You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Commons Select Committees > Science and Technology > Science and Technology
Select Committee on Science and Technology Written Evidence

APPENDIX 18

Memorandum from Microsoft

1.  EXECUTIVE SUMMARY

  The introduction of identity cards is clearly a decision for HM Government and Parliament to take. Microsoft's only interest is in the practicalities of how fit for purpose the technology will be that will underpin this project. We believe that achieving this goal will be greatly helped by drawing on the expertise available in the IT industry to discuss the technological issues that need to be resolved to ensure successful delivery. The industry has learned many lessons around identity, privacy and security and we are keen to share this knowledge more widely. This is a major project and it is obviously crucial that it obtains the highest security levels possible and works well with existing structures both within the public and private sectors.

  We believe the Government policy set out in the Transformational Government strategy is a good model: that is to:

    "create an holistic approach to identity management, based on a suite of identity management solutions that enable the public and private sectors to manage risk and provide cost-effective services trusted by customers and stakeholders." (para 7, page 13, Transformational Government)

  The current phase of the public Home Office consultation process has largely focused on addressing procurement and supplier-related processes and issues. Although this approach is entirely understandable for the initial stages, we suggest that the next stage should adopt the approach taken by the US State Department, which created a model that actively encourages broad, open dialogue in pursuit of improved outcomes.

  By adopting a similar approach during the next phase the Home Office will be able to foster a broader, inclusive coalition able to examine the wider issues around alternative architectural models and technologies, comparative risk analyses, and the state of current research combined with measurable objectives and benefits of the scheme. It could also factor in some interesting alternative approaches being developed elsewhere, such as the Austrian Burgerkarte.

  Correctly constructed, such consultation need have no implications for any "pollution" (real or perceived) of subsequent procurement processes. Rather, it would help bring into play broader industry expertise to help assist the Home Office with the development of an identity scheme most able to bring sustainable, real benefits to citizens, businesses and the public sector alike.

  We have welcomed the approach of open, public discussion taken by the Home Office Minister Andy Burnham, MP. We hope that this is an early indication that the next stage of the consultation process will look to draw on the wider expertise available and commit to take an open approach on what is the best way forward.

2.  SOURCES AND HANDLING OF ADVICE

  2.1  The current phase of public consultation by the Home Office has primarily focused on issues of procurement and hence been conducted mainly through trade bodies such as Intellect and EURIM.

  2.2  It would be very beneficial to relate the Home Office identity programme to other identity initiatives including across health, local and central government and the private sector (chip and PIN bank cards being a topical example). Such joined-up thinking on identity management could certainly benefit the public sector reform agenda and transformation programme and all of these programmes have specific needs for clarity on identity, from supporting the determination of entitlement to benefits, to clinical audit.

  2.3  The industry is clearly willing to share its experiences of developing and managing identity systems. Microsoft has been working with a broad industry coalition to distil a proven, empirical set of principles for successful identity systems. These principles are intended to help bridge the divide between policy aspirations and lower level technical implementation details and hence provide a critical part of the overall infrastructure required. These principles are currently referenced as the "laws of identity" (laws as in scientific principles). We do not claim perfection or any uniqueness of insight in these "laws" but do believe they provide a constructive basis for discussion and debate on ensuring the proper scope of identity systems that will prove sustainable and robust in the long term.

3.  RELATIONSHIP BETWEEN SCIENTIFIC ADVICE AND POLICY DEVELOPMENT

  3.1  The original public proposals suggest a centralised technical architecture is being considered, with all validations made online to a single biometric database capable of ensuring unique enrolment (ie the ability to ensure no individuals are enrolled more than once to prevent, for example, a benefits claiming making more than one claim under separate identities).

  3.2  As the next phase of consultation is developed by the Home Office, it would be invaluable to develop widespread public discussion on security. In particular, how we can ensure that any system is robust enough to withstand the sort of sophisticated identity theft that is being experienced today let alone what is going to happen tomorrow.

  3.3  This public discussion would assist with an evaluation of alternative technical architectures best able to deliver the stated policy requirements and objectives. It would aid the development of UK government studies on the risks, feasibility and comparative merits of centralised versus decentralised identity systems in terms of systems reliability theory, or modern computer security concepts (including the widespread contemporary experience of large scale data breaches, social engineering and phishing attacks).

  3.4  In our view, the robustness of the system should lead decisions on everything else. If any given system or solution cannot provide the public with the highest security and reliability levels possible then it should be replaced with one that can. All of the technologies being considered should be put through the same rigorous scientific assessment, preferably with the engagement of experts drawn from across the IT industry.

4.  TREATMENT OF RISK

  4.1  During the present phase of consultation the risk model has not been made publicly available (it is recognised that some limited parts of the risk model may always need to remain confidential to government to help protect our critical national information infrastructure).

  4.2  The overall technical architecture and associated risk modelling is clearly inter-dependent on the policy and business requirements and objectives of the ID Card scheme. Various risk models will need to be evaluated in the light of any technical architectures identified during a next phase of consultation.

  4.3  Going forward, we would recommend that there is widespread discussion on the level of risk of different technological options. It is clear for instance that options such as biometrics (whether used for authentication and/or identification) also present sizable challenges. For example, biometrics are not secrets and are increasingly likely to be stored in many different systems, including systems hosted in other countries and under other governance regimes. The likely future ubiquity of biometric information is an important factor in risk assessment. It should be assumed that over time these systems will tend towards entropy. Digitised versions of our biometrics are likely to end up in the public domain as they become more and more ubiquitously used, stored and (potentially) leaked across the world. It should be assumed that they will be readily available to criminals, not just law enforcement and related legitimate agencies. We believe that public discussion and consultation on risk issues such as this would be beneficial in establishing a sustainable, long-term risk model for the proposed ID Card scheme.

5.  TRANSPARENCY, COMMUNICATION AND PUBLIC ENGAGEMENT

  5.1  Current formal channels of communication and consultation regarding the procurement process have been largely limited to two bodies: Intellect and EU RIM.

  5.2  We understand some selected suppliers have been involved in closer 1-to-i briefings with Home Office officials. It is not known what scientific, technical or other issues have been assessed during these meetings.

  5.3  Here again we would encourage wider consultation. It is essential that major industry sectors are consulted on how the ID card will impact on their businesses, especially in identity evaluation. An obvious example here is the banking industry. We believe a broader consultation during the next phase of the Home Office's work could help develop greater clarity and agreement about how and where the proposed ID Cards could be used, for what purposes and—most importantly—the benefits that citizens and businesses would derive from them. A successful scheme will rely upon balancing the needs of public policy, optimised technological design and citizen benefit.

  5.4  During a next phase of consultation, inputs from a variety of third parties could be considered and responded to on an evidential and scientific basis. In the USA, public dialogue and debate is openly referenced by the US State Department as being a considerable benefit and having led to substantial improvements in systems design and improvements in both security and privacy elements.

  5.5  Closer to home, the Ministry of Defence's Capability Working Groups process is also a useful reference model.

  5.6  Microsoft continues to be willing to openly share its learnings and experiences (including as one of the primary attack targets for hackers and criminal gangs) in a non-privileged, non-preferential way to help de-risk and inform the overall ID Cards technology programme.

6.  EVALUATION AND FOLLOW-UP

  6.1  Information in the public domain which is limited due to reasons of commercial confidentiality makes it difficult to comment on the theoretical evidence base and any adjustments made to it as the programme has developed.

  6.2  We believe that the next round of trials should be expanded to broaden the statistics on reliability and modelling operational performance. These trials should further help inform the planning process and hence underpin a successful outcome of the proposed scheme.

  6.3  Level 2 identity verification is already achievable today from several agencies such as local authorities, banks and employers as well as the likes of credit reference agencies such as Experian and Equifax, at relatively low cost. Level 2 provides access to over 90% of government services as well as addressing most fraud scenarios relating to identity. The objectives, risks and architecture for ID Cards as part of this broader, holistic identity landscape needs to be more clearly articulated so that it can be formally incorporated into the bigger picture set out elsewhere, such as in the Transformational Government strategy.

  In conclusion, we reiterate that the industry is committed to helping share expertise and hands-on experience to help inform the planning and technical architecture of the proposed scheme. We look forward to the next stage of consultation and hope that our comments are taken in the constructive manner they are intended.

January 2006



 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index
© Parliamentary copyright 2006
Prepared 4 August 2006