MPs have called on the government to work with the Information Commissioner on how to implement the Cabinet Office's personal data proposals, which include the possibility of farming out its ID-handling to third parties such as banks and Facebook. The Public Administration Select Committee's report entitled Government and IT - ' …
an independent, trusted provider
For me no such entity exists. Even though I haven't yet heard of any CD's, laptops or USB keys containing Facebook user data being left on a train.
"Moving to a model where the citizen maintains their own personal data...,"
I'd go with that idea but only if there is a delete button.
No-one hears about lost Facebook laptops or sticks because no-one cares if your "likes" get out, they are however a little more conerned with NHS records and the like.
Do you REALLY think Facebook can be trusted with the date you only give the government??
Somewhere a bridge appears to be without it's troll
Hmmm, wasn't that what the National Identity Card was all about, but this time the government wants it done by Faceless American corporations or two faced banks.
Talking to the wrong people, Tesco, Boots or Sainsburys would be a better bet, particularly Tesco who do more about us than we do ourselves. People tend to keep their loyalty cards up to date, far more than banks, because they receive a beneficial service.
Mind you I wonder what new fraud opportunities this would throw up, something I suspect they aren't thinking about.
@Is it me
"Hmmm, wasn't that what the National Identity Card was all about, but this time the government wants it done by Faceless American corporations or two faced banks."
Exactly. Although last time they wanted IBM to handle the database.
You do have to acknowledge the problem..
The government has a major ID problem on its hands which needs solving: duplicate identities, allowing rip off merchants to claim benefits multiple times. It's a scam that is simply impossible to kill off without a way to check if you're not handing off a new identity off to someone who already has one.
The problem is that New Labour's enthusiasm to hand off money to friendly consultancies has seriously poisoned the waters. The only possible answer you get when you get a daft idea to be studied for feasability by the same outfit who gets the cash to implement it is "yes, it is possible" - Chinese walls are a myth. That the later audit didn't find a problem was no great surprise - the department doing the audit was managed by - you guessed it - an ex member of the same outfit..
There are, however, different approaches that creates this non-duplicate assurance. Approaches that cost a LOT less to develop, a LOT less to maintain and - most importantly - do not immediately create the kind of Big Brother databases New Labour loved so much. Yes, you need a central resource (or matching for duplicates becomes a bit hard), but it doesn't need biometric data you hold there. Such intimately personal data should only ever be in a police database, and only for a reason that complies with EU rules (conviction, timed deletion within certain verifiable rules etc - the usual).
There should be every possible objection against an ID scheme that re-creates in a different way the IDcard that New Labour wanted to ram down everyone's throat. - it was wrong for so many reasons that that project almost appears to be a *deliberate* waste of money. But there should not be any objection against the government trying to clean up the current mess that results in handouts to criminals and benefit cheats - I, for one, am 100% with them on that.
Question of how to approach that problem
I for one would happily do away with the benefits* if that saves us from ID card madness. That or revamp the system --but only that system-- to make cheating harder and/or easier to detect. Even better if you can set it up such that people don't *want* to cheat. That last bit is something quite often missed in "administrative process engineering", and failing to even think about it often results in complete crocks of systems like, oh, ID cards, ANPR databases, DNA databases, and so on, and so forth. "Just in case" means "we haven't thought about it". Which should be a firing offence.
The difference in numbers (benefits claimants wanting to sign up to get the benefits vs. everyone being forced to sign up "just in case" the government ever needs to lift your skirt) would justify ditching the minor system instead of trying to prop it up with a major inconvenience and loss of privacy for everyone. That or force a clean-up in the benefits system and a revamp.
Handing out a smart card (not RFID, sheesh) that entitles the holder to one payout per month should limit the sorting out of duplicates to issuance. Afterward you can do some simple checking up on things like whether multiple cards get accessed within a couple minutes each month for payouts, triggering investigation. There's quite a lot of that sort of thing you can do. But it does require that you (that is, the bureaucrats thinking up such schemes) have half a clue and a mind to protect privacy. So far, i've seen evidence of neither.
* Having lived several years on nothing, not even benefits, except my own savings, I know what I'm talking about. Yes, I'm well aware not everybody can do it. But it is very much conceivable that teaching people how to act responsibly with their money will do more for their financial health than it is to just give them money and keep on trucking.
Oh the quotes, such gems, they hurt.
"Moving to a model where the citizen maintains their own personal data with an independent, trusted provider and then can choose whether to authorise the sharing of that information with other organisations is an ambitious vision that will need to be trialled extensively."
Sure guv. Who owns that data then?
Not me, not you, but an overseas multinational. So I get my account suspended for some canard or other, so aptly demonstrated by google+ and facebook earlier. So I suddenly cease to exist for the government. Who'm I gonna call?
The ease by which this "trust" is bestowed onto this unknown third party (as we all know, all the usual suspects are not in any way trustworthy and have no incentive to become so) is frightening. Not unusual as neither is the fact the people concocting this scheme haven't a clue, but frightening nonetheless.
"Maude has cast these ID assurance plans as a way of cutting duplication and thus saving money for the public purse."
So you do suppose facebook and google+, and heck bebo, myspace, beautiful people, orkut, qq, and whoever else is out there, have become best pals and share data now?
It's not "cutting duplication", it's "out of sight, out of mind, for the government". But that still means they're not doing their job. I'd hardly call that "radical reform" to be honest.
To provide to the people an assurance platform that can deal with anonymity, pseudonymity, realnameity, pennameity, and so on, and so forth, and that the others can plug into without also taking ownership of the data, that would be radical and new and useful. Government grade assurance while the citizen keeps ownership and fine-grained control as to who has access to the data. And while at it, can enforce all verifications be mutual so that the verificee knows the verificator had in fact a right to do this and gets to keep a log of what when actually happened. That puts the means next to the incentive to see who's meddling with the data and ought to cut back on abuse some.
But all that'd require real innovation, academic research even. The government is too short bus and not enough brilliant to provide real radical reform to the people. We knew all that already, but it deserves to be said regardless. For the cabinet office, it so clearly is devoid of clues again. Carry on government.
Facebook an "open platform" like Windows
Icon expresses the level my jaw dropped when I saw that.
To state what should be obvious: British citizens should not have to store sensitive data in countries outside the jurisdiction of the Data Protection Act, just to access UK public services.
Whoever proposed this must be insane.
dead body. I killed my Friendface account for a reason, and nothing the government supplies is gonna tempt me back.
Hard to decide
Which do I trust more? Facebook, which has sloppy security and which I know will abuse my data if it can get away with it, or Gov IT, which ... Hmm, no real difference.
I vote for Facebook, because they at least know how to put together a system that can cope - just need to beef things up a bit on the privacy & security fronts (including making sure US doesn't get it's hand in the data).
"including making sure US doesn't get it's hand in the data"
You're not aware of the fact Facebook is an American company and, as such, required to hand over all the data it possesses to their government?
Yes, I am aware that facebook is a US company, and all that that means. So the idea falls down immediately, according to my criteria.
I don't know why I said it - maybe it was despair : despair at the hopeless logic of the government, despair at the thought that they have no choice but to suggest the social networking approach because they just don't have access to the skills necessary to define a proper controlled *British* solution.
Still less is there a British-enough company available to implement anything that will meet the perceived needs.
Still, at least ICO is on the case now.
You have GOT to be bloody kidding?
First para, and already my jaw is on the floor... "ID-handling to third parties such as banks and Facebook"
banks? OK, yeah, I follow the thinking, the Germans use (or at least did a while back, dunno about now) banks to issue ID cards so that's not too much of a stretch. But bloody FACEBOOK?!?!?!
So much for infosec then.
Might as well dump all my personally identifiable info, old passportss, credit history, everything, into a bin, park it outside my home, and stick a sign on it saying "ID Thieves, look here first".
More bloody cloud cuukoo land thinking from the Hot Air Housing Project.
Use a transaction database to securely* store data.
Use U-Prove for discretionary data sharing with user control and consent.
Use identity federation** to establish trust between government deptartments.
Use an identity selector*** to mitigate man-in-the-middle attacks.
Something like that can actually adhere to all seven laws of identity!
* I've worked on public sector projects for years, and have yet to see a concretely defined and documented protocol that performs a security-related function and applies cryptographic methods.
** Something that supports the active and passive requestor profiles. Not gob-shite like OpenID.
*** Needs work to make it portable and facilitate secure interoperation with identity providers and consumers like (e.g.) NFC and attribute providers like U-Prove.
As the title says - Identity solved.
Of course that DOES mean finding a tech lead that actually knows what she's doing, rather than farming yet another identity abortion out to ATLAS or Connected for Health c/o Cable & F*cking Useless (I mean, Wireless).
"an independent, trusted provider "
"independent" as in a US based privately held corporation subject to the PATRIOT act.
"trusted" as in headed by a CEO who believes the *idea* of privacy is nonsense.
It would seem Maude has proposed this because
a) He is deeply ignorant of information security and data protection but has been promised that this will save the UK govt lots of money
b) The data fetishist civil servants (those with that pathological desire to know *everything* about *everyone* 24/7) behind the National ID Card (or rather the National ID *Register* which was the cradle-to-grave surveillance tool) have been telling him what a good idea it would be, fight against terrorism, crack down on benefit scroungers etc.
No need to ask no need to know summed up the ID card but with Facebook sniffing round might I suggest something shorter.
"Facebook. F**k right off"
New "solution" - same old problem
I share all the concerns voiced above about the likes of Facebook being trusted with this information so I won't reiterate them.
My other concern is the same one that I had over the scrapped ID card system. Put simply, it is either impossible to guarantee the accuracy of such a system OR it's redundant.
In order to have an ID on the system I have to prove who I am. This is, apparently, impossible because allegedly we currently don't have a means of adequately proving our identities, hence the need for such a system. If no such adequate proof exists then how can I prove who I am in order to be put on the system?
On the other hand, presumably if I produce some form of existing government ID such as a passport, driving licence, etc. this will be adequate proof of my identity in order to get put onto the system - in which case the system itself is unnecessary because there is already something in existence which adequately proves who I am.
Well, of course Facebook are in favour
Well, of course Facebook are in favour, they'd love nothing more than everyone in the country being forced to have a Facbook account, so they can resell the data !
...it's all here...
The difference is that _you_ don't have access to it or control over who sees it.
Most of your "sensitive" data is already in US hands, via various data-sharing arrangements between the Home Office and the US.
Several large UK companies already have data stored in the US....congestion charge, banking, et-al.
I see no difference between the last governments obsession to storage of personal data, and this governments obsession to storage, and use, of personal data....except this one is giving similar large amounts of cash and access to private companies.
I eagerly await my reply to a request for an overdraft, in the form of a LIKE on facebook (I suppose that means that I will have to have .GOV.UK as a friend ?) (yeah..right..as if they've ever been friendly)
Yet another solution
As is well known, if you take the Gov's money you have to dance to their tune.
So using the existing technology of the police DNA database, take a DNA sample of everyone who wants to claim benefit. The carrot is that your profile will be deleted when you sign off. The bonus is that all the little scumbags who will never get a job will get caught after they have burgled your house.
Make a mandatory five year stretch for multiple claimants.
Blimey! I seem to have metamorphosed into a Daily Mail reader overnight!
It seems inevitable that this country will soon become a police state. After the starting of illegal wars, terrorists and extremists are only going to increase and the "War on Terror" must not be hindered. The UK government is in thrall to the every Tom, Dick and Harry. WTF
The future looks incredibly bleak, soon we will all be turned against each other. This will not end well. For those with an ear to hear, the coldest part of the night is just before the Dawn.
The largest state benefit paid is the state retirement pension.....at 60+ billion per annum.
Now, where is my little book with all the passwords I'm not supposed to write down, but can't remember if I don't.................and what to do about trustere that keeps telling me that I've used the same password on [long-list] these other sites.....
Sheer F***ing Madness
Maybe I am just a grumpy old git, but WTF!? Offload this to a commercial 3rd party solely focussed on self-serving, commercial interests? You gotta be kidding me right? Oh, really? You're not?
This is like a frigging nightmare. It's already bad enough with certain UK government sites trying to force me to sign up to some Google shite to get at what I am after. Now this load of tripe?
I dont use Google/Facebook or any other such assorted mass-hype shite and I can conduct my online life and business quite adequately/happily. I don't want my data anywhere near these commercial behemoths - I am probably in the minority on that - but that does not change the issue... What absolute fucking bollocks.
I think I shall emigrate. Want to join me?
How do they propose to keep my data out of the clutches of the US Patriot Act?
"How do they propose to keep my data out of the clutches of the US Patriot Act?"
They are probably not even *thinking* about it.
But what's actually driving this...
... is UK Gov's Digital by Default agenda.
This government (specifically Francis Maude and his Reform Group cronies from big business) wants all government services to be delivered by default online, as a cost saving measure, which mandates a single digital ID. This will turn into a gov mega project, and as we have seen countless times before the usual suspects in the shape of IBMFujitsuHPMSGooglecorp will be the only bidders with the capital resources capable of convincing the contracts teams that they can deliver.
This on the day when MPs declare that the usual suspects operate a cartel which is "Ripping Off Whitehall" (http://www.bbc.co.uk/news/uk-politics-14314935) with contracts which are 7 times overpriced
Nevermind that we the people:
* Didn't vote for a digital identity Card via the backdoor
* Don't have any trust in Gov or Big Business's ability to safeguard our data
* Don't believe in the ideology of conservative cuts
FAIL for democracy
Oh the Absurdity.
From a Yank, (I am certainly in a place where Echelon et alii could be standing over my shoulders but in practice, they are fairly inobtrusive:) this would absurd in my country.
The only place where my government has close come to allowing OUR own faceless corporation access to comparable information, was allowing (not requiring), the use of commercial tax software to e-file taxes (for the conveniance of multiple parties involved, including the government.)
And this is with American Companies, based on American soil. Yea, if I was on your side of the pond, I would be livid too.
Gifted to private companies
Why is our private data being gifted to private companies? I for one bet there is many an MP with an outside interest in all this data gifting, Corruption in my eyes no different to reporters paying police for stories. In short - IT STINKS
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt