In conversation with English and Welsh friends last week, the subject of Britain’s imminent National Identity Scheme came up. My friends, who are worldly and well-educated but not technical, voiced concerns about the amount of personal information that will be stored. Their understanding was that a lot of this information will be kept on the new ID card. In fact, the proposal says that only a subset will stored on the card, which will be backed by a cloud-based (and decentralized) National Identity Register. But either way, my friends’ concerns are of course valid. If governments or businesses aggregate too much personal information, accidents and abuses will occur.
At the same time, my friends do recognize the need for a strong and secure means of identification. So they’re not opposed to identity cards on principle, they just don’t want those cards to contain, or link to, extensive dossiers.
At this point, channeling Kim Cameron, I launched into an explanation of the laws of identity and the identity metasystem. Well, sort of. I didn’t say anything about cryptography, or digital certificates, or XML web services. But I did paint a picture of a world in which individuals interact with many identity providers and many relying parties, in which all actors trust one another in exactly the ways they already do today, and in which disclosure of personal information is minimal and context-dependent.
Halfway through I thought, well, this will never fly. This whole scheme is based on decentralization and indirection, and I know people don’t take naturally to those concepts.
But…they completely got it! Maybe that’s because the threat of a monolithic system leads people to appreciate the virtues of a decentralized one. Maybe it’s because ongoing experience with the Net makes people more comfortable with the principle of indirection. Maybe it’s both these factors and others as well. In any event, it was a hopeful moment. Identity geeks have struggled, for many years, not only to devise right systems, but also to motivate an understanding of what makes systems right, and why. Now that right systems are coming into existence, it’s good to see that (some) people are ready to appreciate and embrace them.
Hm, I’ve not seen or read anything about the UK’s Identity Scheme which suggests it’ll actually be decentralised. Citation needed.
The proposal linked from above, which is here:
http://www.ips.gov.uk/identity/downloads/national-identity-scheme-delivery-2008.pdf
Says:
“The NIR will not be a single, large database. The sets of information – biometric, biographical
and administrative – do not all need to be held in a single system. To help safeguard information and make best use of the strengths of existing systems, it makes sense to store them separately.”
But I should have been clearer. That is a minor bit of decentralization, not the full-blown version envisioned by the identity metasystem. Still, it’s nice to see.
The point, though, is that what I described to my friends was the full-blown version, and it really resonated with them.
I have also found that non-techies have a pretty good awareness of online privacy issues and instinctively go for decentralization as a comforting concept. Redirection is more challenging in my experience – it maybe how I explain it! But I have noticed lack of trust – interestingly – in encryption. People assume that everything can be hacked.
“But I have noticed lack of trust – interestingly – in encryption. People assume that everything can be hacked.”
Really good point. Phil Libin said in an interview once:
“The basics of asymmetric cryptography are fundamental concepts that any member of society who wants to understand how the world works, or could work, needs to understand.”
Which sounds crazy on the face of it. But he went on to say that we’ve all internalized the concept of monetary inflation, which is equally arcane and counter-intuitive, so maybe it’s possible.
“decentralization as a comforting concept”
now there’s something that resonates. ;)
It’s interesting that you took something positive from your conversation whereas your retelling just seems to highlight failings in the existing proposals (such as “disclosure of personal information is minimal and context-dependent”). At the moment, I just don’t see a real-world “right” identity system which I’d entrust with my data. The operators are just too far behind the technology.
Maybe you have to experience the world’s biggest breach in data security first-hand before these things are brought home in rather sharp focus ;)
“Maybe you have to experience the world’s biggest breach in data security first-hand”
What do you count as the biggest breach?
“It’s interesting that you took something positive from your conversation whereas your retelling just seems to highlight failings in the existing proposals (such as “disclosure of personal information is minimal and context-dependent”)”
The way I look at it lately is that we’ve had the necessary tools forever, but haven’t put things together in the right ways, mainly because there’s been no demand to do so, because the conceptual framework hasn’t been laid out in a way that makes sense to people and stimulates the demand.
It’s chicken-and-egg, of course, and a lot of people won’t get the concept of minimal disclosure until they experience it. But maybe some non-trivial number of folks will get the concept even before they’ve experienced it, and will help create the demand that will help move things forward more quickly.
> That is a minor bit of decentralization
You are absolutely right. The “decentralization” of the UK’s National Identity Register is simply the difference between a single monolithic database and two or three linked monolithic databases. It makes it harder for them to lose all the data, but there’s still an aggregated dossier on each citizen containing over 50 categories of information.
Here in the UK there is much distrust of the government’s handling of personal data after they lost the records of 25 million people (including bank details). Unfortunately the debate over the identity scheme tends to focus on the card, not on the databases behind it. When people learn about this, they are much less keen on the idea.
“Unfortunately the debate over the identity scheme tends to focus on the card, not on the databases behind it.”
I’m sure there are plenty of voices saying: Don’t do it at all.
Are there voices saying: Do it the right way? Are notions of aggressive decentralization and minimal disclosure part of the general discussion?
> Are there voices saying: Do it the right way?
There are, but the government is not keen to listen. The London School of Economics issued a report back in 2005 when the project was first mooted (the executive summary is here: http://identityproject.lse.ac.uk/identitysummary.pdf). This gave a detailed critique of the scheme, but also suggested alternative approaches. The government actually went out of its way to attack this report and continued on its way.
It appears that they are wedded to the idea of centralized databases because it makes life easy for bureaucrats. A Laws-Of-Identity-Compliant fully decentralised system seems like complete pie in the sky right now. So our only option seems to be to campaign to scrap the scheme and hope that a future government will think more deeply about these issues. That’s what I’m doing anyway…
I like this theme you are using… what is it?