Friday, February 10, 2006

ID Card Compromise

A possible compromise on the UK Identity Card scheme is reported in today's news.
Ministers are expected to announce a compromise on compulsory identity cards ahead of a Commons vote on Monday. [BBC News, Feb 10th 2006]
What is the likely effect of this compromise?
  1. Those responsible for the scheme will be looking to encourage people to carry the card voluntarily. One way of doing this is to provide differential advantages to card-holders. For example, fast-track security in various settings. But this means that these security mechanisms are now designed to produce a beneficial effect on the ID card scheme, and they may become less effective at delivering real security. (I am tempted to say even less effective.)
  2. This in turn means encouraging a wide range of service providers (such as airlines perhaps) to differentiate between card-holders and others - to accept the identity card for a range of purposes, while making complicated demands on everyone else (passport plus driving licence plus two utility bills, etc. etc.). Thus we have function creep.
  3. But these service providers have a range of commercial and other goals. This introduces diversity at several levels - diversity of intention as well as diversity of action - which in turn introduces various modes of interoperability risk.
Thus the compromise would decrease effective security, and increase function creep and risk. There's some very bad (or perhaps very devious) systems thinking going on here. I have commented in this blog before about the strange POSIWID logic behind the ID card proposals. If this compromise goes ahead, it will complicate the logic even further.

Further commentary. BBC Action Network, Wired article on Multi-Use ID Cards by Bruce Schneier

Technorati Tag:

No comments: