EXPERT OPINION: David Birch - eID for 21st Century

The issue of identity is hotly debated in many countries, but it often seems to be an oddly backward-looking debate that presumes outdated \'Orwellian\' architectures: the mental model is of index cards and filing cabinets. In the modern world, surely we should be debating the requirements for identity management schemes and not simply inheriting ancient offline ideas about identity and trying to \'electronify\' them. Can we do this? Can we assemble a set of requirements understandable to politicians, professionals and the public?

We have had some difficulty to date. We all understand that identity infrastructure is critical to the future, merged virtual-and mundane economy (and society), but we lack a compelling, narrative vision that we can use to capture the real requirements for the 21st century. As a result, we are constructing a legacy system that will subvert the rational goals of worthwhile schemes. I am sure we are not aiming high enough. The technology we have can deliver far more than the politicians, professionals and public image: in particular, it can deliver the apparently paradoxical result of more security and more privacy by exploiting chips, biometrics and cryptography.

In my talk on this topic at TED1 I used the British sci-fi hero Dr. Who’s psychic paper for the narrative. Not only was this a simple, clear vision that is familiar to the expert and layperson alike, but it is a very useful artistic representation of the capabilities of the technology. The essence of this narrative is pseudonymity, which should be the central construct of the future identity paradigm: inherent in this is the privacy-enhancing technology (PET) infrastructure based on attribute certificates and selective disclosure. Instead of smearing our identities across the transactional space, we will be disclosing only those attributes relevant to a transaction. In almost all transactions, almost all of the time, the identity of the counterparties can remain hidden and safe.

The combination of these tamper-resistant chips, wireless communications, biometric authentication and cryptographic technologies that already exist are more than adequate to deliver a 21st-century infrastructure with all of these desired characteristics. One can easily envisage, to give the obvious example, a national identity scheme that uses biometric identification purely for the purposes of uniqueness together with a mobile phone-based secure element to store keys (with biometric authentication now about to enter the mass market as signalled by Apple’s authentication of Authentec).

None of these technologies have to be perfect in order to function together in a properly-designed system that can tolerate imperfection: so, if the tamper-resistant chip is counterfeited that should not mean that a biometric database entry can be duplicated (in other words, counterfeit cards should not mean counterfeit identities) and, similarly, if the database is compromised so that the biometric record can be altered that should not mean that the on-card biometrics are changed.

Chips, mobiles and biometrics can do things that cardboard cannot. They do not need us to trade off security and privacy in a balance. Developing narrative based on a forward-looking (and exciting) vision for identity leads to an eminently practical solution that delivers the apparently contradictory result of more security and more privacy, using those existing technologies in an open and extensible way, allowing a new identity ecosystem to grow and flourish. The frameworks for these ecosystems are developing as well as the technologies, although they have not yet converged. We can see what I call an 'Atlantic' model developing through NSTIC in the USA and IDA in the UK. There is a Scandinavian model based on zero-liability bank identities for government and private sector services as well as a European model that uses government-issued identities for access to public and private services. I tend to think that the ‘mixed’ Atlantic model where the government sets a framework but both private and public sector provide identities and attribute services looks like a reasonable implementation.

Essential to this practical implementation is the smart identity device that uses the principles discussed above. This may be a card, tablet or something else in the future but for any reasonable timescale for strategic planning today, I think it will almost certainly be the mobile phone that serves (as Tony Fish says) as a sort of remote control for identity in the cloud. In day-to-day use, in the overwhelming majority of cases where someone will be using their ID, it will not be to show who they are, but rather to prove something about themselves: they are entitled to be in the UK, use the local leisure centre or read a particular e-mail.

The ‘default identity’ that most consumers will select via their mobile phone will probably be one from their mobile operator that discloses nothing except perhaps whether the holder is over 18 or not.

The mobile remote control ID can disclose the relevant credentials with no need to access a central database or with the unwarranted disclosure of other credentials — using well-known and wellunderstood cryptographic techniques — and this is what will make it the 21st century ID.

About David Birch

David G.W. Birch is a Director of Consult Hyperion, where he provides specialist cons ultancy support to clients around the world, including all of the leading payment brands , major telecommunications providers, government bodies and international organisations, including the OECD. Consult Hyperion helps organisations around the world to exploit new technology for secure electronic transaction services from mobile payments and 'chip-and -PIN' to contactless ticketing and smart identity cards.