【文章內(nèi)容簡介】 vis ? Just as much as laws, the design of IT systems can have strong effects in embodying and freezing a particular set of administrative capabilities … ? The considerable costs of making a relatively fixed investment in a particular type of puter system, with a particular software and defined programmes and routines written within it, thus add a significant layer to the insulation of current policy orientations Conservative plans ? David Davis wrote to Cabi Secretary, Sir Gus O39。Donnell, giving formal notice that an ining Conservative administration would scrap the Government’s ID card project John Higgins, Intellect ? Firstly, it is important to state that the UK technology industry is neither for, nor against the policy of introducing ID cards in the UK. This public policy debate took place and was voted upon in Parliament. ? As an industry we are now working hard with the Identity and Passport Service to ensure that the ID cards procurement results in solutions which are practical and deliverable. To this end, we believe it is wholly inappropriate for the industry to be used as a mechanism for scoring political points. ? Moreover, it is highly likely that the manner of this intervention will undermine the confidence of the supplier munity in any future Conservative Government honouring other contractual mitments which may have been entered into by previous administrations. ? It will potentially make panies wary of entering into any public sector contracts at all. Such a fall in confidence would inevitably affect business decisions panies make about investing in UK Plc generally. Identity Risk Management in eGovernment Services Aim of report ? Centralised advice on identity risk management for eGovernment ? Based around a process for assessing risk and detailed specifications of action for each level of risk How the Identity Risk Management Process works 1. Identify service level 2. Select appropriate processes 3. Confirm residual risk 4. Handle special cases Service levels (03) ? Level Zero – Services are those which involve a ‘best endeavours’ relationship between the service provider and the individual requesting the service ? Level One – Relates to services where there is an obligation on the part of the service provider to make all reasonable efforts to provide the service to the requesting party ? Level Two – The relationship between the parties is formal. ? Level Three – Represents the highest potential impact in cases of possibly falsified or mistaken identity for online services. The likely impacts here include damage to property, severe embarrassment to an individual, significant financial harm to an anisation (including the service provider) and possibly physical harm to individuals Scores for the ID cards scheme? Advice on risk mitigation ? Clients will authenticate themselves to the system by the presentation of a digital certificate. This will be held in an access token, which would ideally be a smart card, token or mobile device. Clients will demonstrate their right to that credential through the use of a private key, and a password or biometric. ? The system will authenticate users based on the validity of public key / private key pairs, and on the validity of the credential. Username/password binations are not acceptable for Level 3 authentication Joan Ryan ? ?There will be a number of different methods of verifying identity under the National Identity Scheme ranging from a visual check of the card, which will not require a card reader, to card authentication, PIN verification and up to biometric verification where a high level of identity assurance is required? John Reid ? ?Design work with potential users of the identity verification service remains ongoing. As such, it is not possible to state which services and information will be available online to ID card holders through the use of a personal identification number at this time? Other issues Increased concern about the surveillance society ? Information Commissioner’s Office – A Report on the Surveillance Society ? Royal Academy of Engineering – Dilemmas of Privacy and Surveillance: Challenges of Technological Change Parliamentary inquiries ? House of Commons Home Affairs Committee inquiry into ?A surveillance society?? – ?The inquiry will focus on Home Office responsibilities such as identity cards …? ? House of Lords Constitution Committee inquiry ?The Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State? – ?Information systems and processes used to identify individuals and information about them (including, … ID cards). ? Further information: 7^blfpisQwUAYE$H*L+1~5。8 cmgqOuSxVBZF%J)N=26:akenhrPv TzX