Nov 9 2005, transformational government and identity

It's been pointed out to me that there's a certain irony arising from my blog entry of Oct 31 2005 (learning from others):

... we need to ensure that [identity information] is maintained in relevant domains that limit the potential impact of any compromise. Moving to a system that no longer restricts identity thieves to a single aspect of our identity gives rise to serious concerns about the scale of the problem that could result. It would be in the UK as if we suddenly decided to hinge all of our identity relationships with Government off of a single number - National Insurance Number (NINO) for instance - rather than ensuring we keep different identity relationships separate. For example, we would not want access to our medical records or other sensitive information to be accessed using the same identifier that provides us with a service to report a faulty street lamp to a local council. Identifiers should be appropriate to their context and for the purpose for which they are being used.

Using a single identifier, such as NINO, also opens up other potential vulnerabilities - since such a common identifier used indiscriminately across all services would enable the likes of service providers to build up a profile of individuals across all their activities. Social engineering (such as the bribing of insiders) and the professional (and incredibly well-funded) criminal hackers would be able to digitally hijack citizens' identities for access to government services - and hence potentially to cause significant identity theft on a scale not seen before.

Given that the new Transformational Government document states the following:

[government identity management solutions] will converge towards biometric identity cards and the National Identity Register. This approach will also consider the practical and legal issues of making wider use of the national insurance number to index citizen records as a transition path towards an identity card.

I'm not comfortable with what on face value appears to be an equation that says joined-up government requires a single, widely known indexation key. We know this is not the case: the UK Government Gateway, which came out of recommendations from PA Consulting, enables a single online credential to be used across all government services - without requiring a single public domain omni-directional identifier. It preserves the existing identity domains that exist in government. The USA has been trying hard to escape from the folly of the widespread use of the Social Security Number (SSN) for completely inappropriate purposes, including its use as a student ID number - inappropriate uses that have caused countless identity thefts and abuse of public services.

I'll reiterate something else from learning from others:

The adoption of a single electronic identifier removes the traditional segmentation that normally provides a bulwark against unlimited compromise of our identity. Perhaps an analogy would paint a clearer picture here. Imagine a ship or submarine that has been carefully designed with a series of water-tight compartments. In the event that part of the vessel is holed and lets in water, that area can be sealed and the damage carefully contained to that one section of the vessel. Without such segmentation, the entire vessel would flood and sink.

This is not to deny that there should be an informed debate about whether some of the existing government identity and information domains need to be correlated more effectively (the most obvious being benefits and taxes) - I wrote on Oct 7 2005 (public sector IT projects and the “blame game”):

Look ahead for example at the type of flexibility we will require in the administration of public sector services in the future. We know that the current idea of a fixed retirement age and associated pensions regime is under enormous pressure. It seems likely that the model will change to one where retirement will happen as a gradual process and over a longer time period than at present. Those of my own generation may well find themselves only semi-retiring at first, maybe drawing part-pensions but still also partly working. The demands this will place on our currently functionally silod systems of taxation, benefits and pensions will be immense if we do not both reform the business processes and the IT systems to support the flexibility that is likely to be required.

Such changes do require us to examine the ways in which information (and identity domains) are structured. But we ignore or break principles that contribute to successful identity systems at our peril. There also seems to be a certain irony in that PA Consulting, who came up with this model that ensures collaboration and joining-up across government services can take place without breaching security domains, now appear to be the main consultancy  working on the UK ID Card programme.

I'm not clear why their thinking about identity appears to have changed so dramatically over the past few years - and in a way that seems (from information available in the public domain) to be a retrograde step.