private briefing for sir james crosby by william heath
DESCRIPTION
never-before published private briefing by William Heath and others to (the since-disgraced) Sir James Crosby who was heading up an ID Scheme review for Gordon Brown. It makes the point that if one explored the "market" for the Home Office's plans one would end up with very little to put in the business case.TRANSCRIPT
IDM: Key misunderstandings and outstanding questions
April 11 2007
Review the current and emerging use of identity management in the private and public sectors and identify best practice.
Consider how public and private sectors can work together, harnessing the best identity technology to maximise efficiency and effectiveness.
Aims
Apart from the true cost and implied benefits… What is the real market for this
Who will pay for the service? How much? How often?
How time-sensitive is that market? What other solutions are coming forward and
what might their impact be?
Payback on the ID System: what we still need to understand
…and checking identity does not check intention
Whether wilful or accidental there’s a recurrent false premise in government service planning. Let us spell it out: You can prove entitlement and remain anonymous Minimal disclosure is an essential part of good security And an essential part of good service that meets legal requirements
and respects people’s dignity
Market demand for “entitlement” or “authority” checks does not necessarily mean demand for ID-checking
Proving entitlement or authorisation is not the same as proving identity
The forked tongue of industry Sales-driven versus science-driven approach
Observable symptoms of Home Office approach Groupthink, secrecy, introspection, poor market
awareness; lack of empathy
Requirements of political presentation Relative silence of the customer, the intended
beneficiary of personalised services
More barriers to clarity in the ID management conversation to date
“Most of our attendees were of the opinion that they could adequately identify themselves in all situations where they are required to do so and very few thought that additional identifiers were necessary.”
DTI-sponsored Trustguide research by BT and HP
Do customers want ID services?
People as taxpayers, customers, citizens, individuals, travellers, employees, crooks
Businesses (and other legal entities like clubs, societies and NGOs)
Government organisations – central, local health, police, education justice, transport)
To start market segmentation we separate three types of player:
All identify themselves to each other (eg G2B, B2P, P2G)
People Business Government
People
Business
Government
The IPS system services personal ID needs of business and government
IPS can help government and business ID people
Elective individual choice exercised by customers and clients who want convenience, feel in charge
Control and regulated – “by the powers vested in me/thou shalt”: pay tax, conform to law and regulations, help police and security services
Group – “As a member of this club I’ll put up with the rules” (eg employment, loyalty schemes)
P2G and P2B relationships take three different forms…
G
B
P
G
B
P
GBP
G
B
P
Elective
Group
Control
The IPS system probably applies to the ‘control’ relationships only
Offline Centuries-old culture of identity and reputation But there is new technology esp. biometrics Emerging technologies drive applications
Online: Fast adoption of inherently insecure home PCs Internet “identity” is not sorted yet Rapid, fundamental online ID developments
Identity management issues are different offline and online
The IPS identity management service works offline only at this stage
Between people and business KYC requirements Credit referencing New risk management and services like URU, Paoga
Between people and government Government Gateway; Gov Connect Existing ID legacy (CIS, DVLA, NHS etc) We can list 400+ public sector schemes under way with
an IDM component
What else is happening in G2B and B2P spaces?
Are events moving in our favour anyway?
Are the issues the ID System addresses getting worse or better?
Political effect: fallout or upturn?
Does industry have a different story to tell?
It’s a U-turn and ‘we have no reverse gear’
Wastes all £ and political momentum to date
Loss of perceived benefits, and problems persist
Bad for IT suppliers: ‘loss of trust in gov as client’?
Costs less
Lets on-line mature
Chance to be more open, thoughtful and customer-centric
Home Office sorts itself out
Pause for reflection
Election effect?
Will the world move on?
What ARE the benefits?
Does business case stack up?
Too long to deliver any benefits that business will value today
Alternate solutions will be in place
No change needed
Good for IT suppliers
Get benefits as expected
Less disruptive (under wing of passports process and international obligations)
In line with passport renewals
Is there a return? Is there a market?
Effect on resistance/refuseniks?
Can we be faster/smarter than online?
Do we want world lead?
More £ risk & sooner
More technical risk
Procurement risk
Uncertain science
Social risk
Faster benefits & return
Pre-empt competition
Makes sense for business
Better for IT suppliers
Take world lead
Accelerate roll-out
?-+
ID system roll-out: is time on our side?
March 2001: Microsoft announces Hailstorm Emphasis on empowerment and personalisation Global centralised ID & credential mgt service
April 2002 – MS shelves Hailstorm New principles of acceptable identity: citizen-
centric, standards based, interoperable etc Microsoft announces Infocards in 2006
A central ID management idea that failed the market test: MS Hailstorm
One Microsoft year equates to how many government years?
Expose the barriers to clarity Real role of hardcore ID (not entitlement, authority) Which problem are we asking IT industry to solve Above all, what do customers need and want?
About the IPS plan Define and size the market for its service Use that as evidence for the investment timescale
Things to focus on…