3 Reasons Federal Managers Need to Understand Identity Management
Robust identity management can help government managers.
In my last post on emerging trends, I wrote about online identity management and how it could benefit individuals, governments, and the economy. For this post, I want to concentrate on how a more complete identity management scheme would benefit government managers in the three ways that have been the focus of this series: Real-time data collection and analysis to drive decision-making; efficient use of physical and communication networks; and managing citizen participation in agency activities.
In some ways, identity management is like mobile: at this point, it's almost like an infrastructure - invisible except where it breaks down. But it's also disappointingly inefficient and, in some ways, beside the point: identity management is not a means to an end, and sometimes what is necessary is not ever verifying every aspect of a person's identity, but only discrete components.
For example, municipalities might need only to ascertain that a certain user lives within the city limits. The user's "real name" doesn't matter, nor does her (or his) social security number, or twitter handle. Likewise, age matters only in as much as the user is above a certain age--but a 25-year old is essentially the same as a 52-year old or a 75-year old in terms of legitimacy to use the system.
The internet's famous capacity for obscuring identity was captured in an only slightly-less famous New Yorker cartoon, the caption of which reads "On the internet, no one knows you're a dog." The advent of such tools as TrustCloud--a trust-management site--allows anyone, including government managers, to see if users really are dogs.
How understanding, and fully harnessing, identify management will benefit government managers is becoming increasingly clear. There are three ways that particularly stand out:
1. Real-time data collection and analysis will help drive decision-making
As I've written before, the volume of mobile computers and the ever-expanding universe of sensors that can be attached to them are creating a bonanza of data for government managers whose mission is to react to events as they happen. But it all depends on the trustworthiness of the data, which itself can depend on the trustworthiness of the human operator. With verifiable identity, government managers can know which sources have proved reliable in the past, and which have not.
2. More efficient use of communication networks
A key component of using physical and communications networks is allocating bandwidth (both real and metaphorical) appropriately--and sometimes that means restricting use of the network to specific people. Robust identity management (or, again, verification of certain credentials) means that government managers can keep communications channels open for types of people, even if those people may not have previously acquired credentials from the government.
Emergency management provides some of the clearest examples. During and immediately after an extreme weather event, communications channels may need to be cleared for medical personnel, or holders of commercial truck licenses. In more prosaic circumstances, government agencies might want to reach out to software developers, or people with fluency in a certain language. These are attributes of our identity that could be part of an online identity management system that would benefit both individuals and public sector organizations.
3. Easier management of citizen participation in agency activities
All of this leads to better management of citizen participation. At the highest level, it enables citizens to manage themselves because government managers can more easily establish a framework, outlining agency needs and tasks, and then allow citizens to organize themselves within the strictures of that framework.
Government managers can then verify the relevant aspects of participants' identities and parcel out tasks as they arise. Identity management undergird and acts as a force multiplier for mobile, networked sensors, Products-on-Demand, and advanced sharing.
How do we get there?
I’ve written previously about the activities of "NSTIC," the National Strategy for Trusted Identities in Cyberspace. Whether people decide to entrust their identity data to a private-sector organization (like a bank), an identity service (like Personal), a government agency (like the DMV), a quasi-government organization (like the Postal Service) or simply keep it themselves (as in a browser extension), I’m hoping that the standards are based on NSTIC’s criteria—that the system be:
- Privacy-enhancing: users relinquish as little privacy as possible when they opt into the system
- Voluntary: users must not be required to opt into the system to manage their identity
- Secure: identity administrators must fortify the system against breaches
- Resilient: in the event of a breach, administrators must be able to recover quickly
- Easy to use: users should not have to have a password like this: J8JΒΝzγΨfΛδ@6%vΤfShr57w/
- Interoperable: the system should work on a tablet, a phone, or a computer running any major operating system and should work for any online tool that requires a login
- Cost-effective: the system must not impose undue financial strain on businesses or consumers that use it
Ultimately, I don’t think there will be an “end state” for identity management, but rather we’ll see a constantly evolving market, similar to the one we see now for computer operating systems. The goal, then, is not a perfect identity system, which is all but impossible, but a highly flexible, and constantly-evolving system that can adapt to fit people’s needs whatever they might be.
Image via Tkemot/Shutterstock.com