British Columbia will test a virtual ID "card" that enables citizens to connect with the government's online services more safely and easily, a top technology official said.
The government plans to begin tests on an "information card" early in the new year, said Ian Bailey, director of application architecture for the province's Office of the Chief Information Officer.
The cards are in the early stages, and "there's going to be some challenges," Bailey said.
An information card is not a card at all: it's more like adocument delivered to users' computerswhichthey can then use to access government websites.
It's meant to replace the currentmethod of access, which involves logging on to a site with a name and password, and has a digital signature that can't be changed or reproduced,Bailey said.
"It will give us better privacy protection for individuals," he said.
Among other attributes,Bailey said using aninformation card means:
- The government won't know which sites the user visits.
- The user is in control of shared information.
- The cards won't have to reveal users' birthdates or addresses, or a student's school. Instead, it could simply confirm the user is over 19, a B.C. resident or astudent.
Hecompared using the card to using a driver's licence for identification since,in both cases, thegovernment does not knowwhat the citizen is doing.
Ontario privacy commissioner likes cards
Ann Cavoukian, Ontario's privacy Commissioner, said information cards have "several key advantages" over username/password systems.
She outlined thebenefits in a white paper about identity metasystems — a means of ensuring users can easily access all their online identities, such as an information card — on her website.
The paper said information cards mean:
- The end ofstolen, lost orforgotten passwords.
- Less "phishing," when a password is stolen by an unauthorized user, because authentication used by one siteis useless for another, even for the same information card.
- Less storage of sensitive information, because the cards can resend it every time they are used, so the accessed site doesn't need to retain it.
But Cavoukian also warned thata universal identity metasystem could be misused and "become an infrastructure of universal surveillance."
Sevenlaws of identity
The Seven Laws of Identity, developed by Microsoft's chief identity architect Kim Cameron and other privacy experts is at the base of B.C.'s trial.
The laws outline ways in which online retailers, banks and other organizations can enhance privacy in the next generation of internet identifiers,such asthe information card.
B.C. will offer the ID cardfirst to residents who already have government issued passwords for accessing certain sites, Bailey said.
The project includes identity companies CA Inc. (formerly Computer Associates), Microsoft and Sxip.