Tuesday, 4 March 2014

RIP IDA – The Road to Estonia


Come off it, Sten.

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Has it sunk in yet just how important Estonia is to all of us here in the UK?

According to Google there are 45 instances of the word "estonia" on the DMossEsq blog, stretching all the way from Anonymous demonstration of foolproof Cabinet Office plans back in April 2012 and Francis Maude seeks future in Estonia in May 2012, via the Government Digital Service (GDS) "fantasy strategy" series later that year, all the way through to November 2013 and GDS and international relations.

Then in January this year Public Servant of the year ex-Guardian man Mike Bracken CBE, executive director of GDS and senior responsible owner of the pan-government identity assurance programme (IDA), emitted this tweet:


That's the penny that needs to drop: "Estonia is a model for all of us".

That's what Martha-now-Lady Lane Fox's digital-by-default revolution is about – the UK should become more like Estonia.

That's what the UK government signed up to when they allowed GDS to make a presentation to the Cabinet on 29 October 2013.

And that's their manifesto sorted out for the 2015 general election – a vote for us is a vote for Estonia coming to the Home Counties.

The article linked to in the tweet above is Lessons from the World's Most Tech-Savvy Government – An Estonian shares his country's strategy for navigating the digital world. The Estonian in question is Sten Tamkivi, an "entrepreneur in residence" at the venture capital company Andreessen Horowitz. And it's uncanny – in just under 1,500 words Sten mirrors just about every theme in DMossesq.

Sten: The first building block of e-government is telling citizens apart. Estonia has a working identity management system (according to Sten). The UK doesn't and, judging by the progress to date on IDA – none – it's not going to.

Sten: For these identified citizens to transact with each other, Estonia passed the Digital Signatures Act in 2000. Beware. Digital signatures are irrevocable. That's the point of them. At the moment in the UK, as things stand, if you are the victim of identity theft, ... you're not. There's no such crime on the statute book. The bank is the victim of fraud. It's up to them to try to recover the money and, in the meantime, they have to reimburse you whatever is missing from your account. Change that by introducing digital signatures, and you must have agreed to the fraudulent transaction. It becomes your problem, not the bank's.

Sten: Every person over 15 is required to have an ID card, and there are now over 1.2 million active cards. That’s close to 100-percent penetration of the population ... As mobile adoption in Estonia rapidly approached the current 144 percent (the third-highest in Europe), digital signatures adapted too. Instead of carrying a smartcard reader with their computer, Estonians can now get a Mobile ID-enabled SIM card from their telecommunications operator ...

... in other words, Francis Maude can deny that IDA is anything to do with ID cards until he's blue in the face but he's wrong. It's just that, if IDA is ever to work in the UK, the credentials will be digital certificates stored on PCs/tablets/mobiles instead of the material ID cards required by the now repealed UK Identity Cards Act 2006.

Sten: Besides the now-daily usage of this technology for commercial contracts and bank transactions, the most high-profile use case has been elections ... During parliamentary elections in 2011, online voting accounted for 24 percent of all votes. (Citizens voted from 105 countries in total; I submitted my vote from California.). C.f. the clumsy pretence in the UK that Individual Electoral Registration is about individual electoral registration and the Electoral Commission's give-away indication that it wants to introduce photo-ID for voting. That appeal to nineteenth century technology will surely amuse the eFolks back in Tallinn.

Sten: Public and private players can access the same data-exchange system (dubbed X-Road), enabling truly integrated e-services. We have the Government Gateway in the UK, rather than a crossroad, but GDS want to replace it with an "ID hub", which still hasn't been seen or certified three-and-a-half years after the starting pistol was fired on 20 September 2010.

Sten: A prime example is the income-tax declarations Estonians 'fill' out. Quote marks are appropriate here, because when an average Estonian opens the submission form once a year, it usually looks more like a review wizard: 'next -> next -> next -> submit.' This is because data has been moving throughout the year. When employers report employment taxes every month, their data entries are linked to people’s tax records too. Charitable donations reported by non-profits are recorded as deductions for the giver in the same fashion. Tax deductions on mortgages are registered from data interchange with commercial banks. And so forth. Not only is the income-tax rate in the country a flat 21 percent, but Estonians get tax overpayments put back on their bank accounts (digitally transferred, of course) within two days of submitting their forms ...

... which takes us back to 21 July 2013 and The old concept of HMRC is worn out. The Estonian authorities have enough information on their parishioners – even down to their charitable donations – to make a fist of completing their tax returns for them and to take payments/make repayments automatically. They do. Here in the UK, HMRC don't.

Sten: This liquid movement of data between systems relies on a fundamental principle to protect people’s privacy: Without question, it is always the citizen who owns his or her data and retains the right to control access to that data. For example, in the case of fully digital health records and prescriptions, people can granularly assign access rights to the general practitioners and specialized doctors of their choosing ...

... as opposed to here in the UK where we all woke up on Monday 3 March 2014 to find out that HSCIC had paid PA Consulting to put all our hospital records up in Google's cloud, having woken up the week before to be told that HSCIC were going to delay the expropriation of our GP records by six months because they'd just noticed that neither the doctors nor the patients nor the house of Commons Health Select Committee trust them.

Sten: Moving everything online does generate security risks on not just a personal level, but also a systematic and national level. Estonia, for instance, was the target of The Cyberwar of 2007, when well-coordinated botnet attacks following some political street riots targeted government, media, and financial sites and effectively cut the country off from Internet connections with the rest of the world for several hours ...

... you probably wondered whether Sten was going to mention that embarrassing episode, Estonia hit by 'Moscow cyber war'.

No real soldiers needed
to bring Estonia to its knees,
just "botnets".
Once you've become digital by default, all Russia has to do is deploy a division of "botnets" and the country grinds to a halt. You don't have to wake up a single sailor in your Black Sea fleet and ask him to put on his balaclava, amble over to the Crimea and surround all the military bases. The "botnets" do all the work for you.

That looks like a knockdown reason not to become digital by default.

But Sten disagrees.

Sten: Since then, however, Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage.

So what? How does that help?

You're going to love the answer.

Sten: There is also a flip-side to the fully digitized nature of the Republic of Estonia: having the bureaucratic machine of a country humming in the cloud increases the economic cost of a potential physical assault on the state. Rather than ceasing to operating in the event of an invasion, the government could boot up a backup replica of the digital state and host it in some other friendly European territory. Government officials would be quickly re-elected, important decisions made, documents issued, business and property records maintained, births and deaths registered, and even taxes filed by those citizens who still had access to the Internet.

Come off it, Sten. And Toomas.

Think about it.

If you spin up a new Estonian eGovernment somewhere else in the cloud, the "botnets" just attack that one, too. Progress? Nil.

And you try finding a supplier in a "friendly European territory" cloud prepared to host the digital Estonia for you in the first place. Once Vladimir gets his secretary to ring up and threaten them with cutting off the gas and oil supplies, you can forget about any euroTovariches getting involved.

Would Amazon host you? Do you think that's in their financial interests?

Suppose Google agree. Or Microsoft. Or cuddly old Apple. Or any of GDS's friends. It's easy to spin up a new instance of Estonia anywhere in the cloud, anywhere in the world, instantly. That's the kind of thing it says in the sales literature. But is it true? Or does it take three weeks? By which time, Estonia has starved and frozen to death.

Suppose Russia doesn't play ball and fight the next war the same way they fought the last one. No "botnets" this time, they might try something a bit subtler. Nobble one or two certification authorities and they could sell all of Estonia's assets to the V. Putin family trust for 100 Swiss Francs. Digitally signed, the transaction would be irrevocable and from that moment on the whole country would become a tenant owing monthly rent to their next door neighbour.

That is no model for the UK. Digital-by-default is a strategic error.

Nor can we be sure that Sten is right about everything working smoothly in today's Estonia. We have just one man's word for it. And that man is a self-confessed entrepreneur in residence at a venture capital company. Utterly charming no doubt, like Lady Lane Fox, with a vivid imagination but a salesman for all that, used to spinning plausible yarns.

Sten says of today's Estonians, with a straight face, in scenarios where they can’t legally block the state from seeing their information, as with Estonian e-policemen using real-time terminals, they at least get a record of who accessed their data and when.

ePolicemen? We've got the law made by an eGovernment in the cloud for eCitizens on a register being enforced by ePolicemen? What could possibly go wrong?

As the gap between the electronic records and the reality they are meant to reflect inevitably widens, the ordinary man or woman in the street must begin to feel like a mutant. That's one thing that could possibly go wrong.

Let's reserve judgement until we hear from other Estonians how well this eState functions before assuming that Sten's picture is accurate.

Luckily, we are a long way from Estonia's sad fate here in the UK.

We don't even have the "first building block of e-government" prescribed by Sten, a national identity management system.

Nor do our officials suffer from the obsession with security that afflicts Estonia – Public Servant of the year ex-Guardian man Mike Bracken CBE expressly forswears it.

No strategic errors for us. No "humming in the cloud".

Where the security on our Parliament.UK website must look buffoonish to the average Estonian schoolboy, to us it just looks charmingly British and human.




Updated 18.3.14

The Times has a story at the moment, PM orders Gove to lay off Old Etonians. That's what it says. But what someone read was "PM orders Gove to lay off Old Estonians".

Updated 12.5.14
PRESS CONFERENCE 12th May 2014 11:00am – Hotel Metropol, Tallinn

International Team of Independent Election Observers to deliver report on Estonian Internet Voting System

...

Their analysis has identified serious flaws in the systems and processes used in Estonian internet voting.
See also the video put together by the University of Michigan, the Open Rights Group and others.

The implication is that you will never know whether the result of an Internet vote was determined by the voters or by someone with enough nous to defeat the security of the voting system. "Even" in Estonia.

This seems to be a speciality of the University of Michigan. Long-term readers will remember the effortless undermining of a Washington DC Internet voting system back in October 2010, please see Hacker infiltration ends D.C. online voting trial.

2 comments:

Anonymous said...

And the population of Estonia is….1.3m but so important to …..yes Messrs Bracken and Maxwell where it makes them important with the Minister blindly following by signing a MOU https://www.gov.uk/government/news/uk-and-estonia-sign-memorandum-of-understanding-on-digital-government where Estonia according to Maxwell is a leader in digital….yes with 1.3m people ……unbelievable BS from our leaders in digital….

brianwernham said...

Estonia has a stable population that is declining. 10% population shrinkage mainly through emigration since 1990, and only 0.2% immigration (I just checked on their wonderfully easy to use online stats tool!)

Easy to be well organised when your population (& economy) is stagnating!

Brian

Post a Comment