Feb 07, 2007
Responding to Richard Bray:
I realize that the tendency is to think that identity management can be assigned to a (government) office, but it's not that simple.
Identity - like a name - is something that is not merely associated with a person but which is owned by a person.
Paramount among the rights of a personal identity, for example, is the right to *not* identify oneself.
Remember when Radio Shack always used to get everyone to fill out their name and address merely in order to buy a transistor? This was something that perplexed and annoyed electronics buffs.
Whether I want to I buy a coffee or to ask for a 1998 tax form, I want to be able to do so without saying who I am.
For this reason, centralized identity systems - such as the one being alluded to in this article - failThey simply do not assign enough (or any) control to the identity owner.
That is why the best hope for online identity is some system of distributed self-identification, such as is postulated by OpenID.
Because, in the end, it is not the security needs of government and business that will drive ID adoption. That is just wishful managers clinging to the fantasy that consumers actually care about government or corporate needs.
No, the having and use of an identity must satisfy genuine needs of the identity owner. It must be in the owner's interest to genuinely and truthfully report his or her identity.
That's why ATM cards work. Accurately reporting one's identity grants one access to their money. And the motive to keep the password secret - essential for authentication - is the desire to keep other people away from that money.
It is interesting to note that while credit cards - which granted people money they didn't have - caught on instantly, it took the establishment of ATMs before corresponding debit cards became popular. People would not establish a special identity *simply* for paying businesses.
For most people, government is something they pay into, not something they get a benefit from. So there is no intrinsic motivation to cooperate with a government identity scheme.
And, indeed, there would be outright resistance were the scheme tied to such things as social insurance numbers (used to grant the bearer access to Employment Insurance) and health care numbers (used to grant access to health care services).
Again, this is because there is no benefit to the identity holder, and a loss of control.
Heck, I don't even want my Flickr identity to be known by Yahoo - I want to keep these domains completely separate - because the only thing I get from Yahoo is spam.
So in the consideration of identity and government services, while it is tempting to look for ways to find technology to adapt to the government's needs, it will also be necessary to reassess those needs to adapt to the new realities of identity.