Wednesday, April 19, 2006

The need for a debate on ID cards

Lilian Edwards, risking the wrath of ID cards activists, says she's neither particularly in favour nor against them. She reckons the no campaigners have two broad objections. The first practical e.g that the technology doesn't work and is costly. Secondly questions of principle. On the objections on the grounds of practicality she says:

"To me these are issues of detail - of technology and management; which are difficult to critique in a non paranoid way right now as we know so little about the design of the underlying database or its costing. The time to argue these points is when we know how the database is to be designed, what the permissions for access to data will be and what the rules for event illegal immigration we need this legislation."

We know the scheme is based on the notion that these multiple complex problems can be partly addressed through mass surveillance, coordinated through a large central ID database. We also know that this superficially attractive notion is flawed, not just in the details but in the generic architecture of such a scheme. The base rate fallacy says you can't find a needle in a haystack by throwing more hay on the stack.

One of the fundamental problems is that the government started with a 'big' idea (big, expensive, hi-tech, and affects everyone) in response to the attacks of 11th September - build an ID card system - and have been looking for reasons to prove it might be a good idea ever since. (The latest is catching people who avoid speed camera fines). Spending a fortune building an information system with a series of ill-defined, ever changing multiple purposes and working out the details as you go along is a good way to ensure that the system will fail. Here's the solution. Now what was the problem again?

On the principled arguments against ID cards she reckons we've got "a system as good as we can devise of laws and practices for dealing with consent to the collection of, and subsequent protection of, personal data. It's called data protection law." Though she accepts the practice of data protection law is less than ideal i.e you can drive a coach and horses through the loopholes and enforcement is vastly under resourced, she'd like a debate on the real issues surrounding ID cards:

"But most of all I'd like to see a debate on ID cards that isn't focused around "it'll never work" or "it'll cost too much" or "they can't make me do this" or "we all know it's a bunch of lies". That isn't a debate. That's a lynching. I'd like to see a debate that focuses round the real issues"

Actually, the folks at the LSE and 60 associated academic experts around the world have already done a terrific job of identifying the real issues with the proposed UK ID card system. William Heath, Kim Cameron, Stefan Brands and others have clearly explained the principles and advantages of, as well as the difficulties in building a suitably designed distributed identity network architecture, (which unfortunately is nothing like the system being proposed in the UK. And remember, the LSE folks began their research by outlining support for the idea of an ID card scheme in principle.)

Unfortunately the response from the government to the LSE and thoughtful critics of the scheme has been angry soundbites. Anger begets anger and no campaigners respond in kind, partly out of anger and partly because that is the level which gains media attention. Incidently if there has been any lynching being done it's been the government's appalling personal attacks on Simon Davies, one of the coordinators of the LSE report.

Regarding the substantive point about the need for an informed debate, I'm all for that starting with question one of the Schneier 5-step security analysis:

What problem are you trying to solve or what is the purpose of the system?
Ans.: Multiple, dynamic, mostly complex (though the speed camera one is not that complex), ill-defined purposes.

Ok. Well, there is no point arguing about devils in details if we haven't got a clear system purpose.

On Lilian's specific questions for debate e.g.

"How, if at all, do we want to balance our privacy rights and the positive uses that can be made of a linked database, for both citizens and consumers? What are the safeguards that need to be built in, which once specified we can then pass to the database builders? And most of all what kind of privacy do most people really want - not the activists, not the No2ID card people, not the constitutional law academics, but everyone?"

I'd rephrase the first slightly to avoid the privacy v security/benefit dichotomy implicit in the question and say "How can a network with a suitably designed (along the lines of Cameron's 7 laws of identity) identity architecture benefit us?" Technophiles like yours truly will say there are multiple ways such an architecture could improve our engagement with government and commerce. There are also multiple ways in which a poor system could damage the relationship. On her final question of what kind of privacy people really want, its fairly clear that although most of us say we are concerned about privacy, our actions often demonstrate otherwise. If more of us really became aware of the implications of divulging the mass of personal data we make available to the world, we might change our behaviour of course.

Update: Apologies for the typos on Lilian's name which I've now amended.

No comments: