Using the right lenses for developments in identity management
posted by:Dr. Miriam Lips // 11:48 PM // April 04, 2006 // ID TRAIL MIX
Many of you may have noticed that an important Bill for the future of UK central government’s Identity Management Policy recently has passed an important hurdle for further implementation. Having received Royal Assent after being bounced between the House of Commons and House of Lords several times, the UK Identity Cards Bill will now be passed as law. Aims of the UK central government are to introduce a national ID card containing three biometric identifiers, together with a National Identity Register acting as a central database in which a range of details about individuals will be stored. After a political tussle between the House of Commons voting for the ID cards to be compulsory whilst the House of Lords continually voted for the cards to be kept voluntary, the House of Lords offered a compromise to the House of Commons that anyone renewing their passport will have details put onto the National Identity Register but will not be forced to have an ID card until 2010. One reason for the compromise is that 2010 will be after the next general election in the UK: if the Conservatives gain power at the next vote they claim that they will look to abandon the ID card scheme.
As things stand, every UK citizen over the age of 16 who applies for a new passport from 2008 will have details added to the National Identity Register, including biometric information. The first ID cards will be issued to passport applicants in 2009. The intention is that ID cards may be used as travel documents for within the EU, meaning that passports might not be needed. Those who never apply for a passport will not need to have an ID card, but will be able to apply for a ‘stand alone’ ID card if desired. Foreign nationals that abide legally in the UK will also have details entered onto the Register. A card will be issued that acts as a residence permit. Research findings show that UK citizens are generally supportive of a national ID card (Dutton et al, 2005, p.114; Home Office, 2003; Detica, 2004), or even consider their introduction as inevitable (Cragg Ross Dawson, 2004, p.6).
The UK government has defended its proposals for a variety of reasons, including prevention of benefit fraud, prevention of terrorism, prevention of identity theft and authentication in e-government services. Besides for a whole range of e-government applications it believes the cards will be used by a number of different organisations, such as banks, Royal Mail, libraries, video/DVD rental companies, mobile and fixed line communications service providers, travel agencies, airlines, higher education institutions, retailers, property rental companies and vehicle rental companies. To further facilitate this development the government will provide Identity Verification services for accredited organisations to check an individual’s identity, for instance when opening a bank account or registering with a GP.
Critical voices in the UK point at seemingly unrealistic technical expectations of this ID card scheme, using arguments such as the fact that neither the major contractors nor the government have shown themselves capable of organising and implementing an outsourced IT scheme on this scale: for instance, no country has attempted to use biometrics technologies to register a population the size of the UK (The LSE, 2005); the proposed requirement for 100 per cent accuracy seems to be unrealistic: has there ever been an identification system which is 100 per cent accurate? (Neville-Jones, 2005); trials of the card scheme have demonstrated that a substantial number of specific groups of the UK general population (e.g. disabled people) may not be able to enrol on biometrics based verification schemes (UK Passport Service Biometrics Enrolment Trial Report, 2005); a critical voice from industry: ‘a national ID card for the UK is overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy' (Tavano , 2005)(Biometrics specialist for Unisys, one of the companies considering bidding for contracts. Quoted in The Guardian, 21 October 2005); and, from a collective group of LSE academics, that the government proposals for a secure national identity system are too complex, technically unsafe, overly prescriptive, massively more costly than government is itself estimating and lack a foundation of public trust and confidence (The LSE, 2005, p.3).
Looking at the UK national ID card debate from the academic, “ivory tower” this debate seems to be illustrative for the way in which identity management (IDM) issues have been tackled by governments so far. Optimal security, technical reliability, ID “theft ” (ID theft as a concept has only emerged recently. The theft or fraudulent use of ID documents however exists for a long time.), privacy, public safety, and accuracy repeatedly have been important topics in public decision making about personal identification and authentication systems at many occasions in the past. This debate therefore is not a new debate emerging in the current era, but can be observed regularly in many national public decision making arenas since the implementation of the paper-based passport system several centuries ago. Interestingly, through time, there have not been notable changes in the use of the passport as an authentication system in various service related procedures between government and citizens.
This similarity in restricted, mainly technically focused IDM topics may also explain the current ease with which governments are trying to copy ID card systems or authentication systems from ‘best practices’ available in other countries, with the Belgian eID card as a clear favourite at present. From a technical perspective new forms of personal identification, authentication and IDM seem to be acknowledged as enhanced technical ‘solutions’ to be used in similar identification and authentication practices compared to the past.
However, in the UK context some critics have pointed at the overemphasis in the public debate on the visible, technical means of identification proposed by the UK government, the ID card itself, and, with that, the lack of public attention for the more invisible aspect of how citizens’ data will be handled by the UK government (eg Davies, 2005, p.38; the UK House of Lords Constitution Select Committee). It is this particular insight that seems to trigger some important questions. What empirical understanding do we actually have about the implementation and use of new forms of personal identification, authentication and IDM in citizen – government relationships? Has the UK been engaged in the right public debate so far to be able to effectively address the more fundamental question of potential change in citizen – government relationships due to new IDM means and forms, namely potential change in important institutions in the public domain, such as citizenship?
The history of the use of the passport for instance shows us that personal identification procedures especially changed during moments of societal ‘crisis’, such as the French Revolution, the First World War and the Second World War (Torpey, 2000; Agar, 2003). Although the authentication system itself, the paper-based passport, more or less stayed the same through time, the frequency and intensity of its use as well as the officials executing the authentication process usually changed during these periods of crisis. A similar effect can be observed in more recent times after the events of 9/11 and the London bombings.
By using an historical perspective it is very interesting to see the changing meanings, uses, and values attached to a similar technical means and process for personal identification through time, the passport. For instance, the first passports and passport controls for that matter were not so much used to regulate citizens’ access to spaces beyond their home country as we are used to today, but to prevent people from leaving their home territory. Consequently those citizens leaving their Kingdom (i.e. under the old regime in France) were required to be in possession of a passport authorising them to do so. The main purpose of these documentary requirements was to forestall any undesired migration to the cities, especially Paris (Torpey, 2000, p.21).
Somewhat further in time, in the early 19th century in Prussia, the practice could be found whereby incoming travellers were provided with a passport from the receiving state rather than by the state of the traveler’s origin. These passports were no longer issued by local authorities but by higher-level officials. The foreigners and unknown persons circulating in the country were to be subjected to heightened scrutiny by the Prussian security forces, with the assistance of specific, legally defined (The 1813 passport law in Prussia) intermediaries like landowners, innkeepers and cart-drivers (Torpey, 2000, p.60).
Generally in the 19th and 20th century we may observe a development towards two models for citizenship attribution and the related issuing of passports to citizens, namely on the basis of ius soli (“law of the soil”) and ius sanguinis (“law of the blood”) (see for instance Brubaker, 1992). The latter model had to do with the development of enhanced mobility of citizens beyond the state’s territorial boundaries, especially for economic reasons, and the possibility for nation states therefore to continuously keep a relationship with citizens living abroad.
What this alternative, empirical perspective reveals to us is the profound influence these new forms of personal identification and authentication may have on the governance of citizen – government relationships. Institutional innovation, the renewal of traditional citizen –government relationships as a result of the creation and development of new information practices, appears to be happening due to the introduction of IDM in various electronic citizen – government relationships . A new ‘law of informational identity’ may soon replace the existing models of citizenship attribution in the analogue world, ius soli and ius sanguinis.
Similarly to the analysis of the passport’s history we may observe that borders between customers and non-customers of government organisations; identified or non-identified subjects of the state; authenticated citizens or non-authenticated citizens, are being reset as a result of these newly available forms of authentication and identity management in e-government relationships. Not only does the same authentication system allow the possibility for government to provide people with access to its virtual territories; it also allows governments to keep people out of them. Analogously to the Prussian era where intermediaries like landowners, innkeepers and cart-drivers supported the government in the checking and validation of a person’s identity, new trusted third parties are emerging, such as banks, telecommunications providers, and credit reference agencies, to help government to check people upon their trustworthiness.
The history of the use of passports and their changing meaning in society shows us how important it is to look beyond their technical characteristics and, thereby, to make use of alternative perspectives in empirically exploring the introduction and functioning of new identification ‘technologies’. It also makes us aware of the importance to perceive the use of IDM systems in an evolutionary way and for instance to look for punctuated equilibria (Baumgartner & Jones, 2002) in the historical evolution of ICTs, e.g. the periods of crisis during the history of the passport, as important moments where changes often may happen in the use of these technologies.
What will happen in eras of crises with the application of this newly developing model of citizenship attribution, the ‘law of informational identity’, remains to be seen. Whilst there is this chief concern with enhancing e-government service provision to entitled, trusted citizens, there is, nonetheless, recognition that the security agenda of modern government is adding to a climate wherein the identification of the citizen is seen as of paramount importance. If services to the citizen are to be provided effectively, then identity issues come to the fore. If enhanced personal and State security is paramount then, once more, the means of identifying individual citizens becomes of crucial importance.
Dr Miriam Lips, Research Fellow at the Oxford Internet Institute, University of Oxford.
Together with professor John Taylor and Joe Organ she is working on an empirical research project on ‘Personal Identification and Identity Management in New Modes of E-Government’, sponsored by the UK Economic and Social Research Council’s e-Society Programme
Agar, J. (2003), The Government Machine: a Revolutionary History of the Computer, The MIT Press.
Baumgartner, F. & B. Jones (eds) (2002), Policy Dynamics, Chicago, University of Chicago Press
Brubaker, R. (1992), Citizenship and Nationhood in France and Germany, Harvard University Press, Cambridge
Cragg Ross Dawson (2004), Public perceptions of ID cards. Qualitative Research Report, COI Ref: 262 151.
Davies, W. (2005), Modernising with purpose: a manifesto for a digital Britain, Institute for Public Policy Research, London, UK.
Detica (2004), National Identity Cards: The View of the British Public, April 2004
Dutton, W.H., C. di Gennaro & A. Millwood Hargrave (2005), The Internet in Britain : The Oxford Internet Survey (OxIS), May 2005, Oxford Internet Institute, University of Oxford.
Home Office (2003), Identity Cards – A Summary of Findings from the Consultation Exercise on Entitlement cards and Identity Fraud, Cm 6019.
Neville-Jones, Dame P former chair of QinetiQ. Reported on 18/10/05 by silicon.com, 'Lack of "balls" in Whitehall will hinder ID cards' Will Sturgeon http://www.silicon.com/publicsector/0,3800010403,39153447,00.htm