Microsoft lines up with the good guys on identity tech

Brands and Cameron pitch the fix for government's Big ID problem


Even now the Microsoft-using UK government gateway service wants to offer single sign-on for all public services, and to extend this to private sector partners – a gargantuan authentication service which would surely become the mother of all 'computers that say no'.

People who think this way remain, as Dr Brands puts it, "in a state of sin".

Whitehall needs to understand why Microsoft had to move on from Hailstorm. It has to demand, on all our behalves, that Microsoft, IBM, Oracle, Google and all our service providers design and deliver systems which protect our privacy and in doing so maintain our collective security. This also reduces the vulnerability to data losses and simplifies obligations under data protection law. Minimal disclosure means we can transact safely with organisations that hold far less personal data.

Would we be able to put this persuasively to Jacqui Smith? Not in an elevator pitch. Probably not in a one-hour meeting. But she's a very smart woman. If we who read and write for The Reg can understand it then I'm sure she and her colleagues can. Those who advised her and predecessors need to consider that they may have been mistaken. They've undervalued the security benefits of privacy.

We all have a very long way to go before we transact and interoperate in a secure online space in a world that conforms to Cameron's seven laws and works in keeping with Dr Brands' enlightened vision. But ensuring a secure future for U-Prove and the mass rollout of U-Prove based products and wide availability across different platforms is a huge step forward.

Far bigger news, as we say, than an ID System rollout plan. ®

William Heath moderates the Ideal Government blog, and serves on the Open Rights Group board and the FIPR Advisory Council. He founded and chaired the government IT research group Kable, now part of The Guardian. A Fellow of the Young Foundation, he is now starting a new venture to help business adapt faster and better to the arrival of customer-centric Vendor Relationship Management.


Keep Reading

'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash

Redmond rips out usernames, says it will focus on customer orgs, not staffers

Crooks social-engineer GoDaddy staff into handing over control of crypto-biz domain names

Web traffic, email redirected, personal info exposed in DNS hijacking

AnyVan confirms digital break-in, says customer names, emails and hashed passwords exposed

Updated Burglary took place 3 months before biz discovered unauthorised entry

Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA

RSA Before you remove the mote from thy hacker's eye, remove the beam from the eyes of your, er, Teams

Singapore to require smartphone check-ins at all businesses and will log visitors' national identity numbers

Even parks and train stations encouraged to use QR codes. Which may show the limits of Bluetooth contact-tracing!

Ad-scamming, login-stealing Windows malware is hitting Chrome, Edge, Firefox, Yandex browsers, says Microsoft

Sophisticated campaign has been going on for months, we're told

Windows Product Activation – or just how many numbers we could get a user to tell us down the telephone

A confession from ex-Microsoft engineer Dave Plummer. Also: WPA fun in the Registry

This better not be a cruel prank: Microsoft promises 99.99% uptime for Azure Active Directory from 1 April

Caveat: Four-nines SLA only applies to authentication, not admin features

Biting the hand that feeds IT © 1998–2021