Dennis Miller once said that “Bill Gates is a monocle and a Persian cat away from being a bad guy in a James Bond movie.” Last week, Hewlett-Packard announced that it, along with Gates’ Microsoft, is getting set to make a push into yet another market currently dominated by small niche players and Unix-based software platforms — identity management systems at the national level.
It makes you feel all warm and fuzzy doesn’t it? The idea of building a national identification system on a software platform whose best claim to fame is its legendary lack of security seems ludicrous at best; but there it is. Hewlett-Packard’s release of its National Identity System is based on Microsoft software such as Microsoft Server 2003 Enterprise Edition, Microsoft BizTalk Server 2004, Microsoft SQL Server 2000 (64-bit), the Microsoft .NET Framework and Microsoft Services with HP providing the hardware, integration and support.
The basic idea, according to the UK IT-tabloid The Register (http://www.theregister.co.uk/2005/05/31/hp_id_system/) is to provide a modular structure for controlling access to electronic government services and securing transactions (such as voting!) between citizens and governments using plug-in features like the ability to interface with various biometric systems.
The focus, for the moment, is on the world outside the United States. Existing customers for the technology are the Italian Interior Ministry, which is supplying all Italian citizens with smart electronic national identity documents, and the governments of Israel, Poland, Slovakia and Bulgaria. The announcement seemed particularly relevant in England, which is embroiled in a controversy over compulsory identification cards.
So What’s This About?
We can almost hope that this is about nothing more than money. To be sure, there is lots of it involved. Industry analysts at Morgan Keegan estimate that the identity market is expected to grow from $4.8 billion last year to nearly $11 billion by 2007, and those numbers may be conservative. A London School of Economics study concluded that the rollout of a biometric ID card system in the UK could cost as much as 18 billion pounds (in excess of $32 billion), up sharply from the 5.8 billion pounds previously estimated by the Home Office.
But there are bigger issues involved. These are issues of trust and power relationships between governments, citizens and corporations. A key player in all this is a privately-held Swiss startup company (definitely one to watch) called WISeKey, a pioneer in the field of Public Key Infrastructure (PKI) and such esoterica as Quantum cryptography. WISeKey has set itself up very quickly and firmly as one of only a few “global trust providers”, forging relationships with technology giants like HP and Microsoft as well as with other organizations, such as the HRD International Group, that facilitate global trade.
WISeKey prides itself on its status as a “technodemocratic” global trust provider, even capitalizing on its location in Geneva, Switzerland, a country known for zealous neutrality and overarching concern with privacy. Its appeal to Microsoft, a company with commitment issues in the trust-relationship department, therefore, is understandable. But what is the benefit to you in putting so much trust in a private company you’ve never heard of?
Who’s Trusted in Trusted Computing?
Microsoft’s efforts in the Trusted Computing initiative (code-named “Palladium” and expected to be rolled out as part of the long-awaited Longhorn update of Windows XP) have gotten off to a rocky start. The Electronic Privacy Information Center (EPIC) (http://www.epic.org/privacy/consumer/microsoft/palladium.html) maintains a good resource on the subject, and the opposition to it seems to be having an effect.
Briefly, “Trusted Computing” seems to refer to the efforts of large media and technological concerns to put in place controls whereby they can trust each other, primarily, and also trust you. Your trust for them is not at issue. Hard-shell Open Source evangelists like Richard M. Stallman, however, aren’t amused.
Stallman’s essay “Can You Trust Your Computer” (http://www.gnu.org/philosophy/can-you-trust.html) is a look at some logical extremes that must really be examined to gain a full understanding of what’s at stake. Stallman argues that “treacherous computing”, as he calls it, is fundamentally about the development of unprecedented notions of control and ownership of information and the overturning of the whole body of legal and ethical ideas about that information.
He, of course, argues that Open Source alternatives like the GNU/Linux operating system are the way forward, providing real trust through transparency and open collaboration rather than by obfuscation and grand security schemes. Stallman is well-known for such pronouncements for the simple reason that he is quite often right.
But this is not to say that a middle way is not available. We use Microsoft’s improving products at Cafe ID (http://www.cafeid.com) and do so, at least for now, without a deep sense of dread. WISeKey’s technology is superior, indeed; but we see it as part of our job to insist that such technology is used to provide real privacy and security to the end-user, and not from the end-user.
Certainly, when it comes to implementing e-government’s information services, that principle should be the first requirement and should be emphasized above all others. As long as the technology makes the opposite approach feasible to implement, however, our role in this borderless technodemocracy is to see that that doesn’t happen.
Trevor Bauknight is a web designer and writer with over 15 years of
experience on the Internet. He specializes in the creation and
maintenance of business and personal identity online and can be
reached at trevor@tryid.com. Stop by http://www.cafeid.com for a free
tryout of the revolutionary SiteBuildingSystem and check out our
Flash-based website and IMAP e-mail hosting solutions, complete with
live support.