About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« October 2007 | Main | December 2007 »

12 posts from November 2007


By davebirch posted Nov 30 2007 at 3:56 PM
[Dave Birch] I love it when his happens. A couple of years ago I helped to write a report for a government department here in the U.K. The report covered a roadmap for certain "connection and disconnection" technologies. On one part of the roadmap I had to illustrate a point with a couple of "horizon" communication technologies that I thought might be relevant in a 5-10 year timescale. One of the ones I chose was digital connection via biological carrier (ie, sending signals through your body). I labeled it "bifi", although I can't remember where I got the tag from. 5-10 years? Well, NTT DoCoMo unveiled a prototype bifi phone last month. The phone, which uses a sensor made by start-up Kaiser Technology Co., sends electric signals through the human body to transmit data, enabling data transfer at the touch of a finger. One of the examples used in the press release is that doors to secure areas would open as your phone transmits your ID through your feet, but I think it offers more.

Technorati Tags: ,

Continue reading "Bi-fi" »

Chinese whispers

By davebirch posted Nov 26 2007 at 11:56 AM
[Dave Birch] Lying on your Facebook page is part of the fun, isn't it? Just like being a man in Second Life if you're a woman. Surely being able to play around with multiple identities is one of the fascinating new aspects of life online? Apparently, not everyone shares such a playful and experimental view of virtual identity. One of China's major game operators has announced that they will freeze the accounts of male players who have elected to play as female characters in the King of the World MMORPG. Apparently there are no bans on women playing male characters, but women (and men-wanting-to-play-as-women) will be required to prove their gender via webcam. I did not make this up. Women will be required to prove their gender via webcam (how, exactly? -- the mind literally boggles). And this is in a country with compulsory ID cards. Next they'll be saying that you can only be a Gnome Bard if you are in real life less than four feet tall and able to recite a medieval Icelandic saga from memory. Who is running these games, David Blunkett? (Note to foreign readers, David Blunkett was the British Home Secretary who introduced the current British identity card scheme).

Technorati Tags: , ,

Continue reading "Chinese whispers" »

The Zimmerman CDs

By davebirch posted Nov 23 2007 at 5:30 PM
[Dave Birch] The fallout from the great data escape of 2007 continues, some of it good (such as the Information Commissioner's Office calling for "privacy-enhancing technologies" to be built into future projects) and some it ludicrous. Some outlandish opinions are gaining currency. Noted conman Frank Abignail says that he is sure that the CDs were stolen by organised criminals rather than being lost by disorganised civil servants:
I truly believe that someone paid for information to be stolen.
He must be wrong. Why would criminals steal the CDs (which someone might eventually notice were missing) rather than steal the data? Frank is confusing the Hollywood MacGuffin-led version of data theft -- in which the master criminal / CIA / international terrorist gang chases the hero around the world to destroy a disk containing top secret evidence of a conspiracy, apparently unware that you can e-mail the data from one place to another rather than transporting it as atoms (as were Her Majesty's Revenue and Customs, it seems) -- with real-world risk analysis. In Frank's film version, the plot might be that the criminals disguised themselves as couriers, bluffed their way past the front desk, took the packages, found the one with the CDs in, stole it, changed clothes to pretend to be HMRC clerks and then gave the rest of the packages to the real courier. In my film version, some wally has put the package in the wrong bin and it's gone into landfill. But just suppose...

Technorati Tags: ,

Continue reading "The Zimmerman CDs" »

Live from London

By davebirch posted Nov 21 2007 at 10:37 PM
[Dave Birch] A big thank you to everyone who took part in this year's Digital Identity Forum. The feedback I've already had has been absolutely excellent and I really appreciate the efforts of everyone who made it happen. I'd also like to thank our sponsors for their unconditional support: CPP and CoreStreet for suppporting the event and ACI Worldwide for supporting the pub quiz and tour. And on behalf of the charities that we support with the surplus from the event, thanks to everyone who came along. I like to think that the Forum stands out as being a place for real discussion and debate rather than a standard death-by-Powerpoint commercial event and, once again, the delegates didn't let us down. Thanks to everyone.

Technorati Tags: ,

Continue reading "Live from London" »

The great data disaster of 2007

By davebirch posted Nov 21 2007 at 7:54 AM
[Dave Birch] Half way through the Digital Identity Forum yesterday, the session chair announced (hot from his Blackberry) that the British government -- specifically, the Child Benefit Agency -- has lost the personal details of every parent in the country and as a result someone has resigned. I haven't had the energy to try and figure out why on Earth in 2007 government departments would be posting CDs to each other rather than using PGP or S/MIME on the interweb, but there you go. Anyway, by this morning there was an identity theft media frenzy never before witnessed in our green and pleasant land. I woke up to breakfast TV in the hotel and every channel was leading with the story. I've just seen the Chancellor of the Exchequer being interviewed on Sky and I actually felt sorry for him: some of the questions were ridiculous (eg, won't the fraudsters wait a few years before they obtain credit cards in our children's names). For a more measured response, see here: Forum friend Ian Brown was whisked away from the Digital Identity Pub Quiz to appear on BBC's Newsnight.

Technorati Tags:

Continue reading "The great data disaster of 2007" »

The Tr* scheme

By davebirch posted Nov 19 2007 at 5:28 PM
[Dave Birch] Apart from having one of the best URLs on the interweb, xmlgrrl Eve Maler also has a splendidly useful PDF containing a set of diagrams that give an overview of the relationship between SAML, Liberty, Cardspace and so on. Well worth downloading.

Technorati Tags: ,

Continue reading "The Tr* scheme" »

Giving identity cards a bad name

By davebirch posted Nov 16 2007 at 8:00 AM

[Dave Birch] As I've constantly complained, what should one do if one is (broadly speaking) in favour of some form of smart identity card to bridge the worlds of physical and virtual identity, but one is (broadly speaking) against the government's proposed system? Well, one policy might be to stop reading the newspapers and hope it will all get better. Consider, for example, the Department of Work and Pensions' attempt to salvage a viable system from the Child Support Agency catastrophe, the Child Maintenance and Enforcement Commission (CMEC), which adds several sticks to beat recalcitrant parents with. There is going to be a 'name and shame' web site, credit blacklisting, monitored curfews (possible including electronic tagging) and the confiscation of passport and/or ID card. That's joined-up government at work, presumably. The Child Maintenance & Other Payments Bill includes powers for the CMEC to disqualify an individual from "holding or obtaining travel authorisation", with a travel authorisation being defined as a UK passport or as "an ID card... that... has been issued to a British citizen." This kind of predictable -- and tragic (in the sense of inevitable) -- mission creep is an consequence of an ill-thought out identity infrastructure that is not up to the demands of a modern society or modern economy. And even if you think that taking away some ID-related privilege is the right thing to do to a deadbeat Dad, the use of the word "confiscation" reveals the basic mindset problem: "they" won't stop you from renewing a public key certificate, delete an application from the card, change a security level or anything else that might smack of the 21st century, "they" will confiscate the card. Hey, Parliament, I've got 1952 on the line and they want their ID card back...

Technorati Tags: ,

Continue reading "Giving identity cards a bad name" »

Antisocial networking

By davebirch posted Nov 13 2007 at 6:18 PM
[Dave Birch] There's something about Reed's Law, the rise of social networking and community that tells us some profound truths about the future of identity. Unfortunately, I don't know what it is, and therefore what those truths are. Looking at the social networking stories in the news, they mostly seem to be about a new kind of moral panic. You know the kind of thing, social network sites are increasingly juicy targets for computer hackers and so on. As Forum friend Peter Cochrane observed in his always-worth-reading blog at silicon.com, the media seems to have a downer on social networking because of its implications for data privacy. Yes, Facebook is the latest TTCAWKI (threat to civilisation as we know it). Or it is to those people who signed up with their real names.

Technorati Tags: , , , , ,

Continue reading "Antisocial networking" »

Full house

By davebirch posted Nov 8 2007 at 6:15 PM
[Dave Birch] One of the reasons by the British government's IRIS scheme -- which allows frequent travellers such as yours truly to enter the country via iris scanner instead of showing a passport to an immigration person (or, at least, theoretically does so: I've given up using it because it never works) -- is so bad is because it is attempting to match against a large and growing database. This means that certain parameters have to be set to position the FAR/FRR curves in particular ways: if there's a doubt, keep him out! If, on the other, you are matching a biometric template one-to-one against a securely stored templates, you can set the curves to be more tolerant, more workable in real world situations. An example of how the IRIS probably should have worked. Nevertheless, the biometric authentication market continues to grow steadily, with interesting new implementations coming along all the time. One that caught my eye is the system being installed at The Venetian Macao, the world's largest casino, has deployed 13 VisionAccess 3D Face Readers in order to authenticate 12,000 employees at the front entrance when a new shift starts. Bioscrypt's 3D face reader is a hands-free biometric solution that authenticates users in under a second by matching the structure of the person's face against their enrolled template (ie, a one-to-one match). The readers function by shining a near infrared grid pattern on a user's face. A camera then takes a picture of the resulting distortions in the grid pattern to match against the template, which is stored in a contactless smart card (typically kept in a hip pocket). That's the way to do it.

Technorati Tags: ,

Continue reading "Full house" »

Chip the lot of 'em

By davebirch posted Nov 7 2007 at 9:02 PM
[Dave Birch] People are very squeamish about the idea of implanting RFID chips into themselves or others. I've no idea whether this is because there is some fundamental issue at stake or whether it's because the idea is just new. I've certainly heard of applications for RFID implants that seem quite reasonable to me. Tracking Alzheimer's patients by implanting a chip that can be read by doctors might well provide a lifeline to confused and vulnerable people in a time of need -- and I speak as someone with first-hand experience of the tragedy of Alzheimers. In this example, the chip simply has a 16-digit number. It is implanted in the patient's arm and read using a handheld reader (just like our old favourite the Baja Beach nightclub). The Verichip chip -- which is what is being used here -- was approved as a medical device in 2004 by the Food and Drug Administration (FDA) is currently being used in nearly 200 hospitals. I'm not sure if I'm as enthusiastic about the idea of chipping my children but I'm not sure why. It seems perfectly reasonable for someone to say to me "how come you put a chip in your cats, so that if anything happens to them the vet can identify them and contact you, but you won't put a chip in your kids?" and I'm not sure how I'd answer. There must be a philosopher, moral teacher or ethicist out there who can help!

Technorati Tags: ,

Continue reading "Chip the lot of 'em" »