My son is two weeks old now. I think he deserves and needs some privacy as he grows up, and I expect that balancing his freedom against my wife’s need to know will be one of the defining tensions of his upbringing. What of the wider dimensions of the privacy freedom balance, though?
I am a long time critic of the UK’s plans for a national ID registry, because they are too visionary and all-encompassing, and potentially see us sleepwalking into a surveillance society. Besides which; when did the UK government ever successfully deliver such a massive IT project? Shouldn’t we try and limit the scope in order to make success more likely, given that success is often a product of constraints?
One of the things that has angered me recently in conversations with IT vendors and at least one standards body about the government’s deeply flawed plans is a refusal to show the courage of their convictions. That is – organizations are unwilling to formally criticise current plans by the UK government in case it later impacts their ability to bid for the project.
I call it economic and political cowardice.
Microsoft’s National Technology Officer for the UK, Jerry Fishenden recently weighed in on the debate though, and laid out a trenchant critique of current plans.
Here are comments from a vnunet.com article:
“It is unnecessary to build a system with all the data in one place,” he said. “The Home Office should be basing the design on the knowledge that any system of that size will be breached, most likely by criminal gangs with huge resources.”
When asked why he was making such statements on the day the Commons voted on the ID Card Bill, Fishenden said only that the IT industry had so far not been getting its views across properly.
“When we attend meetings with the Home Office I have noticed that industry representatives do not voice their concerns very much. Only outside the meetings do you hear their concerns,” he explained.
Fishenden pulls no punches concerning the industry’s lack of input so far. ” I do not think that the IT industry has been coherent and consistent enough about the way the ID card system is conceived,” he said.
“Any ID system needs only to keep information that is appropriate to a particular search in one location. That way you reduce the impact of loss or theft by decentralising the data.”
Trust is something you earn. It should come from giving good advice, rather than telling the client what they want to hear. IT vendors everywhere, and consultants generally, should learn from Jerry. Sometimes telling a client their ideas are off base is the most valuable service you can provide.
Concerns about the UK national ID registry should go beyond normal commercial constraints- we are talking about a national infrstructure to monitor UK citizens here, after all.
Thanks then for this example of what looks suspiciously like real commercial courage. I doubt Microsoft will refuse to bid for the contract though, assuming the House of Lords doesn’t gut the absurd, politics and PR-driven legislation.
Its good to see Unisys following Microsoft’s lead, according to today’s Guardian.
The scheme is “overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy”, said Roberto Tavano, a biometrics specialist for the US company Unisys.
Of course, sometimes Microsoft political lobbying is self-serving. But in this case, I believe we should applaud the firm. Kim Cameron is setting corporate strategy around distributed identity, and now we have local representation which dovetails elegantly with the approach.
As Kim says:
On my recent visits to England, I didn’t encounter one individual with an IT background who approved of the current Home Office proposals – whether they were high ranking government officials, industry experts, consultants or people interested in public policy. And I met many hundreds.
What would I like to see now? A joint petition or statement against the current plans, including people from a range of vendors and industry bodies, not just Microsoft. Its surely time for the reality-based community to get to work. Would you care to sign such a paper, Robin? Mr Blakley? Oracle?
I would also like to know who is going to regulate access to the central database given that the UK’s Information Commissioner is fundamentally opposed to the scheme? Who will be the ombudsman? That is an issue nobody seems to have raised. Does the government plan to create a new oversight body to compete with the Information Commission?
Finally, I want to stress that the ID cards debate is not about technology. Its far more important that that. We’re talking about civil liberties for the generations to come.
I recommend the UK government takes Microsoft’s advice on a national ID Card strategy.
James Governor says:
November 1, 2005 at 9:44 am
the LSE figures go up. now estimate the project at 30bn quid
http://www.silicon.com/publicsector/0,3800010403,39153819,00.htm
Bob Blakley says:
November 1, 2005 at 3:34 pm
James,
I noticed the challenge you posted to me on your blog.
I’ve already, in a sense, responded to this challenge. I was one of the principal authors
of this document, which summarizes the US National Academy of Science’s views on
the complexity, cost, and risks associated with establishing a national identity system – of which
the cards themselves are of course just a small part.
http://www.nap.edu/books/030908430X/html/
I heartily encourage you to reference
and quote this document, and you are of course entirely free to discuss my involvement in
its preparation.
Thanks for the tip o’ the hat!
Anonymous says:
November 2, 2005 at 9:24 pm
I would agree with you for the need to not have so much data in one place. There is already so many electronic bits about us – through credit cards, banking info,telephone bills, travel documents, GPS on some cell phones and cars, transponders on toll booths, medical records,credit records…govt can sub-peona if so desire pretty much everything. As needed.
BTW – did anyone complain about the big NHS IT initiative either?
Come to think of it, in work I do how many Accenture IBM or other consutlants tell a client not to go with SAP or Siebel? Independent advice is a rare commodity these days…
vinnie mirchandani says:
November 2, 2005 at 9:25 pm
I would agree with you for the need to not have so much data in one place. There is already so many electronic bits about us – through credit cards, banking info,telephone bills, travel documents, GPS on some cell phones and cars, transponders on toll booths, medical records,credit records…govt can sub-peona if so desire pretty much everything. As needed.
BTW – did anyone complain about the big NHS IT initiative either?
Come to think of it, in work I do how many Accenture IBM or other consutlants tell a client not to go with SAP or Siebel? Independent advice is rare these days
Phil Wainewright says:
November 5, 2005 at 10:14 am
Congrats on the new baby, James.
Your mention of a petition made me want to note the no2id campaign, where you can sign up online and also to various other protest activities:
http://www.no2id-petition.net/
LibDems also have an online petition in support of their policy to spend the money on extra police instead:
http://www.libdems.org.uk/noidcards/
Personally I think the campaigns should make more of the proposed national database which is insidiously buried behind the ID cards proposition.