About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« July 2010 | Main | September 2010 »

9 posts from August 2010


By Dave Birch posted Aug 31 2010 at 5:00 PM

[Dave Birch] I'm happy when my teenage son is on Facebook talking to all of his friends from the warmth and comfort of his bedroom rather than hanging out with them in a freezing and desolate town centre where he might get stabbed (I'm probably worrying too much, since only a couple of dozen teenagers have been murdered in London so far this year). A crucial difference between online communities and "real" communities is, frankly, safety and security. You can choose which online communities that you belong to an you exclude, block or unfriend people you don't like. In comparison, the real world (for many people ) is simply awful: there's nothing you can do about the neighbours who play loud music all night, the teenagers who smash up the bus shelter every week and the drunken yobs fighting in the city centre on Friday night (I'm using specifically English examples here of course). As I said before

he real world is a horrible place, especially near where I live. No wonder that I prefer to sojourn in cyberspace. Is this because I am a geek, an outlier? No, it's because I'm normal.

[From Digital Identity: Why virtual identities are real to some of us]

But the ability to build virtual walled communities that have digital gates that are far more effective than the ones on physical walled communities isn't the whole story. There's something else going on. The interaction between virtual identities is for some people better than the interaction between physical identities.

Participants in 3D virtual worlds are more satisfied with the romantic relationships they form online than with their real-life relationships, and their levels of sexual satisfaction are similar across both worlds, according to two studies conducted by researchers at Loyola Marymount University.

[From The business of virtual sex – Hypergrid Business]

This is, on the one hand, another argument for security and for using cryptography to construct and manage virtual identities (something I am wholly in favour of) but also, on the other hand, another recognition of the reality of virtual reality.

In order to become more attractive to business and educators, virtual worlds need to incorporate more gaming elements, not fewer, into their platforms — those elements, like achievement systems and ratings, that make the platforms more engaging and immersive.

[From Why virtual worlds suck for business — and some solutions – Hypergrid Business]

This is about forming a reputation-based economy from the bottom up, where peoples' sense of their own personal identity is formed online and not assigned or inherited offline.

Continue reading "Gates" »

Listening in

By Dave Birch posted Aug 30 2010 at 4:45 PM

[Dave Birch] Who should we be listening to when formulating digital identity strategy? Consumers? Experts? Politicians? Lobbyists? Consultants? Consider, for example, the issue of privacy. This is complicated, sensitive, emotive. And some of the voices commenting on it are loud. Take a look at the "Wal-Mart story" -- the story that Wal-Mart are going to add RFID tags to some of their clothing lines -- that has naturally attracted plenty of attention. One particular sets of concerns were founded on the idea that consumers could not have the tags "killed" and so would be tracked and traced by... well, marketeers, advertisers, sinister footsoliders of the New World Order, the CIA and so on. So what is the truth?

The tags are based on the EPC Gen 2 standard, which requires that they have a kill command that would permanently disable them. So the tags can, in fact, be disabled. Wal-Mart does not plan to kill the tags at the point of sale (POS), only because it is not using RFID readers at the point of sale.

[From Privacy Nonsense Sweeps the Internet]

As a consumer, I don't want the tags to be turned off, because that means that the benefits of the tags are limited to Wal-Mart and not shared with me. I'd really like a washing machine that could read the tags and tell me if I have the wrong wash cycle. And there are plenty of other business models around tags that might be highly desirable to consumers.

If it adds £20 to the price of a Rolex to implement this infrastructure, so what? The kind of people who pay £5,000 for a Rolex wouldn't hesitate to pay £5,020 for a Rolex that can prove that it is real. Imagine the horror of being the host of a dinner party when one of the guests glances at their phone and says "you know those jeans aren't real Gucci, don't you?". Wouldn't you pay £20 for the satisfaction of knowing that your snooping guest's Bluetooth pen is steadfastly attesting to all concerned that your Marlboro, Paracetamol and Police sunglasses are all real.

[From Digital Identity: The Rolex premium]

So does the existence of convenience, business model, consumer interest and practicality mean I have no privacy concerns? Of course not! So what is a reasonable way forward?

Wal-Mart is demanding that suppliers add the tags to removable labels or packaging instead of embedding them in clothes, to minimize fears that they could be used to track people's movements. It also is posting signs informing customers about the tags.

[From Wal-Mart to Put Radio Tags on Clothes - WSJ.com]

That seems like a reasonable compromise: make it easy for people to cut the tags off if they don't want them. So is that the end of the story? I don't think it is.

What could possibly violate our privacy with tracking pants in a store to make sure there aren’t too many extra-large sizes on the shelves?

[From Privacy wingnuts « BuzzMachine]

The thing is, I agree with Jeff Jarvis here that some people are, indeed, "wingnuts". But that does not mean that there are no genuine concerns and it does not mean that anyone who is concerned about privacy (eg, me) is a wingnut. But what it does mean, I think, is that we need to implement new identity technologies in a privacy-enhancing fashion and make the "privacy settlement" with the public more explicit so that there is an opportunity for informed comment to shape it. It seems to me that some fairly simple design decisions can achieve both of these goals, something that I've referred to before when using Touch2id as an example.

Continue reading "Listening in" »

There has to be a reason for this

By Dave Birch posted Aug 25 2010 at 6:35 PM

[Dave Birch] The German personal identity card is being introduced with an online framework. The eCard-API framework -- which is essentially collection of standards for services including e-passport, e-health and so on -- means that e-commerce, e-banking and e-government will be able to use the card to provide secure services to the public (although note that these third-party service providers will not have access to the on-card biometrics). The cards have a contactless interface: to use them online, customers will have to buy a USB contactless reader to plug in to their PC and then download the free "Burgerclient" software. Service providers who want to access data on the card have to mutually-authenticate, which means that they must present the card with a valid permission certificate (they get these from accredited certificate service providers, known as "Trust Centres"). If service providers want the use the card in a transaction, the customer must first confirm what data is beign read from the card then authenticate with a six digit passcode, thus providing convenient 2FA for online services.

SCM’s RFID-based contactless card readers form the core of Secure IT Kits that the German government will make available without charge to citizens, through its suppliers, to encourage the use of the electronic ID cards.

[From Global IDentification: SCM Microsystems to supply German eID readers]

For Martha's sake! Germans not only get a useful ID card but they get free card readers for their PCs as well. Now that's what I call a networked nation. Germany has over 70% Internet penetration and, according to BITKOM (the German Federal Assocation for Information Technology, Telecommunications and New Media), five months before the official launch of card more than half of them had already stated that they wanted to use the card for home banking and access to public services. The Brundesdruckerei (Federal Printing Office) has already put forward a plan to allow citizens to load their electronic identities on to NFC-capable mobile phones in the future.

I particularly like the way in which the cards generate per-service provider pseudonyms, so that everytime the customer logs in to, say, Amazon, they would have the same "ID number", but the bank would see a different number and so would the tax authority or another store or anyone else. This basic partitioning was precisely the kind of intelligent design decision that I would have advised the UK Home Office to adopt, had they asked me.

Germany's new contactless National Identity Card... sounds rather like what the UK ID card was meant to do, but the policy and politics surrounding it were so poorly conceived and communicated that the concept was never likely to be a success.

[From Electronic ID cards are rubbish? Don't tell the Germans - Computer Weekly Editor's Blog]

No! It was not an issue of policy and communication. The UK card was rubbish: it was just a different-shaped passport. You couldn't use it for e-business or e-commerce or, for that matter, business or commerce. The German card has been designed by identity experts and engineers, not by politicians and management consultants. We Brits didn't get an API or even a published interface.

Continue reading "There has to be a reason for this" »

Passport minus

By Dave Birch posted Aug 17 2010 at 1:19 PM

[Dave Birch] Pretty much every decision that the British government has made about ID cards has not only turned out to wrong, but almost optimally wrong. The collection of civil servants, management consultants, ministers and special advisors managed to leave us in as bad a situation as when they started -- with no national identity management infrastructure -- but hundreds of millions out of pocket. There is now a manifesto to get everyone online by 2012, but when they get there they won't be able to do anything since there's mechanism to identity or authenticate anyone other than usernames and password, which of course mean a massive increase in identity fraud.

The current coalition are just as bad: they have no strategic vision for identity, no tactics for getting us there and (crucially) no more understanding of the technology than their New Labour predecessors (who, to be fair, didn't understand the problem either). As Ben Laurie of Google, someone whose opinion I always take seriously, puts it

The trouble with allowing policy makers, CEOs and journalists define technical solutions is that their ability to do so is constrained by their limited understanding of the available technologies.

[From Links]

Quite. And in the field of identity, where "common sense" is an appallingly bad basis for requirements capture, they have even less chance of randomly happening across a workable solution than they do in the fields (pun of intended) of rural payments, where a cool ONE BILLION POUNDS has been totally wasted. The coalition's decision to simply scrap the ID card scheme was stupid.

Neither the existing scheme nor the Coalition scheme (ie, nothing) actually solve any of the problems that the lack of an identity infrastructure creates and I absolutely predict that the lack of such an infrastructure will in turn create a major barrier to improving efficiency in public services

[From Digital Identity: Back to the future of the ID card]

One of my pre-election suggestions to a couple of relevant "think" tanks was that the ID card should be renamed the Passport Plus, and sold as a revenue-raising £50 optional extra to passport holders: this would be straightforward to implement, since the ID card has no function other than as a travel document in the EU anyway. The wisdom of this suggestion has just come back to bite me.

Continue reading "Passport minus" »

My new mantra

By Dave Birch posted Aug 13 2010 at 3:10 PM

[Dave Birch] Why do people (eg, me) say that "identity is the new money"? What does the catchphrase actually mean? I use it because I can see that we are heading into a transition period between the "old" world of electronic payments where we built dedicated networks to move money from account to account (the world of Visa and American Express, MasterCard and Diners) to a "new" world of electronic payments where there is a single network that all participants access. The money stays put in the cloud while we move our identity around access channels (the world of PayPal and M-PESA, WebMoney and QQ Coins).

The dynamics are easy to understand. The downward pressure on the pricing of commodity payments, the ubiquity of intelligent devices (of which the mobile is currently the most important) and the ease of connecting banks, retailers, processors and others, combine to create a new landscape, where most of the value of the payments layer comes from the ability to identify and authenticate the participants in the transaction.

We have long observed, in our classification, that in the long run digital identity will be more valuable than digital money. This is because authentication is difficult and expensive: if you break down the way that, say, your debit card works, and separate the authentication part (the chip and PIN) from the processing and settlement of the transaction (and all of the fraud management, customer support and so on) you can see the asymmetry between the money part -- a few bytes moving from bank to bank -- and the identity part.

There is an interesting area for speculation identified by this analysis. Who will provide the identity functions? Will it be the existing players who bundle identity as part of the payments business -- PayPal or Barclaycard -- or will it be players who deal with identity and reputation -- Experian or the Passport Services -- or will it be the players who with authentication and switching -- Vodafone or Google -- or will it be an entirely new class of organisation?

I have a suspicion that it will be the latter. Just as new economic environments have led to new kinds of organisations before, so they will again. Just as Visa arose to exploit new opportunities, so something like Visa arise to create a digital identity infrastructure that creates new value. There is some logic to the proposition that it will be the mobile operators who in some way will give birth to this new organisation. That's because the technology required to implement digital identity is founded on public key infrastructure (PKI) and for this to work we need some secure storage, some tamper-resistant hardware, to store our private keys and to execute authentication processes. Right now, the one piece of tamper-resistant hardware that everyone has is the SIM in their mobile phone. Indeed, there are a number of initiatives around the world that are already starting to use the SIM for precisely this purposes. The examples of Turkcell in Turkey and BankID in a number of Scandinavian markets have been looked at before. I've bored about this at length before:

One of the world’s leading experts in this field, David Birch, spent some time with me explaining how mobile operators, in particular, could actually become ‘smart pipes’ with financial transactions. The ‘secret sauce’ according to Birch, lies in the ability for operators to provide secure identification linked to the SIM providing private and public keys for multiple providers. The resultant digital signatures would allow for ultra-secure tow level authentication via the mobile device.

[From The 'secret sauce'? - The Insider - TM Forum Online Community]

How might this play out? In the US, we already see ACH alternatives to scheme payments emerging. An example is the "Pinpoint" card marketed by First Data ISO American Payment Systems. It provides a per-retailer loyalty scheme combined with ACH payment. Imagine something like this combined with stronger 2FA authentication at POS -- perhaps using 2FA to release an identity credential or authenticating using some mobile network-based validation (eg, ValidSoft's "proximity" transactions validation) -- to create a product where the payment is a commodity but identity isn't.

Continue reading "My new mantra" »

They must have been cuckoo

By Dave Birch posted Aug 11 2010 at 10:31 PM

[Dave Birch] Where are we going with authentication? Bruce Schneier made me think about this again with a post about the breaking of the Russian "spy ring" operating in the US.

Ricci said the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

[From Schneier on Security: Cryptography Failure Story]

The Russian equivalent of "M" must be furious! "Doh! -- if it wasn't for those darn kids" etc. The idea that making a password 27 characters long (probably a pass phrase, in fact, since there are relatively few 27-letter words even in Russian) makes it secure is hilarious, since any user security expert would have absolutely predicted the scheme's doom. But this led to muse in another direction, which is about how much time and money must be wasted messing around with these pointlessly long passwords that don't actually add any real security, that are just another kind of performance art in the great security theatre. I looked back through some of my notes on that topic and came across an actual figure (for the US).

In the paper, Herley describes an admittedly crude economic analysis to determine the value of user time. He calculated that if the approximately 200 million US adults who go online earned twice the minimum wage, a minute of their time each day equals about $16 billion a year. Therefore, for any security measure to be justified, each minute users are asked to spend on it daily should reduce the harm they are exposed to by $16 billion annually. It’s a high hurdle to clear.

[From Boston.com]

So, in other words, if you made a law to stop everyone in the US from using passwords to log in to their bank accounts and insisted that they instead use some kind of 2FA that takes a minute (eg, look up OTP on mobile phone then type it in to web site -- which wouldn't actually protect against MITM attacks) then it would have to save $16 billion per annum to make it worthwhile. According to the FBI, US cyber-bank robbery is running about $100 million per month, or only about $1.2 billion per annum, so we're better off doing nothing.

What? Hold on, there must be a flaw with this approach, and it must be that the overall cost of having the security must factor in potential losses and costs to rectify as well as user time. Anyway, the point is we need to make some strides in authentication.

Continue reading "They must have been cuckoo" »

Let's make crime illegal

By Dave Birch posted Aug 9 2010 at 10:16 PM

[Dave Birch] In today's newspaper, I read that the Blackberry is not, after all, to be banned from Saudi Arabia as it has been from UAE.

The agreement, which involves placing a BlackBerry server inside Saudi Arabia, would allow the government to monitor users' messages and allay official fears the service could be used for criminal purposes.

[From Saudi Arabia halts plan to ban BlackBerry instant messanging - Telegraph]

I don't know whether it's a good thing for messages to be in the clear or not. If I were an investment banker negotiating a deal, I might worry that someone at the Ministry of Snooping might pass my messages on to his brother at a rival investment bank, for example. After all, the idea that only authorised law enforcement officers would have access to my private information is absolutely no comfort at all.

A drugs squad detective, Philip Berry, sold a valuable contacts book containing the personal details of the criminal underworld to pay off his credit card debt, a court heard.

[From Corrupt drugs detective 'sold underworld secrets to pay debt' - Telegraph]

The idea that law enforcement would be helpless to stem the tide of international crime unless they can tap every call, read every email, open every letter, is (if you ask me) suspect. If I am sending text messages to a known criminal, you do not need to be able to read those message to decide that you might want to obtain a warrant to find out who I am calling or where I am. The fact that I am using a prepaid phone does not, by itself, render me immune to law enforcement activity.

Beyene's role in the heist was to buy so-called dirty telephones and hire a van to use as a blocking vehicle,

[From Gunman jailed for 23 years over Britain's biggest jewellery robbery - Telegraph]

In fact this gang was caught because the police found one of the mobile phones they had been using. It contained four anonymous numbers, and from these the police were able to track down the gang members. It wasn't revealed how, but there at least two rather obvious ways to go about it: get a warrant to track the phones and correlate their movements with known criminals or get a warrant to find out which numbers those other phones have been calling and follow the chain until you get to a known number. Yes, this might require some police work, which is more expensive than having everything tracked automatically on a PC, but it is better for society. This reminds of a recent discussion about anonymous prepaid phones. I'm in favour of them, but plenty of people are against them. (Same for prepaid cards.) Ah, but you and the authorities in some countries might ask: how can you catch criminals who use anonymous prepaid phones? Forcing people to

Earlier this month, the FBI revealed that the suspected Times Square bomber had used an anonymous prepaid cell phone to purchase the Nissan Pathfinder and M-88 fireworks used in the bomb attempt.

[From Senators call for end to anonymous, prepaid cell phones]

Setting aside the fact that this guy was caught (despite the dreaded "anonymous prepaid call phone") and had been allowed on a flight despite being on the no-fly list, the politicians are, I'm sure, spot on with their informed and intelligent policy. In fact, one of them said:

"We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement".

[From Senators call for end to anonymous, prepaid cell phones]

Amazingly, the very same issue of the newspaper that reports on the captured UK armed robbers contains a story about a Mafia boss caught by... well, I'll let you read for yourself:

One of Italy's most wanted mafia godfathers has been arrested after seven years on the run after police traced him to his wife's mobile registered in the name of Winnie the Pooh

[From Winnie the Pooh leads to gangster's arrest - Telegraph]

So, basically, if you require people to register prepaid mobile phones then you raise the cost and inconvenience for the public but the criminals still get them (because they bribe, cheat and steal: that's criminals for you). I imagine that in the Naples branch of Carphone Warehouse the name "Winnie the Pooh" on a UK identity card looks perfectly plausible: they would have no more chance of knowing whether it's real or not than the Woking Carphone Warehouse would when looking at an Italian driving licence in the name of Gepetto Paparazzo. Again it's not clear exactly what the police did, but from elements of the story it appears to be something like: the police discovered (through intelligence) that the godfather's wife was calling an apparently random mobile phone number at exactly the same time every two weeks. From this they determined which phone was hers (the "Winnie the Pooh" phone) and they tracked it to Brussels. But suppose some foolproof method for obtaining the correct identities of purchasers were to be found. Would this then stop crime in, say, Italy? Of course not.

In an attempt to combat the cartel-related violence, Mexico enacted a law requiring cell phone users to register their identity with the carrier. Nearly 30 million subscribers didn’t do this because of a lack of knowledge or a distrust of what could happen to that information if it fell into the wrong hands. Unfortunately, the doubters were proven right, as the confidential data of millions of people leaked to the black market for a few thousand dollars, according to the Los Angeles Times.

[From Did Mexico's cell phone registration plans backfire?]

The law just isn't a solution. It might even make things worse.

Continue reading "Let's make crime illegal" »

Who to trust?

By Dave Birch posted Aug 5 2010 at 10:18 AM

[Dave Birch] I've been involved in some involved discussions about an involved topic: trust (again). It happens that a number of the projects that Consult Hyperion is currently working on include implementing trust infrastructures in both private and public sectors. Now, we're not alone in thinking that this is a big deal.

Newmark called some form of distributed trust system “the killingest of killer apps” for the web over the next decade (he said he wasn’t sure that was the best way to describe it, but was trying out to see how it sounded). He talked about “reputation and trust ruling the web, just the way it does in real life,”

[From Craig Newmark on the Web’s Next Big Problem – GigaOM]

Do they rule real life? Consider the transactions that I've made so far today. I took a bus -- no trust required, I paid with cash -- and then bought a train ticket -- chip and PIN, so no trust in me required -- and went to a couple of meetings -- we'll come back to this in a minute -- took the train home -- no trust in me required since I had a ticket -- and then took the bus home -- no trust in me required since I had a ticket.

Continue reading "Who to trust?" »

Joe Bloggs

By Dave Birch posted Aug 2 2010 at 9:10 AM

[Dave Birch] Having just come from a meeting about the management of multiple identities and the potential commercial structure of a proposition based on pseudonyms, I found myself reading some excellent and thought-provoking comment on the issue of anonymity vs. pseudonymity vs. absonymity starting with a US perspective over at Public Citizen.

The First Amendment protects the right to speak anonymously, and if the bar to such discovery is set too low, much citizen and consumer discussion about the important issues of our day, including the doings of corporations and politicians, will be chilled and hence lost to the marketplace of ideas. If it is set too high, valid claims may be lost. We at Public Citizen have litigated many cases devoted to setting this balance correctly.

[From CL&P Blog: Two new cases on Internet Anonymity]

I can't say I understood everything (or, indeed, anything) in the legal argument, but I think I agree with the conclusion (applied by the US courts in the examples given) that "commercial" speech is not the same as "political" speech. Companies bashing each others' products via "astroturf" blogs are not (and should not) be subject to the same privileges as political opponents questioning policies. But, naturally, it is a very fuzzy boundary, and one of the key issues is anonymity. If you are allowed to post anonymously, then it's hard to

If you read through both stories you see that judges basically seem to be making it up as they go along as to what standards to use in deciding whether or not online anonymity is protectable

[From More Mixed Rulings On The Right To Be Anonymous Online | Techdirt]

Now, I would have thought that one of the reasons why we have judges is precisely so that they can make things up as they go along. If the law was written by people like me, it would be in XML and given the facts of the case as a set of propositions would be capable of delivering justice through an algorithm that would decide the outcome in polynomial time. But it isn't, so we need judges. Sometimes they come up with odd rulings -- look at the fuss about the UK judge who recently ruled that it's not against the law to smash stuff up if it belongs to people you really don't like -- but, generally speaking, they combine law and common sense.

Unfortunately, as I have constantly complained, common sense is a bad guide to what to do about identity.

We don't want paedophiles and nazis to be able to groom unsuspecting, innocent children online. Who could disagree with that? In the UK, this "common sense" drove a furore about Facebook that has led to an completely pointless resolution (along the lines of "something must be done, this is something, so let's do it").

how can the police help with every teen who is struggling with the wide range of bullying implied, from teasing to harassment? Even if every teen in the UK were to seriously add this and take it seriously, there’s no way that the UK police have a fraction of the resources to help teens manage challenging social dynamics. As a result, what false promises are getting made?

[From danah boyd | apophenia » Facebook’s Panic Button: Who’s panicking? And who’s listening?]

I would be utterly shocked if the presence of this button makes even the slightest difference. The kids who are smart enough to press it when they are approached are presumably smart enough to know that they are being approached, if you see what I mean, and the kids who press it because they are being bullied by their peers in some way are not going to get any help, so what's the point? The "Facebook murder" that Danah refers to might just as well have been called the "Ford Mondeo" murder, since both technologies were crucial to the crime, and as she points out having this button would not have averted the tragedy.

Continue reading "Joe Bloggs" »