New approach to ID verification aims to safeguard privacy

By Nicola Brittain
29 Oct 2009 View Comments
A Computing logo
Collage depicting security measures
The Global Trust Council's scheme would reduce the need for biometric security

Government and industry are being encouraged to take part in a new electronic identity scheme that could put control of online privacy back into the hands of individual web users.

International policy body the Global Trust Council (GTC) hopes to put a universal legal framework in place that will see online identity verified using “relationships”, sidestepping the need for database-held information, and upholding the individual’s right to privacy and to retain details of their identity.

How would it work?
Service providers looking to establish an online identity would ask the user for access to organisations with which they have a relationship ­ such as a bank or government department.

Once the organisation had responded, a witness would oversee dealings between the user and service provider.

“The organisation would only need to give a yes or no answer,” said Andre Laperriere, director general of the GTC Secretariat. “For example, the state might say that the person either is or isn’t a British citizen.”

As soon as the individual is asked to verify more relationships, it becomes increasingly difficult for them to be faked.

Benefits of the scheme
Adoption of the scheme would bring two important benefits, according to GTC. First, the individual will retain their identity, meaning that they do not have to give personal information to the state.

“To get into some countries such as the US you must surrender vital information about yourself such as the map of your eye, or your fingerprints. The minute the US government has that fingerprint, it is not yours any longer,” said Laperriere.

Second, the scheme would halt the creation of mountains of personal information and help prevent personal data going awry ­ – such as when insurance firm Zurich lost personal information relating to 50,000 UK customers that had been stored on a backup tape.

“A high-level legal framework of this sort is the missing piece and it would allow smoother business transactions and easier dealings with the state,” said Ant Allan, research vice president at analyst Gartner.

“There are already technical models in place such as Microsoft’s Geneva or Open ID - as used by Google - but they do not yet sit within a legal framework so there is no basis of trust that would enable online financial interactions.”

GTC wants government and commerce to be involved in the scheme, and several countries including Sweden and Switzerland will launch pilots next month, with two undisclosed UK-based financial companies also carrying out internal trials.

The council will also hold a place at the Commonwealth heads of state meeting on 27-29 November.

Laperriere said there were major financial benefits to the scheme. “The relationships-based system will see reductions in trading time, eliminate the need for databases held online, and mean that there were more potential business partners for commerce ­ – thereby cutting costs and increasing opportunities for banks and other businesses,” he said.

The GTC is looking to bring 20 member states on board by this time next year. It also plans to have established more than 200 sector-based policy initiatives in the same time frame, including areas such as e-banking, e-voting and e-commerce.

But there is still work to be done, said Allen. “Commercial institutions will need to be convinced that there are commercial benefits; without a business incentive to take up this scheme, it will not get beyond the theoretical stages,” he said.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %