About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« October 2009 | Main | December 2009 »

7 posts from November 2009


By Dave Birch posted Nov 25 2009 at 10:43 PM

[Dave Birch] I enjoyed Scott Silverman's talk about privacy and security at ID World. Scott (the devil, according to CASPIAN) is the CEO of Verichip, the company that developed the first FDA-approved RFID chip for human implantation. (It's just a passive RFID chip containing a 16-bit identification number). Apparently, they had had some 900 emergency rooms across the US signed up for the service before the "privacy backlash" started. Opponents of the system told the newspapers that the chips caused cancer, and that was that.

Now, to be honest, I'm very sympathetic to Scott. A couple of years ago, I contacted Verichip because I thought it would be fun to have a Verichip implanted in my arm ready for the Digital Identity Forum, but they said no (spoilsports). My cat has one, and I'm jealous.

Anyway, the point is that the privacy backlash was so great that the stock price collapsed and the company -- which was reduced to a shell -- has now been restructured as PositiveID with Scott as the majority shareholder. They have a number of initiatives, one of them being "PatientID" which will link high-risk patients (eg, Alzheimer patients) to their medical records. Now, as far as I can see (and I'm speaking from the point of view of someone with an Alzheimer's sufferer in the family) this is a splendid idea. I'm pretty privacy sensitive, but this is an application that makes absolute sense to me. If I had Alzheimer's, I'd want a chip so that if I get lost or confused, a doctor can instantly find out who I am and what my conditions and medications are. You could do it by fingerprinting me, or iris scanning or whatever. But it appears to quick and simple to use the chip instead.

Scott also mentioned their "HealthID" initiative that will link sensors to the chip: so, for example, you could have a glucose-sensing chip for some types of diabetes so that when the chip is read to identify the patient it will also report glucose levels. If I had diabetes, I would much rather have one of these than prick my finger and test drops of blood. I wouldn't want everyone to be able to read it though, and this is where the problem comes: we need to have some form of standard privacy-enhancing infrastructure that sits above the "chip layer" to make this all work properly.

Continue reading "Verily" »

Rob Schuurman, Nedap

By Dave Birch posted Nov 19 2009 at 3:31 PM

[Dave Birch] Rob Schuurman is the general manager of Nedap Healthcare, based in the Netherlands. They have developed award-winning products that use mobile phones and NFC to deliver practical, convenient security to a mass market. In this podcast, he talks about his practical experiences getting an NFC-based service into operation and shares some thoughts about the future of the technology in that sector.

Listen here in either [Podcast MPEG4] or [Sound-only MP3] format.

Continue reading "Rob Schuurman, Nedap" »

Out of control, up to a point

By Dave Birch posted Nov 17 2009 at 12:04 PM

[Dave Birch] I re-read an excellent post over at Emergent Chaos. It reflected an important discussion between two people, both of whom I take very seriously. To paraphrase and simplify horribly, Bob thinks that the social structures maintain privacy, Adam thinks that technological structures maintain privacy.

In a world where some people say "I've got nothing to hide" and others pay for post office boxes, I don't know how we can settle on a single societal norm. And in a world in which cheesy-looking web sites get more personal data — no really, listen to Alessandro Acquisti, or read the summary of "Online Data Present a Privacy Minefield" on All Things Considered... -- I'm not sure the social frame will save us.

[From Emergent Chaos: Bob Blakley Gets Future Shock Dead Wrong]

The lack of a "norm" is a good point here, and I have to say it made me think. We should be developing tools that allow people to construct their norms (within boundaries, obviously) but not setting out a norm so that the tools can only implement one model. For this reason, amongst others, I tend to come down on the more technological side of this argument, which is why I'm so keen to see privacy as part of customer propositions and privacy-enhancing technologies as part of the systems being built in both public and private sectors.

Continue reading "Out of control, up to a point" »

Thanks, thank you all

By Dave Birch posted Nov 14 2009 at 7:20 AM

[Dave Birch] This blog has been nominated for the Computer Weekly Blog Awards for 2009.

Now, merely being nominated is reward and testament enough, but should you feel moved to voice your support in the traditional way, then please feel free to vote early and vote often.

Continue reading "Thanks, thank you all" »

Air side

By Dave Birch posted Nov 9 2009 at 6:20 PM

[Dave Birch] The whole business of air travel is a laboratory for experimenting at the boundary between public and private identities, where national and international agreements interact with corporate alliances, outsourcing and value chains to produce a complex environment that needs and benefits from change. Speaking as a frequent traveller, and happy near-weekly user of Heathrow's Terminal 5, it seems to me that air travel has got considerably quicker, more efficient and simpler in the last couple of years. I print my boarding pass out at home, jump in a cab or on the train, nip through T5 to the lounge and then on to the plane -- the only hold-up in the whole process is the queue for security on the way out (sometimes this can be 10-15 minutes even at T5) and the queue for passport control on the way in.

However, the need to print a physical boarding pass, even using 2D barcodes rather than a magnetic stripe, and the lack of an efficient bag drop system means that despite the universal electronic ticket for air travel, more than two-thirds of passengers still went to a check-in desk. Where to look for the next improvement? Well, I'm sure like most people I think that the key technology that will change this is the mobile phone. If the mobile phone allows you to check in and obtain a boarding pass, and a kiosk at the airport allows you to self-tag (clearly there are some security issues around this) then the flow through airports would increase significantly and the costs would reduce accordingly.

In fact I saw a presentation for one of the companies that supplies infrastructure to airports recently an they were talking about their experiences with the mBCBP (mobile bar code boarding pass) -- they said that "we only care about Blackberry, iPhone and high-end smartphones", which means we can assume big, clear screens -- but still the current 2D barcode solutions don't carry enough data for the airlines to store more than three legs plus frequent-flier and other data.

So why am I looking at this space? One of the biggest players in the industry, IER, is advocating the "pass & fly" sticker solution and I saw them present on the Air New Zealand and Air France case studies which, I have to say, was rather impressive.

Continue reading "Air side" »

Close enough for jazz

By Dave Birch posted Nov 4 2009 at 6:40 PM

[Dave Birch] I had a typical fascinating and productive discussion with Hazel Lacohee and Piotr Cofta when we last got together. We were kicking around some ideas for finding practical ways to improve privacy, security and other good stuff while simultaneously worrying about the government's approach to the interweb, broadband and ID cards. With the right combination of technology and vision we can take an entirely different view of the "identity problem" and how to solve it. In a decentralised fashion we can see identity develop as an emergent property of trust networks, shaped by evolution to be fit for purpose or, as Piotr Cofta puts it, "good enough identity". Good enough identity (GEI). I love it.

I'm certain that there is merit in this approach. There is a real difference between between trying to create a kind of "gold standard" identity that delivers the highest possible levels of authentication and identification in all circumstances and trying to create an identity that is useful (defined by: reduces total transaction costs and, in my world, aligns social costs with private costs). Therefore, a utilitarian approach of trying to do something, anything to make the identity situation improve for individuals and organisations, we might be better off starting with some simple building blocks and building up rather than by starting with a national ID card (I mean, a 21st-century national ID card of the psychic ID kind, not electronic cardboard) and driving that down. Go from the personal to the enterprise, from the enterprise to government.

Continue reading "Close enough for jazz" »

Biometrics 200n

By Dave Birch posted Nov 2 2009 at 10:11 PM

[Dave Birch] I actually rather enjoyed my day out at Biometrics 2009 because it was an opportunity to catch up with old friends and see what the buzz is. Yes, you can have LinkedIn and Twitter, but there's still no substitute for hanging out in the coffee area at a big conference. Some of the content was, though, somewhat reminiscent of Biometrics 2008, 7, 6... we're still not at a mass market, and part of the reason is that no-one seems to know what that mass market is. Is it fingerprint scanners in every laptop? I doubt it. Is it logging in to your bank using voice authentication? Maybe. Is it using your National ID Card to get served in a pub? Doesn't look like it at the moment.

Personally, based on a couple of sessions I sat in on, I thought there was some confusion about the proposition -- not from everyone -- and I suspect that at least part of the problem is that the major integrators come from the government and defence space, so their approach to the market and their product set reflects that. If you've made a living selling large-scale automatic fingerprint identification systems to law enforcement agencies, then it may be difficult to make the transition to selling improved authentication to banks. And there's no reason to suspect that that improved authentication will be achieved using the same technologies anyway.

I happened to be sitting next to Forum friend Maxine Most from Acuity Inc, one of the world's leading analysts of the international biometrics market, and she made a key point early on in the day: the mass market is about mobile phones, not PCs. This was a central element of my presentation on biometrics in the event space and was further amplified by the Precise Biometrics presentation advocating match-on-SIM going forwards. This, as an aside, suggests to me that there is a premium on biometric technologies that synergise with mobile phones -- we're talking about the mass commercial market here, not law enforcement and national security -- so that really means voice recognition and voice authentication (I don't buy the fingerprint-scanner-in-handset model in the mass market). A couple of people remarked that these biometrics didn't seem to be getting much coverage compared to fingerprints, iris and the like, which I imagine is also a reflection on the government and law enforcement focus of the show.

Continue reading "Biometrics 200n" »