Technology lessons

[Dave Birch] It must make me sound like some sort of snob, but I genuinely feel that one of the problems with the discussion of identity, privacy and related issues in the public sphere is that, ultimately, the policymakers, regulators and politicians just do not understand either technology as part of the problem or technology as part of the solution. Ian Brown's review of the Thomas/Walport report about data sharing touches on this:

While it makes a brief mention of credentials (r. 5), the report is extremely backward-looking on technology,

[From Blogzilla: Thomas/Walport data sharing review published]

The problem, I think, is more insidious than it seems at first. It isn't just that the people writing the report don't understand the technology, it's that they don't even appear to think that the technology is important. As I noted at the time of the review...

Pete Bramhall from HP sagely noted that the consultation document began with the statement that it assumed a familiarity with the Data Protection Act and other relevant legislation. How come, he pointed out, it did not assume a familiarity with rudimentary information technology, basic data security, elementary cryptography or, indeed, anything else that might help to develop a privacy-enhancing infrastructure for the modern world. Quite.

[From Digital Identity Forum: Another thing invented by lawyers]

How are we going to get a genuine breakthrough in identity management when the gap between the "two cultures" appears to be widening. No, not those two cultures but the cultures of information and communications technology one the one hand and lawyers (particularly the ones that end up in the government).

UK Confidential

[Dave Birch] The excellent DEMOS report on privacy "UK Confidential" contains contributions from many of the people i regard as thought leaders in the field and has ideas aplenty. It was supported by BT "in the interests of furthering public debate", which it certainly does. I'm curious about the extent to which the "tag line" on the report is true or not. It says "an open society depends on individuals rediscovering the social value of privacy". Is it really for individuals? It seems to me that it is something that needs to be woven into the fabric of society -- partly through the technological implementation of identity, the kind of thing that interests me greatly -- because it's a social good.

Anyway, in the introduction, Charlie Edwards and Catherine Fieschi say that "We lack the language to discuss privacy holistically. We use outdated frames of reference that are no longer adequate to discuss the contemporary landscape of privacy concerns or re-frame complex issues about data protection and vulnerability in other terms". I couldn't agree more -- I've been writing a magazine article arguing, similarly, that both the government and its critics on identity management share this outdated frame of reference (which I've labelled "Orwellian") -- and there's no doubt that it is a major impediment, a contributing factor to the privacy logjam we're now stuck in, where privacy and security are seen as opposites that we have to balance in some way. I don't want to dip into the "what is privacy" discussion here, except to note that it is important not to make the mistake of conflating a brief period of essentially urban anonymity with privacy and therefore make privacy something we can return to or get back in some way: Most people, throughout most of history, have had no privacy whatsoever.
The essential core of privacy in a modern context, I think, must be built around choice and consent (this is why I'm looking forward to our participation in a couple of Technology Strategy Board projects on Privacy & Consent later in the year). I tend to see these as important components of future consumer propositions and therefore viable if chosen carefully -- there's no point coming with great privacy plans that business will never implement. They call the privacy component of an exchange an "invisible transaction", which is nice way of putting it. If companies can find privacy-enhancing processes that go with the grain of business, then surely they will promote them (much as they have begun to promote "green" elements of their operations).
In the conclusion Charlie and Catherine say that "our collective ignorance means that we get the privacy we deserve" but I'm not sure I'd be so negative. People are ignorant about lots of things, but they expect professionals (eg, us, I hope) to make good decisions for them. I'm happy to contribute to that debate.

RUSI and all that

[Dave Birch] One (!) of the conferences I spoke at last week was the Royal United Service's Institute's conference on Science and Technology for Homeland Security and Resilience. I decided to put my original presentation about ID card technology to one side and go with my new psychic ID card slides. If you're at all curious, the slides are here...

| View | Upload your own

There were a couple of tough questions -- mostly around "why bother with an ID card at all" -- but on the whole the people there were very nice to me, and prepared to listen to what I suppose must seem like a fairly radical idea if you are from a conventional security background.

As the comments on the original blog post seem to indicate, I think I've stumbled on a useful way of describing an alternative form of identity card. I've been writing it up in more detail for a journal, so hopefully I can address some of those issues as I go along with the "psychic rewrite", by which I mean that I'd already prepared a paper on how to use smart cards, mobile phones and so on to create new kind of identity card, but I'm currently rewriting it to use the Dr. Who framing as it does seem to speak to people far more effectively than any of my previous attempts.

Grasses up

[Dave Birch] If you haven't been over to Wikileaks, you should probably go and have a quick look before you read the rest of this post! There's an article about it in a recent New Scientist, talking about how "onion routing" is used to provide anonymity. So people (eg, whistleblowers in large corporations) can obtain genuine anonymity online. I'm in favour of this, generally speaking, and it's certainly necessary in a free society. But is it sufficient?

Suppose, for example, that I post a plausible-looking document that seems to show that the British Royal family are actually giant extraterrestrial bloodsucking lizards. How do you know whether it's a genuine leak or a double-cross? If, for example, there's a document purporting to be the Identity & Passport Service's National ID Scheme Options Analysis, how can you be sure that it really comes from them (just to pick a mischievous example) or was made up by someone at No2ID? If we as a society agree that some from of whistleblowing is a social benefit -- and yes, we must also accept that it means that some drug-dealing Nazi child pornographers will be able to take advantage of it too -- then we should have systems in place to deliver it. And that doesn't mean implementing anonymity.

Phorget it

[Dave Birch] I have to write something about tracking and tracing, for unspecified purposes. Broadly speaking, and within some bounds, I want to be tracked and traced because I want a better service, more useful adverts, that sort of thing. I remember someone telling me that in countries with strict laws about the collection of personal information for marketing purposes, you get more junk mail because the originators cannot target the offers. If you know I hate golf, why send me stuff about golfing holidays? The goal is to get to the point where companies are not supply advertising by information relevant to my state and relationships. If I'm in a Forum about writing Dungeons & Dragons adventures, then a post from a company providing some useful tips and a link to their adventure-writing software is not really an advertisement, because it's something the community is happy to see. But how to get to this harmonious balance: should my information be under the control of the companies or me? You must remember Phorm.

Phorm said it was setting up a new online advertising platform called the Open Internet Exchange, which any Web site will be allowed to join. Proceeds from ads that are shown on these publishers' sites will be shared with BT, Carphone Warehouse and Virgin Media, which together represent more than two-thirds of the Internet access market in Britain... The three Internet providers have agreed to give Phorm access to customers' surfing records, letting it track a Web user's every move.

[From Providers get a piece of ad income - International Herald Tribune]

Is this acceptable? Wouldn't I prefer to control my my personal browsing habits and partition them, parcelling out the data to people who I think relevant? Or, to put in another way, CRM or VRM? Since the original trials, Phorm have changed the system (remember, it is operated by your ISP, not by Phorm) to provide for an opt out, but I assume that ISPs will incentivise me heavily to opt in because

Phorm could be the future, a future in which targeted advertising is essential to the business model of an ISP.

[From The law of Phorm | OUT-LAW.COM]

This seems reasonable to me, but within some pretty strict bounds. For one thing, if my mobile operators knows that I'm ringing a bank's mortgage enquires line, can then they bombard me with junk mail about mortgages? I hope not, and I wouldn't expect the same from my ISP: I they know I've been looking at Abbey National's mortgage offers, can they just sell this information to the highest bidder in a carousel of mortgage companies? Wait, I assert my moral right as the author of that idea...

Metro-politan

[Dave Birch] Down at the European Technology Standards Institute (ETSI), I saw a good presentation by Jens Kungl from the 64 billion euro METRO Group, which operates 2,400 retail locations in 31 countries. He knows a bit about retail, and Metro have been experimenting with RFID for some time, so his opinions need to be taken seriously. He began by making (strongly) the point that the best way to scupper an RFID project in retail is to begin tracking people instead of goods. In my opinion, one of the dangers here (and there are genuine privacy concerns that need to be addressed) is the regulatory response, which may be over-anxious, mis-targetted or plain wrong. For example

The Washington legislation outlaws the use of RFID "spy technologies" to collect consumer information without the owner's consent. The only problem is, heavy corporate lobbying narrowed the scope of the law (before Governor Gregoire signed it) to cover only criminal acts such as fraud, identity theft, or "some other illegal purpose" (making it a Class C felony to do so). Collecting information from consumer RFID chips for marketing purposes in Washington—with or without the owner's consent or even knowledge—is still fair game.

[From Washington State passes RFID privacy law; where's Uncle Sam?]

Surely, collecting information for anything but the purpose for which is was intended is just wrong, and it doesn't matter why it's being collected. Anyway, the point of this post is that Jens said that the trigger for item-level tagging is the five euro cent tag and this has arrived sooner than they were planning, so they are going to begin item-level tagging earlier than they had originally planned (they are already rolling out pallet-level tracking). He also said something about two Watts at 868MHz, but he was losing me a bit there...

NFC, privacy and identity infrastructure

[Dave Birch] I've had a few e-mails from people about this paper by Colin Mulliner. This paper describes vulnerabilities in NFC implementations using "smart posters". It's the nature of the attacks, rather than exposure levels, that are worth looking at since, as Colin says,

 

The attacks demonstrated are trivial due to the manufacturer time to market (TTM) obsession, thereby shipping devices with trivial vulnerabilities, in Mulliner’s research they orbit around passive tags which are mostly abused as vectors for the any of the attacks demonstrated.

[From Attacks on NFC mobile phones demonstrated | Zero Day | ZDNet.com]

The attacks fall, broadly, into two categories. There are attacks on the implementation of the NFC tag standard in a current handset -- these remind us of a useful lesson about implementing new standards, but are not that significant in the long run -- and attacks on the way that tags work in the current NFC standards. The problem that Colin has focussed on here is that there is no way of knowing whether a tag is "real" or not: you wave your phone at a Royal Bank of Scotland advert at the train station, but the tag has been tampered with (shielded by a bogus tag, for example) so that your phone is redirected to a web site in the Ukraine which looks like RBS but is just going to use your entered username/password to log in to your account for nefarious purposes. Unfortunately, that's the way tags work: there is no way of preventing this and Colin is right to highlight both modifying original tags and replacing them with malicious tags as interesting security questions.

These questions relate to the better understood issue of product vs. provenance in the RFID world and, as we know, one way to solve that problem is by using digital identity: it's just that it's the identity of stuff in question, not the identity of people.

From paradise? No, Luton South

[Dave Birch] What a guru I am! It's almost uncanny! On 11th May 2008, I wrote (in an unpublished draft for this blog) that "I It's only a matter of time before some M.P. suggests that one of the many benefits of the government's splendid new identity card scheme is that is that it will help with identifying kids on the web to protect them or stop them from buying knives or something". Well, today I read that

If you can’t prove how old you are, your days of shopping on the internet may be numbered. Fears that young people could be getting hold of knives, adult DVDs and alcohol are all fuelling a campaign by Margaret Moran, MP for Luton South, to make online age verification compulsory in the UK.

[From Online ID checks to limit teen booze and knife purchases | The Register]

I assumed that selling alcohol to someone under 18 was illegal whether you do it in a shop or on the web and so merchants would want to carry out age verification to avoid prosecution. As the reporter says, "Does anyone feel yet another justification for compulsory ID coming on?"

Kim Cameron, Microsoft

[Dave Birch] Kim Cameron is Chief Architect of Identity in the Connected Systems Division at Microsoft, where he works on the evolution of Active Directory, Federation Services, Identity Lifecycle Manager, CardSpace and Microsoft’s other Identity Metasystem products. Kim joined Microsoft in 1999 when it bought the ZOOMIT Corporation. He grew up in Canada, attending King’s College at Dalhousie University and l’Université de Montréal. He has won a number of industry awards, including Digital Identity World’s Innovation Award (2005), Network Computing’s Top 25 Technology Drivers Award (1996) and MVP (Most Valuable Player) Award (2005), Network World’s 50 Most Powerful People in Networking (2005), Microsoft’s Trustworthy Computing Privacy Award (2007) and Silicon.com’s Agenda Setters 2007. Back in 2004, he put together the "laws of identity" and thereby enabled new and constructive thinking about how identity might be constructed. In this podcast, he talks about identity thinking has been evolving at Microsoft and what that might mean for future products.

Fasten your seat belt

[Dave Birch] I was so bored in my hotel room while I was waiting for Microsoft Office to re-build my mail database that I picked up a copy of Newsweek and started leafing through it. To my surprise, I came across an interesting piece about privacy.

The economics of privacy is, like anything else, a matter of trade-offs... The problem is that people can't make informed decisions if they don't know exactly what the trade-offs are. And they've proven that they don't.

[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]

I couldn't agree more. As it happens, Consult Hyperion is part of a consortium that has just been chosen by the U.K.'s Technology Strategy Board to carry out a research project in this field, trying to find better ways to describe and display privacy so that the consumers and citizens can make informed choices, can negotiate around privacy in a constructive way and can deal more effectively with both corporate and government organisations. The article goes on to make a comparison that I'm not sure is entirely valid: the comparison is between privacy and safety, and the reason I'm unsure about it is because it uses the example of cars, seat belts and accidents -- all of which are things that consumers understand and can experience in a way that they cannot with privacy (at least, they cannot until our research project bears fruit!). Anyway, the article says

Car manufacturers let consumers pick engine sizes, color and the fabric on the seats, but not the design of the seat belt. "Consumers lack expertise about seat-belt design and don't want to invest time learning about it,"... Rather than let people figure out the optimal seat belt for themselves, experts pick a standard.

[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]

Ok, so let's pick a standard. I vote for... er... hmmm... wait, I'll get back to you on this.

identity, management, privacy

Hard cases

[Dave Birch] I was at a discussion on privacy a while back, kindly organised by Robin Wilton under the Liberty Alliance banner. As always, I found that I learned more in a few minutes of argument with people like Caspar Bowden, Edgar Whitely, Phil Booth, William Heath and others than I would in weeks of reading Powerpoint presentations and vendor white papers. The discussion was under Chatham House rules, so I won't saying anything about who said what, but I do want to pick up one point that was made because, on reflection, I've been thinking that it's more of a barrier to a comprehensive identity management infrastructure than it first appears. The point is this: I am, in essence, a technology optimist who thinks that clever shenanigans with smart cards and digital certificates can improve society by delivering more secure and more privacy to the general public. The problem is in order to understand why these things might be possible, you have to have some basic understanding of technology, which I think that politicians and policy makers do not. Stalemate.

government, identity, management, privacy, security

Angela Sasse, UCL

[Dave Birch] Angela Sasse is Professor of Human-Centred Technology at University College London and is involved in a number of research activities around usable and effective computer security and the privacy implications of networked and ubiquitous computing. In this podcast, she discusses how we might find ways of explaining and administering privacy better by understanding how people -- not technologists -- work in the "village" mode.

identity, management, podcast, privacy

The real me

[Margaret Ford] Knowing some of the vulnerabilities of the UK’s ‘Connecting for Health’ programme, I have accepted that my medical details may well become a matter of public record. Still, my nephew received outstanding emergency treatment as a result of his records being available on the backbone, so I’ve been keeping an open mind.

However, one aspect I hadn’t expected is the hypnotic effect of technology. At a recent routine check-up the blood pressure monitor failed, so I was told that my pulse was faulty. No effort was made to investigate this faulty pulse, but it did excuse the machine’s inability to perform. When I gave the nurse a brief history of my condition, she looked puzzled and told me that I must be mistaken because otherwise the doctor would have included those details in my notes. Unfortunately my doctor was away, and so unable to confirm.

As the nurse stared intently at the screen, it became clear that this digital representation of me was much more real to her than my physical presence. I persevered, reasoning that her original training must have included living, breathing human beings. Finally, sensing that this was a losing battle and remembering posters promising dire consequences for anyone upsetting surgery staff, I decided to give up the struggle. With no medical consequences, it was only a minor irritation but did give me a brief insight into the powerlessness and alienation resulting from digital misrepresentation. Even without identity fraud, it was not a very happy experience.

health, smart cards, technology

Privacy TV

[Dave Birch] I've been watching ever since the BBC launched it's new drama series about the surveillance state. It's called The Last Enemy, and I was quite looking forward to watching it, as were others, since it touches on a lot of the issues that I spend a lot of time thinking about. Given my conviction that sometime you need to turn to art to help you to understand change, I thought it might deliver some insight into the balance between privacy and security in the modern world. Actually, it's turned out to be a bit dull, and I've been a little disappointed.

It's just occurred to me why.

It's because the BBC, like the Government, is a vast hierarchical beauracracy that it is essentially backward-looking, group-thinking and inward-focused. Just as the government can only envisage things like ID cards in a kind of 1960s frame of reference, of centralised databases and giant computers, so the BBC can only construct a discussion around them in that same frame of reference, a cross between George Orwell and Groundhog Day, endlessly retreading the same tired version of the future.

Hence the event stream seems a bit ridiculous: why on earth would people be lurking around looking for anyone in a world where there appears to be camera in every room? In one episode there's a bit of road rage and one motorist shoots two others, but nothing happens. I guess the cameras are only looking out for dangerous double-parkers or congestion charge-evaders. As far as I can see, the scriptwriters are just producing a standard cowboys-and-indians story with ID technology as a plot backdrop, not even a maguffin to keep things moving (although I'm sure that, at some point, there will be a chase involving a CD containing important data that could just as easily be e-mailed). And as in all TV shows that involve computers, it was rife with stereotypes:

 

People type furiously on a keyboard to open up a new window - check
  People have multiple screens open with photos on, but never seem to pick a screen to put stuff onto - check
  Fonts are big enough to be seen from miles away - check
  Interface is in its own basement room - check.

[From Tech & Gadgets Editor's Blog]

And, of course, the computer spoke, which in "real life" would drive you mad. What was funniest of all was the central icon of the near-future state, the pillar of the technologically omnipotent surveillance state: the ID card that the characters had to use to get into buildings and so forth. It was a trivially-counterfeitable magnetic stripe card, circa 1971.

ID cards, privacy, technology

Faking it

[Dave Birch] I was in a discussion about this "internet of things" again today. It reminded me about my recent visit to the Automatic Identification and Data Capture (AIDC) European Centre of Excellence, which is in Halifax. They have a super facility with a shop, bank, hospital, town hall, library and main street set up on one floor of what I imagine to be a disused mill building. Their vision is to be able to demonstrate AIDC technologies (including some of our favourites such as biometrics and RFID) in "real" environments. During my tour, I came across a notable use of RFID tagging that flagged up -- once again -- just how widespread the use of RFID is likely to become and just how many niches there are for it to fill. I'm not skipping over the privacy issues. Nor, for that matter, are the European Commission...

One source told me that a requirement from the EU for consumers to positively opt-in to RFID in-store and for RFID tags to be decommissioned at the point-of-sale would kill RFID at item-level in Europe. Such a move, the source added, would put us internationally behind the curve, cost thousands of jobs in the RFID industry and be a terrible waste of a very useful opportunity.

[From Is the EU about to publish RFID privacy proposals? (Tune into RFID)]

Some form of RFID code of conduct -- such as the one that Toby Stephens wrote for Digital Identity Management -- is a good thing, but the opt-in and decommissioning ideas are not the right way forward.

contactless, privacy, rfid

Bringing privacy into the equation

[Dave Birch] The equation, in this case, being sum(security+privacy)=rand(). Now, while you might argue that it is at least possible that there is some more complicated mathematical expression that may relate the two in some way, I think I'm coming round to the opinion that we should treat security and privacy as entirely uncorrelated from the point of view of system specification and design. Apart from anything else, it's why I think we should decouple the concept of the national identity register (which is about security) from the concept of the national identity card (which ought to be, but isn't, about privacy). It's also the reason why any statement (in particular, government statements) about giving up some privacy in order to obtain security seem so empty and why technology could deliver so much more than many people imagine.

government, identity, management, privacy, security

A new law

[Dave Birch] I propose new law, to go alongside Moore's Law and Reed's Law and all of our other useful tools for dong back-of-the-envelope projections of where things will be going in the short- to medium-term. I propose Stoke's Law, which is that

as the amount of data that the government collects grows, so will the number of people who are victims of crimes that were made possible by unauthorised access to government databases.

[From Analysis: Metcalfe's Law + Real ID = more crime, less safety]

We all know it to be intuitively true, but the question is "what is the shape of the curve"? Jon Stoke's links it to Metcalfe's (ie, square) curve, but I wonder if it mightn't be steeper than that because of the variety of criminal interests that might want to exploit different subsets of my personal data. To take a simple case, there might be criminals that want to access my national identity register record because they want to pretend to be in order to allow an illegal immigrant to get a job but they are different from the terrorist interests that want to access my DVLA record because they need to track down people who have cars that use a particular stretch of road every day.

identity, privacy

Dog years

According to one of the U.K. newspapers, the government is thinking about chipping prisoners in order to track them, as they (sort of) do at the moment with ankle bracelets...

But, instead of being contained in bracelets worn around the ankle, the tiny chips would be surgically inserted under the skin of offenders in the community, to help enforce home curfews. The radio frequency identification (RFID) tags, as long as two grains of rice, are able to carry scanable personal information about individuals, including their identities, address and offending record.

[From Prisoners 'to be chipped like dogs' - Independent Online Edition > UK Politics]

They are talking about Verichips here, but a moment's reflection leads me to the conclusion that the story either cannot be true at all or can only have been leaked to the newspaper by someone who hasn't the slightest understanding of RFID technology or, for that matter, technology in general. Verichips store only a 16-digit number and they are not re-writable: they can't store addresses or anything else. But then none of the people in the article seem particularly au fait with the either the technology or its risks:

Consumer privacy expert Liz McIntyre said a colleague had already proved he could "clone" a chip. "He can bump into a chipped person and siphon the chip's unique signal in a matter of seconds," she said.

When she says "siphon the chip's unique signal", she of course means "read the chip ID as per the specification". Reading the ID number off of the chip is no different to reading it off of the patients bracelet. It's just a number. I'm not waving away perfectly valid privacy concerns here. I'm just pointing out that the fact of the matter is that there is no point implanting a chip under the skin of someone who doesn't want to co-operate. They will simply take it out, or swap it with another chip. The technology has absolutely nothing to offer in this case.

Some of these questions are hard

[Dave Birch] They pose some difficult questions over on blog*on*nymity. I like checking in over there: it helps me to develop a real perspective on digital identity, a perspective that takes in the evolution of social constructs around identity as much as SAML and OpenID. They are quite right to express concerns around the personal, psychological and social effects of the Internet and Google-powered public accessibility to sensitive personal information. This particular issue they are raising -- which I simply hadn't thought about until I they made me think about it -- is the accessibility of online judicial opinions and court files:

As lawyers we did a good job debating the legal and policy elements of the situation. As moral agents or ethicists we failed badly.

Technorati Tags: identity, privacy

Antisocial networking

[Dave Birch] There's something about Reed's Law, the rise of social networking and community that tells us some profound truths about the future of identity. Unfortunately, I don't know what it is, and therefore what those truths are. Looking at the social networking stories in the news, they mostly seem to be about a new kind of moral panic. You know the kind of thing, social network sites are increasingly juicy targets for computer hackers and so on. As Forum friend Peter Cochrane observed in his always-worth-reading blog at silicon.com, the media seems to have a downer on social networking because of its implications for data privacy. Yes, Facebook is the latest TTCAWKI (threat to civilisation as we know it). Or it is to those people who signed up with their real names.

Technorati Tags: community, identity, management, privacy, smart cards, social networking

Will they have to write to everyone in the entire country?

[Dave Birch] Some people think that data breach legislation is a useful way to force companies to take their data protection responsibilities seriously. Personally, I'm not entirely convinced but I'd be very happy to hear the arguments from either side. If I got a letter from, say, Tesco saying that one of their systems had been compromised and some people's personal details had been stolen, then I'd just chuck it in the recycling since -- like most other people, I imagine -- I don't really care and I've no idea what to do with the information if I did. As it happens, my Tesco loyalty card isn't in my real name anyway. But suppose -- just suppose -- that it is the government itself that is compromised? Do then they have to write to every single person in the country?

Technorati Tags: government, identity, privacy

The "P word"

[Dave Birch] I'm a fan of Privacy Enhancing Technologies (PETs), but I recognise that however much sense they make to individuals, they must make sense to organisations as well. As this points out, they haven't so far. Many PETs weren't very practical to use even though they were technically-appealing to people like me. The dedicated, paranoid and perhaps even the criminal can surf anonymously with a little latency but as soon as you want to carry out an online transaction, sign on to a site, make a purchase, or otherwise (as the article nicely phrases it) become engaged online in a sustained way, you end up having to identity yourself. The people who take this seriously are serious about the weakest link: however vigilant you might be most of the time, it only takes one slip to ruin it and then the double-glazing web site has your mobile phone number. Doing anything about this -- for most people -- need both a lot more knowledge of the technology and the issues and a lot more work. And that has killed it before: online privacy was just too much work. And, anyway, the benefits of online privacy tended to pale in the face of immediate gratification needs, and greater conveniences, personalization, efficiency, and essential connectedness afforded by consent and trust. The privacy emphasis slides inexorably towards holding others accountable for the personal information they must inevitably collect about us, not PETs. This leads to a situation where for those people concerned privacy (which is not actually the majority of the population, whatever they may say in surveys) the realistic way to protect themselves is to essentially withdraw from society: electronic abstinence. I'm looking forward to discussing these issues at the Enterprise Privacy Group next week and will report back with (I'm sure) some new ideas for getting over these barriers.

Technorati Tags: identity, privacy

Contactlessness and confusion

[Dave Birch] Contactless payment technology faces adoption hurdles caused by consumers (and, I might add journalists) misunderstanding the difference between radio frequency identification (RFID) and contactless smart cards. In fact

Confusion between the two technologies could eventually impede the potential growth of the both the RFID and contactless smart cards markets

says Michelle Foong, an industry analyst at consulting firm Frost & Sullivan. The confusion is causing many consumers to worry about security. And not only consumers, but also lawmakers. Out in California, legislation to ban RFID is being considered in Sacramento that would ban the use of RFID, including high-security contactless smart cards, in many state government agencies and programs. While the intent is to protect the security and privacy of those who have personal information stored on RFID chips, many provisions in the bills are misguided and ultimately unnecessary. In fact, as the newspaper article correctly points out, if passed in current form the bills would stifle innovation hinder technology development instead of punishing bad behaviour. The source of the problem is of course misconceptions about the technology and its many applications. In particular (my hobby horse) the word "RFID" is used for every short-range wireless technology going yet it is not the "one size fits all" technology that some privacy advocates seem to think. There is a world of difference between a magnetic ink tattoo on a cow and an American Express Expresspay chip, yet they are somehow seen as being the same.

Technorati Tags: contactless, privacy, rfid

Department of the Bleedin' Obvious

[Dave Birch] The American Medical Association (AMA) says that human RFID tags could pose serious privacy risks. No kidding. But note that their report has few concerns regarding the medical implications of RFID tags. The tags are implanted using a needle in less than a minute. The Assocation does have some concerns regarding possible interference with medical imaging and other medical electronics, but the report does not cite any instances of these actually occurring. So there are no medical issues, but there are privacy issues. Such as? Well, the report says that (sensibly) patients should have to give informed consent to implantation, something that is obviously sensible. It also says that doctors

cannot assure patients that the personal information contained on RFID tags will be appropriately protected

I'd assumed that all that is in the tag is some kind of ID number and that all of the identity management takes place at the back end. Not that this neutralises privacy worries, but let's get the big picture sorted out. It shouldn't make any difference to the overall "privacy state" of the system whether I have the number on a bracelet, a tattoo or an implant, should it?

Technorati Tags: health, identity, management

Privacy seminars are like London buses

[Dave Birch] You wait ages then two come along at once. After going along to the DBERR seminar, I'd spoken at the BCS Information Security Specialist Group "Privacy Day". I remember that, by coincidence, shortly after having woken up that morning, I heard a story on the Today programme (by forum friend Rory Cellan-Jones) about privacy. I thought he might be priming the nation for my presentation, but it turns out that the Information Commissioner, Richard Thomas, had that very day released his annual report. In the report he called the number of companies, government departments and public bodies breaching data protection rules "horrifying".

Technorati Tags: privacy

S/MIME is, like, so last century

[Dave Birch] I was preparing a presentation that included a couple of remarks about generational issues when it comes to privacy: what Bill Dutton of the Oxford Internet Institute called more "nuanced and textured" views of privacy. This led me back to an article I'd read noting teenagers generally don't think twice about including their first names and photos on their personal online profiles, but most refrain from using full names or making their profiles fully public, which I now understand more fully after hearing listening to Bill. This and similar news reports were linked to a survey from The Pew Internet and American Life Project which found that two-thirds of teenagers using social networking have restricted access to their profiles in some fashion, such as by requiring passwords or making them available only to friends on an approved list. Social networking sites, such as MySpace and Facebook (or, indeed Linkedin) have responded by offering users more controls over how much they make public and warning them about revealing too much. So perhaps the next generation are not ignoring privacy, but dealing with it in a new way. After all, only 1 in 50 puts their mobile phone number online. Although four-fifths put their photo online and more girls than boys do so. I'm no expert (as may be evident) but they presumably don't see their image as a private part of their identity and, also presumably, want control over it by posting an image that they choose, that is under their control.

Technorati Tags: identity, privacy, security

PET subject

[Dave Birch] The European Commission are in favour of PETs. Not the furry (or even scaly) ones, but our favourite kind: Privacy Enhancing Technologies. They are in favour of them because they (correctly) think that the deployment of PETs might do more protect privacy and implement real data protection. If implemented properly, as I have long maintained, they mean that mathematics rather than ombudsmen would ensure compliance! They make a superficially reasonable point about deployment, arguing that PETs should be implemented inside a regulatory framework -- Article 13 of the Data Protection Directive and Article 15 of the ePrivacy Directive, apparently -- that can deliver (negotiable) levels of privacy to individuals. I'm not so sure about that. I think it's better to make the PETs widely available and easy to use and then let the market take over: I'm not sure what regulation adds in this case. The Commission says that it has been promoting the use of PETs by public authorities, and I'm sure we all agree that that's a good thing.

Technorati Tags: ID cards, identity, management, privacy

Round to the Black Rod's entrance

[Dave Birch] I was invited to the House of Lords by the Constitution Committee to take part in a seminar on privacy and surveillance, a topic that seems to be attracting a lot of attention at the moment.

It was all under Chatham House rules and I certainly would not put myself beyond the bounds of civilized company by breaking them, but I will say two things. First of all, the best quote of the day came from a lawyer (this doesn't point the finger, by the way, because pretty much everyone except me was a lawyer) who said that the purpose of the Data Protection Act is "to regulate table manners, not to stop cannibalism". Excellent (and it was part of an excellent presentation). The second thing is that -- and I mean this in a complimentary way -- I was surprised by the quality of the questions. You know how when the kids first start to play Dungeons and Dragons and you have to explain the difference between intelligence and wisdom to them? (Actually, you may not, but you get the point.) You know, "a person might have the intelligence to know that smoking is bad for them but not the wisdom to quit" and so forth. Well, some of the questions asked by the committee were definitely wisdom-based (as opposed to the intelligence-based questions in the Commons). It's not just because of the age of the participants, which I will not remark on, but also because of their varied and accumulated experiences. I feel better for having attended the seminar, and given my modest contributions, I'm sure I got the best of the bargain.

Technorati Tags: government, ID cards, identity, management

Finding a privacy compromise

[Dave Birch] People, quite reasonably, express concern that organisations keep data about them and it is an entirely realistic fear that this data will be mined in unexpected ways in the future. I remember coming across this problem in the early days electronic purses, when there were differing opinions as to how long transaction data should be retained. In one of the schemes, for reasons I can't entirely recall, it was determined that 90 days was an acceptable comprise for "cash replacement" purposes. So, detailed transaction data would be retained for 90 days and during this time the police could obtain (with an appropriate court order) records for an individual card's transactions (although since there was no signature or PIN involved, that told you nothing about who was using it). After 90 days, the individual records were deleted and only the statistical aggregates were retained. This seemed to me to be a sensible way of dealing with the problem of the data trail left by digital identities.

Technorati Tags: biometrics, government, privacy

Finding a privacy compromise

[Dave Birch] People, quite reasonably, express concern that organisations keep data about them and it is an entirely realistic fear that this data will be mined in unexpected ways in the future. I remember coming across this problem in the early days electronic purses, when there were differing opinions as to how long transaction data should be retained. In one of the schemes, for reasons I can't entirely recall, it was determined that 90 days was an acceptable comprise for "cash replacement" purposes. So, detailed transaction data would be retained for 90 days and during this time the police could obtain (with an appropriate court order) records for an individual card's transactions (although since there was no signature or PIN involved, that told you nothing about who was using it). After 90 days, the individual records were deleted and only the statistical aggregates were retained. This seemed to me to be a sensible way of dealing with the problem of the data trail left by digital identities.

Technorati Tags: biometrics, government, privacy

D1gital Territ0ries

[Dave Birch] Forum friend Ioannis Maghiros is one of the authors of a new report from the European Commission called "D1gital Territ0ries - Towards the protection of public and private space in a digital and Ambient Intelligence environment" [EUR 22765 EN]. It is definitely worth taking a look at. It has several resonances with our models for exploring identity management and other identity-based propositions: the technologies of disconnection meme and the digital equivalent of barbed wire, the central role of the real/virtual bridge, the use of technology to inform the technology/surveillance balance and so on.

Technorati Tags: identity, privacy, security

Desktop dilemma

[Dave Birch] Here's a dilemma of privacy and surveillance (just as described in the Royal Academy of Engineering report) on your own desktop. Google's latest project is called Web History, and it offers registered Google Account users a chance to peruse not just their account history with Google, but one's surfing history. Google's Payam Shodjai, product manager for Personalization says

Imagine being able to search over the full text of pages you've visited online and finding that one particular quote you remember reading somew