Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

private briefing for Sir James Crosby by William Heath


Published on

never-before published private briefing by William Heath and others to (the since-disgraced) Sir James Crosby who was heading up an ID Scheme review for Gordon Brown. It makes the point that if one explored the "market" for the Home Office's plans one would end up with very little to put in the business case.

Published in: Travel, Technology
  • Be the first to comment

  • Be the first to like this

private briefing for Sir James Crosby by William Heath

  1. 1. IDM: Key misunderstandings and outstanding questions April 11 2007
  2. 2. <ul><ul><li>Review the current and emerging use of identity management in the private and public sectors and identify best practice. </li></ul></ul><ul><ul><li>Consider how public and private sectors can work together, harnessing the best identity technology to maximise efficiency and effectiveness. </li></ul></ul>Aims
  3. 3. <ul><li>Apart from the true cost and implied benefits… </li></ul><ul><li>What is the real market for this </li></ul><ul><ul><li>Who will pay for the service? </li></ul></ul><ul><ul><li>How much? </li></ul></ul><ul><ul><li>How often? </li></ul></ul><ul><li>How time-sensitive is that market? </li></ul><ul><li>What other solutions are coming forward and what might their impact be? </li></ul>Payback on the ID System: what we still need to understand
  4. 4. <ul><li>… and checking identity does not check intention </li></ul><ul><li>Whether wilful or accidental there’s a recurrent false premise in government service planning. Let us spell it out: </li></ul><ul><ul><li>You can prove entitlement and remain anonymous </li></ul></ul><ul><ul><li>Minimal disclosure is an essential part of good security </li></ul></ul><ul><ul><li>And an essential part of good service that meets legal requirements and respects people’s dignity </li></ul></ul><ul><li>Market demand for “entitlement” or “authority” checks does not necessarily mean demand for ID-checking </li></ul>Proving entitlement or authorisation is not the same as proving identity
  5. 5. <ul><li>The forked tongue of industry </li></ul><ul><ul><li>Sales-driven versus science-driven approach </li></ul></ul><ul><li>Observable symptoms of Home Office approach </li></ul><ul><ul><li>Groupthink, secrecy, introspection, poor market awareness; lack of empathy </li></ul></ul><ul><li>Requirements of political presentation </li></ul><ul><li>Relative silence of the customer, the intended beneficiary of personalised services </li></ul>More barriers to clarity in the ID management conversation to date
  6. 6. <ul><li>“ Most of our attendees were of the opinion that they could adequately identify themselves in all situations where they are required to do so and very few thought that additional identifiers were necessary.” </li></ul><ul><li>DTI-sponsored Trustguide research by BT and HP </li></ul>Do customers want ID services?
  7. 7. <ul><li>People as taxpayers, customers, citizens, individuals, travellers, employees, crooks </li></ul><ul><li>Businesses (and other legal entities like clubs, societies and NGOs) </li></ul><ul><li>Government organisations – central, local health, police, education justice, transport) </li></ul>All identify themselves to each other (eg G2B, B2P, P2G) To start market segmentation we separate three types of player:
  8. 8. IPS can help government and business ID people             People Business Government People Business Government The IPS system services personal ID needs of business and government
  9. 9. <ul><li>Elective individual choice exercised by customers and clients who want convenience, feel in charge </li></ul><ul><li>Control and regulated – “by the powers vested in me/thou shalt”: pay tax, conform to law and regulations, help police and security services </li></ul><ul><li>Group – “As a member of this club I’ll put up with the rules” (eg employment, loyalty schemes) </li></ul>P2G and P2B relationships take three different forms…
  10. 10.       G     B   P       G     B   P G B P       G     B   P Elective Group Control The IPS system probably applies to the ‘control’ relationships only
  11. 11. <ul><li>Offline </li></ul><ul><ul><li>Centuries-old culture of identity and reputation </li></ul></ul><ul><ul><li>But there is new technology esp. biometrics </li></ul></ul><ul><ul><li>Emerging technologies drive applications </li></ul></ul><ul><li>Online: </li></ul><ul><ul><li>Fast adoption of inherently insecure home PCs </li></ul></ul><ul><ul><li>Internet “identity” is not sorted yet </li></ul></ul><ul><ul><li>Rapid, fundamental online ID developments </li></ul></ul>Identity management issues are different offline and online
  12. 12. The IPS identity management service works offline only at this stage
  13. 13. <ul><li>Between people and business </li></ul><ul><ul><li>KYC requirements </li></ul></ul><ul><ul><li>Credit referencing </li></ul></ul><ul><ul><li>New risk management and services like URU, Paoga </li></ul></ul><ul><li>Between people and government </li></ul><ul><ul><li>Government Gateway; Gov Connect </li></ul></ul><ul><ul><li>Existing ID legacy (CIS, DVLA, NHS etc) </li></ul></ul><ul><ul><li>We can list 400+ public sector schemes under way with an IDM component </li></ul></ul>What else is happening in G2B and B2P spaces?
  14. 14. ID system roll-out: is time on our side? Are events moving in our favour anyway? Are the issues the ID System addresses getting worse or better? Political effect: fallout or upturn? Does industry have a different story to tell? It’s a U-turn and ‘we have no reverse gear’ Wastes all £ and political momentum to date Loss of perceived benefits, and problems persist Bad for IT suppliers: ‘loss of trust in gov as client’? Costs less Lets on-line mature Chance to be more open, thoughtful and customer-centric Home Office sorts itself out Pause for reflection Election effect? Will the world move on? What ARE the benefits? Does business case stack up? Too long to deliver any benefits that business will value today Alternate solutions will be in place No change needed Good for IT suppliers Get benefits as expected Less disruptive (under wing of passports process and international obligations) In line with passport renewals Is there a return? Is there a market? Effect on resistance/refuseniks? Can we be faster/smarter than online? Do we want world lead? More £ risk & sooner More technical risk Procurement risk Uncertain science Social risk Faster benefits & return Pre-empt competition Makes sense for business Better for IT suppliers Take world lead Accelerate roll-out ? - +
  15. 15. <ul><li>March 2001: Microsoft announces Hailstorm </li></ul><ul><ul><li>Emphasis on empowerment and personalisation </li></ul></ul><ul><ul><li>Global centralised ID & credential mgt service </li></ul></ul><ul><li>April 2002 – MS shelves Hailstorm </li></ul><ul><li>New principles of acceptable identity: citizen-centric, standards based, interoperable etc </li></ul><ul><li>Microsoft announces Infocards in 2006 </li></ul>One Microsoft year equates to how many government years? A central ID management idea that failed the market test: MS Hailstorm
  16. 16. <ul><li>Expose the barriers to clarity </li></ul><ul><ul><li>Real role of hardcore ID (not entitlement, authority) </li></ul></ul><ul><ul><li>Which problem are we asking IT industry to solve </li></ul></ul><ul><ul><li>Above all, what do customers need and want? </li></ul></ul><ul><li>About the IPS plan </li></ul><ul><ul><li>Define and size the market for its service </li></ul></ul><ul><ul><li>Use that as evidence for the investment timescale </li></ul></ul>Things to focus on…