Directgov has asked IT suppliers to come up with new thinking on identity verification. The team, which is now within the Cabinet Office, has issued a pre-tender notice published in the Official Journal of the European Union, saying that it wants feedback on potential requirements for the public sector on all aspects of identity …
Solved this ten years ago.
And was told by someone senior (who happened to be paid by one of the major suppliers...)
“Well, yes it works, but we’re trying to think of something more...” (complicated?|chargable?|difficult? - Who knows what he was thinking, perhaps there were too many notes?)
Although senior is a relative term, as I’ve long since disagreed with large amounts of what "senior" people say, but (other) people are impressed with qualifications, not whether someone knows what they’re talking about.
A person who is well read on a subject, but still can’t propose clever ways forward, remains a pundit to me, rather than a domain expert.
So what was your solution?
That senior people waffle about what they're looking for just means they're not telling what they really want. And why, exactly, would that be?
I do think we need a good solution for this, and while at it have it mesh well with all those other things and organisations that want your identity so they can tack you to their paperwork. Instead of trying to merely oppose that and stop the avalanche of identi-greed, we should focus on finding ways to give them the tools they need (which not necessairily even resembles what they think they want) that also give us our much-needed privacy.
Now for a way to convince government of this. It is their job to (pay others to) make it work, after all. I mean they're there for us, not the other way around. I missed the website link in the article. Where did directgov put this forward anyway?
Given that the country seems to be crawling with undesirables I'll bet they are now probably regretting giving up the ID cards scheme. Here’s to the Alliance. Nice one guys.
ID Cards = magic solution?
Of course, and think how much cheaper the ID card scheme is than the amount of benefit fraud etc. committed by said undesirables....NOT.
ID cards cost 10Bn
Benefit fraud 25Bn
25 - 10 = 15Bn .... looks like real money to me?
Hold on a minute. The issuing of ID cards stops all benefit fraud? How does that work? Everyone suddenly becomes honest (even if they haven't been forced to have an ID card yet)?
ID cards probably would've cost what has been said, plus more. PLUS the additional "ID tax" payable directly by everyone that had one, rather than out of the exchequer.
Perhaps ID cards would have made some benefit fraud more difficult to commit, but it would most certainly not get rid of all of it.
ID Cards cost 10Bn in the hands of a few people, most outside of the UK. benefit to uk economy 1Bn.
Benefit "fraud" 25Bn in the hands of the many, spending money in the UK. benefit to uk economy 25Bn.
I say we let them have the money, it's a damn site better for the economy than giving money to bankers and wankers.
How much would be solved by ID cards?
The total benefit fraud may well be 25Bn but how much of that could be solved by ID cards? How would they help assessing whether health problems are real or fraudulent? Or who is really living in subsidised housing, or how many children someone has?
Benefit fraud is, in the vast majority of cases, about mis-reporting circumstances, not identity.
Do feel free to keep spouting whatever junk enters your mind, however.
Benefit fraud is not identical to fibbing about who you are
The vast majority of benefit fraud does not involve misrepresenting who you are, but misrepresenting your circumstances. Knowing absolutely for sure that the claimant is who he says he is will have no effect whatsoever on that.
Re: Benefit fraud
"Hold on a minute. The issuing of ID cards stops all benefit fraud?"
Wrong. It stops terrorists.
Oh, hang on a minute, it's not terrorists; it's illegal immigration ..... or was it paedophiles? (I'm always mixing those two up). No, I've got it now. It stops under-age drinking ...... er, I think that's it .... or was it something else?
This is confusing, so let's just say that ID cards will put a stop all of society's ills, and be done with it. OK?
ID cards can't solve everything
For misrepresentation types of fraud clearly a much higher level of state monitoring is required.
Illegal Immagration, terrorists and Paedophiles probably also require a lot more databases, and the use of CCTV.
costs are wrong
Benefit fraud costs about £1bn a year.
Child and working tax credit fraud about £500m a year.
Errors in claims for the above come to a bit less than £4bn a year.
So even taking all of those together it's still nowhere near £25bn.
You Love Big Brother?
Just imagine: CCTV in every room of every home.
Just think of all the bad stuff that would stop.
Most child abuse, including sexual abuse, takes place in the home. Terrorists also exploit domestic privacy to hide their terrorist preparations. Illegal immigrants hide inside flats and houses. And, of course, benefit cheats either lounge around at home, pretending to look for work, or they're out working, pretending they're stuck at home with some sort of disability.
The abolition of domestic privacy from the authorities would significantly reduce a lot of criminality in our society. Oppose such a policy of CCTV in every room of every home, and you're practically on the side of child molesters, terrorists, illegal immigrants, benefit cheats, and various other criminals and undesirables.
I take it you support this policy, Titus Technophobe?
Or do you have something to hide?
@Oddly the figure I got for ID cards was £10 Billion over 10 years, I then obtained a figure for benefit fraud of 2.5 Billion per year, to match on timescales I then used a 10 year figure for benefit fraud. By your own figures I guess this would be £40 Billion?
@AC 'Or do you have something to hide?' Nope I really don't hide much, I am quite exhibitionist. If somebody wants to see me dangly bits and can find my web cam……… Oh yes it's my lady that loves BB. What I support or not is very much up for debate.
On a more serious note Martin Owens ‘Economics 102’ is a very compelling argument.
Whoa, folks ...
You are taking this too seriously - "Technophobe" is pronounced "Troll".
You folks just don't notice irony.
Look at the new boss, same as the old boss
So they scrapped the rather obvious big brother style "ID Card" and are now tendering for something a little more subtle. Nice move Camleg.
on the super, new ID card system that no one needs or wants.
Ideas! Firstly, force it onto the public sector who already have secure ID cards. Then the 'lower orders' will be coerced by lies and carefully placed, biased news stories, just like the ones used for Employment and Support Allowance. Then give doctors and civil servants a bonus for everyone who signs up to use an ID card, just as is used for the number of ESA disabled people failed.
Only then will we have the ability to control the unwashed, thick headed mass of peasants. They won't know what hit them and then it will be too late as we already give our favourite companies fat, 6 year contracts, while we can claw some back in party donations and treats.
The government already fails virtually everyone who applies for ESA. If we can rob severely disabled and dying patients so easily of their rightful allowances, ID cards can be imposed without any problem. Go forth and control the great unwashed who you can then track with their ID cards. Yours will be free, if you are members of the 'correct' political parties, peasants will be charged as much as we can squeeze.
'Heat or eat' for many will become 'heat or renew yearly ID card'. Sorry eating not allowed as the DWP says you are too fat anyway.
How about a link to TED where the pre-tender notice is issued. I spend 2 mins on there and could not find it :(
DirectGov pre tender identification verification
I agree, I have spent 30 miins trying to find the document. Can anyone send a link please
My MP is My authentication Protocol
Given that bits of paper, plastic, and copper wire (and the information they carry) are easily replicated by the black market time we went back to the source.
Police might be forced to think twice before stopping and searching people if they have to ring up and ask for your MP, doctor, old headmaster, boss, etc. Any ID I've ever carried only ever guaranteed that a great and good citizen added their signature to the end of my application to promise that I really am who I (and my ID card) claim me to be.
"Who am I?"
"What am I?"
The law and government has no business messing with metaphysics!
Identity verification ... It's all been covered here and it's trivially easy. The problem is that when they say "identity verification" that's not what they mean. The control freaks want a database that can creep, ending up with the UK like East Germany once was, but more highly automated.
ID verification ... issue a photo-ID card or passport with all the information printed on the document also digitally encoded on a chip within it, and protected by a crypto-checksum. Maintain and publish a database containing all the crypto-checksums of issued documents AND NOTHING ELSE. That's basically a file of random numbers. It's completely harmless. Leave the CD on a train, no problem. Distribute copies to banks, the police, the NHS, anyone that may have good reason to verify that an ID card is officially issued rather than a fake.
The ID document is verified simply by making sure that the crypto checksum contained within the document matches the one stored within the official database.. ZERO PERSONAL DATA IN THE DATABASE. Got it?
Wot he said plus
This is a case of a new w*nker in government being taken to lunch by the same old w*nkers from industry. I could live with what Nigel has re-tweeted (if it also excludes the n*zi interrogation to get the card.)
It's just not 5 years enough yet.
Bloody good idea.
Thumbs up. You get my vote.
Was just about to suggest an RFID surgically implanted into everyone's cranium (Hey, it's in the book of Revelations) but this sounds slightly less painful and may slightly reduce the risk of setting off shoplifer alarms whilst shopping in the high street.
IDs gunna get you....
One day, hopefully after my demise, the ID bogey mans a gunna get you.
They will never stop trying to corral the plebs...
Yet more supplier-led procurement policies
You don't go into a car showroom and ask the salesman what he thinks you should drive. So why do governments keep asking their suppliers how they should spend our money? Would it have anything to do with the revolving door between the cabinet and the boardroom, where those dishing out the government pork get rewarded with lucrative consultancies when they finally get thrown out?
If you can't define your own requirements, then you have no requirements, so spend the money on something useful.
Yes and No
You normally do go to a car showroom and ask what you can buy. You then decide for yourself if you want what they offer.
The governments of old would've gone into a car showroom and said that they want a car that fits into a supermarket car parking space, seats 20 (with each having their own personally set climate control temperature), goes 200mph while averaging 100mpg....
Or they would've gone to the car showroom and said it must seat 1, and doesn't need brakes and the engine should only have 3h.p. to save money. Then after a few deliveries, they would notice that they can't fit enough poeple into it, and the engine power means that it can only drive down-hill. They would increase the engine power and then find that you can't stop it.....
Asking companies who may be able to actually deliver a product: "what can you deliver" sounds like very forward thinking.
The legions of the walking dead return
ID card legislation still not repealed...
£25 billion in fraud?
If you actually did some research before spouting bullshit you would know that actual fraud is around the £3.5 billion mark. Which is significantly less than the cost of the ID card scheme.
and if you project the costs of benefit fraud over 10 Years to match the costs of ID cards? Also I used a figure of £2.5 Billon per annum, assuming that not all of the fraud could be resolved by ID.
Less than 5 per cent
When the DSS carried out it's own internal survey of benefit fraud a few years back, it estimated that less than 5% of benefit fraud was down to people misrepresenting their true identities. That means that a majority of the 2.5 billion pound fraud that is reckoned to be lost every year, is down to people mis-representing their personal circumstances rather than lying about who they are. On these figures, the true cost of benefit fraud deriving from uncertainty about an applicant's ID is probably in the region of a couple of hundred million pounds per year or less.
they haven't gone away after all.
Told you so
All that's changed is that the new contracts will be given to a different set of Old Boys.
Bar Code Tattoos
You know it makes sense!
I never quite saw the need for creating another identity database. Surely HMRC already have a database of (almost) every adult in the UK, and ONS almost certainly maintain an electronic record of census information. Other agencies hold vast amounts of information on large chunks of the UK population, e.g. electoral register, local authorities (council tax), DVLA (drivers), NHS (depending on where you live, either your GP practice or the newfangled summary care record thingy)...
Now the national DNA database has been severely scaled back, but you could certainly imagine that if a rapid DNA testing kit was invented (that could produce results in a few minutes), a database containing some form of hashcode representation of people's DNA could be set up as an identity register. For cross-checking purposes it would probably need name / address / DOB - but that could easily be achieved with just a single field - a foreign key to one of the other databases.
And for fairly obvious reasons, tweak the DB code to make it impossible for anyone other than the DB administrator to to bulk export records, log every access request, and automatically run a report every week / month listing those who've made anomalous requests to the DB.
ID cards so that there is a remedy against misuse of data
Agree with Nigel-11 "Simple" above, that an ID card could be data free.
But that's not going to happen, when linking of databases already takes place.
I believe that the most valuable purpose of creating an ID database is so that it has a statutory basis, and incorporates remedies against misuse. I should be able to inspect a record of who has accessed my data, through an ID database.
We currently have the situation, that the jobsworths with access to databases in government, local government, some statutory bodies and NGOs, link their database access through use of credit reference databases, to form the overall link to the other databases that they have access to, with no record that I can inspect for misuse. Credit Reference agencies were given statutory permission to use the Electoral Register without any remedies against them (by Yvette Cooper as the relevant Minister).
At the simplest level, I have never authorised a credit reference agency to keep a record, and my credit cards were issued before Experian et all were brought into existence. But if there is fraudulent application for credit, that a credit reference agency authorises without my knowledge, it is my credit standing that is detrimentally affected and I have no remedy against the credit reference agency.
The Government, through the Passport Service, Customs and Revenue, DWP, Driving Licence Agency, NHS database etc., is permitting gratuitous access to personal data, without effective remedies that a Statutory Identity Card should give. Few culprits are caught and sanctioned.
I want remedies that the Data Protection Act does not provide and an Identity Card should, so the reason for scrapping the ID scheme appears to be so that Civil Servants et all are not made accountable.
Hold on a minute
Identity verification means that, when you first apply to use government services online, they need to find out if you are really who you say you are.
In the old days, they would have sent a form to the address you gave for you to sign and send back, all of which proves - not very much.
Now it's common to use knowledge-based authentication to ask some questions to which only you (and the credit-reference agency providing the service) know the answers (hmm... anyone spot a potential vulnerability there?).
So, though this might mean ID cards via the back door (ouch) or an ID database, it could also mean bog-standard, off-the-shelf KBA as used by financial-service providers et al.
The procurement procedure being followed is long established civil service practice so no brownie points to the new masters there.
Really, this whole announcement is a lot duller and more common-sensical than some of the commenters would like it to be, if only so they can fulminate against it. If it means goodbye to the ludicrously bad Government Gateway and means that government services can speed up and gain economies of scale for identity verification, bring it on.
Next - do away with the stupid DirectGov uber-brand.
Tell us once?
I think this is the remote authentication of citizens to the "tell us once" service where you are able to update the content of any of the databases hmg holds on you from a single call centre. The problem being remote authentication of individuals who have forgotten their passwords to change data that the call centre itself doesn't have direct access to.
A lot of work was done by NIST on Knowledge Based Authentication (KBA) that highlighted that it can't really be relied upon for something as important as citizen data (Especially data they want to fine you on for innacuracy like drivers licences).
The implication is you need a token of some sort. HMG is desperate not to have to support a token for 60m people especially given there is no trusted infrastructure out there to verify your id card/2nd bio passport even if they did manage to issue them.
What they are asking is how does the DWP verify you are the person you claim to be when you are trying to update your driving license details if you have forgotten your password? Relying on letters to the registered home address is slow, poor service and irrelevant if you've moved away from your last registered address.
They can't even administer car IDs, let alone people's IDs
I've just been told I can't re-tax the car I've been driving for the last 15 months, because the DVLA has no record of it. On ringing them, they state that the car, which is sitting on my drive, has been scrapped off. Or so an insurance company told them!?!
Lets hope people don't get "scrapped off" under any new ID card system.
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- Product round-up Trousers down for six of the best affordable Androids