Wednesday, April 2, 2008

Government as a Justifiable Party

For those of you who don't know, Vikram Kumar of the New Zealand State Services Commission has an excellent blog on Identity and Privacy.

Vikram's latest post, "When is government a Justifiable Party?" is a must read on the issues of government participating in a transaction.

Vikram talks about the natural and cultural resistance people have to having a government run services and in particular know more than they need to know about us. What is happening now with user-centric identity is that technology is evolving such that governments could act as providers of identity information in ways that do not allow a government to track use of that information. After-all this happens in the physical world. How often do we use a government "card" (such as a driver's license) or "statement" to prove something.

We should expect individual government agencies to offer only very specific assertions or statements about their citizens. These assertions would be related to what that a particular agency is accepted or legislated to be authoritative on. This contrasts greatly with the idea of a single government identity provider that knows too many things about us and holds the potential for inappropriate use (at least in the public's eye). Individual government agencies should only be able to make specific authoritative statements or assertions about their citizens or service consumers. Then it is up to us, as citizens and consumers of services to decide how and when information is transferred between agencies and between agencies and private enterprises.

Aside: one of the problem's I have always had with driver's licenses is they carry entirely too much information on them and are used way too often. An electronic, user-centric, identity network would be able restrict the information released on a need-to-know basis.

To be clear, government as a "justifiable party" is not about governments collecting more information! Government as a justifiable party is about governments securely sharing the information they are authoritative for under the control of the individual citizens about whom the information is about.

No comments:

Post a Comment