My son is two weeks old now. I think he deserves and needs some privacy as he grows up, and I expect that balancing his freedom against my wife’s need to know will be one of the defining tensions of his upbringing. What of the wider dimensions of the privacy freedom balance, though?
I am a long time critic of the UK’s plans for a national ID registry, because they are too visionary and all-encompassing, and potentially see us sleepwalking into a surveillance society. Besides which; when did the UK government ever successfully deliver such a massive IT project? Shouldn’t we try and limit the scope in order to make success more likely, given that success is often a product of constraints?
One of the things that has angered me recently in conversations with IT vendors and at least one standards body about the government’s deeply flawed plans is a refusal to show the courage of their convictions. That is – organizations are unwilling to formally criticise current plans by the UK government in case it later impacts their ability to bid for the project.
I call it economic and political cowardice.
Microsoft’s National Technology Officer for the UK, Jerry Fishenden recently weighed in on the debate though, and laid out a trenchant critique of current plans.
Here are comments from a vnunet.com article:
“It is unnecessary to build a system with all the data in one place,” he said. “The Home Office should be basing the design on the knowledge that any system of that size will be breached, most likely by criminal gangs with huge resources.”
When asked why he was making such statements on the day the Commons voted on the ID Card Bill, Fishenden said only that the IT industry had so far not been getting its views across properly.
“When we attend meetings with the Home Office I have noticed that industry representatives do not voice their concerns very much. Only outside the meetings do you hear their concerns,” he explained.
Fishenden pulls no punches concerning the industry’s lack of input so far. ” I do not think that the IT industry has been coherent and consistent enough about the way the ID card system is conceived,” he said.
“Any ID system needs only to keep information that is appropriate to a particular search in one location. That way you reduce the impact of loss or theft by decentralising the data.”
Trust is something you earn. It should come from giving good advice, rather than telling the client what they want to hear. IT vendors everywhere, and consultants generally, should learn from Jerry. Sometimes telling a client their ideas are off base is the most valuable service you can provide.
Concerns about the UK national ID registry should go beyond normal commercial constraints- we are talking about a national infrstructure to monitor UK citizens here, after all.
Thanks then for this example of what looks suspiciously like real commercial courage. I doubt Microsoft will refuse to bid for the contract though, assuming the House of Lords doesn’t gut the absurd, politics and PR-driven legislation.
Its good to see Unisys following Microsoft’s lead, according to today’s Guardian.
The scheme is “overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy”, said Roberto Tavano, a biometrics specialist for the US company Unisys.
Of course, sometimes Microsoft political lobbying is self-serving. But in this case, I believe we should applaud the firm. Kim Cameron is setting corporate strategy around distributed identity, and now we have local representation which dovetails elegantly with the approach.
As Kim says:
On my recent visits to England, I didn’t encounter one individual with an IT background who approved of the current Home Office proposals – whether they were high ranking government officials, industry experts, consultants or people interested in public policy. And I met many hundreds.
What would I like to see now? A joint petition or statement against the current plans, including people from a range of vendors and industry bodies, not just Microsoft. Its surely time for the reality-based community to get to work. Would you care to sign such a paper, Robin? Mr Blakley? Oracle?
I would also like to know who is going to regulate access to the central database given that the UK’s Information Commissioner is fundamentally opposed to the scheme? Who will be the ombudsman? That is an issue nobody seems to have raised. Does the government plan to create a new oversight body to compete with the Information Commission?
Finally, I want to stress that the ID cards debate is not about technology. Its far more important that that. We’re talking about civil liberties for the generations to come.
I recommend the UK government takes Microsoft’s advice on a national ID Card strategy.