Sometimes, when you're bored and on the way to work you start to stumble around in your mind with ideas. For some strange reason this morning I started thinking about the Government's ID register and ID card scheme whilst on the Circle Line.
I then had an epiphany on how you could have such a scheme that really was about identity affirmation only, was also secure (usual caveats apply to the use of that term), and which would resolve civil liberty and security concerns about the Government storing our data.
To set the scene, and this is a very high-level view, the current ID register, and subsequent cards/passport technology works in a match based scenario. So, you register for a passport, they take your information, name, address, date of birth and your biometric data. They put this on a database and also on your card, and then when you come to identify yourself a match check is done.
So, when you identify yourself, which is what the Government says the scheme will enable you to do, the logic flow is as follows. Scan fingerprint. Does fingerprint match that on card? Does fingerprint on card match existing record on ID register. If yes, all good. If No, flash red alert lights. The key here therefore is not just in the match but in the fact that the ID register exists as a datasource readable by the state.
What this means is the autonomy and ownership of your private data is transferred to the state and the register. When you identify yourself you ask them to match you to an identical record they store and they confirm identity on that basis. There is however another way of doing this which would mean the register would hold no data on you that was useable by the state because it works like this.
When you go to register for a passport and/or card (assuming they were brought in), you provide your information as normal. The difference comes with the biometric part. Your biometric data, fingerprint or iris scan, is used as a private key in order to generate a public key. That public key is then used to encrypt the data about you that will live in the register. The biometric does not get stored anywhere. This means only you, with your fingerprint or iris scan can unlock the data.
Crucially, each individual record on the database would be uniquely encrypted effectively with a one-time pad starting point in the form of your biometric. If the database was compromised it would be useless as a result because it would require the private key (biometric) of each individual on the database to unencrypt each record on the database. The public key that encrypts the data is useless for decrypting it without its private key pair in the form of the individual.
Additionally, by using the biometric as a private key, it would be the random entropy of nature, rather than a random entropy of a computer processor that generated it. If you then used the public key generated by the private key to encrypt the data held on the database only the indivudal and not the state could unlock and read the data. So, no more Big Brother database where the state holds our biometric data and information.
Instead we'd have a database that on its own is useless. A database that can be used to identify yourself when you present your private key in the form of your thumb print to it. A database that uses biometrics to identify yourself, but does not store biometric data. A database that cannot be used by the state for further data mining and data sharing. A database that, if lost, would be of no value to anyone. A database where the ownership of the personal data remains with the individual and not the state.
Reference: Asymmetric cryptography
Update: Of course, the current Government does not just want an identification system, they want it to do much more. A future Government on the other hand looking to reassure, for example, people with passports, that their data is safe and that they (the Government) have no access to it, might prefer to do something like this.
Please also note that I am not arguing in favour of ID cards here. This is about the ID Register which the Government want to use with ID cards. The register however also exists for things like biometric passports. This idea would basically move the biometric data back to the owner whilst still exploiting its usefulness for identification affirmation.
Update II: Raised in the comments and privately to me, this is just an idea about flipping the ID register on its head and making it based upon individual record asymetric encryption that can only be decrypted by the subject of that records content. It assumes that biometrics are more reliable than they are currently considered to be. The key here is bringing back the autonmy of the individual over their data, rather than having the status quo where the state in effect appropriates ownership.