William Heath writes about the ongoing universal identity debate in the UK in the response to a few blog posts including mine on the George Mason University identity break-in:

The sickening logic is that these ill-conceived university ID systems make appealing targets for identity thieves, and that a compulsory UK ID system will be far more appealing still.

I guess if government was on the leading edge rather than the trailing edge of technology innovation, they would design a digital identity system whose #1 requirement was "resilient in the face of digital identity attacks". When designing a new identity system, one has the luxury of prioritizing requirements in that way, and there is little excuse not to do this in this year 2005.

As Kim Cameron points out when discussing his newly published 6th law, the inevitable side-effect of the increasing importance of digital identities are ever-more sophisticated identity attacks. Identity attacks are a growth business, no question.

Just imagine if a for-profit hacker — or worse, a hostile government or non-state actor — hacked into a digital identity database containing rich identity information about virtually everybody in a country. And unless an identity system is designed to resilient from day one, it is going to happen with a likelihood of 1. The only question is when it is going to happen, and even if we are going to know it once it has happened. Stuff for a Tom Clancy novel?