One of the world’s leading experts in this field, David Birch, spent some time with me explaining how mobile operators, in particular, could actually become ‘smart pipes’ with financial transactions. The ‘secret sauce’ according to Birch, lies in the ability for operators to provide secure identification linked to the SIM providing private and public keys for multiple providers.[From The ‘secret sauce’? | Poulos Ponderings]
The mobile phone is the obvious “remote control” for identity, and I’m surprised that operators haven’t moved into this space more aggressively (there are some exceptions, of course, such as Turkcell). This led me to think, again, about the nature of the value-added identity infrastructure that might be built.
One thing, I think, is clear: the goal shouldn’t be to build a virtual version of the current identity “system”. At the moment, the online world has a dynsfunctional identity layer: it’s not really anonymous but it’s not really absonymous either.
Implementing an Internet without anonymity is very difficult, and causes its own problems. In order to have perfect attribution, we’d need agencies — real-world organizations — to provide Internet identity credentials based on other identification systems: passports, national identity cards, driver’s licenses, whatever. Sloppier identification systems, based on things such as credit cards, are simply too easy to subvert.[From Schneier on Security: Anonymity and the Internet]
Bruce goes on to note that in the real world, half-baked identity management schemes actually make matters worse, not better. You can’t argue that having people sort-of-identified is better than having them not identified at all. It isn’t.
We have nothing that comes close to this global identification infrastructure. Moreover, centralizing information like this actually hurts security because it makes identity theft that much more profitable a crime.[From Schneier on Security: Anonymity and the Internet]
This is why I am naturally somewhat suspicious of attempts to slap identity on the ends of the network rather than having identity management as a value-added service that is part of the network infrastructure and quite distinct from the issue of which identities will be managed (in other words, the web server has PKI built in, but it doesn’t provide the identities, it facilitates identity providers to do so). Simple solutions to this difficult problem — along the lines of the Chinese attempts to have “real-name registration” of Internet access by decreeing that everyone has to present their ID number when connecting — don’t work.
Mundie and other experts have said there is a growing need to police the internet to clampdown on fraud, espionage and the spread of viruses. “People don’t understand the scale of criminal activity on the internet. Whether criminal, individual or nation states, the community is growing more sophisticated,” the Microsoft executive said… He also called for a “driver’s license” for internet users. “If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance.”[From UN agency calls for global cyberwarfare treaty, ‘driver’s license’ for Web users | Raw Story]
It’s a bad analogy for a start, because cars are covered by product liability laws and Microsoft’s software isn’t, but the law on driving licences doesn’t stop cars from being stolen, used in crimes and being in accidents. If there were an Internet driver’s license, the 419 scammer wouldn’t apply for one, he’d make a fraudulent one just as he would in the physical world, and then use it to open bank accounts and so forth.
Many of the forgeries are “know your customer” documents such as utility bills and driving licences, which are then used to open bank accounts under false names.[From Police war on fake ID factories as fraudsters net millions | News]
Ah, you might say, but in the Internet world we can use cryptography and similar geek tools to stop people from forging licences. In which case, the scammers will still get their licences.
An Irvington, N.J., man who operated a driving school pleaded guilty yesterday in federal court to bribing Pennsylvania driver’s license examiners to obtain phony licenses for his customers… Authorities said Lominy began paying bribes to a PennDOT driver’s license examiner, Alexander Steele, in early 2009 in exchange for Steele issuing licenses to his customers even though they weren’t Pennsylvania residents and hadn’t passed a written test or driving exam.[From He admits bribing PennDOT examiners to issue fake licenses | Philadelphia Daily News | 04/02/2010]
I see reports of people being convicted for taking other people’s tests for them for money in the UK from time to time as well. So, an Internet driving licence? I don’t think this is a way to improve security. I might go further and say that compared to this, the Monster Raving Looney Party’s manifesto commitment to ban envelopes and force everyone to communicate via postcards looks more practical.
All sealed private letters to be banned – we propose that all letters must be written on postcards, and emails to be routed through police stations. (After all honest citizens have nothing to hide)[From Official Monster Raving Loony Party – manifesto proposals]
So an internet driving licence isn’t going to help. But we do have to face the fact that there are bad people out there and if we can find ways to help with legitimate law enforcement efforts, we should.
The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.[From FBI wants records kept of Web sites visited | Politics and Law – CNET News]
Hhhhmmm. What would be better: the FBI being able to visit chat rooms anonymously to infiltrate criminal gangs, or the FBI having to leave a log or log in with their real names? It’s really not clear at all that the solution is to (sort of) end anonymity. There’s an analogy in the world of telecoms, where around the world in various countries the authorities are banning the use of anonymous pre-paid SIMs (in the case of the Mumbai terrorist attack, this didn’t make the slightest difference, of course, because the terrorists — they are bad people, remember — simply used fake IDs to buy the SIMs). But where is the evidence that a world without pre-paid SIMs is better than the world with them? If I see the guy across the street beating his wife, I might want to call the cops on my spare Tesco pre-paid phone and remain anonymous rather than have my name in a court record somewhere so that next time he will beat me.
Irrespective of whether you think services should be allowed anonymously or not, you must agree that the clear implication is that unless the Internet is anonymous at low level, then we can never have political choice to make it so at a higher level. So if we agree that for a better society the underlying infrastructure of the interweb should be anonymous, then what should be do about it? Make it a law, like Data Protection? No: identity is too important. If we do that, we are simply waiting for the moment when a government somewhere else decides that anonymity undermines state security or prevents Metallica from maximising their share of the global cake, or whatever, and turns it off.
Once implemented in its full “privacy protected” glory, it is only a matter of waiting for an event that allows the argument about removing anonymity to prevail. The implementation of the infrastructure had been anonymous – but after the pivotal event and for all future time, it isn’t.[From Hawk Talk]
This is clear, to my mind. So we need to build the Internet on technology that allows privacy (then if people don’t want to use it, that’s fine). But this privacy is more than simply not having to use your real name to post a blog comment.
Even if Cardspace or OpenID gives me anonymity or pseudonimity, I will probably betray myself the moment I start posting on the forum or buy my favorite music.[From Ruminations on Enterprise Architecture]
No, we don’t need privacy as passive thing, we need a new version of “active” privacy, where it is cryptography rather than the code of practice that makes digital identity an important element of what is to be a member of a free society. An obvious first step to take in that direction is to encourage — mandate, even — the fragmentation of identity so that your music-buying identity is different from your insurance-shopping identity. The way that the German ID card uses site-specific pseudonyms is one decent way forward: when you visit a new site for the first time, the system generates a new identity from the ID card identity (it’s a one-way function, so you can’t work out the ID card identity from the site identity).
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Interesting bog post Dave but I’m not sure where you get to, or if the intent was a conclusion at all. Our greatest defense against scammers and spammers is common sense – rarer than a scalable PKI system it seems! To a large extent internet fraud is Darwinian and greed drives those fools into the predators grasp. In this information overload we need to take time to review the information we receive, admit that if something is too good to be true it probably is, and use judgement in the evaluation of new contacts. Just like in the real world we rely on references to assess new introductions then we need to combine provenance with diligence. A system that tracks someone’s internet footprints is more likely to uncover fraud than anything else – if your history cannot be tracked and cross-referenced then you might find trust hard to obtain. The only role of crypto credentials is surely in establishing the quality of that audit?