Digital ID World, Australia 2011

On invitation by Terrapinn I went to Digital ID Australia 2011 as international keynote speaker on citizen participation 2.0. The conference was held in the Sydney Hilton Hotel as part of the annual Cards & Payments Australasia Conference. The audience consisted mainly of delegates from Australian federal and state government. On the exhibition many businesses showed state of the art software applications and hardware solutions for identity management and secure transactions. Like Terrapinn’s conference last year in Melbourne, this one again was well organized by Charles King and Tiffany Yee.

As the former director of the Dutch Citizenlink program, I was asked to look at the issue of ID management from a citizen’s perspective, including the possibilities and challenges of social media. Under the title “Public Sector Innovation: from eGovernment to iGovernance” I made a case for a new view on citizen participation. Citizen participation 2.0 is not just something nice to do (to please your voters, or to keep them quiet), but something really necessary for organizational survival or political legitimacy.

In recent years we have seen that the basics of organization and collaboration are changing. Organizational and institutional boundaries disappear. Two ICT trends illustrate this development: cloudcomputing and crowdsourcing. Cloud computing means that data is stored outside an organization, information shared with chain partners, software leased in stead of bought, and so on. Crowd sourcing means that the expertise needed to carry out the organization’s tasks can also be found outside, i.e. by involving customers, stakeholders or citizens.

These trends do have a wider scope and impact outside the realm of ICT. Instead constructing your own office building, one can rent limited working space and promote teleworking. Instead of hiring permanent staff, one can temporarily contract self empoyed people. All of this has been done before, but it’s happening on a much wider scale. Besides, these are not just options, but compelling innovations that call for renewal of existing procedures.

It forces strategic management to reconsider the model of corporate governance, both in the private and public sector. Quoting a recent report by the Dutch Scientific Council for Government Policy, we need a paradigm shift from eGovernment to iGovernment, i.e. from building of electronic applications to management of information flows that are the result of the tremendous accumulation and distribution of data.

This fresh look on governance needed has already been incorporated in the Citizenlink approach to transform government, which consists of 3 steps: standardization of quality requirements, measurement of customer satisfaction and stimulation of citizen engagement. It calls for much more collaboration than usually practiced.

Interestingly identity management is a key issue in this respect. With the growth of digital services, also the number of ID’s increase. Every service provider wants you to enroll and register in their way. You’re advised not to use the same password, to change it regularly, not to write it down, so one tends to forget them. Someone who is active on the internet is likely to have several dozens of ID’s, be it user names, passwords, pin codes. It’s almost impossible to remember all of these.

I could illustrate my predicament by showing my 10 page list of ID’s that I updated when coming down to this conference. Whereas the private sector is a mess, considering also the abundance of hardware keys or proliferation of tokens, the public sector does much better. The Netherlands’ government has solved this by introducing one DigID for the whole of the public sector. It consists of one single username and password for every citizen to be used with any government body, combined with a unique citizen number. For convenience’s sake this is a desirable situation, however privacy might be at stake without sufficient countervailing power.

In any system the citizen is the weakest link, therefore should not be the missing link. On order to guarantee trust, we should redesign services in a way that ordinary people can responsible by being aware of the consequences of their behaviour. Identity management should be simplified, aimed at promoting single sign on, giving people choice, allowing anonymous access, being transparent, reduce data retention, and so on. iGovernance should deal with these fundamental issues.

Brian Hay of Queensland Police gave a frightening overview of global organized crime in the area identity fraud and pivacy theft. Since fighting identity crime is seen as a money problem in stead of a persons problem, prevention does not get serious attention. Although he stressed the need for sufficient powers, his view confirms my case for citizen involvement.

Malcolm Crompton, the former Australian Privacy Commissioner, spoke about Privacy by Design.Technology and law alone cannot solve the problem. He is an advocate of structures that limit information to be collected and connected. He also wants to dispense with credentials and with enrollment, and explore the possibilities of using accumulated reputation. Governance should deal with transparency, accountability and complaints mechanisms.

James Kelaher, who chaired the Australian government’s Access Card Taskforce (intended to replace some 12 different citizen entitlement systems with a single e-service solution, which however didn’t come about) also stressed the importance of this approach. Privacy should be built in, not on applications

The other international speaker, Alexander Nouak from the German Fraunhofer Institute, explained the conditions under which biometrics can be an effective remedy for identity fraud.

Patrick Mc Cormick of the Department of Justice gave an update of current web 2.0 initiatives in Victoria, and also dealt with need for having sound identity systems and user friendly and secure ways that support citizen behaviour using social media. See the interesting YouTube video for the staff of the department about the Social Media Policy.

During both panel discussions a difference of opinion became manifest. On the one hand are those who stress the necessity of large powers to prevent crime or fight abuse, especially in immigration and the police. They prove themselves right by citing examples of crime solved or illegal immigration prevented. In order to stop the bad ones, the good ones may heave to suffer.

On the other hand are those who doubt whether increasing powers will actually meet expectations. Moreover the level of security we try to reach has its price. We should not focus on technology and access only, but explore other possibilities to generate trust. As there is no reconciliation between these views yet, this debate will probably continue for a while. Actually I didn’t get a satisfactory answer to my final question: If my password or chip card is stolen, I’m issued a new one. What is being done in case my fingerprints get stolen … do I get new fingers?

On the way back I had a stopover in Kuala Lumper for talks with Malaysian delegates I met on eGovernment conferences last year in Singapore. I also took the opportunity to visit the Petronas Twin Towers. These impressive buildings are still proudly standing, and apparently no fundamentalist group is planning to take these down. The present “social media” uprising in the Islamic world probably is another, fare more promising road to a better life for people in these countries than the terrorist road taken in 2001 with destroying the Manhattan Twin Towers.