Having another go

The UK’s last attempt to introduce a national identity infrastructure, the national ID card, failed pretty badly and left everyone involved under a cloud (except for the management consultancies who billed tens of millions of pounds to the project).

The Home Office slipped out the final report of the Independent Scheme Advisory Panel (ISAP) this week, more than a year after it was written. The ostensibly independent report, which reveals how the ID system had been compromised by poor design and management, was submitted to the Home Office in December 2009.

[From Henry Porter – Home Office suppressed embarrassing ID cards report]

The report says that there are no specifications for usage or verification (which we knew – this was one of my constant complaints at the time) and, revealingly, that (in section 3.3) that “it is likely that European travel” will emerge as the key consumer benefit. This, I think, is an interesting comment. As I have pointed before in tedious detail, what the Identity & Passport Service (IPS) built was, well, a passport. It had no other functionality and, given the heritage, was never going to have. Hence my idea of renaming it “Passport Plus” and selling it to frequent travellers (eg, me) as a convenience.

As an aside, the report also says (in section 5.5) the “significant” number of change requests after the contracts had been awarded would likely increase risk, cost and timescale. Again, while this is a predictable comment, it is a reflection on the outdated consultation, specification and procurement processes used. Instead of a flagship government project heralding a new economy, we ended up with the usual fare: incomplete specifications, huge management consultant bills, massive and inflexible supply contracts.

The report repeated the same warnings ISAP had given the Home Office every year since the system blueprint was published in December 2006 by Liam Byrne and Joan Ryan, then Home Office Ministers, and James Hall, then head of the Identity and Passport Service (IPS).

[From Home Office suppressed embarrassing ID cards report – 1/7/2011 – Computer Weekly]

How did it all go do wrong? Liam Byrne should have known something about IT as he used to work for Accenture, as did James Hall (Joan Ryan was a sociology teacher who later became famous for having claimed for more than £1,000,000 in MP’s expenses). Yet somehow the “vision” that emerged was profoundly untechnological, backward-looking and lacking in inspiration. What’s different now?

Well, a key change is that the new administration is heading more along the lines of the US (with USTIC) and the Nordics, where people use their bank IDs to access public services. We’re working on a project with Visa Europe and our good friend Fred Piper at Royal Holloway to develop a pilot implementation right now.

Consult Hyperion, working with Visa Europe and Codes & Ciphers, is the industry lead for a Technology Strategy Board funded research project; Sure Identity, for Secure Authentication of Online Government Services. This innovative pilot scheme will investigate the security and cost benefits of consumers using new bank-issued electronic Visa debit cards to securely access online government services

[From Digital Systems – DS KTN Member receives funding from Trusted Services Competition for research into the secure authentication of online Government Services – Articles – Technology Strategy Board]

It’s possible to at least imagine some form of “UKTIC” that is interoperable with the US version, certainly to the extent that an American with a US bank account might be able to open a UK bank account, things like that. And it’s possible to imagine a kind of EUTIC that sets certain minimums in place so that UKTIC can interoperate with France TIC and Germany TIC and so on. I already have one or two ideas about where UKTIC may differ from USTIC. Let’s go back to the EFF’s comments on USTIC.

A National Academies study, Who Goes There?: Authentication Through the Lens of Privacy, warned that multiple, separate, unlinkable credentials are better for both security and privacy. Yet the draft NSTIC doesn’t discuss in any depth how to prevent or minimize linkage of our online IDs, which would seem much easier online than offline, and fails to discuss or refer to academic work on unlinkable credentials (such as that of Stefan Brands, or Jan Camenisch and Anna Lysyanskaya).

[From Real ID Online? New Federal Online Identity Plan Raises Privacy and Free Speech Concerns | Electronic Frontier Foundation]

If we were to make UKTIC something like USTIC but with the addition of a class of unlinkable credentials that might be mandated for certain uses, then we could take a really important step forward: instead of a physical national identity card, the administration could trumpet and virtual national privacy card. (Actually, I’d be tempted call it a Big Society Card in order to get funding!)

Real-time identity

Naturally, given my obsessions, I was struck by a subset of the Real-Time Club discussions about identities on the web at their evening with Aleks Krotoski. In particular, I was struck by the discussion about multiple identities on the web, because it connects with some work we (Consult Hyperion) have been doing for the European Commission. One point that was common to a number of the discussions was the extent to which identity is needed for, or integral to, online transactions. Generally speaking, I think many people mistake the need for some knowledge about a counterparty with the need to know who they are, a misunderstanding that actually makes identity fraud worse because it leads to identities being shared more widely than they need be. There was a thread to the discussion about children using the web, as there always is in such discussions, and this led me to conclude that proving that you are over (or under) 18 online might well be the acid test of a useful identity infrastructure: if your kids can’t easily figure out a way to get round it, then it will be good enough for e-government, e-business and the like.

I think the conversation might have explored more about privacy vs. anonymity, because many transactions require the former but not the latter. But then there should be privacy rather than anonymity for a lot of things, and there should be anonymity for some things (even if this means friction in a free society, as demonstrated by the Wikileaks storm). I can see that this debate is going to be difficult to organise in the public space, simply because people don’t think about those topics in a rich enough way: they think common sense is a useful guide which, when it comes to online identity, it isn’t.

On a different subject, a key element of the evening’s discussion was whether the use of social media, and the directions of social media technology, lead to more or less serendipity. (Incidentally, did you know that the word “serendipity” was invented by Horace Walpole in 1754?) Any discussion about social media naturally revolves around Facebook.

Facebook is better understood, not as a country, but as a refugee camp for people who feel today’s lack of identity-forging social experience.

[From Facebook: the heart in a heartless world | spiked]

I don’t agree, but I can see the perspective. But I don’t see my kids fleeing into Facebook, I see them using Facebook to multiply and enrich their interpersonal interactions. Do they meet new people on Facebook? Yes, they do. Is that true for all kids, of all educational abilities, of all socio-economic classes, I don’t know (and I didn’t find out during the evening, because everyone who was discussing the issue seemed to have children at expensive private schools, so they didn’t seem like a statistically-representative cross-section of the nation).

Personally, I would come down on the side of serendipity. Because of social media I know more people than I did before, but I’ve also physically met more people than I knew before: social media means that I am connected with people who a geographically and socially more dispersed. I suppose you might argue that its left me less connected with the people who live across the street from me, but then I don’t have very much in common with them.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Masters key

[Dave Birch] This whole internet thing is getting more and more complicated. I’m trying to work out what government policies toward the internet are, so that I can help our clients to develop sound long-term strategies with respect to digital identity. To do this, we need to understand how the security environment will evolve and what the government’s attitude to security is. Should people be allowed to send data over the internet without interference? The US government thinks so.

Since 2007, Congress has inserted a total of $50 million of earmarks into the State Department’s budget to fund organizations dedicated to fighting Internet censorship.

[From Rebecca MacKinnon: No quick Fixes for Internet Freedom – WSJ.com]

Uh oh. This cannot be popular with people in favour of internet censorship, such as U2’s boss.

U2 manager Paul McGuinness said that the only reason the music industry had tanked over recent years was not because outfits like U2 peddled the same boring crap that they did in the 1980s, but because of the introduction of broadband.

[From Comment: Broadband only useful for pirates – U2 manager screams blue murder | TechEye]

Setting aside the fact that the British music industry earned more money than ever before last year, U2 are totally wrong to expect the rest of society to pay to uphold their business model in face of all technological change. Bono is wasting his time calling for Chinese-style internet censorship in order to maximise record company profits, or at least he is if the US government is going to continue funding the opposition.

China syndrome

[Dave Birch] What should government policy on identity be? Not specifically our government, or EU governments, or any other government, but governments in general. Or, let’s say, governments in democratic countries. OK, that’s a very big question to tackle. Let’s narrow it down to make a point: what should government policy on the internet be? No, that’s still too big and perhaps to vague. Let’s focus down further on a simple internet question: should the government be allowed to see what is going through the internet tubes. Of course! One of their jobs is to keep me safe from drug-dealing Nazi terrorist child pornographers who formulate devilish plots with the aid of the web.

According to reports, the FBI is asking for the authority to require all Internet communications platforms build in a “backdoor” allowing law enforcement easy wiretapping access

[From Should Government Mandate “Backdoors” for Snooping on the Internet? | Center for Democracy & Technology]

In parallel, the FBI is talking to technology companies about how they could be making it easier for criminals to see your credit card details and for the government to read to your e-mail.

Robert S. Mueller III, the director of the Federal Bureau of Investigation, traveled to Silicon Valley on Tuesday to meet with top executives of several technology firms [including Google and Facebook] about a proposal to make it easier to wiretap Internet users.

[From F.B.I. Seeks Wider Wiretap Law for Web – NYTimes.com]

This, superficially, sounds likes a good idea. Who could object? We don’t want the aforementioned Nazi drug-dealing child pornographers plotting terrorist acts using the interweb tubes with impunity. No right-thinking citizen could hold another view. But hold on…

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

[From U.S. enables Chinese hacking of Google – CNN.com]

It’s not that simple, is it? If you create a stable door, then sooner or later you will find yourself bolting it long after the horse has had it’s identity stolen. What I can’t help but wonder about in this context is whether the content actually matters: suppose you can’t read my e-mail, but you can see that a lot of mail addressed to Osama bin Laden is coming from my house? Surely that would be enough to put me under suspicion and trigger some other law enforcement and intelligence activity?

Tripped up

[Dave Birch] Many people have a real problem with the apparently anonymous nature of the interweb. I say “apparently” because, of course, unless you work really hard at it and really understand how the internet works, and really understand how your PC works, and really plan it carefully, you’re not really anonymous in the proper sense of the word.

Our sense of anonymity is largely an illusion. Pretty much everything we do online, down to individual keystrokes and clicks, is recorded, stored in cookies and corporate databases, and connected to our identities, either explicitly through our user names, credit-card numbers and the IP addresses assigned to our computers, or implicitly through our searching, surfing and purchasing histories.

[From The Great Privacy Debate: The Dangers of Web Tracking – WSJ.com]

I’m surprised that politicians, in particular, who keep going on about how terrible internet anonymity is, don’t understand a little more about the dynamics of the problem. If they did, they would realise that anonymity isn’t what it seems.

You might think, after enough major stories about “IP addresses” hit the news wires, everyone in political life would be aware that “anonymity” on the Internet is limited.

But someone in Sen. Saxby Chambliss’ (R-GA) office didn’t get the memo. In the aftermath of this week’s failed vote on the military’s “don’t ask, don’t tell” policy, someone named “Jimmy” registered an account at the gay news blog Joe.My.God. just to say, “All Faggots must die.”

[From Outed! Senate staffers, anti-gay slurs, and IP addresses]

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine. For issues of great national interest, such as spurious death threats to the nation’s sweetheart, Cheryl Cole, The Sun can step in.

Yesterday The Sun traced the sender of a chilling anti-Cheryl message that blasted her over Zimbabwean Gamu’s TV exit. Wannabe rapper Sanussi Ngoy Ebonda, 20, admitted penning the sinister rant, which accused Cheryl of “da biggest mistake of your life” and included a threat to attack other girls sharing her name.

[From Cheryl Cole boosts security at mansion | The Sun |Showbiz|TV|X Factor]

So even though there’s precious little anonymity, should we allow enonymity to be the norm? There are plenty of people who think not, and they’re not all English libel lawyers. Surely common sense is on their side? Isn’t it wrong to let people hide behind pretend names?

Let’s focus on a specific and straightforward example. The comment pages on newspaper, magazine and other media web sites. Many such sites require registration but are still essentially enonymous. Is it right that enonymous commenters can say bad things about celebrities, politicians, business leaders? Would people be as horrible about public figures if they were forced to identify themselves?

Would the online debate among commenters be stifled by requiring commenters to sign their real names?

[From What did you say your name was? | Analysis & Opinion |]

The Chinese government certainly hope so.

China is considering measures to force all its 400m internet users to register their real names before making comments on the country’s myriad chat-rooms and discussion forums, in a further sign of tightening controls on freedom of speech.

[From China to force internet users to register real names – Telegraph]

We already know this doesn’t work, incidentally, because the Chinese already tried this for Internet cafes, supposedly to deal with the problem of young people spending too much time in virtual worlds. The only result was an instant, and profitable, black market in ID card numbers, whereby kids would get the ID numbers of people who weren’t going to play in cybercafes (eg, their grandparents) and used them to log in instead of using their own. There was an alignment of economic incentives here, because the cybercafes would not make money by turning people away.

Cafés that did not ask for identification often still had a registration book at the front desk, in which staff members were seen to write apparently random identification numbers and names during their free time.

[From HRIC | 中国人权]

Incidentally, another large and well-known country closely associated with our economic future (albeit a virtual one) has just abandoned plans to try and force Chinese-style real-name registration after a revolt by citizens (well, subscribers):

Blizzard has reversed a controversial decision that would have forced thousands of Starcraft and World of Warcraft (WoW) players to use their real names on the company’s online forums

[From Blizzard stands down over forum controversy | TG Daily]

I simply would not allow my kids to log in with their real names. I’m happy for them to log in using one of their multiple e-mail addresses. They’ve had pseudonymous e-mail addresses since they were old enough to go online. This isn’t just paranoia about people grooming children for sexual exploitation (the UK takes this kind of thing very seriously) and such like. There are lots of really good reasons for not wanting to use your identity in online debate and comment. I wrote once before about being shocked by some hate e-mails I received when I once posted some comments in a discussion about interest rates (“interest is the work of the devil”, “we know how you are” etc etc). Now, I still enjoy participating in online debates, but do so pseudonymously: my friends know who I am.

That, incidentally, may not be much of a protection, because the mapping of social graphs can soon locate you within a group of friends even if none of those friends disclose who you are. A determined third-party can learn very interesting things from those graphs and, unless everyone is anonymous or pseudonymous under certain conditions, figure out who you are.

Iran appears to be in two minds about whether to embrace or stymie technological progress. On the one hand, Twitter accounts helped the opposition mobilise demonstrations in the wake of last year’s contested presidential election… On the other hand, by monitoring Twitter traffic, Tehran was able to identify who was organising the protests.

[From FT.com / FT Magazine – Who controls the internet?]

As I’ve said before, in cyberspace no-one knows you’re a dog, but no-one knows you’re from the FBI either. Thus our government, the US government and many others are caught in two minds, just as the Iranians are. On the one hand, they are supposed to be in favour of free speech, but on the other hand, well, you know Danish cartoonists, criminals, child pornographers, terrorists, enemies of the state, dissidents, apostates etc.

Now, maybe you don’t care. You’re “not doing anything wrong.” Well, Hoder wasn’t doing anything wrong when he went to Israel and blogged about it in Farsi. But he’s serving 20 years in jail in Iran.

[From Emergent Chaos » Blog Archive » AT&T, Voice Encryption and Trust]

But back to online commenting in our democracy. It’s not a simple issue, and “common sense” is not a good guide to anything in the virtual world, but it is clearly the case that in that virtual world some people behave inappropriately. You only have to read The Guardian newspapers online “Comment is Free” or Guido Fawkes, the UK’s top political blog, to see how appalling, disgusting, racist, misogynist, anti-semitic and just plain thick the general public can be. I am one of those old-fashioned liberals who thinks that the response to bad free speech should be more free speech, not less. I think we should be wary about limiting the anonymity of people who comment online, even if we could think of a way of doing so.

The Nazareth District Court has upheld the right of the Walla Web portal to refuse to hand over the IP addresses of commenters accused of defaming a journalist.

“The good of online anonymity outweighs the bad, and it must be seen as a byproduct of freedom of speech and the right to privacy,” Judge Avraham Avraham wrote in his ruling last week.

The court also said the critical remarks concerning Yedioth Ahronoth reporter Israel Moskovitz, posted online in 2008, were unlikely to harm his reputation since they were poorly written and appeared only once, and readers were not likely to take them seriously.

[From Uphold talkbacker’s anonymity in defamation trial, court says – Haaretz – Israel News ]

Actually, for journalists to complain about online comments, criticism and even abuse is a tiny bit worrying, since their business depends on such.

It doesn’t take long to find articles on CNN that quote anonymous officials. For them to rage against “cowards” who won’t stand behind what they say, and then to regularly quote “anonymous” sources, seems pretty damn hypocritical. Phillips claims anonymity online is “very unfair.” Phillips also attacks the media for “giving anonymous bloggers credit or credibility.” But again, CNN quotes all kinds of anonymous sources all the time.

[From CNN Claims ‘Something Must Be Done’ About Anonymous Bloggers | Techdirt]

On balance, then, I think a free society not only permits certain kinds of anonymity but actually depends on them, because we need informed and honest public debate to function properly. This was well-put in the Washington Post recently.

For every noxious comment, many more are astute and stimulating. Anonymity provides necessary protection for serious commenters whose jobs or personal circumstances preclude identifying themselves. And even belligerent anonymous comments often reflect genuine passion that should be heard.

[From Andrew Alexander – Online readers need a chance to comment, but not to abuse]

I couldn’t agree more. However, as the Post goes on to note, we have to recognise that people can be pretty horrible and we need a way to deal with that. Not banning anonymity, but managing the anonymousness (if there is such a word) in a better way.

The solution is in moderating — not limiting — comments. In a few months, The Post will implement a system that should help. It’s still being developed, but Straus said the broad outlines envision commenters being assigned to different “tiers” based on their past behavior and other factors. Those with a track record of staying within the guidelines, and those providing their real names, will likely be considered “trusted commenters.” Repeat violators or discourteous agitators will be grouped elsewhere or blocked outright. Comments of first-timers will be screened by a human being.

[From Andrew Alexander – Online readers need a chance to comment, but not to abuse]

This — in essence, baby steps toward a reputation economy — could be toughened up by using better identity infrastructure, but it’s not a bad place to start. But there are areas where the better infrastructure is more of a priority. Newspaper comments are one thing, but there are businesses that depend on online comments, and a good example is the burgeoning group review sector.

It’s always, always the same

[Dave Birch] One of the reasons why a digital identity infrastructure ought to be more than just building a big database of everyone and then letting everyone have access to it is that the infrastructure will inevitably be abused by those on the inside, no matter how much effort goes into keeping out the bad guys on the outside.

Missouri Citibank employee Brandon Wyatt… accused of tapping Citibank's computers for customer information, then using it to set up checking accounts online with competing banks, including Bank of America, Washington Mutual and AmTrust. Wyatt allegedly wire transferred customer funds from Citibank to the new accounts, then cashed them out with additional transfers, checks, debit card purchases and ATM withdrawals. His take, according to federal prosecutors in St. Louis, was at least $380,000.

[From Fed Blotter: Citibank Worker Allegedly Plunders Customer Accounts | Threat Level from Wired.com]

It's hard to see how you can stop this from happening completely in an economic way, but what you can do is make sure that there is an audit trail so that someone how decides to have a go at this kind of fraud has a reasonable expectation of being caught. Although I have to say that armed bank robbers have a reasonable expectation of being caught (and a reasonable expectation of a long sentence if they are caught) but they still do it. Anyway, my point is that if you take people personal data and put it in a honeypot, there is only one outcome. A database is not an infrastructure.

Vote “no” to yesterday’s technology

[Dave Birch] The recent Pew report on the Future of the Internet makes the same point that I have been droning on about for ages. Looking at PCs and the web doesn’t tell you anything about the future, because the future is mobile.

“Clearly, in the long run, mobile wins,” says Consult Hyperion’s Birch. “For most people, in most of the world, most of the time, the mobile phone is the most important device.”

[From FST]

Now, in some advanced countries, it is seen as natural to being to transfer applications that hinge on identity over to the most personal interweb interface, the mobile phone. An interesting case study is Estonia. We’ve looked before at Estonia’s use of new technology and they are back at the forefront this month:

Lawmakers approved a measure Thursday allowing citizens to vote by mobile phone in the next parliamentary elections in 2011… The mobile-voting system, which has already been tested, requires that voters obtain free, authorized chips for their phones, said Raul Kaidro, spokesman of the SK Certification Center, which issues personal ID cards in Estonia.

[From Estonia to vote by mobile phone in 2011 – International Herald Tribune]

This is a similar architecture to that being deployed in Turkey, where the key pair at the heart of scheme is stored in the SIM and the on-board application uses it for digital signatures.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.