The UK’s much vaunted and ultimately failed attempt at national identity cards was instigated by the previous New Labour government and dropped by the current Coalition government. The United States is currently involved with its National Strategy for Trusted Identities in Cyberspace (NSTIC), a project intended to ‘improve the privacy, security, and convenience of sensitive online transactions.’
The Jericho Forum is promoting its own ‘Identity Commandments’, a set of 14 open and interoperable principles that can be used to build a user-centric identity framework to provide a new open, acceptable and trustworthy identity system.
The old and wrong way of doing identity was illustrated by the UK’s identity scheme, explained Jericho’s Paul Simmonds, a current member of the board and a founding member of the Jericho Forum. “We’ll hold your identity for you: we’ll hold all the components of your identity, from your ten fingerprints, your eyeballs, your inside leg-measurement and your mother’s maiden name. But do we really trust the government to do that? What if it loses all that personal data – just look how many records it lost with social security records...”
Key to Jericho’s identity concept is that the user should have complete control over his or her cyber identity. Just as a person in the physical world can change his official name and/or be known by multiple nicknames, so should cyber identity be under the control of the user. “Go back to first principles”, says Simmonds “What is the root problem? I need to be able to prove that I’m me. I might be Fred Bloggs to the man in the street, or the petrol pump attendant to others; but none of this matters because I am just me. That is the ‘core’ identity. What we need is a digital version of that - which we call the core identifier. So we need to immutably bind the core identifier to the core identity, so that I am the only person who can be guaranteed to use that identifier. That gives a good root of trust from which you can build any persona or as many personas as you want.”
This can be achieved in a manner similar to the digital certificates used to verify the identity of individual websites. “The difference,” explained Simmonds, “is that any man or his dog can set himself up to issue digital certificates. The personal identity systems we propose would depend upon a root of trust that would lead up to a trustworthy source, such as the government.” The level of trust would thus be defined by the level of trust in the issuer, and there can be any number of issuers.
It is a cyber version of what already exists in the real world. Bank cards issued by banks verify an identity trusted by the banks (and anybody else who trusts the bank’s system). Passports issued by governments verify an identity trusted by governments (and anybody else who trusts the government’s system.) The ‘name’ used by the person holding these identities could in theory be different – it is actually irrelevant to the identity proof. The Jericho Identity Commandments seek to retain this level of personal control in the cyber version.