My old chum Andy Ramsden wrote a nice piece on LinkedIn the other day, pointing out the difference between transactions that need identification (almost none of them) and transactions that need credentials (most of them). He used a current British case in point, which is how to come up with a scheme for preventing “health tourism” on the National Health Service (NHS) which is largely free at the point of delivery.
The receptionist doesn’t even need to know my name, all they need to verify is whether or not I am eligible for NHS treatment.
Indeed. Which is why a National Entitlement Scheme (NES) makes sense. Andy’s point is not a special case – quite the opposite, it is the general case. In almost all day-to-day transactions, who you are is not important. This is why, in our “Three Domain Identity” (3DID) model, transactions take place in the authorisation domain, not the identification domain.
Now, in the NHS case I imagine that for most people giving out your real name is probably not a barrier to seeking treatment (although I can easily imagine cases where it is – what does James Bond’s NHS card say, for example?) but I can think of plenty of cases where giving out your real name is not only a barrier to transactions taking place, it’s downright crazy. Adult services are an obvious case and they are a case that I like to use because they are a useful example for focusing security, privacy and commercial issues that apply to a wide range of services. What do I mean by adult services? Well, to fork one of my favourite jokes from one of my all time favourite TV shows, Greg the Bunny, I don’t mean voting. I mean services that grown up people might want to use that they do not necessarily want other people to know about: gambling, fantasy football leagues, dungeons and dragons discussions groups and so on. If we can fix the problem for adult services we can fix it for most other things.
Ofcom’s guidance on age checks for online video content suggest a range of options – from confirmation of credit card ownership to cross-checking a user’s details with information on the electoral register.
Both of these ideas are bad and are certain to lead to disaster, because both of them require the adult service provider to know who you are. This means that when they get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny. Whether its adult web sites, or counselling services, or gay dating, or drug addiction helplines or whatever, where I go online is my business. We need a better solution than some dumb mandate to accelerate identity theft and foist its consequences on everybody.
Now, we already know what to do (that is, to have a functional identity privacy-enhancing infrastructure) but as yet there’s no sign of it coming into being. Therefore in the shorter term we have to come up with some workable alternative. It seems to me that a rather obvious way forward would be for banks, who have invested zillions in tokenisation services, to issue John Doe tokens to customers over 18. So, I can load my Barclays debit card into my Apple / Samsung / Android (* delete where applicable) wallet for free, but for £5 per annum I get an additional Privacy-Enhancing Token (a PET name). This stealth token would have the name of “John Barleycorn” and the address (for AVS purposes) of “Nowhere”.
Now, I can go online to the UK Adult Gateway Service or whatever it ends up being called and use the PET name to obtain an adult passport. Then I can use this adult passport to go and log in to Lovelies in Leather Trousers (which I only read for the gardening tips). Now:
Lovelies in Leather Trousers know that I am adult passport “John Barleycorn” and that they can charge to that passport (when they do, Apple Pay pops up on my phone and asks for authorisation).
When Lovelies in Leather Trousers gets hacked, the hackers find the adult passport John Barleycorn but they can’t use it to find out who I am. Even if they could log in to the Adult Gateway Service, it only knows that I am John Barleycorn and that the token comes from Barclays. Since there are tens of thousands of Barclays PETs with the name John Barleycorn, who cares.
If the hackers get into Barclays and discover that the particular PET name belongs to me, then Barclays have a far amount more to worry about than the £100,000 compensation they will be paying me for breaching my privacy.
Meanwhile, if the adult passport John Barleycorn is used in some criminal activity, the police can simply go to Barclays with a warrant and Barclays will tell them it is me.
Simple. Incidentally, there’s another aspect to all which means that the networks and the banks might want to invest in this kind of infrastructure. Since adult payments are lucrative, and since an effective privacy-enhancing age check would increase the use of such services, and since a tokenised approach would also reduce fraud and chargebacks, there are real incentives for the stakeholders to get out their and put something in place.
The Digital Economy Bill already includes measures to bring in age checks and the power to withdraw payment services from sites which do not implement the controls.
I really don’t like the idea of using the payment system as a policeman, but it makes sense as an interim solution until such time as we actually have a working identity infrastructure with pseudonymous virtual identities that can be used for adult transactions, just as they will be used for all other transactions. Including getting hospital treatment if you are entitled to it.