About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« November 2010 | Main | January 2011 »

3 posts from December 2010

In your Facebook

By Dave Birch posted Dec 20 2010 at 3:01 PM

Facebook itself has been playing with this kind of thing - personal location - for a while. We're all familiar with the various "check in" services, but the internet of things is something much more.

All attendees of the f8 developer conference are receiving special RFID tags that enable them to check-in to various locations throughout the conference venue. The service lets you tag yourself in photos, become a fan of various Facebook Pages, and share activity to your Facebook profile. While it’s still a concept service, it’s interesting to see some of the things that Facebook developers are currently testing

[From Facebook Tests Location Through RFID AT f8]

Is this just the same as messing about with FourSquare or Facebook Places? I think not. Bernhard Warner, editor of Social Media Influencer puts it very nicely.

Location-based services take either a lot of time -- you have to manually check in everywhere you go -- or take a lot of liberties -- you open up your personal information to businesses.

If RFID checks you in and out automatically, then the web will certainly "take a lot of liberties" (although this may well be what people want). But this is just about the location of people. What will happen when the location of things becomes part of the natural order?

I happened to be chairing a panel at IIR's M2M Business Exchange event in London recently, and I have to say that I was surprised by the range of organisations that came along. I'd assumed that it would be mainly hardware guys and telcos, but the sessions that they had on smart metering, remote healthcare, retail and so forth were actually discussing some quite diverse applications. Naturally, I was on the lookout for things that might make a business for our customers, so I was focused on the applications that demand more security, such as payments.

ETSI, the telecoms standards body, has been working on what they call SES, which stands for "Service Enablement Services" to form a standard layer between the internet of things and the value-added services to sit above them. Joachim Koss, the TC M2M Vice Chairman said that the standard would include security "tools", which obviously I would like to see as including fully-functional digital money and digital identity elements because this connects to my somewhat simplistic definition: smart pipe = dumb pipe + digital identity + digital money.

I think this is the right approach, provided that the SES layer contains rich enough services to provide for a proper spectrum of identity types (that is, it does not require the full disclosure of "real identity" or allow uncontrolled anonymity). Another advantage that I can see is that if mobile operators were to get their act together, they might be able to use the SES in combination with a secure token (in the UICC) to make a business from it: for example, I might want to choose an option on my phone which means that my location is visible to anyone on LinkedIn provided they work for Consult Hyperion, and then temporarily extend this to a client for a month in connection with a project, but allow my wife to see it via Facebook at all times, that sort of thing. It would be another example of a value-added service that could, when built in to the infrastructure of other more sophisticated value-added services, generate much more income than raw data.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Red army

By Dave Birch posted Dec 13 2010 at 11:00 PM

[Dave Birch] Oh no! According to tonight's news reports, the UK is bracing itself for cyberattack from the "hackers" supporting Julian Assange and Wikileaks. Apparently vital government services are at risk from the group called "Anonymous" launching distributed denial-of-service (DDOS) attacks. A bit like this guy, from the group "Not Anonymous At All":

A 17-year-old from Manchester has been arrested by the Metropolitan Police's e-crime unit (PCeU) on suspicion of being behind a denial of service attack against the online game Call of Duty.

[From Call of Duty DDoS attack police arrest teen • The Register]

He was, of course, traced from his IP address. I thought it was funny, in a way, that journalists and politicians refer to the LOIC kids as "hackers" when they are anything but. What's more, as I said when Charles Arthur was kind enough to invite me on to The Guardian's Technology Podcast, they have chosen a particularly funny way to join the Anonymous group of internet vigilantes: software that isn't anonymous in the least and that delivers their IP addresses to their intended victims, thus making it easy for them to be traced and arrested. This is, in fact, precisely what has happened.

A 16-year-old boy was arrested in the Netherlands in connection with a series of cyber attacks on Visa, MasterCard

[From Dutch teen arrested over cyber attacks on Visa, MasterCard]

My personal views about Wikileaks and the "Cable Gate" DDOS attacks are irrelevant. (I will say this: that if you don't like MasterCard then cancel your card and leave mine out of it). But they will certainly have an impact on thinking and the calls for "something to be done" mean change. Since there's no way to stop people from copying data (as the music industry has discovered), that's probably not a fruitful line of thinking. So what will happen?

What technology may lead to are "red" and "blue" internets. (Note that "blue and red" are here allusions to the military labelling of secure and insecure networks, they are nothing to do with blue and red pills in The Matrix.) Essentially, there will be secure and insecure internets both running over the same IP networks.

On the red, open, internet people and organisations will exchange encrypted data across an untrusted network. Some people may choose not to connect to the red internet at all and only crazy people (and organisations) will send unencrypted data to unauthenticated counterparties.

On the blue, closed, internet you will need to authenticate yourself before you are allowed to access anything and a digital identity infrastructure will deliver privacy (and in some cases anonymity) through cryptography, not through data protection registrars or privacy ombudsmen. In order to connect to the government, or Facebook, or Amazon, you will have to use the blue internet: they simply won't be connected to the red internet any more. At home, I will probably set my internet connection to blue only.

Now, some of you may be concerned that, as The Daily Telegraph told us, the Chinese government have a master key that can decrypt everything on the Internet, in which case the entire Internet will be -- very literally indeed -- red forever.

While sensitive data such as emails are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key which could be used to break into redirected traffic.

[From China 'hijacks' 15 per cent of world's internet traffic - Telegraph]

But look on the bright side: since the Chinese have "a copy" of this mythical master key, someone else must have the original, and they will be able to read all of the Chinese government's e-mail and put that on Wikileaks too.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Put your game face on

By Dave Birch posted Dec 6 2010 at 6:34 PM

[Dave Birch] Who are you? That's an easy question to answer in cyberspace, because no-one knows you're a dog, so you can be anyone you want to be. This means that you can do bad things, doesn't it? Surely it would be better to make people disclose their "real" identities online.

Continue reading "Put your game face on" »