Postcodes, PAF and Pseudonymisation

Toby Stephens provided the headline in his blog on Computer Weekly.  His scheme for personalising postcodes could have traction – although £33m per annum income might be ambitious and may not include the admin costs.

As he says:

“PAF is already a tightly-regulated product, with strict controls imposed on Royal Mail’s access fees. Postcodes were originally introduced by Royal Mail to facilitate automated sorting of deliveries, back in the days before computers were available to support that process. They’re now used for a whole host of purposes, from insurance and credit rating, through to navigation and lotteries.”

Quarkside adds that Postcodes only give a postman’s walk, and additional information from the address is needed to find the right letter box. Postcodes are not Unique Identifiers for properties.  Properties are uniquely identified by a Local Government controlled Unique Property Reference Number (UPRN).  Personalising this 12 digit code is potentially more practical.  The UPRN is presumably free, open data.  The Royal Mail could use it to minimise final local delivery errors via their own data processing systems.

As an aside, it is Local Authorities that are the official registrar of addresses – not the Royal Mail or Post Office.  It is part of the UK taxation system and includes properties that do not receive any post.  Try sending a letter to an electricity transformer.  To get a bit more income, perhaps Local Authorities should start charging the privatised Royal Mail for the copyright of property addresses!

Democratic Accountability: Look at Lobbying

Thanks to the Great Emancipator we have seen a US view of “Government-wide Information Sharing for Democratic Accountability“.  The author, J.H. Snider, is suggesting using semantic web technology to monitor the connections between powerful politicians, public officials and lobbyists.  He points out that these techniques are used on the weaker members of society, but the powerful will cite privacy and cost for not applying the same methods on their activities. He recommends that the President’s transactions are monitored in detail as a showcase for monitoring Congress and executive relationships.  What are the chances of linking up data of the Prime Minister, Ministers, senior civil servants, leaders of councils and their suppliers of hospitality?

Well, there is the work going on in the Cabinet Office led cross-government information architecture.  They are attempting to use standards to provide interoperability between different departments and agencies.   Amongst these are the building of an “Upper Ontology for Operational Service Delivery” – perhaps this has the same intention as Snider’s “Who-What-When-Where ontology”.  The USA has a more accessible name for what may be the same thing.

It will take a long time, if ever, to develop a lobbying information system. Even though some MPs are calling for the establishment of a register it would eventually have to be linked to lots more sources of reliable data.

Where Quarkside differs from Snider is in the use of Global Unique Idenifiers (GUIDs).  They may think they have them in the USA, but it is not credible or politically acceptable in the UK. Reflecting back on a post from last year,

• A person does not need a Unique Identifier (UID).
• The Law does not demand a UID.
• Use just sufficient data to identify a person.

Openness in personal relationships can only built from an understanding of federated identity, multiple identities, not by demanding a UID.  The likes of Experian can do it – so could UK plc. Maybe Liam Maxwell could assist here. Maybe we could also publish information about political lobbying that would improve democratic accountability.

Breeder Battle at Id Gurus Gathering

Identity Management was the topic of Eurim’s latest gathering of gurus. The bad news is that three points came clear:

• The UK has a lacks coordination of both policy and strategy. Each Government department and agency has its own vision and way of moving forward.
• The advance of standards and software will have to be provided by the private sector – and they need a business model that will eventually show a profit. They will need a secure revenue stream for providing identity management services.
• The world is moving forward quite happily without UK input. The UK’s position of leadership will change to that of followership at great cost to the economy. Global trade needs trusted identities with supporting agreements on liability and indemnity. The UK Government is not fully engaged in EU or international deliberations. On opportunity may be missed to become the headquarters of an identity governance industry.

There was only one organisation at the table with an eye on the commercial opportunity. Their national network could extend their services to provide identity registration for the public. 90% of the population are within 10 miles of their facilities.  Good for all of us.

Unfortunately, we were left with (at least) three unresolved questions:

• Which third party credentials will be accepted by Central and Local Government agencies?
• Who is responsible for governance of all UK identity schemes?  The National Archives as keeper of public records was suggested, but they may not be in the radar of five Cabinet Office working parties.
• Is a ‘root identity’ necessary?  There were two strongly voiced divergent opinions on ‘breeder documents’. The Chatham House Rule prevents naming the parties. But Quarkside promotes the management of multiple identities (personae), which do not require a ‘root identity’ or ‘unique identifier’.

The good news is that everybody seemed to agree on a definition of identity assurance levels for electronic IDs that will make sense to our MPs.  This is all they have to remember:

• Level 0: Anonymous – no personal data registered.
• Level 1: Self-asserted – likely to be the same person returning.
• Level 2: On the balance of probability – good enough for civil action.
• Level 3: Beyond a reasonable doubt – good enough for a criminal conviction.

This may have the technical experts reeling – but it is more important to get our politicians moving in the right direction than giving lessons on the differences between the five As: Assertion, Assurance, Authentication, Authorisation and Accreditation.