Communications - May 2008

Technical Opinion

offering new vulnerabilities while dangerously increasing our confidence in a scheme that is advertised as the ‘gold standard’ for secure identity management.

Another problem faced by the Home Office in implementing identity cards is the process of enrolling the support of other government departments and industry to make use of the scheme. By linking enrollment into the Identity Cards Scheme with the voluntary renewal of passports (also managed by the Home Office), the department is able to ensure a relatively smooth rollout of the scheme over a 10-year period. However, as a consequence, for the first four or five years of the scheme, fewer than half of the eligible population will have identity cards. Until nearly all the population is enrolled in the scheme and has been issued identity cards, there will be little incentive for organizations to buy into the verification services of the scheme, affecting the cost-effectiveness of the scheme as a means of providing identity management solutions for the country [ 2]. This problem is heightened with the recent announcement that the rollout of identity cards to British citizens will be delayed until at least 2011 or 2012.⁶If identity fraud is indeed getting worse every year, it will get much worse before the solutions devised nearly a decade and a half earlier have any significant effect.

Moreover, by focusing on high-tech solutions, the Home Office risks downplaying other, lower-

⁶See www.ips.gov.uk/identity/downloads/national- identity-scheme-delivery-2008.pdf.

tech, solutions that might be equally effective. For example, one recent recommendation is that all consumers be given a free copy of their credit rating every year. Giving individuals access to the means of discovering whether or not they are being impersonated is one of the most powerful means of combating this form of fraud. Another solution would require banks and credit card companies to bear the risk of identity fraud and as a result the market could come to its own solution.

Other such possible measures that could help address identity fraud include:

• Working with the credit reporting industry to ensure that, on an opt-in basis, access to files involves security measures (prompt questions and so on);

• Helping industry to develop a secure means of automated notification whenever files are accessed or amended;

• Making paper shredders sales-tax
exempt and tax deductible; and

• Promoting secure online account activity to reduce the amount of paper documentation in circulation.

A final recommendation, which again would be more meaningful coming from a government department with responsibility for trade or finance, would be to require public disclosure of all data losses and mass data thefts from companies and governments, following on the trend started by a number of U.S. states. When people are more aware of security risks they may be in a better position to

judge the likely benefits of emerging solutions including biometric technologies and credit-managing companies. After all, a better understanding of the nature of our vulnerabilities may lead to better solutions that actually serve to solve problems that matter to people, rather than to the policy agendas of specific government departments. c

REFERENCES

1. Berghel, H. Identity theft, Social Security numbers, and the Web. Commun. ACM 43, 2 (Feb. 2000), 17– 21.

2. Crosby, J. Challenges and Opportunities in Identity Assurance. HM Treasury, 2008; www.hm- treasury.gov.uk/media/6/7/identity_assurance06 0308.pdf.

3. Dunleavy, P., Margetts, H., Bastow, S., and Tinkler, J. Digital Era Governance: IT Corporations, the State, and E-Government. Oxford University Press, Oxford, 2006.

4. Garfinkel, S.L. Risks of social security numbers. Commun. ACM 38, 10 (Oct. 1995), 146.

5. Guizzo, E. Loser: Britain’s identity crisis. IEEE Spectrum (2006).

6. LSE Identity Project. LSE Identity Project (Main Report), London School of Economics and Political Science 2005; identityproject.lse. ac.u.k./identityreport.pdf.

7. Owen, K., Keats, G., and Gill, M. The Fight Against Identity Fraud: A Brief Study of the EU, the U.K., France, Germany and the Netherlands. Perpetuity Research & Consultancy International (PRCI) Ltd 2006; www.perpetuity-group.com/prci/publications.html#euid.

8. Whitley, E.A., Hosein, I.R., Angell, I.O., and Davies, S. Reflections on the academic policy analysis process and the U.K. Identity Cards Scheme. The Information Society 23, 1 (2007), 51– 58.

EDGAR A. WHITLEY (e. a.whitley@lse.ac.uk) is a Reader in Information Systems in the Department of Management at the London School of Economics and Political Science, U.K. IAN R. (GUS) HOSEIN ( i.hosein@lse.ac.uk) is a Visiting Senior Fellow in the Information Systems and Innovation Group, Department of Management, London School of Economics and Political Science, U.K.

CI
CII
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
CIII
CIV

one page

share

print

SlideShow

fullscreen

Open Article

article text for page

< previous story | next story >

add comment | read comments

Share this page with a friend
Save to “My Stuff”
Subscribe to this magazine
Search
Help