About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

16 posts categorized "Digital Money Forum"

What's in-store?

By Dave Birch posted Dec 8 2009 at 4:26 PM

[Dave Birch] I was looking something up and came across a post that I'd made about a report from TNS Global on the "New Future in Store" and I noticed that of a list of new technologies that they interviewed the European public about, fingerprint payments were rated top. This struck me as incongruous, given the commercial failure of fingerprint technology-based payment systems at POS, including in Europe.

Albert Heijn has currently decided not to follow up on the trial, citing ‘security issues and vulnerability to fraud’. The participants however were enthusiastic about the payment method and applauded the fact that they could complete their purchases without needing their debit cards, cash or loyalty cards.

[From The Paypers. Insights in payments.]

There was a similar trial in the UK, with the Co-Op, that was similarly discontinued. That's not to say that biometrics are of no interest to retailers, because there are some process that can be greatly be improved through the use of the technology.

The Co-operative Group is to use fingerprinting machines to track staff hours. The society plans to install biometric data collection terminals in its food stores over the next two years to record the working hours of its 55,000 staff.

[From thegrocer.co.uk | Articles]

This illustrates a general point from my talk at Biometrics 2009, which is that the commercial payback on biometrics as part of an overall identity management strategy looks much better when it comes to "staff" applications rather than "customer" applications. That's not to say that biometrics will not become a customer choice in the future.

Continue reading "What's in-store?" »

What's the use case?

By Dave Birch posted Apr 29 2009 at 5:25 PM

[Dave Birch] Suppose you did have a virtual identity that did something for you that was so useful that would actually pay for it. What kind of thing should it do? At the Forum Oxford Future Technologies seminar I heard Mark Curtis of Flirtomatic say something along the lines of "we would happily use mobile operator age verification services if they worked". This struck me as a very simple, prosaic example. Just as in the physical world there are a couple of age verification schemes where teenagers can buy cards that show them to be over 18, perhaps the online equivalent would be the place to begin.

Now that people like Facebook are getting on board with OpenID, perhaps one idea might be to a create an OpenID source that supplies IDs with a single credential IS_OVER_18 and two-factor authentication. This would be, effectively, one of Bob's LLPs. Where would you use this? Well, one of the long standing mass market problem area is social networking. There have been attempt to deal with this piecemeal.

Mobile social networking service Funky Sexy Cool is offering identity verification to all its members at no additional cost, says Tim O’Connor, CEO of the New York-based company. But members have to choose to go through the process. Funky Sexy Cool enables members to find other like-minded individuals in the same geographic area to hang out with. For example, a member can send out a message to his friends saying he’ll be at a certain club or bar... Funky Sexy Cool is using ID verification technology from IDology Inc., Atlanta. IDology searches public databases to confirm an identity [and] charges about 37 cents per ID verification.

[From Social networking sites have little to no identity verification : CR80 News]

Now teenagers would, naturally, want to obtain the 2FA "device" of an older sibling or friend in order to gain access to sites, but it's not like using fake ID to buy a beer, because they'd end up logged in not as themselves but their sibling, friend etc which isn't much use in social networking.

Continue reading "What's the use case?" »

Virtual identities and LLPs

By Dave Birch posted Apr 22 2009 at 12:26 PM

[Dave Birch] Over the Burton Group, Bob Blakely has been developing a line of thinking around a particular kind of virtual identity that he has called the Limited Liability Persona, or LLP and he recently posted some ideas for more specific characteristics of such a thing that I think deserve reflection. Bob's thinking is that since the invention of the limited liability company as a distinct legal entity the economy has grown and benefited, so there might be economic advantages to recognising some form of virtual identity as a distinct legal entity.

Well, since LLPs don't really exist yet, it's hard to be too specific. But in principle an LLP is a legal entity with a name:

  1. Created by an action of a court.
  2. Owned by one or more individuals.
  3. With its own resources distinct from those of its owners.
  4. In which owners can invest new resources.
  5. With its own "identity attributes" distinct from those of its owners.
  6. Whose actions are legally distinct from those of the owners (though the owners may be held accountable for those actions.
  7. Whose resources may be transferred to its owners.
  8. Which can be sold by the owners to new owners.
  9. Whose existence can be terminated by its owners.
[From Burton Group Identity Blog: The Limited Liability Persona]

This is very close to the idea of the virtual identity bound to a digital identity that we have discussed here before but with much firmer purpose. In Europe, as is many other jurisdictions, the relevant digital signature legislation already exists so that legally-binding digital signatures can be used and by inference legally-valid digital identities created. It's easy to see how Bob's ideas can be implemented except for the transfers part. If an LLP is a virtual identity that is, in essence, a public key certificate then it cannot be transferred. It must be deleted and a new virtual identity created: so let's say there is a virtual identity "Chair of Manchester City Fan Club" that it my public key signed by Manchester City Fan Club's private key. Then, when a new Chair is elected then my certificate has to be revoked and a new certificate created (ie, the new Chair's public key signed by Manchester City Fan Club's private key). So the particular attribute "Chair of Manchester City Fan Club" ends up bound to a new digital identity (key pair).

Continue reading "Virtual identities and LLPs" »

I can see an article of some sort. Anyone called David?

By Dave Birch posted Apr 14 2009 at 6:15 PM

[Dave Birch] Well, my paper on "Psychic ID: A blueprint for a modern national identity" has been accepted for the new Springer journal "Identity in the Information Society" (IDIS). I didn't completely understand the form I filled out, not being familiar with the world of academic journals, but I think the essence of it is that I can put a PDF of my original on my web site provided it contains a link to the actual journal article, so once I can sort that out I will do so. But the main reason for this post is just to note how what started off as an idea in a discussion -- basically, trying to visualise 21st-century digital identity management using Dr. Who's psychic paper as a reference point, having given up on trying to explain keys, certificates and all the rest of the crypto-infrastructure -- became a presentation and then a paper and finally a peer-reviewed paper that I'm rather proud of. I've found a way to explain to non-technical audiences -- well, British non-technical audiences at least -- that the combination of widely-available devices and intelligence can deliver an identity management infrastructure that can achieve much more than they imagine.

Continue reading "I can see an article of some sort. Anyone called David?" »

In 2018, we can start catching up with Lithuania

By Dave Birch posted Mar 11 2009 at 6:03 PM

[Dave Birch] One of my most frequent criticisms of the UK's national identity card scheme is that it is backward-looking, an electronic simulation of a Victorian ID card rather than an ID card for the 21st century. I gave an example of this in a talk recently by using the case of OpenID, noting that in Finland you can use your ID card to log in to OpenID, and pointing out that this bringing together of |nternet standards and national ID made sense on a number of levels. Needless to say, I have never heard OpenID mentioned in connection with the UK national ID card.

Now I hear that another country has gone over to OpenID. In this case, Lithuania.

Starting January 1st 2009 every issued Personal ID card has OpenID in it, backed up by personal digital certificate. National Certificate Center under the Ministry of Interior will be the national OpenID provider (https://openid.vrm.lt/). Provider service is currently in testing mode, it is not yet open to the general public, but it will go public anytime soon.

[From [OpenID - Eu] Republic of Lithuania goes OpenID]

Doesn't anyone else find it odd that our flagship national identity programme is so unambitious? That our roadmap to 2018 does not include services that are already rolled out in Lithuania?

Continue reading "In 2018, we can start catching up with Lithuania" »

Privacy invasion by design

By Dave Birch posted Feb 8 2009 at 9:14 AM

[Dave Birch] I've been reading the excellent report on Privacy by Design that was published by the Information Commissioner's Office in December. As I'm sure many of you will know, the report was written by Forum friend Toby Stevens of EPG. As therefore might be expected, it is a thorough piece of work that makes practical recommendations. As I was reading through it, I began to wonder to what extent the implicit assumptions about what is "good" or "bad" (the report is not that simplistic, by the way) are purely cultural and therefore to what extent the idea of some kind of identity infrastructure that can deliver appropriate privacy, identity, credential, reputation and other structures on an international, web-wide basis is really plausible.

Continue reading "Privacy invasion by design" »

Footprints in the silicon

By Dave Birch posted Oct 17 2008 at 1:26 PM
[Dave Birch] I like the phrase "digital footprints" as I think it provides as useful metaphor and image. Your digital identities leave digital footprints behind and other people -- perhaps people you don't know -- can follow those footprints. That's a reasonably powerful picture to put in front of people. I was trying to come up with something like this because I was thinking about how to educate people to be aware of the new way of the world. Children, in particular, need to understand the ramifications of their new media use (not to stop them from using it, but to help them to use it more effectively). For example...

When these kids are in high school and college, will a prerequisite for dating my teenage daughter be reading my blog?

[From Digital Footprints: Raising Kids Online - Media Bullseye]

Probably. It would certainly be way for a prospective daughter-in-law to score points with me! There's nothing wrong in helping children to lead lives online, but we must obviously do what we can to protect them and encourage responsible usage (which I think a digital identity infrastructure would do, but it's not the only way of doing it). Who are we protecting them from, other than future in-laws? We all understand the risks, even if they are somewhat overplayed in the media and not understood at all by politicians. As I said before

so it turns out that by and large perverts don't use social networking sites while pretending to be teenagers, but nonetheless something must be done, and who better to decide what to do than politicians.

[From Digital Identity Forum: Hard cases]

But your digital footprint isn't only of interest to criminals and peverts, but also marketers. In other words, hiding your digital footprint away (or not creating one) isn't a solution because allowing the right people to see your digital footprint at the right time means better products and services. In fact, if marketing could be on the basis of your digital footprint rather than a random collection of facts about you together with suppositions about group behaviour, that might be rather a good thing.

This is the future of marketing intelligence. Its no longer demographics. Identity is not worth collecting. Lets safely secure that with our customers, promise them we won't mine their identity. But the digital footprint, that is valuable. And the social context - Like Alan Moore says, this is the Black Gold of the 21st Century, the biggest prize. We can only discover social context accurately via the mobile phone, but the companies that build upon this dimension, those companies will seem like "reading our minds" in how accurately, cannily, they will serve ever better services and products and offers and campaigns for us.

[From Communities Dominate Brands: Datamining our identity, digital footprint, and social context]

We need a way to manage the connections between other people, our footprints and our selves.

Continue reading "Footprints in the silicon" »

Charlie Edwards, DEMOS

By Dave Birch posted Aug 20 2008 at 9:15 AM
[Dave Birch] Charlie Edwards is a senior researcher at the London "think tank" DEMOS. He writes, lectures and consults on national security, resilience, defence and intelligence. He works with international institutions, government departments, companies, and NGOs. A regular commentator in the national and international media, in this podcast he discusses the DEMOS essay collection "UK Confidential", reflecting on issues of privacy and identity in the modern age.

Continue reading "Charlie Edwards, DEMOS" »

UK Confidential

By Dave Birch posted Jul 2 2008 at 12:54 PM
[Dave Birch] The excellent DEMOS report on privacy "UK Confidential" contains contributions from many of the people i regard as thought leaders in the field and has ideas aplenty. It was supported by BT "in the interests of furthering public debate", which it certainly does. I'm curious about the extent to which the "tag line" on the report is true or not. It says "an open society depends on individuals rediscovering the social value of privacy". Is it really for individuals? It seems to me that it is something that needs to be woven into the fabric of society -- partly through the technological implementation of identity, the kind of thing that interests me greatly -- because it's a social good.

Anyway, in the introduction, Charlie Edwards and Catherine Fieschi say that "We lack the language to discuss privacy holistically. We use outdated frames of reference that are no longer adequate to discuss the contemporary landscape of privacy concerns or re-frame complex issues about data protection and vulnerability in other terms". I couldn't agree more -- I've been writing a magazine article arguing, similarly, that both the government and its critics on identity management share this outdated frame of reference (which I've labelled "Orwellian") -- and there's no doubt that it is a major impediment, a contributing factor to the privacy logjam we're now stuck in, where privacy and security are seen as opposites that we have to balance in some way. I don't want to dip into the "what is privacy" discussion here, except to note that it is important not to make the mistake of conflating a brief period of essentially urban anonymity with privacy and therefore make privacy something we can return to or get back in some way: Most people, throughout most of history, have had no privacy whatsoever.
The essential core of privacy in a modern context, I think, must be built around choice and consent (this is why I'm looking forward to our participation in a couple of Technology Strategy Board projects on Privacy & Consent later in the year). I tend to see these as important components of future consumer propositions and therefore viable if chosen carefully -- there's no point coming with great privacy plans that business will never implement. They call the privacy component of an exchange an "invisible transaction", which is nice way of putting it. If companies can find privacy-enhancing processes that go with the grain of business, then surely they will promote them (much as they have begun to promote "green" elements of their operations).
In the conclusion Charlie and Catherine say that "our collective ignorance means that we get the privacy we deserve" but I'm not sure I'd be so negative. People are ignorant about lots of things, but they expect professionals (eg, us, I hope) to make good decisions for them. I'm happy to contribute to that debate.

Continue reading "UK Confidential" »


By Dave Birch posted May 12 2008 at 10:38 PM

[Dave Birch] At the European e-ID conference in Leuven last month, a few basic conclusions were established early on in the proceedings: there is precious little interoperabilty across borders and it's not obvious what to do about it, although the general idea of moving away from interoperable infrastructure and towards gateways to the "magic bus" seemed to have some currency. Not everyone was as downbeat as me. Perhaps the whole idea of pan-European interoperability is simply too big too take on and it might be better to refocus on more limited but more practical goals. The idea of a few national gateways that could interoperate may be more manageable and I did get involved in a couple of discussions about the layers that would be needed to make this happen. But on reflection, it was another idea that might have more success (because of a more decentralised nature): instead of trying to construct a system for interoperability, try to construct a market.

Continue reading "Interwhat?" »