About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« March 2007 | Main | May 2007 »

16 posts from April 2007

Identity and government identity

By davebirch posted Apr 27 2007 at 9:09 AM

[Dave Birch] I can testify to the fact the the IRIS system at Heathrow was broken again this week.  I've been flying quite a bit recently, and I can't actually remember the last time that it was working.  Surely one of the fundamental problems -- as people like me are always saying -- is that it is doing a 1:N match against a central database instead of a 1:1 match against a local token (such as an e-passport, which they are already issuing but without any useful functionality for citizens).  Whenever the communications get interrupted or the central database crashes, the whole scheme is out.  Anyway, I was mildly annoyed this time because I had to stand in an even bigger line than usual to get through UK passport control and I was in a hurry because the plane was late arriving.  I did consider pretending to be an asylum seeker from Madeupistan, because I thought that line looked shorter, but in the end I just stood in line and waited and fumed.

Technorati Tags: , ,

Continue reading "Identity and government identity" »

If you've got nothing to hide, and all that

By davebirch posted Apr 25 2007 at 6:06 AM

[Dave Birch] It's got to be the best data breach of the week.  Who cares about a few million card numbers, especially when the evidence seems to be that few of them will used.   I don't really care if my credit card number gets stolen, as it's someone else's problem.  As for debit cards, well I suppose it might cause more inconvenience but I'm more worried about my card being copied (sans chip) and used in a foreign ATM to withdraw cash.  The breaches that make the news may not be such a big deal anyway.  Suppose a few million debit card numbers get stolen, for example.  According to a study by Dove Consulting (from this month's Digital Transaction News), this would result in the issuers re-issuing all the cards.  But only 8% of the cards reissued by notified banks may have been compromised and of those, perhaps only 5% see a fraudulent transaction.  But there are plenty of other things I would much prefer not to be disclosed...

Technorati Tags: , ,

Continue reading "If you've got nothing to hide, and all that" »

One to many

By davebirch posted Apr 23 2007 at 4:25 PM

[Dave Birch] A digital identity may map to many online virtual identities (ie, you might use OpenID to log in to World of Warcraft and the government) and it is this mapping that is usually being considered when we talk about managing virtual identities.  But a virtual identity may also be owned by several real identities.  That is, a husband and wife might both have the password to a single OpenID log in, or both have the PIN to the same smart card.  In fact, this arrangement will be common in the business world (ie, several executive officers of Consult Hyperion control the digital ID "Consult Hyperion").  This is a logical way to organise things.  However, the acid test of new structures like this is: what happens when something goes wrong?

Technorati Tags: , , ,

Continue reading "One to many" »

We don't need no stinking NFC phones

By davebirch posted Apr 20 2007 at 1:04 PM

[Dave Birch] Over on the Digital Money blog, one of the topics we're obsessed with is the collision between mobile phones and contactless technologies in the form of Near Field Communication (NFC).  But in the long run, the use of NFC phones to manage digital identities will probably be more important.  I think this is pretty clear to see given the rolling standardisation of the mobile/NFC space and the shape that is taking.  This isn't just the standardisation of the NFC interface, but also the mobile environment around it such as the SIM, where the addition of NFC support and a high-speed USB connection to the phone will transform the use of handsets.  As I've said before, though, the addition of the the NFC interface together with access to that interface through standard interfaces within the phone is genuinely revolutionary.  It integrates the handset into its local environment, making the mobile phone a link or pivot between the local and the global.  It therefore will have big role to play in the use of digital identity in the future.  The current projections (these change all the time) are that 20%  of mobile handsets worldwide will include Near Field Communication (NFC) technology by 2012, according to New York-based ABI Research and in the digital money world many players are already preparing for that market.  Visa, to pick just one example, believes there is a great opportunity to migrate some of the purchases being made by consumers today to the mobile phone.  A Visa survey showed 67% of American males between the age of 18 and 39 would be interested in buying an NFC-enabled phone, while 57% said they would be willing to pay more for an NFC phone than a regular model.  If the phone is going to become the average person's wallet, then surely it can function as passport, driving licence and home banking log in device as well.

Technorati Tags: , , , , ,

Continue reading "We don't need no stinking NFC phones" »

Attacking 2FA

By davebirch posted Apr 19 2007 at 10:32 PM

[Dave Birch] Within all of the coverage of Barclays decision to start issuing 2FA "token authentication" devices to online banking customers (eg, me) to combat phishing and fraud, there were a few people pointing out that this kind of 2FA isn't a magic bullet, specifically because of "man in the middle" attacks.  We've discussed this before in the context of token authentication, but the problem extends to many other kinds of 2FA (basically, any 2FA that doesn't implement end-to-end encryption).

Technorati Tags:

Continue reading "Attacking 2FA" »

Optical connection

By davebirch posted Apr 19 2007 at 10:20 PM
[Dave Birch] The identity of stuff, as much as the identity of people, is part of the digital identity landscape. One of the important technology threads, then, is the connection between the real and virtual identities of stuff. We've tended to think about RFID as the principal path, which it is, but there's life in the old optical barcode yet. Microsoft, for example, has been working on a 2D coloured barcode (using colours means you can store more data than in black and white) which is now going to appear on DVD and video game cases later this year, thanks to a licensing deal with the ISAN International Agency. The Geneva-based organization assigns International Standards Audiovisual Numbers (ISANs) to movies and other works, and keeps a database about each title. Once ISAN-IA starts issuing the barcodes, then the publishers will be able to link products to web sites through that database. ISAN-IA and Microsoft imagine a day when consumers could use digital cameras to "scan" barcodes on DVD cases, in advertisements and on billboards, then be transported to a web page to watch trailers or buy products. As it happens, I've had this software on my Mac for a couple of years. It's called Delicious Library: it allows your Mac to read the barcodes on books and things (using any old Firewire camera) and then go off to the web and look them up. Look: I've just scanned the barcode on the book on my desk and this is what comes up...

Delicious LibraryScreenSnapz001

Technorati Tags: ,

Continue reading "Optical connection" »

Where you don't need identity, don't use it

By davebirch posted Apr 18 2007 at 7:11 AM

[Dave Birch] Surely a guiding principle of an identity management system should be that it only uses identity when it is absolutely necessary to the transaction at hand -- a rather obvious way to cut down on identity abuse and misuse is to stop using identity.  The overwhelming majority of day-to-day transactions do not require identity at all: they are about entitlement.  There are two rather obvious examples of this, that ought to be some kind of litmus test for identity schemes: proof of age and retail payment. The grocer, the butcher, a cabinet maker and several other members of the town’s Mennonite community are planning to move to Arkansas over a Missouri requirement that all drivers be photographed if they want a license. The Mennonites — a plain-living sect whose members are similar to the Amish, but usually more worldly — say the 2004 law conflicts with the Biblical prohibition against the making of “graven images.”The grocer, the butcher, a cabinet maker and several other members of the town’s Mennonite community are planning to move to Arkansas over a Missouri requirement that all drivers be photographed if they want a license. The Mennonites — a plain-living sect whose members are similar to the Amish, but usually more worldly — say the 2004 law conflicts with the Biblical prohibition against the making of “graven images.”

Technorati Tags: , ,

Continue reading "Where you don't need identity, don't use it" »

Video fun

By davebirch posted Apr 17 2007 at 7:41 AM

[Dave Birch] The Royal Academy of Engineering Report that we've discussed before has attracted some kind comments, including those from security guru Bruce Schneier.

Technorati Tags:

Continue reading "Video fun" »

Names are confusing in the UK

By davebirch posted Apr 13 2007 at 4:09 PM

[Dave Birch] I was at a conference today and one of the speakers was Nick Sex of Alpheus -- yes, it's his real name.  It must cause havoc with their spam filter, but anyway.  It set me thinking about how odd names are as identifiers, and how he had a much better name than me.  Luckily, if I do decide to change my name to Dave Sex, I can do it using a service such as Fast Deed Poll, which allows me to change my name quickly and easily.  As the web site says, "you can obtain a official change of name Deed Poll Document from us INSTANTLY just for £3.50".  Now that's service.

Technorati Tags: ,

Continue reading "Names are confusing in the UK" »

ID theft, again

By davebirch posted Apr 12 2007 at 5:46 PM

[Dave Birch] Well, depending on which particular definition of "identity" and "theft" you choose, the problem grows.  In the US, 15 million Americans were victimized in just a 12-month period.  The amount of money that is being stolen from them is on the rise, as well, more than doubling between 2005 and 2006, Gartner analysts report in a study. And more of what they're losing is staying lost: people managed to recover 87 percent of what was stolen from them back in 2005, but in 2006 that number dropped to 61 percent.  And here's a surprise from the UK: most identity fraud appears to take place in and around London with its concentration of wealthy people (eg, not me) and "upmarket" addresses.  So, basically, the fraudsters are targeting rich people who bank online.

Technorati Tags: , ,

Continue reading "ID theft, again" »