About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« December 2008 | Main | February 2009 »

5 posts from January 2009

No digital identity, no digital Britain

By Dave Birch posted Jan 30 2009 at 4:56 PM

[Dave Birch] I haven't had time to read the Carter report on Digital Britain yet, but I will try and catch up with it sometime soon. I've had a quick look at a few bullet points and not seen anything particularly interesting. There's been plenty of comment from sources that I pay attention too, though.

The long awaited (and somewhat delayed) Digital Britain interim report has been released, and, like the Gowers Report on intellectual property before it, this one seems way too "balanced" for its own good... For example, it says that the country should have universal broadband (of at least 2 Mbps), but doesn't explain how. It just offers up some vague statements about hoping that private sector ISPs reach that goal, and urging the BBC to promote the wonders of broadband to those who haven't signed up yet... The same sort of vague uselessness is found in the part on copyright and file sharing.

[From Digital Britain Report: Blank Promises, Vague Statements And Everything Is Hedged... | Techdirt]

It's hard for the people putting these sorts of reports together to take any real stance on issues, I'm sure, because they have to obtain some consensus. But perhaps some more real vision is needed at times like these, and that necessarily will mean that some sectors of industry will have to accept change. Because our customers are more interested in the transactional side of things, I'm always looking to see how the plans of the great and good will stimulate new business and what the impact on industry might be. Unfortunately, the early comments that I've been reading are not promising: apparently, one of Carter's suggestions is to impose a tax on broadband access and give the money to industries that have failed to adopt new business models in response to technological change. At first, I assumed he must be talking about sheep farmers, because the law dating back to 1572 requiring everyone to wear wool hats on Sunday isn't being properly enforced any more, but it turns out that he was talking about pop stars and record companies.

Carter appears to ask traditional industries to look to new business models, but offer them a subsidy at everyone else's expense if they can't find any. What's more, the voice of those industries is given disproportionate weight. Now, while it is generally true that at the dawn of new businesses this must always be true -- since the new businesses that might grow up around broadband don't yet have a voice to be heard -- that's no reason no to extend the range of voices to be heard. As the Open Rights Group say,

We are looking at the report in detail, but we are extremely concerned that the voice of consumers and citizens is being marginalised.

[From The Open Rights Group : Blog Archive » Digital Britain: leaving consumers out of the picture]

Indeed. Not only will citizens be marginalised, they will also be penalised.

Under the proposed scheme, the government would legislate a "Code on unlawful file-sharing" that ISPs would have to follow.

[From "Digital Britain" to legislate graduated response for ISPs - Ars Technica]

Why telephone companies aren't required to follow a "Code on unlawful bank robbery" that requires them to monitor telephone conversations and report the planning of bank robberies to the police, I don't know, but what I do know is that fining kids and kicking their parents off the Internet is not the way to build a healthy and prosperous 21st century business.

Continue reading "No digital identity, no digital Britain" »

Help or hinder?

By Dave Birch posted Jan 23 2009 at 5:49 PM

[Dave Birch] I've been spending a lot of time on biometrics recently, trying to work out the best way for our customers to exploit some advances in the technology. In particular, especially given the ICO's recent "Privacy by Design" report, I've been trying to think of ways to make biometric authentication support identification in a reasonable business model that allows for appropriate privacy settings. One of the reasons why this is complicated is that the temptation to use biometrics for identification purposes is very strong.

Biometric authentication has a role in maintaining and defending our control of our own identity and personal data. This emerging technology makes it virtually impossible to assume someone else's unique identity.

[From Understanding anonymity and the need for biometrics | The Industry Standard]

But biometric authentication of what? If it is biometric authentication of a single, unvarying, "full disclosure" identity (eg, a national ID card of some description) then it's hard to justify the architecture. In other words, why bother with authenticating people against some identity token when you can just match them to their identity in some sort of database: instead of showing the supermarket an ID card to prove you are old enough to buy cigarettes, why not have the supermarket send your fingerprints off to a database and have the database tell the supermarket how old you are? There's no need for card. Or is there?

We have to expect that people will see us when we are in public and that our open public acts will be just that. But we have to worry that, in an anonymous world without authenticated identity, privacy will be violated when others can assume our identifying characteristics and take control of transactions and interactions outside the home that are indeed personal and unique to us.

[From Understanding anonymity and the need for biometrics | The Industry Standard]

With the right identification and authentication architecture, the card provides a means to prove authentication without necessarily disclosing identification. Thus, my ID card can tell you that I am its rightful owner (by matching my, say, fingerprint with an on-card template) and that I am 18. But there is no reason for it to tell you who I am.

Continue reading "Help or hinder?" »

It could never happen here

By Dave Birch posted Jan 15 2009 at 12:43 PM

[Dave Birch] Well well. Now here is an interesting story that hasn't got anything like the attention that it demands:

A South Korean woman barred from entering Japan last year has reportedly passed through its immigration screening system by using tape on her fingers to fool a fingerprint reading machine... A South Korean broker is believed to have supplied her with the tapes and a fake passport, the Yomiuri said, adding that officials believe many more foreigners might have entered Japan using the same technique.

[From Woman fools Japan's airport security fingerprint system]

Now, I wonder if the Japanese ministry of immigration (or whatever) chose that particular system on the basis that it was (according to the vendor) foolproof? That is certainly the perception of biometrics, particularly amongst politicians, but who can say? I suppose the risk analysis they carried out -- I'm sure they must have carried out a risk analysis -- would have put impersonation as a theoretical probability with a low likelihood and low chance of success. Ooops.

Continue reading "It could never happen here" »

A good solution, but only if you don't understand the problem

By Dave Birch posted Jan 12 2009 at 12:21 PM

[Dave Birch] It's all for the kiddies. There's a terrible problem out there on the interweb: there are people who aren't children who are pretending to be children and there are children who are pretending to be not children. Therefore, something must be done.

MySpace is now encouraging users to post their real names to their profiles. This is quite a shift - like many sites, MySpace used to refer to a ’screen name’ rather than ‘real name’.

[From Privacy Value Networks » Blog Archive » The danger of ‘real names’?]

Well, it might be considered an inconvenience that your children's identities should be disclosed to the entire world online, but it's for the greater good, right? And if we know who the children are online, then we can protect them, and help retailers to avoid accidentally selling knives to teenagers, and that's a good thing too.

Child-safety activists charge that some of the age-verification firms want to help Internet companies tailor ads for children. They say these firms are substituting one exaggerated threat — the menace of online sex predators — with a far more pervasive danger from online marketers like junk food and toy companies that will rush to advertise to children if they are told revealing details about the users.

[From Ping - Online Age Verification for Children Brings Privacy Worries - NYTimes.com]

Perhaps this whole anonymity vs. absonymity argument around online identities is actually important, and perhaps we should be doing some thinking about it instead of leaving it to people (eg, Ministers) who don't really understand the problem or the solution.

Continue reading "A good solution, but only if you don't understand the problem" »

Business and ID cards

By Dave Birch posted Jan 7 2009 at 11:46 AM

[Dave Birch] Just a quick reminder about the Digital Identity Forum's joint seminar with EEMA at the British Computer Society in London on January 29th. This seminar, sponsored by Consult Hyperion, will be looking at the business opportunities that might arise from the introduction of the UK national identity card. You can register for the seminar at the EEMA web site. The event will be chaired by John Elliott of Consult Hyperion, who has considerable international experience of designing national ID card schemes. With speakers and panelists including

  • Meg Hillier, the Parliamentary Under Secretary for Identity.
  • Martin Linda, Siemens PLC.
  • Frank Layman, Federal Civil Service Information and Communication Technology department, Belgium.
  • Andy Smith, Identity and Passport Service.
  • David Blanco, Tractis, Spain.
  • Colin Whittaker, APACS.
  • Me.

it should be a useful day out and will hopefully lead to some genuine innovation. Whatever your opinions about ID cards -- and I've made mine plain -- the fact is that the first ones have already been issued. Since the UK scheme is now here, it makes sense for business to look at the opportunities that have arisen around ID cards in other markets, for both online and offline use, in the public and private sectors.

Continue reading "Business and ID cards" »