Virtual info cards and choosing the right guinea pigs…

Dick Hardt from Sxip was interviewed last month by IT Conversations on the Government of BC’s plans for a virtual information card pilot.

Mr. Hardt points out that privacy laws in BC and Canada are very strong compared to the rest of the world, and that governments are actually not interested in collecting and linking citizen data unnecessarily.  The goal is to NOT have an electronic ID card like those that are being rolled out in other countries.

There is a lot of interesting information in the interview, but for now I’ll stick to some comments on the implementation.  Mr. Hardt maintains that the virtual info cards are more advanced than traditional tokens because they allow for a user to select what information can be shared with the site being accessed.

The first use case being implemented is not particularly ambitious from a identity standpoint.  Recognizing that government staff tend to work together and often travel to each other’s work sites, there is a need to share wi-fi connections at dozens/hundreds of sites.

Info cards will be used to control a user’s access at these sites.  By integrating the technology into the wi-fi portal, access can be restricted to those that possess a valid info card.   Users that want Internet access at the site simply present the virtual card to gain access.  This results in improved privacy because the card is only used to confirm that the user is allowed access — it does not identify them.

It is an interesting choice for a first implementation.  The users are all known to the organization (typically senior-level staff) and have a well defined need.  Both privacy and security is improved and, apparently, a standard solution can be rolled out to many locations easily.

But most intriguing to me is the user audience.  This implementation targets roving users — and most often these are director-level and higher in government.  As these laptop enslaved decision-makers roam around the province, the ease of the solution should win converts.  When designs for more tricky info card  implementations, such as those for public citizens, arise in the future, the management teams are already well-versed with the technology and able to make informed decisions.

This is of critical importance to identity and access management systems.  Having had direct experience designing identity systems in the public sector, I can attest to the importance of having educated decision-makers at the table.  When issues around privacy and security need to be escalated, you want your sponsor and team to be knowledgeable and comfortable with the topic — and, ideally, the technology.

The BC Government appear to be making smart choices with this project, it will be interesting to hear how it progresses in the next few years.


Author: code

Mike Waddingham is senior Information Technology management consultant with over 30 years of industry experience. He is the owner of Code Technology Corp.