What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.
We can use identity and authentication (ie “recognition”) technologies to improve Internet safety, if we use them correctly.
It is good to wander out of the comfort zone from time to time and expose your ideas to more acid tests. Hence I went along to the seminar on “Childhood and the Internet – Safety, Education and Regulation” in London in January. I was there for three main reasons:
- I am interested in the evolution of identification and authentication in an online environment, and protecting children is one of the cases that brings the mass market practicalities into sharp relief.
- We have clients who are developing recognition services, and it seems to me that if these services can contribute to a safer environment for children then we may have something of a win-win for encouraging adoption.
- Protecting children is an emotional topic, and as responsible member of society it concerns me that emotional responses may not be society’s best responses. This is a difficult subject. If, as technologists, we make any comment about initiatives to protect children being pointless or even counterproductive we may be accused of being sympathetic to criminals and perverts hence we need to learn to engage effectively. I’m not interest in childhood e-safety theatre, but childhood e-safety.
The seminar was kicked-off by Simon Milner, the Policy Director (UK and Ireland) for Facebook. He started off by noting that Facebook has a “real” names policy. Given my fascination with the topic, I found his comments were quite interesting as they were made on the same day that the head of Facebook, Mark Zuckerberg, was interviewed in Business Week saying that the “real” names policy was being amended.
One thing about some of the new apps that will come as a shock to anyone familiar with Facebook: Users will be able to log in anonymously.
Simon went on to say that the “real” names policy, setting to one side whether it means anything or not, is a good thing (he didn’t really explain why and I didn’t get a chance to ask) and then talked about how children who are being bullied on Facebook can report the problem and so on. I know nothing about this topic, other than as a parent, so I can’t comment on how effective or otherwise these measures might be. To be honest, there were several talks that I’m not qualified to comment on so I won’t, other than to say I found some of the talks by the subject matter experts extremely thought-provoking and I’m glad I heard them.
The main discussion that I was interested in was led by Helen Goodman MP (the Shadow Minister for Culture, Media and Sport) and Claire Perry MP, who is the Prime Minister’s special advisor on preventing the sexualisation and commercialisation of childhood. The ex-McKinsey Ms. Perry attracted a certain amount of fame in web circles last year (just search on “#PornoPerry”) when she made some public statements that seemed to indicate that she didn’t completely understand how the internet worked, despite being behind the government’s “porn filter”. (I am not picking on her. I should explain for foreign readers that most MPs are lawyers, management consultants, property developers, PR flacks and such like and they don’t really understand how anything actually works, least of all the interweb tubes. Only one out of the 635 MPs in the British Parliament is scientist.)
Now, let me be completely honest and point out that I have previously criticised not only the “real” names movement in general but Ms. Goodman’s views on anonymity in particular. I think she is wrong to demand “real” names. However, as I said a couple of years ago,
I’m not for one moment suggesting that Ms. Goodman’s concerns are not wholly real and heart felt. I’m sure they are.
This does not make her right about what to do though. Forcing people to interact online using their mundane identity is a bad idea on so many levels.
But that was the same month that the Communist party struck its first major blow against Weibo, requiring users to register their real names with the service. From that point, those wishing to criticise the Party had to do so without the comforting blanket of anonymity and users started to rein themselves in.
I’m not suggesting that Ms. Perry represents a government intent on creating a totalitarian corporatist state that reduces us wage-slaves to the level of serfs to be monitored at all times. I’m sure her good intentions are to block only those communications that challenge basic human decency and serve to undermine the foundations of our society, such as MTV, but the end of public online space seems a drastic step. What has been the result of the Chinese campaign to end anonymity? What is the practical impact of a real names policy?
Once an incalculably important public space for news and opinion – a fast-flowing river of information that censors struggled to contain – it has arguably now been reduced to a wasteland of celebrity endorsements, government propaganda and corporate jingles.
None of us, I’m sure, would like to see pillars of our society such as the Daily Mail reduced to the level of “celebrity endorsements, government propaganda and corporate jingles”. Perhaps there is now less crime in China too, but I have yet to discover any statistics that would prove that. I don’t want this to happen to Twitter, Facebook and The Telegraph web site (where it is my right as Englishman to post abuse about the Chancellor of the Exchequer should I so choose). So here is a practical and positive suggestion. At the seminar Helen said the “The gap between real-world identity and online identity is at the root of [the problem of cyberbullying]”. So let’s close that gap. Not by requiring (and policing) “real” names, but by implementing pseudonymity correctly. I wrote an extended piece on this for Total Payments magazine recently.
Now imagine that I get a death threat from an authenticated account. I report the abuse. Twitter can (automatically) tell the police who authenticated the transaction (i.e., Barclays). The police can then obtain a warrant and ask Barclays who I am. Barclays will tell them my name and address and where I last used my debit card. If it was, say, Vodafone who had authenticated me rather than Barclays, then Vodafone could even tell the police where I am (or at least, where my phone is).
As I said, I don’t just want to talk about doing something about cyberbullying and the like, I actually want to do something about it. “Real” names are a soundbite, not a solution. What we need is a working identity infrastructure that allows for strongly-authenticated pseudonyms so that bullies can be blocked and revealed but public space can remain open for discussion and debate. Then you can default Facebook and Twitter and whatever to block unauthenticated pseudonyms without insisting the kid looking for help on coming out, the woman looking at double-glazing options or the dreary middle-aged businessman railing against suicidal economic policies from revealing their identities unless they want to
The early days of the British government’s new cyber-filter have been predictably amusing, but they highlight a serious issue. What are the principles? What do politicians want the technologists to do?
Anyone in the e-payment space will not have failed to notice the attention that Bitcoin has been attracting over the last few weeks. I have to say that I was surprised by the interest from journalists — I was even interviewed for the Wired podcast and for New Scientist — for what is, after all, pretty small potatoes. Thanks to its open and transparent nature, it’s easy to see just how big the Bitcoin economy is. This is how it looked on one of the biggest exchanges on 18th May 2011 when I was talking to a European journalist:
Last Price: 7.285; High:7.98; Low: 6.9799; Volume: 34428
[From Mt Gox – Bitcoin Exchange]
So that’s a quarter of a million dollars in trades, although you can’t tell how much of that is people shifting bitcoins between their own accounts and how much is new money coming in. That’s not a huge business. Yet in some of the more hysterical reporting — the most dangerous idea ever, etc etc — you’d think that China was switching its reserves from dollars to bitcoins.
Because on Friday, the Bitcoin experienced a rather dramatic drop. In the words of one anonymous commenter: “it looks like it lost 1/3 of its value in the last 24 hours. Lots of big sells, complaints of liquidity, and pissed off nerds.”
A couple of weeks later, then, the value has fallen and the first bitcoin heist has been reported.
In the first Bitcoin theft of its size, a user has lost 25,000 BTC — or nearly $487,749 at today’s market rates — to an unknown thief.
As I somewhat uncharitably posted on Twitter, “help I want my anonymous, untraceable digital cash back!”. Now we read that Bitcoin is dead, it’s a scam, it’s a bubble etc etc. So what’s the truth? What strategy, if any, should stakeholders in the e-payments space consider?
The only thing that’s even kept Bitcoin alive this long is its novelty. Either it will remain a novelty forever or it will transition from novelty status to dead faster than you can blink.
I think it’s more than a novelty. I’d actually started writing something about Bitcoin a while back, when twitter friends pointed me to a paper “Mobile Payment Systems and Services: An Introduction” by Mahil Carr which says that (with no evidence at all to support the assertion) “mobile payments have to be as anonymous as cash transactions” and I’d been involved in a subsequent discussion about whether bitcoin might be suited to this environment. I couldn’t help but observe that cash is the wrong benchmark: it isn’t as anonymous as some people think.
On April 26, a state police trooper was called to the Subway after the owner said one of her employees found three “obviously counterfeit” $20s in the safe. The owner checked the surveillance video and saw one of her employees, the 17-year-old boy, take bills from his pocket and exchange it for money in the cash register… Before exchanging the bills, the employee marked the bills with a counterfeit marking pen, which resulted in a dark brown mark, meaning they were fake.
In a world of mobile phones, twitter and CCTV, anonymity is a high bar to set. In the virtual world, however, anonymity can be an implementation choice, should it be a requirement for a payment system. Personally, I don’t think it is. Transactions need to be private, not anonymous, and that means a different set of design principles. In all of my experience, even during my days as an firm proponent of anonymity as a key element of retail transaction schemes, I never saw the slightest demand for this from any of the stakeholders, including consumers. Nevertheless, that doesn’t mean that new technology could not, quite easily, lead to entirely new ways of making payments recognising the fact that the underlying technology has changed beyond all recognition in the previous generation.
Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices.
Will Bitcoin be the new technology to revolutionise money? To answer that, I have to step back a little. Generally speaking, I think there is a problem with language, because people (I mean normal people, not people like us) never think about what money is or how it works. Sterling (the currency) could continue to exist even if there were no notes printed by the Bank of England or coins produced by the Royal Mint. People could sign contracts for Sterling payments, but those payments would be commuted for execution: when the payment falls due, the counterparties agree on a mechanism for exchange (which might be Dollars in a bank account, Euro bank notes or cowrie shells). Why would they, then, sign a contract in Sterling in the first place? Well, it’s because they expect the currency to serve as a means for deferred payment in that its value in the future is predictable. I’m not saying that this always works well, because currencies are not as stable as might be hoped, but that’s the theory.
Now let’s move on to this specifc implementation. Bitcoin is a decentralised, peer-to-peer means of exchange. If you have a bitcoin, which is just a string of numbers, you can send that bitcoin (or a subdivision of it) to anyone else on the interweb. If you want to understand how Bitcoin works, a good place to start is the original paper on the topic, “Bitcoin: A Peer-to-Peer Electronic Cash System” by Satoshi Nakamoto. I’m no expert on cryptography but there’s no reason I know of to question the basic idea: use a computationally difficult challenge to create strings of bits that it’s hard to make but easy to copy, then use digital signatures for transactions. I get my bitcoin (a string of bits) and then in order to transfer them to you I add a digital signature and send them to you. Every time we do a transactions, we tell (essentially) everybody else that the bits now belong to you. The closest analogy to this is the stone currency of the island of Yap, in the South Pacific. The huge stones that represented money never went anywhere, people just remembered who they belonged to.
Every transfer of ownership is public knowledge, and the physical stone can stay in place.
Rather like Bitcoin, in some ways. So far so good. But why would people use Bitcoin? There seem to be three key reasons: one is that they want a cheap, irreversible online means of exchange (cash for the 21st century), another is that they want an anonymous means of exchange (coins for the 21st century) and yet another is that they want to use of non-government currency because they don’t trust governments to manage money properly. Let’s have a quick look at each of these.
Frictionless low-value payments
Now, having been involved in a previous attempt to create a global, decentralised, peer-to-peer means of exchange that addressed the first two of these issues, Mondex, I’m naturally interested to see how Bitcoin develops. I’m frankly sympathetic to many of its goals, because I too believe that a “frictionless” means of exchange for the online world would stimulate a new era of trade, and therefore prosperity. In an essentially frictionless system, where the transfer of value is simply the transfer of bits, the key problem to overcome is that of “double spending”. In other words, if I send you some value (bits), how do you know that I haven’t already sent that value (ie, a copy of those bits) to someone else? There are a number of different approaches.
- The usual solution is to have a central register.
- The Mondex solution was to use tamper-resistant hardware (smartcard chips) to store the balances.
- The Bitcoin solution is to distribute the transaction record across the network (every node knows every transaction), which works provided that the timestamps can be co-ordinated properly (otherwise the nodes wouldn’t know the order of the transactions). When you get a bitcoin, it takes a few minutes before you can spend it again because the network needs to be updated.
Which is best? It’s not really the topic of this post, but I’d say a combination of 1 and 2: a central register plus tamper-resistant hardware so that low-value payments can handled quickly, offline in some environments.
What the general public want is privacy, not anonymity. If I lose my wallet, I want my money back. This is why I always carry prepaid cards when I travel, rather than carrying cash. In fact I’ve just been through the very process of getting my money back because I gave my son a prepaid Euro card to use on a school trip in Spain (a Thomson MasterCard) and he lost it when there were still €70 on the card. No-one else can use that card (they don’t know the PIN and it has no name on it so they can’t pass AVS online) and I am getting the money back. Personally, I think this is closer to the kind of cash that makes sense in the new economy. It’s economically infeasible (although not computationally infeasible) to track and research every payment, but when something goes wrong it can be restored. And if I did use the card for some illegal purpose, the police could get a warrant and Thomson would of course point them to me.
I’m not sure that I want to live in a society where unconditional anonymity exists for payments. I don’t want the bad guys to be able to operate with impunity. But neither do I want every little transaction I make trawled by corporates, the media, the government. The solution has to be payment systems with privacy built-in, so that privacy is the default and it takes legal process to uncover transaction details.
This may well be the most contentious area for debate. I am a Hayekian, in that I would prefer to see a system of competing private currencies rather than government monopolies, because I think that sound money is an important base for the economy. But this issue is, to my mind, orthogonal to the other two. You could implement competing private currencies in anonymous, pseudonymous or absonymous (note to pedants: this is a word I made up, that’s why it fails the spell-check, not because I spelt it wrong) ways and you could implement the mechanism for exchange using all sorts of systems. Whether transactions are reversible or not has nothing to do with the currency.
Is Bitcoin a good currency? I suspect not, but I’m not an economist, so I must defer to the experts. The question that most of our clients are interested in is whether Bitcoin will form a niche parallel economy or whether they will scale into the mainstream economy. I have a suspicion that this won’t happen, and that’s because the anonymity that is the attractive feature to the early-adopting bitcoiners is not attractive to the mass market.
The best strategy is to learn, and to think about ways that the cryptography at the heart of Bitcoin can be used to deliver new kinds of services in a connected environment. I don’t think cash will be one of them.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
The simple and prosaic case of age verification has always been a litmus test for digital identity infrastructure and it’s taken on new dimensions because of social networking. We need some clear thinking to see through fog of moral panic, made worse by the turbocharging impact of the mobile phone, because it is such an individual and personal device. The spectre of legions of perverts luring children via their mobile phones is, indeed, disturbing. If only there were some way to know whether your new social networking friend is actually a child of your age and not an adult masquerading as such.
A mobile phone application which claims to identify adults posing as children is to be released. The team behind Child Defence says the app can analyse language to generate an age profile, identifying potential paedophiles.
Of course, it ought to work the other way round as well. One of my son’s friends told me that members of his World of Warcraft Guild (all 13- and 14-year olds) enjoy pretending to be “grown ups” online (by pretending to have jobs and wives). But this seems an odd way to move forward, as well as something that will surely be gamed by determined perverts.
Why on Earth can’t we just do this properly, at the infrastructural level. If we had a half-decent digital identity infrastructure, there would be no need for this sort of thing. Look, here’s a simple of example of this, in Japan. If you want to use social networks via your mobile phone then it is the operator who verifies your age to the social network service (SNS) provider. Since the operator has the billing relationship, this makes sense.
KDDI announces age verification service for mobile SNS platforms; Gree, Mixi and MobaGa to start at the end of Jan
Note that this has no implications for privacy. The operator could require you to come to one of their outlets and prove that you are, say, 18. Then they set a flag for service providers to tell them that you are over 18. It doesn’t tell them your age, or your name or where you are. Just that you are over 18. Note that this system hasn’t been invented for social networking: it is already used to prove age at vending machines (you can’t buy cigarettes or sake or whatever unless your phone says that you are old enough). It ought to be simple enough to do the same thing but using proper technology. Suppose that your Facebook page came with a red border if you have not provided proof of age? Then you could provide that proof of age and have your border changed to blue for under 18 or green for over 18 – then make the rule that anyone with a red border is only allowed to connect to people with green borders.
You see what I mean. Have something that is understandable at the user level and implement it using certificates, digital signatures and keys in tamper-resistant storage (in, for example, mobile phones). There would be no need to try and explain to people how PKI actually works (which killed it in the mass consumer market last time), just show them how to log in to things using their phones. There’s a waiting mass market for this sort of thing if you can be clear to consumers that it will protect their privacy and that market is adult services: porn and gambling, primarily, either of which should generate a decent income stream for the successful service provider. Simple. As a complete aside, there’s another connection between the adult world and social networking.
The surprise relationship between social networking and adult-themed sites came last September, when total page visits for social networking sites for the first time eclipsed that of adult sites.
So the internet isn’t all about porn after all!
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Last year I said that I thought that the US National Strategy for Trusted Identities in Cyberspace (NSTIC) was heading in the right direction. I’m very much in favour of the private sector providing multiple identities into a framework that it used by the public sector and vice versa. I’m in favour of choice: if I choose to use my Barclays identity to access the DVLA or my DWP identity to access O2 it shouldn’t matter to the effective and efficient use of online transactions. There was one area where I felt it could have presented a slightly different vision, and that’s in the use of pseudonyms, which I think should be the norm rather than the exception.
People should consider it normal to get a virtual identity from their bank or their mobile phone operator in a pseudonymous name so that they can browse, transact and comment without revealing anything about themselves other than the facts relevant to a transaction.
[From Digital Identity: USTIC]
James Van Dyke, when discussing NSTIC (which seems have become known unofficially as “Obama’s Internet Identity System”) warned about
Apocalyptic fear-mongers. Yes I’m ending with the crazies here, but hear me out. The extreme cable networks and televangelists will surely jump on this as the digital incarnation of the Mark of either the Beast or “(gasp!) Obama liberals. Historians will recall that social security numbers were supposed to be an apocalyptic conspiracy.
I don’t think the danger is the crazies — although I feel a little sheepish writing this a couple of days after a crazy did, in fact, murder several people and seriously injure a congresswoman — but the journalists, politicians, commentators and observers who don’t really understand the rather complex topic of digital identity. Or, as “Identity Woman” Kailya Hamlin (who some of you may remember from the first European Internet Identity Workshop that Consult Hyperion sponsored with our friends from Innopay and Mydex back in October) said about NSTIC:
I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative
She’s bang on with this. Here’s a couple of typical examples from the blogosphere:
CNET reported on January 7, 2011 that Obama has signed authority over to U.S. Commerce Department to create new privacy laws that require American citizens to hold an Internet ID card.
President Obama has signaled that he will give the United States Commerce Department the authority over a proposed national cybersecurity measure that would involve giving each American a unique online identity
As far as I can see, NSTIC being managed by the Commerce Department has nothing to do with “privacy laws” and the idea that it will require Americans to have an “Internet ID” is a journalistic invention. The actual situation is that NSTIC is to go from being an idea to an actual system:
The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said. While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies,
What this means is not that Americans will get an “Internet Driver’s License” but that they will be able to log in to their bank, the Veteran’s Administration, the DMV and their favourite blogs using a variety of IDs provided by their bank, their mobile phone operators and others.
[White House Cybersecurity Coordinator] Howard Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential, if I don’t want to,” he said.
As long as it’s a matter of choice, I really don’t see a problem with this. The idea of NSTIC is that it is the infrastructure that is standardised, and this is good. We need standards for credentials and such like so that I can use my Woking Council ID to log in central government services and my Barclays Bank ID so that I can log in to do my taxes online: but I might pay Barclays for an additional ID that has some key credentials (IS_A_PERSON, IS_OVER_18, IS_NOT_BANKRUPT, that sort of thing) but does not reveal my identity. This sort of Joe Bloggs (or, for our cousins over the water, John Doe) identity would be more than adequate for the vast majority of web browsing and if other people want to wander the highways and byways of the interweb with a Manchester United, Prince or BBC ID, then it’s up to them. Let a thousand flowers bloom, as they say (well, as Chairman Mao said).
If the crazies want to be concerned about a single ID mark of the e-beast infocalypse, they’re perfectly entitled to, but I don’t understand why they are convinced it will come from the government in general or Obama in particular – there are half-a-billion people out there (including me) who have already handed over their personal information to a single unaccountable entity.
Facebook Login lets any website on the planet use its identity infrastructure—and underlying security safeguards. It’s easy to implement Facebook Login, simply by adding few lines of code to a web server. Once that change is made, the site’s users will see a “Connect with Facebook” button. If they’re already logged into Facebook (having recently visited the site), they can just click on it and they’re in. If they haven’t logged in recently, they are prompted for their Facebook user name and password.
Now, at the moment Facebook Connect just uses a password, so it’s no more secure than banks or government agencies, but it could move to a 2FA implementation implementation in the future. Widespread 2FA access to online services really should have become a business for banks or mobile operators already (think how long Identrus has been around) but it just hasn’t happened: I can’t use my Barclays PINSentry to log on to Barclaycard, let alone the government or an insurance company. But suppose my Facebook login required access to my mobile phone so it was much more secure: you know the sort of thing, enter e-mail address, wait for code to arrive on mobile phone, enter code (a proper UICC-based digital signature solution would be much better, but that’s another topic). Then I could use Facebook Connect for serious business. This would have an interesting side-effect: Facebook would know where I go on the web, which seems to me to be much more like the mark of the e-beast.
An interesting side benefit for website operators is that Facebook Login provides the site with users’ real names (in most cases) and optionally a variety of other information, such as the users’ “friends” and “likes.”
Which is, of course, why I don’t use it. On the other hand, if Facebook decided to use cryptography to secure and protect this sort of information, they could at a stroke create a desirable internet passport: by “blinding” the passport to prevent service providers from tracking the identity across web sites Facebook could significantly improve both convenience and privacy for the average users.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]