I think this is why I found the discussion unsatisfying — and I don’t mean this as a criticism of the event, or of the organisers, even though one of the speakers actually did say “the Internet is the future”. The problem is that there is a kind of assumption that privacy is an enemy of security and anyone who advocates more privacy is mutant commie scum (didn’t you used to play Paranoia?). If you put forward any alternative view, then it is answered with the old “well, if you knew what I knew blah blah” and the debate goes nowhere.
The student’s French ID card was not deemed to be sufficient proof of her age for the staff at Sainsbury’s, even though the chain does accpet the card from foreign workers who wish to work in the UK.[From Sainsbury’s denies French student]
So you can use your foreign ID card to get a job at Sainsbury’s but not to buy a bottle of champagne. Bizarre, but predictable: this is what happens when we jumble up credentials and identification, absent any well-formed rules for understanding or verifying them. It reminded me of the discussion from a few weeks back concerning the distinction between actual security and security theatre. Here’s a simple example: you go to open bank account and the bank asks to see identity, so you show them a passport. If it is a British passport, they can phone a Home Office hotline to see if it is real, whether it has been reported stolen and so forth. If it is, say, a Bulgarian passport, they cannot possibly tell whether it is real or not, so they just photocopy it and file the copy away somewhere, just as the British Attorney General should have done with her maid’s work permit (since it is an offence is to not to keep a copy of such documentation). Thus, if you are a criminal then you will always choose to use a Bulgarian passport. Honest citizens are inconvenienced, criminals aren’t. This isn’t so much security theatre as security pantomime, as the BBC have highlighted.
The banks are worried it is still too easy to use a counterfeit passport from abroad to open a bank account, or to get an overdraft or credit card.[From BBC NEWS | Business | Fake passports prompt fraud fear]
Well, I suppose they could always not open the account unless they can understand and verify the identification documents. The fact is, it’s really, really hard for anyone to understand foreign credentials of any kind. Remember the amusing story of the mystery Polish serial traffic offender being tracked by the Irish police?
It was discovered that the man every member of the Irish police’s rank and file had been looking for – a Mr Prawo Jazdy – wasn’t exactly the sort of prized villain whose apprehension leads to an officer winning an award… Prawo Jazdy is actually the Polish for driving licence and not the first and surname on the licence.[From BBC NEWS | Northern Ireland | The mystery of Ireland’s worst driver]
This does nicely illustrate a key advantage of digital identity over physical identity: this would never happen. If my reader can’t understand your card, that’s the end of the discussion. There’s a nice binary outcome. Where the results depend on human interpretation of shades of grey, surely the system will always throw up crazy outcomes.
An innocent South Tyneside man was arrested because his MoT certificate was a paler shade of green. Michael Cook, from South Shields, had gone to the Driver and Vehicle Licensing Agency (DVLA) centre in Newcastle to renew his car tax. Staff thought his two-week-old MOT certificate was a forgery because it was a lighter shade than his previous one, and the police were called.[From BBC NEWS | England | Tyne | Arrest over wrong colour MoT form]
Essential to a functional identity system, then, is a cheap and simple “box” for checking whether the card is valid. You put your French ID card, British Forces ID card or Tesco Clubcard into the box at the checkout and the light goes green or red. That’s it.
I used to work on campus 5 days a week, but working at home more has coincided with the advent of blogs and twitter. My professional and personal profile on campus is now much higher than it was when I attended every day, but largely sat in my office, and occasionally ventured out for coffee.[From Establishing Our Online Identity « Ramblings of a Remote Worker]
Interesting. An online identity in a context that makes it worth more than an offline identity, because it is more connected. The Facebook economy, so to speak. Which leads me on to…
Of course, pretty much no one would have seen such a blog if Cohen hadn’t gone legal about it, claiming (with no proof) that she was losing jobs because of it (which seems difficult to believe).[From Outed Blogger Plans To Sue Google; Skank Model Mess Gets Messier | Techdirt]
This what they call on the interweb the “Streisand effect“, but of course in these knowing post-modern times it could all be a clever publicity stunt and the model is not being stupid by cynically wasting taxpayers money to attract attention. Anyway, the point is that this story got yet another discussion about internet anonymity going. The general tone of the discussions in the media appears to be the usual unthinking “if you’ve got nothing to hide…”.
I take a different view. Most people do not have anonymity, it’s a myth. If I log on to The Guardian’s “Comment is Free” and post something about the destruction of the public finances under the name “General Wolfe of Quebec”, I am not really acting anonymously because it is trivial (as the recent headline stories have proved) to determine the IP address that the post came from and then go to the ISP to get the account. So although the Internet seems anonymous to people who don’t understand it (eg, models, politicians), it isn’t. And it’s not obvious whether that is good or bad. If you’re trying to track down someone posting child pornography (the usual short-circuit for the argument) then it’s bad, but if you’re trying to complain about the treatment of political prisoners in your country, then it’s good. And what’s more, whether your blogging is anonymous or not depends on the technology, not on the constitution or the judiciary.
As Ben Laurie has so clearly pointed out, unless the connection layer is anonymous, nothing else matters.[From Digital Identity Forum: Internet]
I think that at a minimum bloggers should have conditional anonymity: that is, they should be able to use a pseudonym that is only connected to them on the production of a court order. This cannot be achieved by depending on the service providers: even if they operate with good will,
Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease.[From SSRN-Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization by Paul Ohm]
What this, I think, implies is that there will be blogging platforms that spring up in the US to operate under the provisions of protected free speech legislation and beyond the vagaries of UK libel laws and, over time, the most interesting and valuable blogs will migrate in that direction. Those platforms will provide authenticated pseudonymous identities (using, as I repeatedly wish for, 2FA OpenID or something similar) that are contingent on cryptography. How is the nurse going to blow the whistle on a drunk surgeon without pseudonymity?
The Privacy Act of 1974—the law designed to protect your rights as the government collects, uses, and shares your data—fails to consistently protect of citizens’ privacy because circuit courts disagree on how to interpret its language.[From PolicyBeta – Blog Archive – A Remedy for Every Wrong? Why We Need a Consistent Privacy Act]
This illustrates my point. My personal data should be protected by cryptography, not by the vagaries of judicial interpretation.
Dr Paul Golik, secretary of North Staffordshire LMC and a GP in Norton-in-the-Moors, Stoke on Trent… accessed the personal details of a number of other patients registered elsewhere, including, with their consent, staff at his practice – all without being detected… ‘It’s basically open – we might as well put our names and addresses on Google,’[From Pulse – GPs’ fears over new IT security loophole]
This is apparently the Conservative Party’s plan anyway.
Health records could be transferred to Google or Microsoft under a Tory government.[From Google or Microsoft could hold NHS patient records say Tories – Times Online]
Why do health records have to be transferred anywhere? Everyone has to be registered with a GP, so let the GPs choose whichever service providers they want to store the data provided they comply with certain interface requirements. Then when I go to GP B while on holiday, he can put his smart card in his laptop and look up my health details at GP A (it would be easy to do: just make firstname.lastname@example.org autorespond with my health record in XML encyrpted using the public key of the requesting doctor). Of course, there might still be ways for it to go wrong, provided people are involved somewhere. Even the Germans are having problems securing national health data, although in their cases they’ve buggered it up in a “fail safe” way and lost the keys so that no-one can read the data, rather the having everyone read the data which I suppose if you’re going to make an error is the better way to do it.
Test runs with Germany’s first-generation electronic health cards and doctors’ “health professional cards” have suffered a serious setback. After the failure of a hardware security module (HSM) holding the private keys for the root Certificate Authority (root CA) for the first-generation cards, it emerged that the data had not been backed up.[From Loss of data has serious consequences for German electronic health card – News – The H Security: News and features]