About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Adriana Lukas, MediaInfluencer | Main | It's crazy, but it might just work »

Grasses up

By Dave Birch posted Jun 17 2008 at 11:56 AM

[Dave Birch] If you haven't been over to Wikileaks, you should probably go and have a quick look before you read the rest of this post! There's an article about it in a recent New Scientist, talking about how "onion routing" is used to provide anonymity. So people (eg, whistleblowers in large corporations) can obtain genuine anonymity online. I'm in favour of this, generally speaking, and it's certainly necessary in a free society. But is it sufficient?

Suppose, for example, that I post a plausible-looking document that seems to show that the British Royal family are actually giant extraterrestrial bloodsucking lizards. How do you know whether it's a genuine leak or a double-cross? If, for example, there's a document purporting to be the Identity & Passport Service's National ID Scheme Options Analysis, how can you be sure that it really comes from them (just to pick a mischievous example) or was made up by someone at No2ID? If we as a society agree that some from of whistleblowing is a social benefit -- and yes, we must also accept that it means that some drug-dealing Nazi child pornographers will be able to take advantage of it too -- then we should have systems in place to deliver it. And that doesn't mean implementing anonymity.

The problem is more widespread than whistleblowing, although it's a useful focus. I don’t want my kids using their real names in Internet chat rooms any more than I want hospital whistleblowers to have use their real names: a nurse, for example, ought to be able to send an e-mail (to report lax hygeine routines, perhaps) with a digital certificate that proves that she is a nurse but not who he/she is. It's obvious why: if she reports a problem, then the information is of no value unless the authorities know that the leak really comes from a nurse. But if the nurse can be traced in any way, then he/she won't report the problem, which is bad for society as a whole.

Fortunately, technologists understand this problem and how to fix it. One of the very best ways of fixing it -- using clever cryptography -- was developed by Forum friend Stefan Brands and his company, Credentica, was bought by Microsoft so will soon be in the mass market. I happened to be chatting to Stefan last week and can cheerfully report that he has yet to be assimilated...

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


The comments to this entry are closed.