The underpin

A quick post on identity, written after seeing Dave Birch’s marvellous TEDx talk on identity, but rooted in a Nasty Thought about identity assurance (proving things about you to be true) that’s been troubling me for a while.

To summarise current thinking on this (but do watch Dave’s talk): old identity approaches are hopelessly flawed because they try to recreate a clunky, record-based model of Who You Are: as a list, or a database, of lots of things about YOU: from name, address, date of birth, fingerprints (and whatever reference numbers anyone – typically but not necessarily the government – want to sling in there), etc. etc.

Enlightened identity thinking says: bugger that – most of the time it’s not important WHO you are, merely that you can prove a certain thing to be true for a certain purpose. So a baby-faced boozer only needs to demonstrate AGE>18. A council service user may need to show POSTCODE=BN****. This is sometimes called “authentication, not identification”, and there’s a whole marvellous book about this by Jim Harper which is basically a bible for sensible, non-Big-Brothery approaches to these issues.

Reassuringly, these principles are found within the current strategy of both the US and UK governments. Which is ace. And to be wholly applauded. (There is a lot more to these strategies than just the idea of authentication over identification, by the way, but that isn’t the focus of this post.)

No more will you have to haul out a document showing that you buy electricity in order to rent a DVD. No more does your passport have to be hijacked to confirm you can start a job. All the machinery used to hold and prove things about you can be turned upside down: instead, you control what you share with whomever you need to prove something to. Provided there is a “binding” of something about you (maybe your face, or your fingerprint) to the fact that needs to be asserted, then you get what you need without having to BE any particular person.

If that thing about binding sounds a bit spooky, look more closely at this scheme. It’s been used to verify drinking age in pubs. The important bit is that there’s no central database anywhere that a (future!) malicious government can use to attach other “facts” about you. Or that can be corrupted or lost or misused etc. etc. It simply links some data points from a fingerprint to the fact that needs to be proven (age), and serves that up neatly and securely when required. But read up for yourself how it works. It’s well thought of and has the blessing of some who really do make a habit of tearing strips off dodgy approaches to personal data and biometrics.

But this post isn’t about clever new ways of doing things differently, and better.

It’s about a problem that will still exist. It’s about something that underpins many rather trivial, low-value transactions and life events.

Sometimes it’s not enough just to satisfy a particular information need for a transaction, like verifying an address, for example. Well, it is when everything goes right. But not when things go wrong. Because if things go wrong, and you want to take action, you want to underpin the information you’ve got with something else: the ability to tie the transaction back to a particular individual. Yes, someone with a name, an address, and lots of other things that the police and criminal justice systems know you by. So how quickly will Dave’s “no names” approach actually stand up in practice, in any situation where some future recourse may occur?

Because the one recourse you ultimately have is to take action which might involve a fine, an endorsement, even ultimately imprisonment. And these are things you can’t do if you only know AGE>18 or DRIVING TEST PASSED 1985, LICENCE CLEAN. Many things you can do “as somebody else” – like paying for something – but you can’t be banged up as someone else. That’s the “underpinning” bit.

The car hire company really does need to know who you are. Perhaps not to satisfy insurance requirements, or some other aspect of the up-front transaction. But just in case you disappear… Even for something as low value as a DVD rental… And if you bump your car into someone else’s, swap details and get an odd feeling about your opposite number, are you going to be more or less likely to insist on police attendance if they pull out a decent-looking driving licence for you to note down, or scratch it out in pencil on a Post-it note? Even peer-to-peer we use underpinning as part of our understanding of trust.

Our old-fashioned “hard identifiers” are hugely important in backing things up in these cases of trust and liability. It’s that thing where it’s much more important that the system is designed for things that go wrong, rather than things that go right.

Realistically, what will actually change if we move towards an authentication culture? Will we still fall back on the same old props to do that critical underpinning of trust? It’s a hole that I perceive in these concepts of individual-controlled information.

I’d love to hear your thoughts.


  1. The car rental example is a good one.

    So you have a virtual identity from Direct Line that you use for motoring-related purposes. You rent a car as Joe Bloggs with clean UK driving licence. Then you vanish. At which point, the car rental company calls the police and the police send a warrant to Direct Line and Direct Line tell them that Joe Bloggs is actually you. As far as I can see, this is a good balance to set.

    So long as you behave, you have privacy, but there is a “smash the glass” option under judicial control.

    Thanks for the thoughtful comments.

  2. Thank you – that’s helpful. I do still wonder what sort of leap it will take for “transferability of trust” like that to become a reality. Yes, they’ll say, that’s all very well, I can get what I need from Direct Line in theory… but tell you what, just to be on the safe side, let’s see your docs anyway. In fact, my manager tells me that’s our policy now if you want to use us, nothing I can do about it mate…

    I’ve often said that I’ll really start to believe the government line on federated identity on the day that an HMRC employee can walk into a DWP building using their HMRC pass 😉

    Theory is one thing. Changing norms is something else entirely.

Leave a Reply

Your email address will not be published. Required fields are marked *