Skip to main content

https://gds.blog.gov.uk/2011/08/10/a-question-of-trust/

A question of trust

Posted by: , Posted on: - Categories: GOV.UK One Login

I have a spreadsheet on my computer at home with about 100 user names and passwords on it. I never have it to hand when I need it. Security experts tell me that I shouldn't note them down, especially with all the viruses and Trojans on my computer. They also tell me that I shouldn't use the same password for each service that I use. So usually I have three stabs at trying to remember my password before swearing loudly at the commuter (or politely explaining the problem to the person at the other end of the phone), giving up and doing something else.

I'm sure everyone has experienced the frustration of being asked a password they can't remember. But the challenge for digital services is greater than just the creation of a usable yet secure authentication mechanism. The question is trust: why do you trust the person or computer at the other end of the digital channel.

It's a complex question that has been around for x thousand years. We've just brought the problem to our immediate attention with the advent of remote services delivered over digital channels. The answer to the question is: we just do. We trust people because we want something and we want it enough to incur the risks that we perceive.

A psychologist told me that we are genetically programmed not to trust anyone or anything 100%. We take everything with a 'pinch of salt'. We make a 'value judgement'.

I asked my daughter who she trusts most. "You Daddy." Thankfully, she hasn't looked at her chocolate jar recently. Her mother, meanwhile, is always borrowing from her piggy bank. She's 7 - she'd be more worried about getting the chocolate back. Knowing who someone is only helps us so much.

Identity is part of the way in which we establish trust. It's necessary for many transactions but not sufficient. It helps us establish facts about the person that we need to make the judgement call. It means we don't have to start every transaction from scratch: we recognise the person at the other end.

We need better ways of establishing trust relationships in the digital era. We need better security than long lists of user names and favourite films. Our aim is to collectively address these problems through the GDS Identity Assurance Programme. We'll use this blog to explain the problems we have and communicate how we're getting on with addressing them.

Sharing and comments

Share this page

11 comments

  1. Comment by Vis Viva IT Services posted on

    We rely on pre-shared keys for security, dispensing with password use wherever possible. To extrapolate this to a wider context, you'd have people using hardware to identify themselves, e.g. digital ID cards. That idea never really took off in the UK and brought more questions that answers, the main one being 'what if the cards were eventually hacked?'. The very things that were intended to instill trust become something to undermine it... Online digital passports (hypothetical example) would be the same.

    That puts us back to Pa55w0rds...

    Fingerprint sign-in? Retina/face scanning? The technology just isn't quite there yet for anything sophisticated to become the norm.

  2. Comment by Ria Tollinchi posted on

    I have to say that for the past couple of hours i have been hooked by the impressive posts on this website. Keep up the wonderful work.

  3. Comment by Rupert Hurley - CEO Digitalle posted on

    Dear David,

    like you, user names, emails and passwords are quite literally the bane of my life. However, my company digitalle has been working on this problem for over over 18 months now (well actually about 11 years if I include my previous life), and we are just in the process of bringing the system gradually to the notice of interested parties.

    We have developed a patent pending authentication platform that aims to introduce an additional layer of confidence and security to the question of trusted users, devices and "things", but in a frictionless way.

    I would be delighted to discuss this matter with you further off-line.

    Rupert Hurley, CEO, digitalle Limited.

  4. Comment by Trevor posted on

    That spreadsheet, David, is it open-source?
    Swerving off topic, but I find this http://www.dfat.gov.au/publications/stats-pubs/pivot-tables.html kind of thing anti-democratic and a worry.
    Australia may well fall into the trap of letting its' identity & authentication services for health care go to private corporations.

  5. Comment by Andrew Lamb posted on

    Go David go!

  6. Comment by Martyn Thomas posted on

    Usually, you don't need to identify, only to authenticate. The question that usually needs to be answered is "does this agent have the right to carry out the requested transaction?" not "who is this person?". Authentication is far less privacy intrusive than identification.

    Many authentication and ID schemes have been proposed and many have been analysed by security and privacy experts. In my opinion, it is essential that the Government utilises this expertise by (a) stating the problem that they wish to solve, fully and clearly, and in terms that do not constrain the acceptable solutions and (b) making the full details of any proposed scheme available for widespread consultation and then responding professionally to the consultation before taking any implementation decisions.

  7. Comment by Rob Dyke (@robdykedotcom) posted on

    http://xkcd.com/936/ had this to say on password strength and entropy. Tools like lastpass and keypassx are great ways of having strength and security while giving an easymasterpasswordtoremember

  8. Comment by Catherine posted on

    It would be helpful if the Cabinet Office put up a web page(s) on the its Identity Assurance Programme which provided a summary of:
    a) What the Programme is aiming to deliver
    b) How the Programme is organised
    c) The current expectation for the delivery timetable

    So far I have not found such a thing. Reports of ministerial speeches on the topic are too vague to be of use to those of us working on the edges of this programme. We need some text we can point people to when they ask for (a), (b) and (c).

  9. Comment by PTB Support posted on

    hmmm....

    On the first point of noting down passwords - I'm not sure Excel is the best tool... mainly down to the number of brute force and dictionary attack password recovery tools available.

    There are other tools which (like the award winning and free password safe) that vastly improves security...

    The main downside is they all rely on a single master password - you find this, you have the keys to the castle.

  10. Comment by Neil Pound posted on

    David, a good blog that gets the discussion going. Trust is emotive and, as such, it doesn't matter how many facts we present to reassure people. What a friend says, or a newspaper headline will probably hold more sway. In my own blog on the subject http://tinyurl.com/3ql6k25
    I ask if we have double standards as citizens and whether we should accept the occasional data loss by the public sector as a reasonable trade between cost and risk.

    Neil P

  11. Comment by Paul posted on

    'Identity Assurance'? Hang on, I'm getting deja vu. Haven't we been here before? In fact the metal gnasher machine has only just finished destroying the National Identity Assurance Service database hardware and already CO has another bright idea to re-create it? But this is different because it's ... digital?

    Okay ... enough hyperbole and opprobrium. The problem is this - there is a classical tradeoff triangle that all government has to contend with in providing services to citizens - that of privacy (or freedom from scrutiny), security and convenience. You can have any two of those at the nominal expense of another. Right, now we've got that concept under our belts, let's look at where it went wrong last time and how we might do better next time.

    Having an authoritative identity store is a truly double-edged sword for citizens because as much as government might like to pretend, if it needs to be used by security and law enforcement (and other typically ill-defined government bodies), against the citizen's best personal interests, it will be. So does this sacrifice of privacy justify the convenience and security that could be offered by having such an authoritative identity store? We already know the answer to that and it is not the answer government wants either for the government's collective benefit or indeed for citizens' collective benefit.

    So what can government do? Well, entrusting the identity store to someone else might be a start. But we already have that - OpenID does just this without the need for assurance from government. After all, an identity assertion provided by government gives both citizens and government a much more assurable way of verifying identity than the problem description (online assurance of an identity) requires. In conclusion then, tying an identity asserted online back to a credit card or authoritative commercial identity is much more appropriate to the problem than tying it to a government identity authority with demonstrably conflicting interests in the data.