About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« July 2007 | Main | September 2007 »

14 posts from August 2007

Bordering on crazy?

By davebirch posted Aug 31 2007 at 6:53 PM
[Dave Birch] In a meeting a couple of days, someone said (concerning a proposed new product) that they would like it to be interoperable "just like e-passports are". As the old saying goes, be careful what you wish for. Germany, for example, has said that it won't join the e-passport PKI directory, or PKD. Dennis Kügler, of the German Federal Office for Information Security, says the PKD
saves you approximately half a second in the border-control process [but] open a potential security hole.
The hole is that the border control systems have to store certificates (with the public keys that are needed to check the signatures on passports) that are pre-verified, so if the bad guys can get their certificates into the system, their (bent) passports will be accepted as real. There is a proposal floating around to implement a more sophisticated PKD (with cross-certification, so that countries could check the signatures on other country's certificates) but that means a more complicated structure. I'm not sure this is the kind of interoperability that should be a goal for other sectors.

Technorati Tags: , , , ,

Continue reading "Bordering on crazy?" »

The doors

By davebirch posted Aug 29 2007 at 5:31 AM
[Dave Birch] For people who think I'm always going on about NFC but it's not really that important, take a look at this news item from Tapei. The Farglory Group, a leading property developer in Taiwan, has announced that the residents of its four new complexes in Taipei County will be the first in the world to open their doors with their cellphones. This seems logical to me: I'd much rather use my own mobile phone for identity management and both logical and physical access control than some additional piece of plastic. The rationale in Taiwan is that since mobiles are a virtual necessity for most people, and since most people have one, then why not use them to replace house keys as well as cameras, music players and just about everything else. Farglory chairman Chao Teng-hsiung says
Instead of flipping through a big bundle of clinking keys, our residents just have to flash their mobile phones in front of a sensor to enter their homes.
The company will give two BenQ T80 handsets -- the first NFCs phone made by a Taiwanese company -- to each of the 5,990 apartments. There's a fallback, of course, for people who forget their phones or for the kids in the family who don't have one of the NFC devices: they can get it using the fingerprint identification system. The access control system will be applied to all of Farglory's future housing projects as well.

Technorati Tags: , , , ,

Continue reading "The doors" »

The Forum is open for business

By davebirch posted Aug 22 2007 at 3:06 PM
[Dave Birch] Announcing the eighth annual Digital Identity Forum in London on November 20th and 21st 2007. The event, sponsored by CoreStreet and CPP with support from ACI Worldwide, will be held at The Clink in Southwark. This year the Forum will be structured around four main areas:
  1. Who Needs Digital Identity? And what do they need it for? As a first step on the road to safe and effective e-business, e-government, e-health and e-everything else, let’s try and analyse and understand what the “identity problem” actually is so that we can work out what to do about it in at 21st century context.
  2. Understanding Context. What should decision makers look at when surveying the technology landscape? New standards and schemes? New networks and devices? New structures and models? This session will help you to map out that landscape and understand how CardSpace and OpenID, NFC and EMV fit together.
  3. The Identity Utility. The discussions around identity cards, identity for the mass market and the business case for identity are stuck because of limited models and the vision around them. A new vision, however, with some promise can be founded on a utility-based approach which will be explored in this session.
  4. Authentication is the new Content. If digital identity does indeed begin to transform the mass market, then one of the consequences might be that authentication takes are pivotal role in the value network. In which case, it’s good to start planning to take advantage of it now. Who could play in that market?
The Digital ID Forum will continue its tradition of developing the debate around the future of identity by bringing together informed and expert perspectives to stimulate discussion, thinking and ideas. Here’s what people said about it last year...
an exceptionally good conference this week…
the quality of the speakers, the audience and the debate (and the food!) was fantastic...
very stimulating conference yesterday and today – the formal content and the networking were excellent…
a great day as usual...
the key benefits were the networking opportunities which are facilitated by such a wide-ranging programme.
The detailed agenda will be available from the Forum web site at the end of this month. This year we will have representatives from organisations ranging from the Oxford Internet Institute and the Identity and Passport Service to Visa Europe and Garlik, once again ensuring first-class debate, high-speed learning and stimulating new ideas in equal measure. We're now taking the early bird bookings for this year's Digital Identity Forum. If you go to the web site and book before 20th September, you'll get £50 off, meaning that two full days of discussion and debate at the leading edge of digital identity will cost a mere UKP395 + VAT. Once again, the Forum will be limited to 100 places so book now to avoid disappointment! We look forward to seeing you at this year's event.

Technorati Tags: ,

Continue reading "The Forum is open for business" »

Dave Birch on Digital Identity Management

By davebirch posted Aug 21 2007 at 6:35 PM
[Dave Birch] Not sure how to introduce this week's podcast! It's Jane Adams interviewing me about the book Digital Identity Management that was published earlier in the year. Jane is a freelance journalist and consultant. She used to edit World Card Technology and writes regularly for European Card Review as well as for corporate clients. She has written two research reports about smart cards, the Smart Card Reporter for Elsevier and Smart Cards in Healthcare for HBS Consulting. Here she talks to me about the book that I edited, "Digital Identity Management: Technological, Business and Social Implications". Jane thought it might be good to put me on the other side of the microphone for a change!

Technorati Tags: ,

Continue reading "Dave Birch on Digital Identity Management" »

Contactlessness and confusion

By davebirch posted Aug 20 2007 at 5:11 PM
[Dave Birch] Contactless payment technology faces adoption hurdles caused by consumers (and, I might add journalists) misunderstanding the difference between radio frequency identification (RFID) and contactless smart cards. In fact
Confusion between the two technologies could eventually impede the potential growth of the both the RFID and contactless smart cards markets
says Michelle Foong, an industry analyst at consulting firm Frost & Sullivan. The confusion is causing many consumers to worry about security. And not only consumers, but also lawmakers. Out in California, legislation to ban RFID is being considered in Sacramento that would ban the use of RFID, including high-security contactless smart cards, in many state government agencies and programs. While the intent is to protect the security and privacy of those who have personal information stored on RFID chips, many provisions in the bills are misguided and ultimately unnecessary. In fact, as the newspaper article correctly points out, if passed in current form the bills would stifle innovation hinder technology development instead of punishing bad behaviour. The source of the problem is of course misconceptions about the technology and its many applications. In particular (my hobby horse) the word "RFID" is used for every short-range wireless technology going yet it is not the "one size fits all" technology that some privacy advocates seem to think. There is a world of difference between a magnetic ink tattoo on a cow and an American Express Expresspay chip, yet they are somehow seen as being the same.

Technorati Tags: , ,

Continue reading "Contactlessness and confusion" »

Social networking good/bad?

By davebirch posted Aug 17 2007 at 3:05 PM
[Dave Birch] Like every other new technology that leaks into mainstream media, the cycle from "hey wow isn't this amazing" to "this is the end of civilization as we know it" is predictable if shortening in duration. Now it's social networking's turn. Anyone who is interested in the future of identity has to be interested in the models being forged in the Reed's Law furnace of MySpace, Facebook, Bebe and the like, that much is clear. These subnetworks are already vast: Facebook now has more than 3.5 million users in the UK, MySpace has more than 10 million users and Bebo has 4 million unique visitors. Friends Reunited is the champion, though, with 18 million users registered in the UK. But is the sky really falling in? I don't doubt for a moment that that some people are putting details such as such as date of birth, address, email, job and marital status on their pages and that these are useful to potential fraudsters. A recent snapshot of Facebook turned up some useful statistics about this: more than 40% of Facebook users reveal some "sensitive" personal data and more than 20% gave personal data to a spoof friend request from a plastic frog called Freddi Staur. Of those, four-fifths gave their full date of birth and current address. It seems to me that the real risks are less about identity fraudsters trawling Facebook -- when they have much better large scale data sources -- than the long-term impact of posting pictures of yourself throwing up after drinking a bottle of cider.

Technorati Tags: ,

Continue reading "Social networking good/bad?" »

The next Internet will be built on identity

By davebirch posted Aug 15 2007 at 3:24 PM
[Dave Birch] I've been think about a recent Guardian Unlimited article that began by posing the big question: how do you cut online crime, tackle child pornography, halt crippling viruses and get rid of spam? The article then goes on to talk about a couple of research projects: researchers in the US want at least $350m (£175m) to build the Global Environment for Network Innovations (Geni) and in Europe, similar projects are under way as part of the EU's Future and Internet Research (Fire) programme, which is expected to cost at least £27m. While this will undoubtedly be money well spent, I think that Jonathan Zittrain, professor of internet governance and regulation at the Oxford Internet Institute, cuts to the core of the issues with his comment:
There's a real need to have better identity management, to declare your age and to know that when you're talking to, say, Barclays bank, that you're really doing so.
The backers of Geni are hoping that it can find answers to problems like this. It is supported by America's National Science Foundation and has a timescale of 10-15 years. Hhhmmm. Dipankar Raychaudhuri, a professor at Rutgers University in New York, says
Once you've built something as large and complex as the internet it is difficult to start over again.
Quite, but do we really need to?

Technorati Tags: , ,

Continue reading "The next Internet will be built on identity" »

The 800ln gorilla in the digital identity room

By davebirch posted Aug 14 2007 at 12:13 PM
[Dave Birch] If you are in the U.K. and interested in identity, it's difficult to stay away from the subject of the national identity card, especially now that procurement is about to begin. Today I was thinking about audit. The head of the Identity and Passport Service (IPS) recently said in an online webchat on the Downing Street website that most uses of the ID card will probably not involve accessing the NIR and would therefore not create an audit trail. He means "an audit trail in a central government database" because, of course, your identity card is perfectly capable of recording who has asked it for what. If you want to go home and put your ID card into your Sky box and see on the TV who interrogated your card, then you should be able to. This is quite distinct from the issue of the central audit trail, which cannot possibly work in a transparent manner. If you log on to the IPS website to see who's been looking at your personal details, and it tells you that the police or MI5 have, then you might take that as a sign to leave the country. Perhaps as a practical experiment the government should let non-celebrity status people see who has been accessing their children's personal details on the ContactPoint identity register for the under-16s and see how it goes.

Technorati Tags:

Continue reading "The 800ln gorilla in the digital identity room" »

Another lesson on the real identity risks

By davebirch posted Aug 8 2007 at 9:09 AM
[Dave Birch] Identity theft is a pretty sensitive issue, especially when the identity of children is the issue. So when a hospital laptop containing information on about 11,000 young children is stolen you expect a bit of a fuss. Similarly, when a bank customer adviser was jailed for four years for helping identity thieves steal £2.3 million from accounts, the newspapers were bound to report it. In this latter case, apparently, the BBC's former world affairs correspondent Rageh Omar had a narrow escape when a telephone caller posing as him, and armed with confidential information, tried to access his Barclays account. The caller was thwarted by a suspicious branch manager (not, you might note, by a neural network or strong authentication. When your personal data is stolen and passed to thieves by government employees who are supposed to be working for you, you're bound to be upset. Of course, if you put your own personal information up on MySpace, Bebo and Facebook then you've only got yourself to blame.

Technorati Tags: , , ,

Continue reading "Another lesson on the real identity risks" »

Anchoring the reputation economy

By davebirch posted Aug 7 2007 at 11:03 AM
[Dave Birch] A very pleasant evening out at Mobile Monday in London talking about digital identity in the mobile world was made even more pleasant because Ajit was on the expert panel with me. He made a couple of points about reputation that deserved further discussion but there wasn't time. He reminded me that Colin at Bankwatch had pointed me to this quote: "Somebody who has carved violins all his life should have more editing power than me on Wikipedia’s Stradivarius page". A couple of months ago (but I can't remember exactly when), I heard one of the founders of Wikipedia, Jimmy Wales, being interviewed on the BBC and he was talking about the viability (from my perspective, the desirability) of an economy founded on pseudonyms and reputation. He made complete sense, as did Ajit. I'm coming round to the view that this should be one of the expert panel topics for the forthcoming Digital Identity Forum in London on November 20th/21st.

Technorati Tags:

Continue reading "Anchoring the reputation economy" »