Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

New Zealand gov't ID plan lacks 'terrorism bug' infection

Australian ID-scheme critic says NZ is getting it right

International experts in Wellington for a conference on identity last week expressed admiration for the New Zealand government's igovt identity information management scheme and the policy behind it.

One noted Australian ID-scheme critic also appeared won over, saying we benefited from not "catching the terrorism bug".

The igovt scheme signals an assumption of responsibility by government that is lacking in many identification schemes, says former Australian privacy commissioner Malcolm Crompton.

He points to the delineation by State Services Commissioner Mark Prebble of six principles, three of which (security, an all-of-government approach and fitness for purpose) serve government objectives and three (acceptability, privacy and opt-in orientation) explicitly serve the interests of the individual.

Crompton pointed by contrast to the identity provisions of the Medicare scheme in Australia, where clauses supposedly explaining the customer's rights mostly detail exclusions to Medicare's liability.

Identity information management is a question of managing a balance of trust, says Crompton. In many business and government transactions there is currently a "trust deficit" and the customer can credibly ask: "You don't trust me, so why should I trust you?"

Roger Clarke, of Australian consultant Xamax, a seasoned commentator on identity information management and privacy, commended Internal Affairs chief executive Brendan Boyle for referring to identity information management in his presentation.

Government and private industry cannot manage a customer's identity, he says; that is their property.

This is one of several "mythologies" about identity largely promulgated by suppliers of software for managing identity information, Clarke says.

"Everything sold concentrates on the supplier side," he says. "This is the first conference where I've heard about the demand side."

Inherent in the thinking behind the igovt scheme is the ability to dissociate the individual from identity information. The igovt system permits the same individual to assume several different identities. This, says Clarke, lessens the chance of it falling into the trap of the Australian services entitlement card, abandoned by the new Labor government, which everyone knew was effectively a universal identity card.

The push towards this dissociation of identity management service from the person and the management of identity by the person will become stronger, Clarke says. As people acquire more devices through which they do identity-related transactions, they will want all of those devices to talk to a single proxied identity information management service that they control.

The question of compulsion threaded its way through the first day of discussion. Though abandoned Australian and New Zealand schemes were both "opt-in", speakers noted that if enough agencies ask for a verified identity as a condition of business, it will be increasingly hard not to opt in.

Boyle talked about "legitimate public concern" over identity abuse, but other speakers suggested this was exaggerated. There were repeated references to the failure to distinguish in popular conversation between identity fraud, such as the occasional spurious transaction on a credit card, and identity theft -- the systematic assumption of another person's identity with major consequences for the victim's reputation.

According to Clarke, New Zealand has benefited from not "catching the terrorism bug."

Because we have not had a terrorism incident, we haven't fallen into a panic of demanding repeated identity checks, he says, and have been able to approach the question with more deliberation.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Becoming a Social Business
    As global business accelerates ever faster and companies work to quickly respond to customer demands, competitive threats and rapidly evolving trends, the richness and efficiency of social collaboration plays a key role in enabling future success. The challenge then is finding the best approach. Read on.
    Learn more »
  • Business Process Management, Service-Oriented Architecture, and Web 2.0: Business Transformation or Train Wreck?
    As a result of more and more organisations adopting new technologies and business practices surrounding BPM, SOA, and Web 2.0, fundamental changes have arisen in the way IT and business stakeholders work together. Make this into an opportunity - read on.
    Learn more »
  • Protecting Against the Leading Causes of Data Breach
    This whitepaper was written for the organisation that wants to focus on prevention of data loss and doesn’t have millions to spend, but needs affordable solutions that can be implemented today to protect millions of sensitive records and dollars worth of intellectual property. This whitepaper addresses: - What organisations can do to prevent the four leading causes of data breaches - Why dedicated (pure-play) DLP solutions may not protect you from all four leading causes of data breaches - How to get prevent sensitive data leaving your organisation
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.