30/09/09copyright - the earl of erroll1 lord erroll - merlin member of the house of lords - an...
TRANSCRIPT
30/09/09 Copyright - The Earl of Erroll 1
Lord Erroll - Merlin
Member of the HOUSE of LORDS - an Independent Peer
PITCOM Parliamentary Information Technology CommitteeEURIM European Information Society Group (Director)apComms All-Party Communications Group (Secretary)
LASSeO Local Authority Smartcard Standards e-Organisation
E-RA E-business Regulatory Alliance (President)ISSA UK Information Systems Security Association Advisory BoardNominet UK Policy Advisory Body
All-Party Group for Entrepreneurship (Chairp'n)Select Committee on Science & Technology – Personal Internet Security
www.era-int.com www.SecretSommelier.comPGP International Advisory Board GTCInternational Council CRC Procurement
09/01/09 Copyright - The Earl of Erroll 2
DATA SECURITY
I’ll speak for just under half a microcentury on
ID and Citizen Cards
01/27/09 Copyright - The Earl of Erroll 3
MerlinMerlin
01/27/09 Copyright - The Earl of Erroll 4
A LORDA LORD
01/27/09 Copyright - The Earl of Erroll 5
A Territorial Soldier
©Parliamentary copyright 01/07
H O U S E o f L O R D S
01/27/09 Copyright - The Earl of Erroll 7
Me at my desk in the Lords
01/27/09 Copyright - The Earl of Erroll 8
The Home Office
25/02/09 Copyright - The Earl of Erroll 9
Trying a backflip
09/01/09 Copyright - The Earl of Erroll 10
PRIVACY & PROTECTION
PRIVACY IDENTIFICATION
Once it’s stored, it's no longer private
it WILL leak
90% don't care!?
09/01/09 Copyright - The Earl of Erroll 11
BALANCE OF POWER
Individualism Paternalism
Capitalism
Democratic Socialism
01/27/09 Copyright - The Earl of Erroll 12
IDENTITY CARDS ACT - PURPOSES -
(a) in the interests of national security;
(b) for the purposes of the prevention or detection of crime;
(c) for the purposes of the enforcement of immigration controls;
(d) for the purposes of the enforcement of prohibitions on unauthorised working or employment; or
(e) for the purpose of securing the efficient and effective provision of public services.
DEFINITELY NEEDEDDEFINITELY NEEDED
Strong authentication when transacting business
Local biometric verification for ICAO standard travel documents
ACCEPTABILITYACCEPTABILITY
Why would you want one?
What is it useful for?
What is the downside?
USES - IPSUSES - IPS
protect your identity from theft
protect vulnerable people from those who have lied
offer a convenient way to prove your age
speed up many everyday transactions
make it easier for you to travel in Europe
make it simpler to prove your ID
make the internet easier to use
make it easier to replace lost and stolen documents
protect your privacy
BENEFITS OF THE SCHEMEBENEFITS OF THE SCHEME
Identity fraud has cost the UK over £1.7 billion
CIFAS, the UK’s Fraud Prevention Service:
67,406 victims of identity fraud in 2006, up from 56,200 in 2005.
Since 2000 almost 282,300 victims of identity fraud have been registered
Over 10,000 fraudulent passport applications each year
430,000 illegal migrants could be living in the UK
Between £20 & £50 million of ID-related benefit fraud committed each year
POLITICSPOLITICS
Policy differentiation
Authoritarianism
Trust & SecurityTamper Detection – Black Hats
Cost Passport £375m - ID Card £125m – Foreign £326m
LOCAL AUTHORITIESLOCAL AUTHORITIES
Will still run their own schemes
Different Purposes
Administrative Efficiencies
ISSUESISSUES
Trust
Liability
Repudiation
01/27/09 Copyright - The Earl of Erroll 20
ID issuing issues
ID is issued for different purposes
Some need more security than others
Can each function trust the ID issued for another purpose
Are you reliable in each of your personae
Agree function and uses for electronic IDs
01/27/09 Copyright - The Earl of Erroll 21
Identity Recovery
I’m not talking about Credit Card theft
When you are impersonatedHow do you prove you are not the crook?
How do you repudiate their transactions?
How do you travel when your I.D. is on a “wanted” list?
How do you restore your reputation?
What is the true cost to you?Both Financial and Time
30/9/2009 Copyright - The Earl of Erroll 22
Generic Uses of I.D.
Application
Passport
Authorisation
Health
Financial
Electronic I.D.
Purse
Why
Criminal Record
Security, Benefits
Allergy or Disease
Creditworthiness
P.K.I. / Certificates
Cash & Tokens
Need
Name & Body
Body
Body only
Reputation
Reputation
Anonymous
01/27/09 Copyright - The Earl of Erroll 23
-COMMUNICATION--COMMUNICATION-we use language differentlywe use language differently
ENABLEMENT VRM
I own my data
“Identity Assurance”
Advisers
Flexibility & Discretion
Consent
Common Law
CONTROLCRM
We own citizens’ data
“Identity Management”
Inspectors
Process & Procedure
Demand
Statute Law
09/01/09 Copyright - The Earl of Erroll 24
FINAL THOUGHTS
Government Efficiency v. Privacy for the EntityIntrusion & Control must be targeted tightly
Impact of data misuse – Data IntegrityMis-interpretation vs. Non-interpretation
How does the SME or Citizen check the ID Card?If they can't, where is the benefit?
CEN/TS 15480-1 & 2 (2007) LASSeO
25/02/09 Copyright - The Earl of Erroll 25
Lord Erroll(Merlin)
[email protected] 650 251
www.LordErroll.comwww.SecretSommelier.com