Before I dive back into the report due TUESDAY (!) I’d like some advice from an application developer or some such type.

How hard would it be to develop a software application to run on PCs, notebooks, etc., etc., whose sole purpose in life would be for me to manage my identity? (Er, why would I trust anybody else to do this?)

1. I enter the details I want one time (except when they have to change)
2. I mark the details as public, semi-public and private
3. It outputs the data (after I have explicitly given permission) in a published XML schema
4. It is encrypted (or encryptable)
5. The schema is published publicly
6. Organisations can apply to the application developer for a daily key
7. Organisations can validate my identity with a rating following transactions (maybe stars, the way Amazon rates books with a place for automated comments. ‘We delivered books to this individual’s address on this date with no identity problems encountered.’)
8. Comes with tamper alarm
9. I may choose to save at developer’s secure website as a backup

You may say it’s a lot of bother to do it this way. I would retort that it would save a lot of bother for organisations and they would fall all over themselves to adapt to it.

It could be packaged into an existing computer protection package, ala Norton… or it could be an Open Source project developed by those concerned with related issues.

Why would I trust someone else with managing my identity?

Yesterday’s post on Identity Management got quite a few good responses–thanks. Here’s a lengthy excerpt of the draft version of what we will submit to the CSIA regarding convergence. The entire section is here on our wiki. Please take the time to read and comment–any howlers in here?

Convergence represents both the greatest opportunity for service delivery and the greatest potential threat to information assurance in our broad basket of subject areas.
Our information gathering exercise identified five different areas of convergence. Broadly, they include:
• General: Convergence (converged environments/networks) defines a multi-media environment and/or network where signals regardless of type (i.e. voice, quality audio, video, data, etc.) and encoding methodology may be seamlessly exchanged between independent endpoints with similar characteristics.
• Media: A theory in communications where every mass medium eventually merges to the point where they become one medium due to the advent of new communication technologies
• IP: The migration of multiple legacy networks of data, voice, images and video into a singe integrated IP based network which facilitates higher efficiency in operational management and utilization of a network.
• Technological: The modern presence of a vast array of different types of technology to perform very similar tasks. Also included in this topic is the basis of computer networks, wherein many different operating systems are able to communicate via different protocols.
• Fixed Mobile: Fixed and mobile telephony convergence aims to provide both services with a single phone, which could switch between networks ad hoc.
Each of these different areas are moving quickly and several impact upon each other.

Key Findings

Each of the above contributes to a broadly similar set of issues relating to information assurance
1. Physical security of information: The increasing capabilities and smaller size of devices with access to networks and sensitive information (miniaturization is discussed elsewhere) makes theft, hacking or corruption easier and hence more likely.
2. Non-physical security issues: Attacks against one network using IP may degrade performance of other networks sharing the same infrastructure, due to:
3. Network dependence: The Internet was famously designed as a back-up communications system for use in case of catastrophic failure of traditional communications via telephone and radio. As more information flows migrate to the Internet, capacity issues are already evident. In future, if satellite broadcasting is abandoned for IPTV or wireless access to telecommunications services makes copper connection to homes redundant, an over-reliance on the infrastructure of the Internet introduces vulnerability to attack. What will be the back-up for the Internet?
4. As services converge, some of them will be life-critical to citizens: IP 999 services, telemetrics for those with chronic diseases, etc. As more devices converge around a single physical platform and single network, the number and importance of services will increase, as will their vulnerability to network failure. (This relates to identity management, as access denial can have health consequences.)
5. Although in one sense convergence provides new and exciting opportunities, dealing with convergence issues may impose unforeseen costs on government services. To give just one example, as technical capabilities make it possible to offer more services to the disabled and elderly, political pressure to provide these services may be strong. Adapting service delivery to account for convergence may be expensive. Certainly, dealing with threat to information assurance programmes will not be trivial.
6. As convergence will evolve over time, and may include divergence (see below), dealing with related issues will in all probability take time and effort.

Divergence

A related concept involving emerging technology is Divergence. Following the combination of diverse tools into single devices and migration to the most appropriate delivery platform, a new set of innovation involving single purpose tools for more efficient delivery is sure to follow. Some of these will present particular opportunities for public service delivery, notably for disabled citizens, but also for field workers of government agencies.

Implications for UK Government

Our recommendations regarding convergence might seem schizophrenic, on the one hand urging a bunker mentality towards information security, and on the other hand recommending greater openness and flexibility in insuring government’s ability to deliver services capable of meeting users’ needs. However, convergence issues will present a significant challenge to government, and will likely require cross-departmental co-operation to manage. The key will be to keep services open and flexible, but information secure and redundant.
• Mothball programme. Preparations should begin now for the preservation of non-electronic service delivery mechanisms that might be abandoned by public and private sector organisations, including:
o Broadcasting capabilities
o Physical connections to home and business (or transition to utility companies)
o Switching networks for telephony
• Agreement amongst all network users on prioritized cut-out list in case of emergency, with automatic cascading cut-offs with pre-agreed triggers and a named individual or organisation responsible for initiating a cut-off sequence and notification of affected parties when cut-off occurs.
• Security protocols should be strengthened in advance of the introduction of converged devices with new capabilities:
o Suppression of wireless communications capabilities in locations with access to sensitive data or systems
o Disabling access to internal networks from unauthorized devices
o Disabling auxiliary ports on computing devices with access to sensitive information, including floppy disc drives, CD-ROM, DVD and USB ports.
o Removing Bluetooth and other low-power radio access capabilities from devices with access to sensitive information
o Packet-sniffing on utility connections

Citizen Centric

From the citizen’s point of view, as more services are delivered online and more citizens elect to use electronic transactions, they (we) will have different expectations due to convergence:
• Will I be able to access and transact with government using non-computing devices?
• Will all government services converge on online delivery? What if we don’t want that?
• Can I get 24/7 availability of all government services as reliably as provided by the best companies?
• Can convergence help us to deal with access issues for the disabled?

We will be giving a draft of our report forecasting the impact of emerging technologies to the CSIA next week, if we don’t collectively develop writer’s cramp. It is based on what you have told us on this blog and what’s been put up on our wiki. Since you did so much to build it, you get the chance to inspect it before it’s delivered.

We will post it in stages on the wiki and excerpt it here. In total, it is to be 20 pages in length. In a previous post, we told you which subjects would be covered in the report. We also took the decision to highlight 3 issues for more in-depth exploration, those issues being Identity Management, Convergence and Nanotechnology.

Here is the overview for the Identity Management section, followed by our thoughts on the implications for UK government. The entire section will be on the wiki’s Identity Management page. If you don’t think this is what we should be telling the Cabinet Office, tell us here or on the wiki, or email me at tom dot fuller at kable dot co dot uk.

Identity Management Overview

The topic is discussed in depth here:

Not truly an emerging technology, identity management is an emerging discipline growing out of IT security and password/certification authentication and communications. Of the relatively tiny number of academic publications and patent filings found at Scirus (a cross-disciplinary database of scientific publications), 89% of journal publications and 93% of patent filings with the phrase “identity management” in the title, abstract or text were published after 2002. It must be emphasized that little work has been done in this field; only 321 academic publications are found on Scirus and 597 patent applications in total. This compares with 17,833 academic publications and 8,309 patent applications for “biometrics.”

Identity management issues transition to information assurance issues, sometimes seamlessly. ID management has a tighter focus, concerning itself with the management of the identity life cycle. However, it should be noted that

if identity management fails, information assurance is impossible

Citizen-Centric

• Do I trust the system that holds the information used to authenticate my identity? Will they lose it, sell it or abuse it?
• Can I manage the multiple logins and passwords mandated by the numerous systems I interact with?
• Do I have to continuously re-enter the same information time after time, frustrating me and increasing the chances of an error on my part or on the system’s?

Implications for UK government

• Biometric information used in identity management should be encrypted prior to transmission. Encrypted biometrics enables a more robust data management programme
• The most successful systems rely on user input and verification of data.
o Amazon and eBay have systems that are more robust than banks, as they get information directly from the user alone, and prompt for updates with each transaction. Banks get information from customers too, but it is at the beginning of the relationship and they do not prompt for information change, and side inputs from other sources (credit rating agencies, etc.) are prone to much higher error rates.
o Information assurance programmes willing to accept private sector verification of identity might well consider using retailers that make home deliveries, looking for recency of successful interaction rather than length of relationship.
 The number of online shoppers was estimated at 14.5 million in 2005, including 2.7 million over age 55.
• Information assurance programmes that do not carefully vet every element of identity management procedures in sub-hierarchies should not rely on those organisations’ attestations of verified identity.
o An ongoing audit programme including attempts to defeat individual systems should be a vital part of any information assurance programme
o More importantly, the audit programme should try to construct false identities using information from a variety of systems to establish bona fides, with a goal of getting drivers’ licenses and passports. Information from these efforts should be shared only with system owners in efforts to improve system performance, to improve co-operation with affected organisations
• Of pressing current interest is the use of mobile wireless networks for Internet access. Laptop computers that use an unsecured network should not have confidential information on them, nor should they be permitted access to confidential information. Identity management protocols should identify the status of a user’s network connection and politely deny access until a secure connection can be established. Individual laptop computers that permit storage of or access to confidential information should be configured to prevent access to unsecured networks.
o As the physical security of laptop computers is not addressed elsewhere in this report, we take this opportunity to note that:
 laptops should have a proximity alarm installed to remind the user not to leave a laptop behind,
 a form-based permission mechanism should be used to minimise the loading and retention of confidential information on laptops. This could include automatic destruction of sensitive data after a date set by the user
 GPS tracking should be used to retrieve lost or stolen laptops
 Preparations should begin now for similar security protocols for mobile phones and PDAs to future-proof identity management systems prior to introduction of devices with capabilities much greater than present versions

Have at it!

Here’s our preliminary assessment of the main categories of emerging technology issues, along with an impact rating. Each is discussed in more preliminary detail on the Blindside Wiki. We will be reporting to the Cabinet Office in mid-July on those that assessed as having an impact level of 3, and need full expert descriptions by that date.

This is your chance to tell us we’re on the wrong track: to add stuff; to argue that somethings missing, over-rated or under-rated. Don’t miss it!

Category Impact (from 3/high to 1/low)
————————
CCTV 3
Convergence 3
Location-based services 3
Mobile and Pervasive Computing 3
Open Standards 3
Anonymity 3
Data breaches 3
E-Voting 3
Human rights (intersection with emerging technology) 3
Identity management 3
NHS IT 3
Non-bank payment service providers 3
People and IT 3
Mission Critical Legacy Systems 3
Rampancy: AI gone wrong 3
Surveillance society effects 3
Semantic Web 3
Self-reproducing technologies: the “GRINs” 3
- *Geno- 3
- *Robo- 3
- *Info- 3
- *Nano- 3
Social media 3
APIs 2
Bandwidth - massive wireless and cable bandwith to the home 2
Shared Service Management 2
Ultraportable devices 2
Automated number-plate recognition (ANPR) 2
Bad sysadmin procedures 2
Bad procedures - other 2
Changes to daylight saving time in the US 2
Public sector databases on children 2
Keyloggers 2
Phishing 2
Phones as bugs 2
Technologies for Non-Repudiation 2
Underground economy servers 2
Unencrypted email 2
Biometrics - unencrypted 2
Windows Vista and other operating systems 2
Government IT projects 2
DNA terrorism 2
On demand computing (ODC) 2
Grid Computing 2
Quantum Computing 2
plus in the lower impact categories (please use the search box if you want to add to these):
Aeronautical cabin services 1
OpenDocument 1
Service-oriented architecture 1
APIs that change without warning 1
Cybercrime 1
Electronic banking 1
Fraud Websites 1
Search Engine Logs 1
Spam 1
Computing Monoculture 1
DRM and its side-effects 1
Environmental side-effects 1
Exploding Batteries 1
Optical Computing 1
User-generated content 1
Virtualisation 1
Generation C - the knowledge nomads 0

Thank you for any help, comments, suggestions.

The chaotic present and hopeful future of information systems exists in a microcosm about 30 minutes by tube from my flat, and I daily watch a stately procession of airliners descending to Heathrow Airport, a beautiful, if not quite silent, parade. It is at Heathrow airport that the current need for better performance on every topic covered in this blog is demonstrated. It is a non-sterile testing environment and the ultimate pilot project to test the ability of information systems and information assurance to integrate modern technology to meet the needs of a mass public. You may have noticed that I ticked every category we use in assigning this blog post its proper place in our own information hierarchy. It’s not a coincidence.

Let’s walk through the daily issues faced at Heathrow from an information standpoint:

1. About half of all tickets to fly are booked via the Internet, and that information must be completely available to several very different systems immediately and be perfectly accurate.
2. Parking systems must provide availability, administrative and financial information.
3. Public transportation systems must send and receive useful information about current operations and schedule changes, and receive and use similar information from several different airport systems.
4. The logistics of welcoming, feeding, watering and moving 67.7 million people per year (and taking care of 70,000 employees) are an interesting challenge, as is maintaining 48,000 square metres of retail space. Private security, first aid, tourist information, all of these have information issues attached.
5. Oh yes–core business–mustn’t forget–90 airlines, 186 destinations, 469,000 ‘air transport movements’ (er, would that translate to flights in English?) annually. Information requirements include weather at each destination, status of all airports and traffic, passenger information (but more on that below…)
6. On-time status of flights relating to connecting flights.
7. Correlating information from HMRC (well, more the C part than the R) with the Home Office (now with both parts of the newly divorced members of what was once one) and probably discreet communications with agencies using numbers as well as initials.
8. Communicating with the Civil Aviation Authority, National Air Transport System, HM Immigration–of course I’m sure they all use the same electronic forms that grab data smoothly from Heathrow systems… right?
9. Communicating with the media–and having the capability of communicating with international media
10. Having co-ordinated disaster preparedness programmes that are up to date as well as up to snuff.

Probably missed half a dozen supremely vital information systems there… but it’s Sunday morning, so it’s okay. (Did somebody say baggage?)

Lots of things to go wrong there. Amazingly, not much does. (Did somebody say baggage–again?) That’s why when things do go wrong it’s news.

Notice they don’t have an uber-contractor trying to integrate all systems and dictate technology standards and usage. Strange, that. And I’ll bet they often use trainer-net(where some employee puts on trainers and walks information to diverse destinations). But that’s how functional communities develop–and despite grumbling and glitches, Heathrow functions as an information community: People get to destinations, planes don’t fall out of the sky. Successful information communities do seem to develop from the ground up, not the top down.

I guess the point I’m trying to make is that information systems and information assurance issues develop in an ecosystem not a vacuum. Complexity in information management is probably a geometric rather than arithmetic function relating to the number of actors involved. And yet don’t we often see government requirements for information systems that are internally oriented and indeed self-referential? The box must be this big with holes here and here, and those holes must be guarded in this way. I think more than anything else, government’s inability to get value for money from IT investment is based on this issue.

Please feel free to contribute complaints about Heathrow in the comments–I’ve suffered there myself. My praise is directed at a higher level, at finding a community that functions. Your nominations?

Does this short movie contribute anything interesting to the discussion?

As this event is getting closer to hand, I am reposting William’s discussion of it from last month.

Update: You can now register online by clicking here, or here or by emailing the rather miraculous Susan Pickrell at susan.pickrell@kable.co.uk.

What are the essential unanswered questions for the UK about ID infrastructure, government’s role and its effect on business and consumers? What are the opportunities for unlocking value, wealth creation, efficiency and what are the threats to privacy and public trust?

The DTI is planning a get-together to start the process of looking at this on 9 July. There are important questions still out there, and DTI has allocated £10m for research projects to look into them to get answers starting from the autumn.

This isn’t a re-run of the ID card policy debate. We live in a democracy, Parliament has spoken, and those who want Parliament to speak again and say something different next time have to go through those channels. That’s Home Office/IPS’s patch anyway, and they are co-sponsors of the get-together. So the approach is, taking the work of IPS as a given in this landscape, what are the great known unknowns, including areas like privacy and consent.

Let’s go into the ID-enabled future with our eyes open. DTI will particularly welcome attendance at this event from people interested in undertaking the research work.

If you’re interested in coming email your details to editor [at] blindside .org.uk for now; online registration will be available soon.

If you go to Scirus and search for “identity management” you get a picture of what research and development has been going on in this field. The term returns 81,497 results–but only 321 of those results are academic journal publications containing the phrase in the title, abstract or text, and only 592 of those results are patents. This total is amazingly low, and I don’t know what to make of it. Of the 592 patents, 551 have been filed since 2002. Of the 321 journal publications, 286 were published since 2002. Compared with totals for other sub-sectors, it is clear that we are at the birth of a field–which I confess I did not know. My education continues…

One thing that’s bound to go wrong is the sheer concatenation of human error - forgotten passwords and PINs, lost ID cards, poor data entry.

According to this BBC piece we have around 20 passwords each, growing at 20% a year.