About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« There's always mistales | Main | Government interface »

No, wait, Titanic isn't the right metaphor

By Dave Birch posted Mar 20 2009 at 2:22 PM

[Dave Birch] For many years I have consistently maintained that multiple identities (more specifically, multiple virtual identities bound to digital identities that can be authenticated against "real world" identities) are an integral part of the digital identity infrastructure of the future and emphatically part of the solution, not part of the problem. There is a technical caveat though: the virtual identities must be kept separate. As Robin Wilton notes, with his usual perceptiveness,

maintaining different 'personas' can contribute to personal privacy - and personal privacy is undermined when the barriers between those 'personas' are broken down.

[From Racingsnake - the blog of Future Identity: Is privacy only for the rich?]

So we need a good technology (firewalls, PKI, keys, tamper-resistant hardware blah blah blah, you know the score) to make the barriers and should not rely on guidelines or ombudsmen instead. However, I made a terrible mistake explaining this vision to group of people recently. I said that the partitioning of identity in this way was the equivalent of building a big ship with a series of waterproof compartments separated by strong bulkheads, so that if one compartment is holed, the ship is not threatened. What, someone said, you mean like the Titanic?

Touche. Ouch. I had no answer at the time, but thinking about it I can see the analogy. The bulkheads that I am imagining depend on mathematics for their strength, not metal. I was thinking that each of my multiple identities would correspond to a key pair that I had control over (ie, the private key would be stored in some tamper-resistant hardware that I controlled, something like that). But, indeed, if someone did figure out a way to factor large prime numbers in polynomial time, that would be the equivalent of an iceberg ripping open all of the compartments. There's no way round this.

If this is a genuine possibility, then we will need to spread our personas across multiple devices, which we should probably do anyway. So I might have my government identity on a smart card in my sock draw, my bank identity on my chip & PIN card and in my phone and my online identity in my phone and a USB key. Each of these digital identities might then be used to support a number of virtual identities, so that I can log on to my bank either using the chip and PIN card or the phone. But now if one of the devices is compromised, lost or stolen then I can use another device. This doesn't seem particularly complicated to me, but am I a cross-section of the population?

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef01127982936328a4

Listed below are links to weblogs that reference No, wait, Titanic isn't the right metaphor:

Comments

I don't see the link between the factorability of large public keys and the use of separate devices? (And by definition, large primes are not factorisable).

There is no link, it just my appalling writing style. What I had in my head was the ruin of a previous vision of having multiple digital identities on one ID card with PKI as the mechanism for binding virtual identities, whereas I was reflecting on the need for a more diverse infrastructure, not all of which would depend on PKI, if you see what I mean.

The comments to this entry are closed.