About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« December 2010 | Main | February 2011 »

4 posts from January 2011

Ageing problem

By Dave Birch posted Jan 26 2011 at 10:16 PM

The simple and prosaic case of age verification has always been a litmus test for digital identity infrastructure and it's taken on new dimensions because of social networking. We need some clear thinking to see through fog of moral panic, made worse by the turbocharging impact of the mobile phone, because it is such an individual and personal device. The spectre of legions of perverts luring children via their mobile phones is, indeed, disturbing. If only there were some way to know whether your new social networking friend is actually a child of your age and not an adult masquerading as such.

A mobile phone application which claims to identify adults posing as children is to be released. The team behind Child Defence says the app can analyse language to generate an age profile, identifying potential paedophiles.

[From BBC News - Researchers launch mobile device 'to spot paedophiles']

Of course, it ought to work the other way round as well. One of my son's friends told me that members of his World of Warcraft Guild (all 13- and 14-year olds) enjoy pretending to be "grown ups" online (by pretending to have jobs and wives). But this seems an odd way to move forward, as well as something that will surely be gamed by determined perverts.

Why on Earth can't we just do this properly, at the infrastructural level. If we had a half-decent digital identity infrastructure, there would be no need for this sort of thing. Look, here's a simple of example of this, in Japan. If you want to use social networks via your mobile phone then it is the operator who verifies your age to the social network service (SNS) provider. Since the operator has the billing relationship, this makes sense.

KDDI announces age verification service for mobile SNS platforms; Gree, Mixi and MobaGa to start at the end of Jan

[From Mobile SNS Age Verification Service by Wireless Watch Japan]

Note that this has no implications for privacy. The operator could require you to come to one of their outlets and prove that you are, say, 18. Then they set a flag for service providers to tell them that you are over 18. It doesn't tell them your age, or your name or where you are. Just that you are over 18. Note that this system hasn't been invented for social networking: it is already used to prove age at vending machines (you can't buy cigarettes or sake or whatever unless your phone says that you are old enough). It ought to be simple enough to do the same thing but using proper technology. Suppose that your Facebook page came with a red border if you have not provided proof of age? Then you could provide that proof of age and have your border changed to blue for under 18 or green for over 18 - then make the rule that anyone with a red border is only allowed to connect to people with green borders.

You see what I mean. Have something that is understandable at the user level and implement it using certificates, digital signatures and keys in tamper-resistant storage (in, for example, mobile phones). There would be no need to try and explain to people how PKI actually works (which killed it in the mass consumer market last time), just show them how to log in to things using their phones. There's a waiting mass market for this sort of thing if you can be clear to consumers that it will protect their privacy and that market is adult services: porn and gambling, primarily, either of which should generate a decent income stream for the successful service provider. Simple. As a complete aside, there's another connection between the adult world and social networking.

The surprise relationship between social networking and adult-themed sites came last September, when total page visits for social networking sites for the first time eclipsed that of adult sites.

[From BBC NEWS | Technology | Porn putting on its Sunday best]

So the internet isn't all about porn after all!

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Real-time identity

By Dave Birch posted Jan 17 2011 at 4:37 PM

Naturally, given my obsessions, I was struck by a subset of the Real-Time Club discussions about identities on the web at their evening with Aleks Krotoski. In particular, I was struck by the discussion about multiple identities on the web, because it connects with some work we (Consult Hyperion) have been doing for the European Commission. One point that was common to a number of the discussions was the extent to which identity is needed for, or integral to, online transactions. Generally speaking, I think many people mistake the need for some knowledge about a counterparty with the need to know who they are, a misunderstanding that actually makes identity fraud worse because it leads to identities being shared more widely than they need be. There was a thread to the discussion about children using the web, as there always is in such discussions, and this led me to conclude that proving that you are over (or under) 18 online might well be the acid test of a useful identity infrastructure: if your kids can't easily figure out a way to get round it, then it will be good enough for e-government, e-business and the like.

I think the conversation might have explored more about privacy vs. anonymity, because many transactions require the former but not the latter. But then there should be privacy rather than anonymity for a lot of things, and there should be anonymity for some things (even if this means friction in a free society, as demonstrated by the Wikileaks storm). I can see that this debate is going to be difficult to organise in the public space, simply because people don't think about those topics in a rich enough way: they think common sense is a useful guide which, when it comes to online identity, it isn't.

On a different subject, a key element of the evening's discussion was whether the use of social media, and the directions of social media technology, lead to more or less serendipity. (Incidentally, did you know that the word "serendipity" was invented by Horace Walpole in 1754?) Any discussion about social media naturally revolves around Facebook.

Facebook is better understood, not as a country, but as a refugee camp for people who feel today’s lack of identity-forging social experience.

[From Facebook: the heart in a heartless world | spiked]

I don't agree, but I can see the perspective. But I don't see my kids fleeing into Facebook, I see them using Facebook to multiply and enrich their interpersonal interactions. Do they meet new people on Facebook? Yes, they do. Is that true for all kids, of all educational abilities, of all socio-economic classes, I don't know (and I didn't find out during the evening, because everyone who was discussing the issue seemed to have children at expensive private schools, so they didn't seem like a statistically-representative cross-section of the nation).

Personally, I would come down on the side of serendipity. Because of social media I know more people than I did before, but I've also physically met more people than I knew before: social media means that I am connected with people who a geographically and socially more dispersed. I suppose you might argue that its left me less connected with the people who live across the street from me, but then I don't have very much in common with them.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Internet driver's license?

By Dave Birch posted Jan 10 2011 at 6:08 PM

Last year I said that I thought that the US National Strategy for Trusted Identities in Cyberspace (NSTIC) was heading in the right direction. I'm very much in favour of the private sector providing multiple identities into a framework that it used by the public sector and vice versa. I'm in favour of choice: if I choose to use my Barclays identity to access the DVLA or my DWP identity to access O2 it shouldn't matter to the effective and efficient use of online transactions. There was one area where I felt it could have presented a slightly different vision, and that's in the use of pseudonyms, which I think should be the norm rather than the exception.

People should consider it normal to get a virtual identity from their bank or their mobile phone operator in a pseudonymous name so that they can browse, transact and comment without revealing anything about themselves other than the facts relevant to a transaction.

[From Digital Identity: USTIC]

James Van Dyke, when discussing NSTIC (which seems have become known unofficially as "Obama's Internet Identity System") warned about

Apocalyptic fear-mongers. Yes I’m ending with the crazies here, but hear me out. The extreme cable networks and televangelists will surely jump on this as the digital incarnation of the Mark of either the Beast or “(gasp!) Obama liberals. Historians will recall that social security numbers were supposed to be an apocalyptic conspiracy.

[From Obama’s Internet Identity System: Could This Change Everything? - Javelin Strategy & Research Blog]

I don't think the danger is the crazies -- although I feel a little sheepish writing this a couple of days after a crazy did, in fact, murder several people and seriously injure a congresswoman -- but the journalists, politicians, commentators and observers who don't really understand the rather complex topic of digital identity. Or, as "Identity Woman" Kailya Hamlin (who some of you may remember from the first European Internet Identity Workshop that Consult Hyperion sponsored with our friends from Innopay and Mydex back in October) said about NSTIC:

I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative

[From National! Identity! Cyberspace!: Why we shouldn't freak out about NSTIC. | Fast Company]

She's bang on with this. Here's a couple of typical examples from the blogosphere:

CNET reported on January 7, 2011 that Obama has signed authority over to U.S. Commerce Department to create new privacy laws that require American citizens to hold an Internet ID card.

[From Internet Anonymity: Obama Pushes for an American Internet ID]

And

President Obama has signaled that he will give the United States Commerce Department the authority over a proposed national cybersecurity measure that would involve giving each American a unique online identity

[From Obama administration moves forward with unique internet ID for all Americans, Commerce Department to head system up -- Engadget]

As far as I can see, NSTIC being managed by the Commerce Department has nothing to do with "privacy laws" and the idea that it will require Americans to have an "Internet ID" is a journalistic invention. The actual situation is that NSTIC is to go from being an idea to an actual system:

The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said. While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies,

[From Internet Identity System Said Readied by Obama Administration - BusinessWeek]

What this means is not that Americans will get an "Internet Driver's License" but that they will be able to log in to their bank, the Veteran's Administration, the DMV and their favourite blogs using a variety of IDs provided by their bank, their mobile phone operators and others.

[White House Cybersecurity Coordinator] Howard Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. "I don't have to get a credential, if I don't want to," he said.

[From Obama to hand Commerce Dept. authority over cybersecurity ID | Privacy Inc. - CNET News]

As long as it's a matter of choice, I really don't see a problem with this. The idea of NSTIC is that it is the infrastructure that is standardised, and this is good. We need standards for credentials and such like so that I can use my Woking Council ID to log in central government services and my Barclays Bank ID so that I can log in to do my taxes online: but I might pay Barclays for an additional ID that has some key credentials (IS_A_PERSON, IS_OVER_18, IS_NOT_BANKRUPT, that sort of thing) but does not reveal my identity. This sort of Joe Bloggs (or, for our cousins over the water, John Doe) identity would be more than adequate for the vast majority of web browsing and if other people want to wander the highways and byways of the interweb with a Manchester United, Prince or BBC ID, then it's up to them. Let a thousand flowers bloom, as they say (well, as Chairman Mao said).

If the crazies want to be concerned about a single ID mark of the e-beast infocalypse, they're perfectly entitled to, but I don't understand why they are convinced it will come from the government in general or Obama in particular - there are half-a-billion people out there (including me) who have already handed over their personal information to a single unaccountable entity.

Facebook Login lets any website on the planet use its identity infrastructure—and underlying security safeguards. It's easy to implement Facebook Login, simply by adding few lines of code to a web server. Once that change is made, the site's users will see a "Connect with Facebook" button. If they're already logged into Facebook (having recently visited the site), they can just click on it and they're in. If they haven't logged in recently, they are prompted for their Facebook user name and password.

[From Facebook Wants to Supply Your Internet Driver's License - Technology Review]

Now, at the moment Facebook Connect just uses a password, so it's no more secure than banks or government agencies, but it could move to a 2FA implementation implementation in the future. Widespread 2FA access to online services really should have become a business for banks or mobile operators already (think how long Identrus has been around) but it just hasn't happened: I can't use my Barclays PINSentry to log on to Barclaycard, let alone the government or an insurance company. But suppose my Facebook login required access to my mobile phone so it was much more secure: you know the sort of thing, enter e-mail address, wait for code to arrive on mobile phone, enter code (a proper UICC-based digital signature solution would be much better, but that's another topic). Then I could use Facebook Connect for serious business. This would have an interesting side-effect: Facebook would know where I go on the web, which seems to me to be much more like the mark of the e-beast.

An interesting side benefit for website operators is that Facebook Login provides the site with users' real names (in most cases) and optionally a variety of other information, such as the users' "friends" and "likes."

[From Facebook Wants to Supply Your Internet Driver's License - Technology Review]

Which is, of course, why I don't use it. On the other hand, if Facebook decided to use cryptography to secure and protect this sort of information, they could at a stroke create a desirable internet passport: by "blinding" the passport to prevent service providers from tracking the identity across web sites Facebook could significantly improve both convenience and privacy for the average users.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Paleo-crypto

By Dave Birch posted Jan 3 2011 at 10:04 PM
In some of the workshops that I've been running, I've mentioned that I think that transparency will be one of the key elements of new propositions in the world of electronic transactions and that clients looking to develop new businesses in that space might want to consider the opportunities for sustained advantage. Why not let me look inside my bank and see where my money is, so to speak? If I log in to my credit card issuer I can see that I spent £43 on books at Amazon: if I log in to Amazon I can that I spent £43 but I can also see what books I bought, recommendations, reviews and so on. They have the data, so they let me look at it. If I want to buy a carpet from a carpet company, how do I know whether they will go bankrupt or not before they deliver? Can I have a look at their order book?
Transparency increases confidence and trust. I often use a story from the August 1931 edition of Popular Mechanics to illustrate this point. The article concerns the relationship between transparency and behaviour in the specific case of depression-era extra-judicial unlicensed wealth redistribution...

BANK hold-ups may soon become things of the past if the common-sense but revolutionary ideas of Francis Keally, New York architect, are put into effect. He suggests that banks be constructed with glass walls and that office partitions within the building likewise be transparent, so that a clear view of everything that is happening inside the bank will be afforded from all angles at all times.

[From Glass Banks Will Foil Hold-Ups]

I urge you to clink on the link, by the way, to see the lovely drawing that goes with the article. The point is well made though: you can't rob a glass bank. No walls, no Bernie Madoff. But you can see the problem: some of the information in the bank is confidential: my personal details, for example. Thus, it would be great if I could look through the list of bank deposits to check that the bank really has the money it says it has, but I shouldn't be able to see who those depositors are (although I will want third-party verification that they exist!).

Why am I talking about this? Well, I read recently that Bank of America has called in management consultants to help them manage the fallout from an as-yet-nonexistent leak of corporate secrets, although why these secrets be prove embarrassing is not clear. In fact, no-one knows whether the leak will happen, or whether it will impact BofA, although Wikileaks' Julian Assange had previously mentioned having a BofA hard disk in his possession, so the market drew its own conclusions.

Bank of America shares fell 3 percent in trading the day after Mr. Assange made his threat against a nameless bank

[From Facing WikiLeaks Threat, Bank of America Plays Defense - NYTimes.com]

Serious money. Anyway, I'm interested in what this means for the future rather than what it means now: irrespective of what Bank of America's secrets actually are because

when WikiLeaks, a whistle-blowing website, promised to publish five gigabytes of files from an unnamed financial institution early next year, bankers everywhere started quaking in their hand-made shoes. And businesses were struck by an alarming thought: even if this threat proves empty, commercial secrets are no longer safe.

[From Business and WikiLeaks: Be afraid | The Economist]

Does technology provide any comfort here at all? I think it does. Many years ago, I had the pleasant experience of having dinner with Nicholas Negroponte, John Barlow and Eric Hughes, author of the cypherpunk manifesto, at a seminar in Palm Springs. This was in, I think, 1995. I can remember Eric talking about "encrypted open books", a topic that now seems fantastically prescient. His idea was to develop cryptographic techniques so that you could perform certain kinds of operations on encrypted data: in other words, you could build glass organisations where anyone could run some software to check your books without actually being able to read your books. Nick Szabo later referred back to the same concepts when talking about the specific issue of auditing.

Knowing that mutually confidential auditing can be accomplished in principle may lead us to practical solutions. Eric Hughes' "encrypted open books" was one attempt.

[From Szabo]

Things like this seem impossible when you think of books in terms of paper and index cards: how can you show me your books without giving away commercial data? But when we think in terms of bits, and cryptography, and "blinding" it is all perfectly sensible. This technology seems to me to open up a new model, where corporate data is encrypted but open to all so that no-one cares whether it is copied or distributed in any way. Instead of individuals being given the keys to the database, they will be given keys to decrypt only the data that they are allowed to see and since these keys can easily be stored in tamper-resistant hardware (whereas databases can't) the implementation becomes cost-effective. While I was thinking about this, Bob Hettinga reminded me about Peter Wayner's "translucent databases", that build on the Eric's concepts.

Wayner really does end up where a lot of us think databases will be someday, particularly in finance: repositories of data accessible only by digital bearer tokens using various blind signature protocols... and, oddly enough, not because someone or other wants to strike a blow against the empire, but simply because it's safer -- and cheaper -- to do that way.

[From Book Review: Peter Wayner's "Translucent Databases"]

There are other kinds of corporate data that it may at first seem need to be secret, but on reflection could be translucent (I'll switch to Peter's word here because it's a much better description of practical implementations). An example might be salaries. Have the payroll encrypted but open, so anyone can access a company's salary data and see what salaries are earned. Publish the key to decrypt the salaries, but not any other data. Now anyone who needs access to salary data (eg, the taxman, pressure groups, potential employees, customers etc) can see it and the relevant company data is transparent to them. One particular category of people who might need access to this data is staff! So, let's say I'm working on a particular project and need access to our salary data because I need to work out the costs of a proposed new business unit. All I need to know is the distribution of salaries: I don't need to know who they belong to. If our payroll data is open, I can get on and use it without having to have CDs of personal data sent through the post, of whatever.

I can see that for many organisations this kind of controlled transparency (ie, translucency) will be a competitive advantage: as an investor, as customer, as a citizen, I would trust these organsations far more than "closed" ones. Why wait for quarterly filings to see how a public company is doing when you could go on the web at any time to see their sales ledger? Why rely on management assurances of cost control when you can see how their purchase ledger is looking (without necessarily seeing what they're buying or who they are buying it from) when you can see it on their web page? Why not check staffing levels and qualifications by accessing the personnel database? Is this any crazier than Blippy?

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]