Feeds

ID cards: a guide for technically-challenged PMs

Save us all billions - don't do it, Tone...

  • alert
  • submit to reddit

Boost IT visibility and business value

Polluted inputs

We've already looked at several examples of polluted inputs that could undermine the system's integrity - false US ID, inadequate, arbitrary or cursory UK checking systems, and input systems from many other parts of the world whose reliability is debatable. These can clearly provide routes for the people you wish to intercept to pass through your control points and swim happily in your system. But what about the broader issue of what you do about those individuals who do not have ID that can be processed by your systems? Most of the world's population currently falls into this category, and that will likely remain the case for many years - so what do you do about them?

Well, in order to process them you need to give them some form of ID that your system can process, and on a small scale we're already doing this. Most people visiting the US will now, one way or the other, have their biometrics on the US database, and the UK can been phasing in fingerprinting of travellers coming from areas with a high incidence of asylum seekers. But what are we actually doing in these cases? Effectively, we're creating an ID that is valid within our system for the individual, and as always that ID is only as good as the inputs on which we base our decision.

The US or British consular official who grants the ID will make the decision on the basis of interview and supporting documentation, but how sure can we be about the validity of the information presented? And the more applications we have to process, the less likely we are to conduct examinations of the detail necessary for us to have confidence in that information. To avoid either being overwhelmed or ending up presiding over a rubber-stamping system, we therefore have to pressure countries to introduce ID systems which we can then presume provide a valid and accurate statement of an individual's identity. But will be really be confident in these, or will we simply be making that presumption in order to stop our own systems breaking down?

So who the hell do you think you are?

We shouldn't get too sniffy about the reliability of identity systems in the developing world, because when it comes down to it we in the west have precious little justification in being so damned sure about identity. Try this little parlour game, which I promise you has a moral to it. Ask yourself who you are, how you know this, and how far back in your life you can get before you start to get a little doubtful. You won't get anything like so far back if you perform the exercise on friends and family, but stick with yourself for the moment. Your family can vouch for you up to a point - but are they telling the truth? You have a birth certificate, but is this really you? Is the information on it correct? How do you know?

Fingerprints don't work when you're born (even David Blunkett doesn't fingerprint newborn babes yet, anyway), and general DNA testing at birth doesn't exist yet either. But say it did, and you were then able to point out that your DNA matched the DNA on the birth record, therefore you were definitely you... Er, who? Of itself this simply means your DNA matches the birth record, which is just as close to establishing ID as your fingerprint matching your passport (we covered this, right?). But it also provides proof that you are related to the people in your immediate family (or not - hey, mom...), and various things about your broader ancestry.

Effectively, what it's doing is establishing an identity for you in relation to the identities of a number of people surrounding and preceding you. But your identity, or what you think of as your identity, is something that has been assumed, generally, and by the accepted systems, as genuine at some point. This is probably around time of birth, but not necessarily, and not entirely - Fergusson, for example, suggests a Fergus as parent (allegedly...) at some point in the past, while Smith suggests an ancestral occupation and Pasteur a dairyman (joke - don't write in).

Identity is actually something that is established through a series of factors, history, occupation, location, parentage, and the whereabouts and circumstances of you or your ancestors when state systems began to require fixed and recorded tagging systems. The existence of these fixed systems does not however mean that you do not have multiple identities or identifiers (more people in my street, for example, will know me as the bloke at the top of the road with the dodgy old motor than will know me by name), nor does it mean that what they regard as fixed is what you personally regard as your identity.

But they've got something they're happy to think of as your unique identity, and we think of what's happening now as a successor to the processes that defined that ID for them. In developed countries at some point in the past couple of centuries the music stopped, censuses were taken and identity standards were defined. Now governments are pushing for a similar, global exercise that will result in everybody having what government will view as a standard identity, and where there is no pre-existing reliable identifier (as in the instances where people who didn't use surnames were assigned them), a new, relatively arbitrary one will be created.

As we've seen, this doesn't get us very far, because what we're interested in is the things that are associated with this identity, rather than the identity itself. Granted that false identities will inevitably be imported into the new systems, we'll need to wait at least a generation for these to work through, and granted that the systems' efficacy in fighting crime is dependent on accurate input of new associations, we'll need to wait a lot longer than that. But we will be able to say who everybody was saying they were when they first entered the system. Cool - but is it helpful, or worth the money? ®

Related stories

Blunkett ready to force through compulsory ID for UK
Draft ID card bill makes it to Queen's speech
Mission impossible? Blunkett's big biometric ID adventure

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?