honestlyreal

Icon

Achilles and the Tortoise do Identity Management

Achilles: I’ll make things cheaper and simpler for you, you’ll see. Then you’ll be happy. And richer. And so will I.

Tortoise: What?

Achilles: I’m going to give you a new unique identifier so you can have a better relationship, and do business, with me–your personification of government!

Tortoise: I don’t want one.

Achilles: Psst. *whispers* For the purpose of this dialogue, you do. OK? Now play along.

Tortoise: Fair enough. Where’s my identifier then?

Achilles: I can’t just give it to you. How do I know you’re you?

T: I’m Tortoise. Can’t you see?

A: But you could be any tortoise. Where’s your passport?

T: I haven’t got one. I’ve lost it, I mean.

A: For the purpose of this dialogue…

T: OK OK, here…

A: Thank you. Here’s your identifier.

T: What happens if I lose it? Can anyone else use it? And pretend to be me? And do all these things in my name?

A: Um, no. Of course not. This is secure.

T: Right… So how did I get my passport in the first place?

A: You sent in a birth certificate, and had someone else who’s got a passport to vouch for you. Don’t go there.

T: And assuming we weren’t face-to-face here, right now, in this dialogue–how would you send me the identifier?

A: In an envelope to your house.

T: What if somebody else got hold of it en route? Then they could pretend to be me online, no? Like really, really easily? That wouldn’t be good.

A: I’ll give it some thought (I probably won’t). For now, I’m just giving it to you.

T: OK, so I have this universal identifier (assuming I want one, and have a passport, and I haven’t fraudulently obtained it, and ignoring lots of other things that we can just regard as edge cases). So, what’s the universal identifier going to allow me to do?

A: Well, it means you can quite simply log in and find lots of information that’s been personalised about you–so instead of having to look at all the information available on bin collections, you can just see when your bin will be collected.

T: So, how will the online system know where I live?

A: Oh, simple, there’s this big database which holds everyone’s address along with their name…

T: But doesn’t that sort of mega-database tend not to work? I mean, who’s going to keep it updated? Surely people’s addresses change quite a lot? Having the right one there is going to be pretty important, no, if this is to be the One True Record?

A: OK, scrap that idea. Well, you can put in your own address if you like.

T: But what if I don’t put in the right address–if this is some kind of Master Record of me, Tortoise, isn’t that going to cause a bit of bother when you try to send me a tax demand–I mean, I might “accidentally” put in a gibberish address to stop you getting hold of me?

A: Ah. Good point. OK, forget all that–we won’t hold the address any more.

T: It’s still the Master Record about Tortoise, though? This is getting more complicated than I was expecting.

A: That’s because we’re stepping through a dialogue to show that it’s more complicated than everyone thinks it is. But nobody really likes to engage with the detail.

T: Ah, yes, of course. Carry on.

A: So with your universal identifier you have a simple way of getting in to your various accounts with government, all in one place, so that you can do things more easily.

T: I don’t really have ‘accounts’ as such–well, income tax, I suppose, and council tax, but that’s about it.

A: Yes, but you buy things sometimes, don’t you? Driving licences, and passports? And you pay parking fines sometimes, no?

T: Sure, but… oh, ok, I have these accounts, and because I can get into them all with the same identifier, which shows I’m definitely me (subject to all the reservations earlier), then things are easier and cheaper. Hang on a minute–if you put all my data in one basket doesn’t that mean that you’ve created a sort of super-record about me? You, as the personification of an initially benevolent but ultimately potentially totalitarian government, might want to keep all sorts of other information on that single record. I might not even be aware of half of it.

A: Ah, but if you’re got nothing to hide…

T: Don’t go there. How big’s your “Gentleman’s javelin” again?

A: Right.

T: Right. And if someone gets access to my account, that’s an awful lot of personal data they’re going to be able to get hold of in one place. Is that wise?

A: We can put in all sorts of detailed access controls and permissions to make sure any one of the 12 million people with access to these systems only gets to see exactly what they’re supposed to.

T: Right you are. Hasn’t that sort of minor, niggling detail been one of the main reasons that such projects have consistently fallen on their arse over the last 20 years?

A: Possibly so–I tell you what–we’ll give YOU the ability to partition your data and decide who’s allowed to see what. This simple 59-screen control panel will allow you to do exactly that.

T: Hang on a minute–I have to go to enormous amounts of bother to administer something I might use once a year to check whether a council tax payment’s gone in? No thank you! I have enough trouble with my Facebook settings. Look, do we really have to have all this personal data stuff in there? It’s so risky–sod the convenience bit; there’s some things I really don’t mind logging in separately for.

A: OK, you’re right. It was worth a try. Tell you what–your account can just be one where you don’t keep any personal data–just things you choose to keep there. That takes a lot of the risk away, and you can use it to remember what sort of screen colours you like, who your local council is, that sort of thing. But…

T: But?

A: But you’ll have to get over the constant disappointment when you’re using it that we’ll never be able to take any of the data you put in there at face value, without checking it some other way, I mean.

T: Why not?

A: Because your account is either about the “real Tortoise” or it’s not. There’s no half-way house. We either do the sort of hard authentication you’d do with your bank so that you can move money around online, or we do the sort of self-asserted stuff you do when you buy, say, a bag of teabags online. We don’t really care who you are, as long as you pay us, and give us an address to send the tea to.

T: But that sort of “hard identity” stuff makes sense for things involving money–especially where someone might steal some from me (or steal details that would help them pretend to be me and get money diverted that should come to me). It just seems like complete overkill for finding out when my bins will be emptied.

A: Quite possibly–but you wanted all your government business in one place, didn’t you?

T: Did I?

A: I thought you did. Somebody did. All I hear about is “make government more like Amazon”, “make it all simply accessible in one place” blah blah blah. You mean that might not be the requirement?

T: So far, Achilles, we’ve piddled around changing the requirement through a massive spectrum of parameters including data richness, hardness of trust, ease of use, and personalisation. I’m beginning to suspect that people blithely use this concept of “easy access in one place” without actually thinking through what sort of requirement that implies in practice. Furthermore, this sort of woolly guff is likely to get lots of people spending years dicking about running pilots that won’t really go anywhere, testing technologies that are completely inappropriate, and listening to quite a lot of baloney from vendors who stand to make a great deal of money as long as such requirements are never actually bottomed out. What say you, Achilles?

A: Fuck. Rumbled.

(with apologies to Lewis Carroll, and especially Douglas Hofstadter)

You can read more whimsy from these two here.

Category: Other

Tagged: ,

5 Responses

  1. William says:

    I think if we seek a single big solution to this problem we’ll be disappointed. But if we accept that the individual has a central role to play in the acquisition and deployment of verifications of varying cost, credibility and capability we may yet be pleasantly surprised.

  2. Andy Bold says:

    If memory serves, this is the nut that could not be cracked for online voting – how do I know that *you* are *you*? Damned hard question, especially when you start to look in detail at the usual suspects for governmental validation of who you are. (Passports, driving license, etc…)

    Maybe we could all validate who we are by turning up at our MP’s monthly surgery with two bills with our address printed on them… ;)

  3. Gordon Rae says:

    I’m seeing this for the first time today, because Paul has just re-posted it on Twitter.

    The crucial sentence for me is: “But that sort of “hard identity” stuff makes sense for things involving money –” And my point its, it doesn’t. If it did, banks would be leaders in the identity space.

    The reason they’re not is banks authenticate their customers to manage their own risk. They don’t want to help anyone else manage their risks. And they don’t care who you are, they just want to know they will get your money.

  4. prclarke says:

    I don’t entirely agree, Gordon. Two thoughts:

    Money laundering regulations meaning that face-to-face visits are pretty de rigueur for new account set-up (in my experience anyway) plus a whole bunch of declarations. There the bank certainly has an interest in who you are – for regulatory compliance at least, even if they still really just want your money. Financial services and international travel are two slightly exceptional cases where who you are is of primary importance in the transaction. You can’t just pull the “cash is king” stunt.

    Secondly, the actual experience of setting up my online banking was pretty hard-identity stuff – taking original documentation to a f2f meeting and having to type in my first password to the system under the watchful eye of branch staff. That’s pretty tight; and the fact I’ve operated without loss or fraud for over a decade since tells me something. You can argue that it’s not “leadership in the identity space” but it’s a pretty good attempt.

  5. […] rehashing all the central registry arguments – though you can check out Achilles & the Tortoise for a bit of light relief (tl;dr vulnerable to attack by undesirables, or misuse by a State gone […]

Leave a Reply

Flickr Photos

Kitchen fox

Garden fox

Garden fox

Greenwich 21 Jan

Greenwich 21 Jan

Greenwich 21 Jan

R61_9706

R61_9607

R61_9577

R61_9570

More Photos