My old chum Andy Ramsden wrote a nice piece on LinkedIn the other day, pointing out the difference between transactions that need identification (almost none of them) and transactions that need credentials (most of them). He used a current British case in point, which is how to come up with a scheme for preventing “health tourism” on the National Health Service (NHS) which is largely free at the point of delivery.

The receptionist doesn’t even need to know my name, all they need to verify is whether or not I am eligible for NHS treatment.

From Proving your identity needn’t be this hard | Andy Ramsden | Pulse | LinkedIn

Indeed. Which is why a National Entitlement Scheme (NES) makes sense. Andy’s point is not a special case – quite the opposite, it is the general case. In almost all day-to-day transactions, who you are is not important. This is why, in our “Three Domain Identity” (3DID) model, transactions take place in the authorisation domain, not the identification domain.

3D Domain Model


Now, in the NHS case I imagine that for most people giving out your real name is probably not a barrier to seeking treatment (although I can easily imagine cases where it is – what does James Bond’s NHS card say, for example?) but I can think of plenty of cases where giving out your real name is not only a barrier to transactions taking place, it’s downright crazy. Adult services are an obvious case and they are a case that I like to use because they are a useful example for focusing security, privacy and commercial issues that apply to a wide range of services. What do I mean by adult services? Well, to fork one of my favourite jokes from one of my all time favourite TV shows, Greg the Bunny, I don’t mean voting. I mean services that grown up people might want to use that they do not necessarily want other people to know about: gambling, fantasy football leagues, dungeons and dragons discussions groups and so on. If we can fix the problem for adult services we can fix it for most other things.

Ofcom’s guidance on age checks for online video content suggest a range of options – from confirmation of credit card ownership to cross-checking a user’s details with information on the electoral register.

From Plan to block porn sites accessible to children – BBC News

Both of these ideas are bad and are certain to lead to disaster, because both of them require the adult service provider to know who you are. This means that when they get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny. Whether its adult web sites, or counselling services, or gay dating, or drug addiction helplines or whatever, where I go online is my business. We need a better solution than some dumb mandate to accelerate identity theft and foist its consequences on everybody.

Now, we already know what to do (that is, to have a functional identity privacy-enhancing infrastructure) but as yet there’s no sign of it coming into being. Therefore in the shorter term we have to come up with some workable alternative. It seems to me that a rather obvious way forward would be for banks, who have invested zillions in tokenisation services, to issue John Doe tokens to customers over 18. So, I can load my Barclays debit card into my Apple / Samsung / Android (* delete where applicable) wallet for free, but for £5 per annum I get an additional Privacy-Enhancing Token (a PET name). This stealth token would have the name of “John Barleycorn” and the address (for AVS purposes) of “Nowhere”.

Now, I can go online to the UK Adult Gateway Service or whatever it ends up being called and use the PET name to obtain an adult passport. Then I can use this adult passport to go and log in to Lovelies in Leather Trousers (which I only read for the gardening tips). Now:

  1. Lovelies in Leather Trousers know that I am adult passport “John Barleycorn” and that they can charge to that passport (when they do, Apple Pay pops up on my phone and asks for authorisation).

  2. When Lovelies in Leather Trousers gets hacked, the hackers find the adult passport John Barleycorn but they can’t use it to find out who I am. Even if they could log in to the Adult Gateway Service, it only knows that I am John Barleycorn and that the token comes from Barclays. Since there are tens of thousands of Barclays PETs with the name John Barleycorn, who cares.

  3. If the hackers get into Barclays and discover that the particular PET name belongs to me, then Barclays have a far amount more to worry about than the £100,000 compensation they will be paying me for breaching my privacy.

  4. Meanwhile, if the adult passport John Barleycorn is used in some criminal activity, the police can simply go to Barclays with a warrant and Barclays will tell them it is me.

Simple. Incidentally, there’s another aspect to all which means that the networks and the banks might want to invest in this kind of infrastructure. Since adult payments are lucrative, and since an effective privacy-enhancing age check would increase the use of such services, and since a tokenised approach would also reduce fraud and chargebacks, there are real incentives for the stakeholders to get out their and put something in place.

The Digital Economy Bill already includes measures to bring in age checks and the power to withdraw payment services from sites which do not implement the controls.

From Plan to block porn sites accessible to children – BBC News

I really don’t like the idea of using the payment system as a policeman, but it makes sense as an interim solution until such time as we actually have a working identity infrastructure with pseudonymous virtual identities that can be used for adult transactions, just as they will be used for all other transactions. Including getting hospital treatment if you are entitled to it.


  1. The authorization/identification domain split in a possible post-industrial identity infrastructure cuts deeply into the intractable issues of (1) the existing monetization infrastructure on the web and the related technological and legal standards;(2) the currently predominant form of representative democracy and threats thereon from moneyed interests; (3) the central/commercial banking model of money creation; (4) the delivery of social services, etc., etc. A long, long list… The identity layer of the Internet, if properly set up, may become the basis for an identity-centric top-level ontology enabling the Web’s future development within the W3C vision of the Semantic Web.

  2. I like this approach. Apart from financial, there is at least one more industry where operators are legally obliged to know their customers. Online gambling operators are pretty capable of providing authentication services.

    However, to my opinion:
    a) It is almost impossible to have a an anonymous social profile protected from being matched with your real identity by some intelligent software. You must be prepared that they will find you either by your face, or writing style, etc., but please do not die.

    b) People die not because of hacking but because of their hypocrisy. It is safer to be open minded.

    But, again, why not to provide authentication services to hypocrites if they are willing to pay?

Leave a Reply

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights