Back to the future of the ID card
By Dave Birch posted May 18 2010 at 12:53 PM
[Dave Birch] Well, it's bye bye to the ID card. In the end, I shouldn't think that my constant whining about the scheme made a ha'pence of difference and my time on the IPS Advisory Forum was probably wasted. I did make representations (invited, I hasten to add) to a couple of Conservative think-tanks in the run-up to the election, having previously made a number of representations (invited, I hasten to add) to the Government and its advisors. What I said was, in essence, that the Tory plan to scrap the ID card was almost as bad as the Labour plan to keep it. Neither the existing scheme nor the Coalition scheme (ie, nothing) actually solve any of the problems that the lack of an identity infrastructure creates and I absolutely predict that the lack of such an infrastructure will in turn create a major barrier to improving efficiency in public services: it's going to be really difficult to move government services online, introduce more self-service and reduce fraud without some form of identification and authentication system.
It's fair to observe that there a many people (eg, the LSE team who did the original detailed review on the Home Office's ideas) are enjoying their "told you so" moment. The old scheme, created by the Home Office and their development partners PA Consulting back in 2004, was never going to work. It was flawed from the start, and as a showcase for the British technology industry, it was an embarassment: it provided none of the services that the identity cards systems in advanced nations (eg, Germany, Hong Kong, Estonia) provide and there was never any evidence that it would do so. There were no specifications, no toolkits, no APIs. I should say that I don't blame the people working on the project over at IPS, many of whom I have great respect for: the project was doomed before they started work.
There has been no single narrative explaining what deficiency the card is supposed to address: instead, it has been sold as a cure-all remedy for a host of problems. One minute it was touted as tackling illegal immigration or benefit fraud; the next it was the magic bullet for terrorism and organised crime.
[From FT.com / World - MPs deride £5.4bn cure-all]
Indeed, and the card that was built was not only pointless but functionless, implementing nothing more than the existing e-passport application. It wasn't as if they didn't have the money to scour the planet for the best advice.
In 1997/98, the Home Office's total spending on consultants was £7.6m. By last year, it had rocketed to £147.9m. Spending by the Identity and Passport Service - the arm of the department in charge of the ID cards project - has gone up in the same period from £237,000 to £30m.
[From High price of launching ID cards as consultants cost us £150m | the Daily Mail]
I can well remember taking part in the "consultation process" at the time. I can also well remember feeling rather angry about it: no-one paid any attention (as far I could tell) to any ideas or opinions about the scheme or the vision for identity management, only about the procurement process. In particular, just as the Home Office never paid any attention to our submissions about the original entitlement card concept (more on this in a minute), they never paid any attention to any modern conceptions of identity and set about building an electronic version of the scheme was abandoned in 1952. An electronic version of a paper card and an electronic version of a card index. There was always an alternative...
Many people do think eID could and should be implemented without full identification, i.e. more granular disclosure with pseudonymity - see e.g. Dave Birch's brilliant and very readable paper "Psychic ID: A blueprint for a modern national identity scheme" (PDF).
[From Tech and Law]
WH is much too kind, but there you go. Anyway, we are where we are, in an identity limbo. Where do we go from here? It's traditional for incoming administrations to want short and simple instant fixes, so here's a practical three point plan...
Turn the "Identity and Passport Service" back into the "Passport Service" and rebrand the current ID card as "Passport Plus", an optional extra for people who are applying for or renewing passports.
Start an accelerated consultation process for an Entitlement "Card" that will be mandatory within the lifetime of this Parliament for access to public services.
Publish an API for using the service and provide open source software for people to start building services.
I say "Card", of course, because any such plan would distinguish between the identity application that might reside in a smart card, phone, watch, hat, badge or implantable microchip and the smart card, phone, watch, hat, badge or implantable microchip itself. So, my Entitlement Card might have an identity application on it and my mobile phone (SIM) might have an identity application in it and they both have public key certificates with the same link to my entitlement number (or whatever) in it. I'll have to turf out our original response to the entitlement card consultation process and tart it up.
The toolkit of technologies needed to do this -- everything from digital signatures to biometrics to NFC to OpenID -- is already in place. By going back to the original version of the government's pre-Blunkett plan, the government and the industry together can create a more targeted project that can actually contribute to UK plc. I have to say, as an aside, that Consult Hyperion's experiences advising the Irish government on their Public Services Card project has reinforced to me that focusing on a clear, simple and specific goal makes a very, very big difference to national infrastructure efforts of this kind.
banking and finance, government, ID cards, identity, management
I'd prefer the government to commit to psychic ID, naturally, but as that's unlikely to happen we need to build something else workable. If we want to have an identity system for more general use throughout business, as distinct from a public services card which would have the sole aim of efficiency in public service delivery, it's not necessary for the government to provide it. In Scandinavia, they've gone down a different route, of having the banks provide the identity system and having other companies and government departments use it. Norway is an interesting case study.
Internet usage in Norway amongst citizens over 15 years old, according to FNO’s estimates: In 2000, 48% of citizens have internet access, and 17% use internet banking; By 2006, 79% have internet access, 68% are online banking and 26% are shopping regularly, defined as those who make more than five online purchases per annum; and today 89% of Norwegians have internet access, 79% are online banking and 47% are shopping online regularly. FNO put the doubling from 2006 to 2010 down to the success of BankID.
BankID is used about 800,000 times per day on average. This is known because each time a secure internet transaction is requested, the BankID downloads a Java identity to the user. In fact, they know more than this, as 60% of their 2.5 million users (2.2 million certificates, with a further 300,000 issued to users who have more than one banks account) use BankID for online banking, but 40% use it outside banking across 155 merchant websites representing about 5% of transactions. A third of the transactions are digital signatures by the way, rather than securing payments transactions.
BankID has moved beyond the internet as Norway’s largest mobile carrier, Telenor, funded the move of BankID onto mobile SIM chips in 2009. There are now over 9,500 mobile BankID certificates issued and many more expected.
Surely British banks are as clever as Norwegian banks and British telcos are as clever as Norwegian telcos, so why don't we go down the same road. I've already got a Barclays PINSentry at home and would be more than happy to use that it log in to everything from eBay to EDF.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Why this Blog ? News articles in the Wide World of Web, quite often disappear with time, when they are relocated as archives with a different url. Archives in this blog serve as a library for those who are interested in doing Research on Aadhaar Related Topics. Articles are published with details of original publication date and the url.
In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.
Aadhaar
The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018
When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy
First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi
In matters of conscience, the law of the majority has no place.Mahatma Gandhi
“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi
“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.
Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.
Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha
“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh
But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP
“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.
August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution
"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden
In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.
Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.
Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.
UIDAI's security seems to be founded on four time tested pillars of security idiocy
1) Denial
2) Issue fiats and point finger
3) Shoot messenger
4) Bury head in sand.
God Save India
