I was worried about this....
... then I remembered its a Gartner prediction, so a 99% chance of it being wrong.
Gartner's latest set of public sector technology trends predicts, among other things, that a third of national governments (and half of US states) will have mobile-based identity wallets on offer by 2024. Many of its other findings will come as no surprise for the enterprise technology world: cut down on the siloed quick-fixes …
I'm not keen on that idea. I just can't help feel it may lead to yet more identity theft. When did your android last get a security update again?
Heck I'm not even keen on any nationally forced photo ID for that matter (despite that most of us carry one in the form of a driving license or passport, or for the youth, a college pass etc)
Isn't it ironic, I love technology and have been using the internet for 20+ years but the more I see on how it is used by large companies etc.. the less I want to use new stuff and the more I prefer to not use online services.
I even successfully avoided all social media because of how the information is used.
I guess I just became old and don't fit into the modern world :-|
Last time I checked... you are not required to have your driving license with you even when driving but you may be required to go to a police station with your license with 24 hours if a policeman decides there is a problem with the way you drive.
I thoroughly agree with you that using a mobile phone for anything that requires security is completely insane. About the only more stupid idea I could dream up would be to use blockchain - oh wait: Gartner beat me to it.
If the article had said something about the government allowing authentication with FIDO2 I would have wondered what had happened to the rest of February and the whole of March. There is no way I would believe such sanity from our politicians as the OMRLP have clearly held the majority for decades.
It's 7 days, not 24 hours.
I've just re-read the article and it's so full of business jargon that I found it impossible to follow.
"A decentralised identity is supposed to allow users more self-determination in regards to identity data by putting the user in charge of the storage and transfer of their data,"
More "in charge of the storage" than I already am with my drivers license and passport?
Sometimes the tech solution is not better.
"Some things," he said, "you can do by mandates," but "mandates can only go so far."
That's just fucking sinister!? So "mandates" aren't enough? How far should we go?
"Last time I checked... you are not required to have your driving license with you even when driving but you may be required to go to a police station with your license with 24 hours if a policeman decides there is a problem with the way you drive."
It depends on where you live and how agreeable the PC is. In the US, you must have your driving license with you whenever operating a motor vehicle on public roads. You must also identify yourself to a LEO when asked, but that doesn't require showing an ID, but it's a good idea.
If They are looking for somebody and you vaguely match the description, They'll want to know who you are before letting you go about your business.
El Reg has a long history of objecting to National ID schemes, has that changed? The tone certainly seems to have changed.
Is it inevitable now? Has the argument changed, and does anyone feel there is actually a requirement for these? Are the well documented downsides no longer anything we need to worry about? "trust us, we won't do anything bad"
And government departments can't even get together to agree requirements - GOV.UK Verify ignored the need to ID someone acting on behalf of a business for example
"Currently, there are 191 different ways for people to set up a variety of accounts to access different services on Gov.uk, with 44 different sign-in methods,” according to a Cabinet Office announcement on 13 October 2021.
Sticking it on a mobile isn't going to fix the problem
Oh yeah, absolutely. We really need an identity verifying app on the most insecure, unupdated platform that has ever existed.
Bonus round : having to prove that you are the owner of the phone once you've "proven" your identity.
Different standards will create opposition to those initiatives ?
I'm already there, mate.
What makes you think you need an app to prove identity?
All this kind of thing comes down to is the ability to securely store a private key, maybe a few KBs of data. Something a smart card can do.
Asking a smart phone to store anything securely on the other hand... Ask those hundred million Samsung owners about that.
Also, of governments want to make smartphones basically compulsory then they need to make them free and a human right along with internet access and banking
So Gartner somehow decides that a new technology is going to appear or replace something.
Then, unsurprisingly, that happens.
So much of what Gartner spews out is based on money, sponsorship and advertising they have lost any credibility (assuming they had any in the first place). Large organisations pay huge amounts of money for access to these analyst reports that often don't actually tell you anything. When they do it is just thinly veiled advertising. Manglement lap up these reports because it is a huge arse-covering exercise "well we selected this because it was recommended by Gartner".
Yes. Some years ago, Gartner's analysis business actually employed some of the best and most experienced analysts around - who were not afraid of telling the truth - and their reports were actually useful (I was never quite so happy with their consultancy business, however).
But a few years ago the bottom fell out of the analyst market. Businesses stopped being willing to pay so much for their reports (after all - they could just tell a minion to get on the Internet and search around the websites of the suppliers to do their own analysis, couldn't they). As a result, two things happened: i) analysts (including Gartner) cut costs by getting rid of their experienced, expensive analysts and ii) reports became mostly funded by suppliers instead of users.
Gartner largely moved to a new model where suppliers were invited to submit lots of stuff about how great they were and Gartner would put it all together, edit it, and publish it. The game became how to add some stupid stuff Gartner could cut out, to show they were being independent, while making sure they left in as much of our marketing rubbish as possible. My colleagues and I got quite good at at that, I will admit.
Not that they are any worse than their competitors: they just have the advantage of being comfortingly expensive and hence are more believable.
On a mobile device.
In a system designed and built by the government.
What Could Possibly Go Wrong?
Still, I'm sure that the usual suspects providing IT services and consultancy to the public sector will be delighted to pay the usual bung to Gartner for triggering this bastard bonanza of bullshit and bollocks.
 Public sector IT: A cockup looking for a place to happen.
Mobile phones, the single point of failure for the 21st century.
Credit card? Put it on your phone.
Debit card? Put it on your phone.
Cash? Put it on your phone.
Ticket? Put it on your phone.
Boarding pass? Put it on your phone.
2FA for all your banks, government services, etc? Put them all on your phone.
ID? Put it on your phone.
Lost your phone? Oh dear.
Phone confiscated by the police for an "investigation"? Too bad.
Police "accidentally" lose the phone? Sorry, can't help.
Phones are also a target for thieves if they can nick yours while unlocked. The phone itself isn't worth anything, but how long would it take you to notify your bank, credit card companies, Amazon, etc from the time you notice your phone is missing? Or, is that information stored on the phone?
I don't have any sort of lock on my phone. My approach is to not put anything on it other than a very generic phone list. I have a stand alone SatNav, do my banking in person and pay for things often in cash. All it takes is a little forethought. I do have a debit card, but only keep a nominal sum in that account and add to it when bills that I pay online come due. If my phone gets stolen, I'm out around £50 for a new phone.
I was watching a show in the telly about border patrol in the US and one segment talked about an ICE IT person reading the data from an iPhone. They didn't show the phone so I don't know that it was indeed an iPhone, what model or just a generic mobile. They also imaged the person's laptop and a couple of other devices and were having a good rummage through the files.
There was a big standoff between Apple and the US government about being able to unencrypt files on an iPhone with Apple refusing to create any software for that purpose. The government was very displeased and may have tapped a black budget to do it on their own. They aren't good at keeping secrets so maybe the Customs officer talked too much. Homemade Security and the Customs people aren't all that bright so maybe not.