[Reader-list] FIPS 201 and India National ID, interoperability anyone? - 140

[Taha Mehmood]

Unique Identification Authority of India names ‘Secretary of Identity’

by Salvatore D’Agostino, IDmachines

A race is on, not unlike the race to the moon and we will see if the
United States can catch up with the rest of the planet when it comes
to identity credentials. This blog and IDmachines continue to tout the
progress that has resulted from HSPD-12, its expansion to the private
sector as evidenced by the activities of the 4 Bridges Forum and the
continued expansion and evolution of FIPS 201. However, in terms of
strong digital IDs, the EU is at 100 million as opposed to 10 million
in the US and India just upped the ante.

The recent announcement states that India will roll out a national
identity credential for 1.1 billion citizens and to get it going by
2010. The India Congress Party actions bode well for the Indian and
hopefully global identity industry.

It’s not surprising that one of the world’s most dynamic economies and
the world’s largest democracy has decided to make identity
infrastructure a priority. While not surprising it is impressive that
the Indian government leveraged the mandate of the recent election
(are you listening President Obama…).

India will create a cabinet level position for the Unique
Identification Authority of India and has already named their
“Secretary of Identity” touting entrepreneur, Nandan M. Nilekani, a
founder and former chief executive of Infosys Technologies. Nilekani
will leave his post as a co-chairman of the board to take on the ID
card project.

Here in the U.S. we rightfully want to address finance reform,
economic stimulus, expanded health care, climate change and other
initiatives. It’s great that the Obama administration has decided to
show leadership on these important topics. This blog repeats that
creating a national identity infrastructure should be the first step
in addressing most of these issues (even emission trading is
facilitated by a multi-purpose credential).

It seems that the rationale for the investment is well understood in
India and articles in the NY Times, Financial Times, Independent,
India Times, DNA India, all make points of the benefits of investing
in identity.

These sources site, among other things, that the program will create
100,000 new jobs, stream line government to citizen disbursement,
reduce fraud in benefits to the citizens (e.g. think savings in
Medicaid, Supplemental Nutrition Assistance Program, Unemployment
Benefits, etc.), and enable secure citizen to government transactions
among other things.

All represent goals in play in this session of the U.S. Congress. In
the U.S. we have yet to realize that identity runs across these
programs. Neither Congress or the Obama administration fully realize
the leverage an identity investment gives to all of these legislative,
policy and economic goals. There are bits and pieces of identity in
different bills and no coherent overarching approach. No offense to
the ornithologists or vegetarians but we are missing the opportunity
to kill more than one bird with one stone.

One interesting article even proposed skipping a generation of
identity credentials and basing the national ID on a SIM card. This is
a fascinating idea particularly given the capabilities of today’s
mobile devices.

This is clearly the future and while it’s not a likely outcome in the
India case (don’t think that mobile devices have sufficiently
penetrated to the 1.1 billion individuals who will be covered) but the
fact that it’s being discussed shows how an investment in identity has
the potential to leapfrog the technology base of countries. Maybe it
will be an option and if so it will create a whole new concept of
mobility.

You have to give props to the Indian government for their initiative
and good luck to Nilekani. Not surprisingly IDmachines and many other
companies in the identity world will be taking a close look to see how
they might get involved.

Finally, is anyone making the argument that India should be looking at
FIPS 201 as a basis for their credential specification. More than most
global ID specifications it meets the needs for multi-use by combining
contact and contactless interfaces, logical and physical access
control, strong authentication, digital signatures and encryption, and
continues to evolve (e.g. match on card, contactless mutual
registration, secure channel, elliptical curve, etc.).

Is it possible that we could be entering the world of “Identity
Diplomacy” where the U.S. Ambassador in New Delhi has interoperable
identity credentials as part of his brief? This would certainly be a
boon to economic cooperation, and another way to leverage the global
investment by industry in FIPS 201.