serve the needs of civil servants seeking a ‘deep truth’ about every individual in the UK, driven by a ‘gold standard of identity’. It was designed around their needs, not those of the public.
The scheme was lunacy. It had to be stopped. And then in 2010, with the new government, it was. ID Cards went out, and the National Identity Scheme was literally put in a shredder. The ‘Intellectual Pygmies,’ as a former home secretary nicknamed the privacy advocates, had won the battle, and danced their victory dance.
The intellectual pygmies do their dance. They’re not pygmies, intellectually or physically.
But nature abhors a vacuum, and without a clear strategy for population-scale ID, what would fill that space? The Coalition promised it wouldn’t be another National Identity Scheme. But politicians’ promises can’t, ahem, be treated as cast-iron guarantees. A vestigial tail of National Identity Cards still exists in the Foreign National Biometric Residence Permit, and some Opposition MPs still speak of their ambition to bring the scheme back from the dead. If those of us who care about privacy, and about how much tax we pay, wish to drive a stake through the heart of intrusive identity schemes, then we need to build something better to take its place. Something so good that nobody would throw it out. And that’s where Identity Assurance comes in.
Surprisingly, the genesis of IDA came from the same government that brought us ID Cards, when in 2008 HM Treasury published Sir James Crosby’s report on ID which recommended a federated, not centralised approach that flew in the face of the prevailing policies. Not surprisingly, the government hated it and did its level best to bury it, but it was the seed for the new IDA scheme.
The IDA approach builds upon tried and tested principles which are already being hammered out by the likes of the Open Identity Exchange, working with a collective of experts, potential providers and pressure groups from the UK and overseas. The IDA programme differs from its predecessors in many ways, in that public bodies can’t be Identity Providers (IDPs) – IDPs will be exclusively private sector.
Users can have as few or as many credentials, with as few or many IDPs, as they wish. They can change providers, use credentials for different directed means, and hopefully we will have an environment where any of the cards in their wallet, or their phone, could be usable as a high-assurance credential to interact with government. If they choose not to use IDA then they won’t have to – it will augment, rather than replace, existing means of engagement. That said, if IDA is successful then it would make sense for government to scale back other authentication mechanisms if the public choose IDA instead.
IDA gives us an authentication environment that is anonymous, pseudonymous, distributed, and not subject to centralised control. Government doesn’t get to track our interactions, our movements, our dealings with our IDPs. The design is a truly user-centric approach which embodies the Government Digital Service (GDS) mantra of “What is the user need?” by treating the users as the end customer, rather than the civil servants.
It’s also a risk-driven strategy that ditches the traditional ‘deep truth’ about each citizen; instead, relying parties must determine transactional risk, and hence what level of identity assurance they need for any transaction. Simple services such as a request for information about local authority benefits might be achieved using lower levels of assurance from social login (the much-speculated ‘Facebook’ ID), whereas payout of those benefits might require the higher levels of assurance provided by a face-to-face verification of the user and their proofs of identity. That’s a really big change for government, and I suspect that many public authorities will struggle to grasp the idea that they don’t need gold-plated identities and attributes to support low-risk interactions.
Under the IDA approach we, the users, are treated as the single source of truth about ourselves. We get to review and update our data. We store it where we want, with whom we choose, and can even delete it if we wish. We can become our own Data Controllers (and it is hoped that in the future the Data Protection Act might be amended to support just that scenario).
And GDS’ adoption of the fresh approach to privacy is more than skin-deep: rather than putting their hands over their ears and saying ‘la la la’ whenever the word ‘privacy’ is mentioned (as some other government departments were accustomed to doing), GDS created the snappily-named Identity Assurance Programme Privacy and Consumer Advisory Group, which comprises a range of privacy advocates and technology experts who have developed the principles which will dictate the privacy approach for IDA. GDS are also working to ensure that the approach aligns with Kim Cameron’s Laws of Identity.
So where does the IDA journey take us? The logical endpoint is an environment in which minimal disclosure proof of attributes is the norm; that is, that we are able to prove something about ourselves without revealing any other information (Dave Birch uses the great analogy of ‘Psychic ID‘). Relying parties get to see nothing more than information that is essential to validate our entitlement for the service we request. If – and I know that’s a BIG if – we can hold true to the system principles and deliver pervasive identity assurance, we could create an environment where it is normal to assert attributes without even identifying ourselves.
There’s no promise this will work. Sure, the technology is tried and tested, but the commercial and policy challenges are huge, and there is still much to be done – hammering out the contracts, legislation changes and cross-government policies is a job that has only just begun. But in an environment where we lack any trusted population-scale online authentication mechanism, IDA is better than all the other options, and I’d rather we run the risk of failure because our ambitions are too lofty, than because they are too low. If IDA can deliver on its promises, then we might just create an environment where the prevailing identity mechanism protects – rather than degrades – our privacy.
And that’s why I support IDA.
(This article is based upon a flash talk I gave at the RSA Conference Europe 2012).
(Declaration of Interest: I have been supporting the Post Office’s work on IDA).
It’s October, the time of year when another intake of students are released from school into the adult world of university, and fill the pubs and clubs of university towns. These establishments are legally bound to verify that their customers are old enough to enter, and risk losing their license for failure to do so. Under ‘Challenge 25‘ guidelines (in Scotland these are legal requirements), licensees are expected to verify the age of any customer who appears to be 25 years old or younger. In practice, Home Office guidelines mean that to date the only ‘acceptable’ proofs of age young people have been either a passport, a driving licence, or a PASS card.
However, passports and driving licences are far from ideal; from the licensee’s perspective, their staff have to confirm that the photo matches the bearer, and that the date of birth is old enough, and this often has to happen in a noisy, poorly-lit environment. The PASS card removes the need to confirm the date of birth, but has long been subject to criticism that it is vulnerable to forgery (although PASS assert that no fakes have been found), is not accepted everywhere, and certainly suffers from potential transferability between holders, particularly if licensees fail to check the details properly.
From the young person’s perspective, passports and driving licences can be a real problem. Many young people don’t drive or have a passport, but end up having buy one just to be able to go out with their friends. Passports and driving licences are easily lost or damaged, resulting in a risk of identity-related fraud, potential safety concerns, and a nasty bill to obtain a replacement (a new passport costs £72.50). Young women can be particularly vulnerable if they have to carry and offer proof of ID that includes their name and home address, and in discussion with the NUS in Northern Ireland a few years ago I heard anecdotal stories of students being attacked after unwittingly offering up proof of ID that identified them as living in a predominantly Protestant/Catholic area.
This is a societal problem whose current solutions fail to properly address the needs of any of the stakeholders. Indeed, ACPO advises against carrying valuable ID such as passports for alcohol-related purchases. Yet the Home Office now acknowledges that the problem of fake ID is in fact dwarfed by genuine ID being passed down, or sold on when expired, which ends up as a valuable commodity doing the rounds amongst the underage.
It’s therefore been fascinating to be part of a new initiative that seeks to address proof of age using a Privacy by Design approach to biometric technologies. Touch2id is an anonymous proof of age system that uses fingerprint biometrics and NFC to allow young people to prove that they are 18 years or over at licensed premises (e.g. bars, clubs).
The principle is simple: a young person brings their proof of age document (Home Office rules stipulate this must be a passport or driving licence) to a participating Post Office branch. The Post Office staff member checks document using a scanner, and confirms that the young person is the bearer. They then capture a fingerprint from the customer, which is converted into a hash and used to encrypt the customer’s date of birth on a small NFC sticker, which can be affixed to the back of a phone or wallet. No personal record of the customer’s details, document or fingerprint is retained either on the touch2id enrolment system or in the NFC sticker – the service is completely anonymous.
At the licensed establishment, the staff member has a handheld reader which comprises a fingerprint scanner, NFC reader and red/green indicator lights. The customer presents their sticker and places their finger on the reader; the scanner generates a hash from the fingerprint, uses it to unlock the date of birth, and then provides a red/green light to the operator to indicate success or failure. Again, no record of the transaction is retained (beyond statistical data so that the licensee can prove how many checks were done and at what times), and in the event of a failure the operator is not told the reason. Privacy is preserved at all stages of the process.
Touch2id is working with the licensing authorities in Bath and Trowbridge to roll out the service (the launch needs to be regional to ensure that a critical mass of stickers and readers exist in a given area). I was invited down to the Bath University Fresher’s Fair to help to promote the service to the new intake, and to get a first-hand feel for their reactions to biometric ID. Clearly the audience was subjective – we only got to speak with students who were interested in the service – but the response was overwhelmingly positive. In approximate order of popularity, their reactions were:
- “Oh wow, a free USB memory card, how big is it?” (these are students we’re talking about, so always quick to spot a freebie);
- “Does that mean I don’t need to carry my passport around?” (correct!);
- “Can I use it in all the pubs in town?” (not all of them yet, but nearly all);
- “Where can I get it?” (participating local Post Offices);
- “Can I use it in the campus library?” (no, but not through any limitation of the technology);
- “Do you get to store my fingerprints?” (no);
- “What happens if I lose it?” (if you get a spare sticker then you’ll have a backup, otherwise you have to re-enrol from scratch);
- “What happens if someone steals my sticker?” (some of these students were very hung over so it took a few seconds for the coin to drop that the biometric credential is non-transferrable).
What we didn’t hear – and this surprised me – was any adverse reaction. A few students were initially sceptical, but after asking a few of the above questions, they were quickly won over. I had anticipated vocal objections to the very concept of a fingerprint proof of attributes scheme, but that simply didn’t happen. This might be because some have become accustomed to fingerprints in schools, but I suspect it is much more likely that they see clear value in the proposition, without any risk for themselves – unlike other ID schemes touch2id is built around user needs rather than an underlying desire to amass data.
We were fortunate enough to have coverage from a regional ITV News team, who also interviewed Don Foster MP – he’s been very supportive of the programme. You can see their footage here.
What next for touch2id? The team is hoping to expand the West of England coverage, and kick off another region elsewhere in the UK. I’m hoping we’ll see the same minimal-disclosure proof of attributes ideas brought into play in other ID arenas – including the government’s new Identity Assurance programme – but more on that shortly…
Declaration of interest: One of my duties for Post Office Ltd is to provide support for the roll out of touch2id.
The government has done something very clever, and people seem not to have noticed. With very little fanfare, it was announced last week that all government departments will share a common logo, that of the Crown, with minimal rights to vary colours and fonts. No more huge rebranding exercises, no more bizarre departmental logos, perhaps even an end to the merry-go-round of renaming exercises that the last administration so enjoyed (I imagine that the
DTI BERR BIS will be very pleased to hear that).
This change was apparently driven by Martha Lane-Fox’s report, and it achieves much more than just saving money on branding consultants (although that’s a worthy aim in itself); it creates an environment in which some of the alleged inter-departmental warfare famously lampooned in numerous political satires is potentially defused, since those departments are less characterised by their branding; it creates a common bond through a shared identity; and most importantly, it is an important step towards proper consumer-centricity in service delivery. After all, do individuals care from which public authority a particular service originates? No. Do they wish to deal with multiple departments to obtain those services? No. Do they have any choice in which authority provides those services? No. So why bother wasting money on promoting the brands of particular departments?
The move aligns nicely with GDS’ plans to deliver a single website for government. What would be welcome now would be a similar edict applied to regional authorities, so that we no longer waste money on branding individual NHS or police authorities, or local government bodies.
The dust has temporarily settled a little on the Home Office’s announcement of the Communications Capabilities Development Programme (CCDP), and doubtless some Ministers are now licking their wounds whilst others sharpen weapons in preparation for the fight that lies ahead when the legislation appears before Parliament. That the Coalition could countenance such an illiberal and disproportionate dismantling of privacy rights came as a shock; that they almost immediately fell into the same traps as the last government whilst they tried to justify their arguments was risible.
So what’s all the fuss about? CCDP is the logical successor to the last government’s abandoned Interception Modernisation Programme, which was intended to create a central database of all telephone and Internet communications traffic. In its new guise, the plan will force Communications Service Providers (CSPs) to maintain their own databases of communications metadata: storing details of all communications over their networks, but not the actual content of the communications. Government bodies will have access to communications metadata under statutory powers, but will not be able to access the actual contents of the communications without first obtaining a warrant to do so. The excellent ORG wiki has a wealth of information about CCDP.
The Coalition has been at pains to play down the significance of the strategy, which is championed by the Home Office, and has been lurking around for some months now, but was thrust into the spotlight by articles in the Telegraph and the Sunday Times. Prime Minister David Cameron assured Parliament that “we have made good progress on rolling back state intrusion in terms of getting rid of ID cards and in terms of the right to enter a person’s home. We are not considering a central Government database to store all communications information, and we shall be working with the Information Commissioner’s Office on anything we do in that area.” The Prime Minister’s reassurance should make everything OK. After all, the government’s only asking for communications metadata, and doesn’t want to store it centrally; and the ICO will ensure that things happen by the book. Isn’t that a reasonable and proportionate requirement in the Internet age? Absolutely not.
Let’s debunk the facile arguments about centralisation and oversight. The government does not want, nor need, a central communications database in order to monitor our lives, and in fact that would make the job harder: rather than wanting one giant haystack in which to find a particular needle, the Home Office plans to create many smaller, more manageable haystacks, the costs of which can be forced upon the CSPs, together with associated delivery challenges, so that there’s a much smaller risk of the implementation failing. In the federated world, there’s no point in having a centralised database, when multiple sources can be accessed as easily (or even more easily) than once central one. As for oversight, that’s a hollow reassurance given the ICO’s impotence at dealing with the most basic threats to privacy and liberties caused by central government departments and major corporations. The Commissioner doesn’t have a fraction of the resources required to apply even a veneer of control over public servants’ use of CCDP data, and any claim of governance from his office is clearly meaningless.
But the most worrying aspect of CCDP is the mandatory interception of communications metadata. That metadata can provide a richer and deeper insight into an individual’s life than any amount of communications content. Simply by analysing the times, sources and destinations, geographic locations, devices and contexts of an individual’s communications – as well as taking into account things that they don’t do – a wealth of information can be obtained. At a glance, a public servant who has not had to obtain a warrant or apply to a court, will be able to find out where you live and work, with whom you correspond, what your financial, health, sexual, religious, political or professional interests might be, your day to day movements, and from these, your likely intentions.
Consider Google’s interest in your online activity: the search giant is actively trying to drop personal data about users because it doesn’t need it; what Google is after is not to know who you are, but what you are about to do. If it can accurately predict that, then it can intercept your plans and try to modify them with paid-for advertising. That’s how Google makes money. Social networks are very similar. LinkedIn, for example, will allow you to post and browse to your heart’s content for free, because it’s exploiting that behaviour on behalf of paying advertisers. If you want to see who’s looking at your profile then you have to pay hard cash to do so. So the real value in online activity is not in the content, but in the communications metadata, and that’s what the Home Office is now seeking: they don’t want to mine what you know, they want to mine who you know. Without recourse to the courts, or meaningful oversight mechanisms. Without any form of opt-out mechanism or user transparency.
Fortunately, there are storm clouds are gathering over CCDP. Sir Tim Berners-Lee has spoken out about the scheme, saying that “The idea that we should routinely record information about people is obviously very dangerous…” Civil liberties groups will be meeting at the London School of Economics on Thursday 19th April to discuss how best to fight the plans, in a revival of the ‘Scrambling for Safety‘ events which were last held in the fight against the National Identity Scheme. The likes of NO2ID and 38 Degrees are pushing politicians to drop the draft legislation before it even reaches Parliament. But if this idea is to be stopped in its tracks, it will require the sort of popular protest that killed ID Cards and must now be brought to bear on CCDP. As the greatest living Englishman says in his Guardian interview:
”The amount of control you have over somebody if you can monitor internet activity is amazing… You get to know every detail, you get to know, in a way, more intimate details about their life than any person that they talk to because often people will confide in the internet as they find their way through medical websites … or as an adolescent finds their way through a website about homosexuality, wondering what they are and whether they should talk to people about it.”
When the Coalition came to power, there was a clear manifesto promise to “roll back the surveillance state,” including abandoning the much-hated National Identity Scheme and Contactpoint database, and applying much tighter controls to interception of private communications.
Building identity management systems is a doddle, it really is. All you’ve got to do is to knock up a web interface with a database behind it, offer a store for trusted attribute data, tie the lot to a federation standard like OpenID, market to the target user base and wait for the money to come flowing in. Simples.
Oh hang on, that’s wrong, I think I may have dreamed that last bit – building identity management systems is very difficult indeed. The problem is there are are still a lot of dreamers out there, and in consequence we see some good, some bad and some downright ugly identity management systems out on the interwebs. I was reminded of this as I examined a service recently – let’s call them Yaoids (Yet Another Online ID Service). Like many similar offerings, Yaiods claims to be able to protect every aspect of my modern lifestyle by helping me to prove who I am online (we’ll overlook the fact that I rarely feel the need to prove who I am, I already know who I am; what I want to know is who the hell I’m talking to online, and to have assurance that they’re not going to talk to anyone else purporting to be me. Top tip for the sales people there).
Like any similar identity service, Yaoids has to overcome a number of challenges, including registering users in a trusted way so that the market can be confident that Yaoids’ users are who they claim to be; and maintaining that trust level so that when things go wrong (which sooner or later they always do) then the users don’t ditch the service.
These challenges are potentially huge for any provider, and in the majority of cases prove insurmountable. PayPal is an example of a company that has tackled them very well indeed: whilst it has a number of registration mechanisms, for the majority of users, they need to already be in possession of a credit card to obtain service, and PayPal runs a couple of small transactions, with refunds, to confirm the details, and hence that there must be an issuer’s KYC check. PayPal has made it easy for service providers to integrate the platform, particularly through its X sandbox environment. Genius.
Yaoids, on the other hand, has attempted to achieve the same outcomes through slightly different means. The service also rides on the back of another company’s registration efforts (which isn’t a bad thing), but in this case it’s an online bank account: the customer provides their e-banking details, and Yaoids uses a third-party service to log in on their behalf to check the account is real, and that therefore someone must have conducted a KYC check on the user.
Have you spotted the problem yet? If not, then I’d like to introduce you to a mate of mine in Lagos who’d appreciate your help in transferring some funds from the estate of a deceased dictator out of the country, because I think you two would hit it off just fine.
Because PayPal uses a credit card transaction to build and maintain trust, the customer is assured that if anything goes wrong they are protected by consumer credit legislation, which generally falls in favour of the customer. If their PayPal account is hacked or phished, then the liability for the loss is transferred onto the card issuer. Of course the credit card companies don’t like that, but because PayPal has been so effective at encouraging adoption, they’ve got little choice but to play along.
But Yaoids has instead left the customer at the mercy of banking regulations, and that’s a very different liability story. If you’ve signed up for Yaoids’ service, and my mate in Lagos has somehow emptied your bank account (oops, given the game away there) by some or other unrelated means, then regardless of whether or not the Yaoids service was compromised, you’re going to have a very difficult conversation with the bank:
“Hello, this is the Grabbit & Run Online Banking fraud department, how may I help you?”
“My online service has been used to transfer all the funds from my account to Toby’s mate in Lagos, I’d like it back please.”
“Oh we’re so sorry to hear that. Have you shared your online credentials with anyone?”
“No, of course not. Oh, except with Yaoids, who passed it on to their registration subcontractor, but they’re all lovely trustworthy people.”
“That’s as maybe sir, but Grabbit & Run’s online banking policies make it clear that we will not repay funds to customers who have handed their online banking credentials to a third party. Sorry sir but we cannot pay you back. Have a nice day. You muppet.” <click> <beeeeeeeeep>
And there you go. Out of pocket, out of luck, and left with little choice but to resort to being patronised by the Watchdog team as they interview you about how hard done by you are, blaming Yaoids because that must have been the source of the loss, whether or not Yaoids did anything wrong at all. Yaoids customers then turn and flee, revenues dry up and the service closes.
What Yaoids have created here is a sinkhole for transaction liability: they’ve sidestepped the very necessary and often expensive step of building a trusted customer relationship, and there is now a mountain of commercial liability being swallowed into a sinkhole, and sooner or later that toxic liability will come pouring out in an unexpected place, destroying customer confidence and taking Yaoids – and its customers – with it.
This sort of problem isn’t confined to Yaoids: most KYC checks want a passport as the document of choice, and there’s nothing in the front cover which says:
“Her Britannic Majesty’s Secretary of State requests and requires in the Name of Her Majesty all those whom it may concern to allow the bearer to pass freely without let or hindrance and to afford the bearer such assistance and protection as may be necessary … oh, and she’ll see you right if this passport turns out to be dodgy.”
It’s only society’s conventions and habits which render the passport a trusted document for proof of ID outside of border control use cases. The doomed National Identity Scheme expected businesses to rely on ID Cards as their credential of choice, yet made it clear that no liability would be accepted for fraud or error, and that was a key factor in the total disinterest of UK.plc in that scheme (with the exception of those major IT providers who stood to profit).
It’s this registration and liability conundrum that the Cross-Government Identity Assurance Scheme is intended to address at the root of its proposition, and at the moment there’s every indication that it might just work. By federating existing trust relationships under trust schemes, the identity assurance approach should allow users to reuse their existing credentials – such as online banking – without liability issues, because there is no inappropriate third party, such as an independent commercial identity provider, involved in the relationship. There is no requirement to reveal banking passwords because the bank becomes the identity provider.
But until that happens, take care that when you sign up for an online ID service, it’s not trying to hide your liability in a sinkhole somewhere – otherwise the Lads from Lagos will be in touch sooner than you might expect.
Jerry Fishenden, Chair of the Cabinet Office Identity Assurance Programme Privacy and Consumer Group, has blogged the draft principles for the new identity assurance scheme, with a view to obtaining public feedback on those principles. I’m involved with the Group, and would urge anyone with an interest in this area to comment on his blog so that we can obtain the broadest feedback in order to deliver this important piece of work.