There’s a lot of blogbuzz at the moment about the recently passed bill to introduce compulsory ID cards in the UK. These are a terrible idea for many reasons you can read here. I apologise in advance for any future interruptions to service whilst I serve my jail term for refusing to have one.
I’ve got a better idea. In a sense it is like an automated notary public system. And, not surprisingly, it involves pushing intelligence (and data) to the edge of the network, whilst retaining the centralised trust that is essential for the system to have any use.
In Martin’s ID system, there would still be ID cards, but no central database as such. You would take documents that establish your identity to an official government outlet. The key details of these would be recorded (e.g. name, place and time of birth from a birth certificate). The data would be stored on your smartcard. You might choose to submit to biometric scanning, and this data would be stored on your smartcard too. You might also choose to bring along some friends/witnesses (with their ID docs and cards) who can attest to you being who you say you are. The attesters’ IDs get put onto the card.
Each entry on your card would be digitally signed by the government.
The identity of the goverment office and employee who authorised the record would also be encoded on the card. Got a string of fraud from one corrupt official? Then the third party reputation systems will put 1+1+1 together for you.
Anyone wanting your ID just asks you to to show them your card. (To protect you after a theft of your card the details might be released only in conjunction with a PIN. This would be the user’s choice and risk). It would be up to the identity requestor as to what data they choose to trust and why.
There would be no central database providing a single point of tyranny. You might choose to centrally store operational statistics. You could even store hashes of the data from the smartcards as a secondary non-repudiation measure. Verifiers of the data can then do an online query and ask ‘did you really see a birth certificate for HASH(fName => “J”, sName => “Christ”, dOB => “25/12/0000”)?’
The system is much more secure than the current ID proposal. You only need to protect the government’s root private key used for signing valid ID records. Much easier than protecting a zillion-record operational data store.
The users of the system get to choose how much data goes on the card. No compulsion. Government agencies would not be permitted to discriminate against people based on the card data they held; if necessary they can always turn up with original documents and friends to attest to who they are.
Funnily enough we’re all staggering around (and given the time of year I choose my words carefully) with smart card-filled microprocessor-fueled devices today. They’re called mobile phones. Perhaps the cellular operators would like to get into the ID business? Much better than trying to resolve the Paradox of the Best Network.
Of course, there is zero chance of this scheme ever happening. After all, why create a system that merely empowers the users at the expense of the core?
Happy holidays — see you next year.
Posted by Martin Geddes at 10:58 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/368.
actualy i'm starting to figuring such a situation for the future of... personnal computing ! my reflexion was that the today "single PC" oriented personnal management is totaly out of date : most of people having to synchronize with often much more than one device (PC and phone at least, office PC, palm...). Having to "syncronize" all personnal information seems such a waste to me : i was thinking about finding a way to get some "personnal data collector" that would be the "data heart" of my several devices (this could be my mobile phone, with a better capacity).
then the process you describe could be implemented into that "personnal data container"...