Wednesday 5 February 2014

RIP IDA – JFDI security

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

It's that speech again, the speech that won't stop speaking to us, the speech given by Public Servant of the Year ex-Guardian man Mike Bracken CBE to the CfA Summit 2013 on 16 October 2013. Just a 39-second clip this time, starting at 19'35", and the topic is security:


The state needs security, companies and other legal persons need security and so do natural persons, families, individuals, you and me. We're talking about secrecy here, confidentiality, privacy, resilience and control. You need to have control over your bank accounts, for example, it's against your wants, needs and interests for anyone else to have control over them, unless you've gone gaga, in which case let's hope that you've granted an enduring/lasting power of attorney to a relative or a friend with your best interests at heart.

Security is important. If you lack the imagination to understand that in advance, you pretty soon find out the hard way after the event, after security has been breached, as Janet Hughes and Leisa Reichelt were reminding us only the other day, please see Security and convenience: Meeting user needs:
When they’re asked how they feel about security online, people tell us they prioritise security as a need. When we meet people in the lab who’ve had their digital security compromised, they talk about  it as a devastating experience.
Security is important. And yet what's that Public Servant of the Year ex-Guardian man Mike Bracken CBE was telling the CfA Summit? You can overdo security. Usability/convenience is much more important. Security ought to be relaxed. Especially for people with a one-month old daughter.

The logic is less than impeccable.

Which is worrying when you remember that Public Servant of the Year ex-Guardian man Mike Bracken CBE is the senior official, the top civil servant on IDA, he is the senior responsible owner of the pan-Government identity assurance programme (RIP).

Janet Hughes and Leisa Reichelt also say that:
People expect registering for government services to be the same as signing up for a social media or shopping account.
Only silly people. Only people who need protecting from themselves. Responsible public servants must realise that and should say it. Remember that word "devastating".

No responsible adult would make the mistake of believing that the experience of signing into your Twitter account is comparable to authorising a payment from your current account on-line. If IDA is heading in that JFDI direction, then the Government Digital Service are being irresponsible.

No comments:

Post a Comment