What do they want us to do?

What do the politicians, regulators, police and the rest of them want us (technologists) to do about the interweb tubes? It might be easier to work out what to do if we had a clear set of requirements from them. Then, when confronted with a problem such as, for example, identity theft, we could build systems to make things better. In that particular case, things are currently getting worse.

Mr Bowron told the MPs this week that although recovery rates were relatively low, the police detection rate was 80 per cent. However, the number of cases is rising sharply with nearly 2m people affected by identity fraud every year.

[From FT.com / UK / Politics & policy – MP calls cybercrime Moriarty v PC Plod]

So, again, to pick on this paricular case, what should be done?

Mr Head also clarified his position on the safety of internet banking, insisting that while traditional face-to-face banking was a better guarantee against fraud, he accepted that society had moved on. “If you take precautions, it’s safe,” he said.

[From FT.com / UK / Politics & policy – MP calls cybercrime Moriarty v PC Plod]

Yet I remember reading in The Daily Telegraph (just googled it: 20th November 2010) there was a story about an eBay fraud perpetrated by fraudsters who set up bank accounts using forged identity documents, so face-to-face FTF does not, as far as I can see, mean any improvement in security at all. In fact, I’m pretty sure that it is worse than nothing, because people are easier to fool than computers. I would argue that Mr. Head has things exactly wrong here, because we an integrated identity infrastructure should not discriminate between FTF and remote transactions.

I think this sort of thing is actually representative of a much bigger problem around the online world. Here’s another example. Bob Gourley. the former CTO of the U.S. Defense Intelligence Agency, poses a fundamental and important question about the future identity infrastructure.

We must have ways to protect anonymity of good people, but not allow anonymity of bad people. This is going to be much harder to do than it is to say. I believe a structure could be put in place, with massive engineering, where all people are given some means to stay anonymous, but when a certain key is applied, their cloak can be peeled back. Hmmm. Who wants to keep those keys

[From A CTO analysis: Hillary Clinton’s speech on Internet freedom | IT Leadership | TechRepublic.com]

So, just to recap, Hillary says that we need an infrastructure that stops crime but allows free assembly. I have no idea how to square that circle, except to say that prevention and detection of crime ought to be feasible even with anonymity, which is the most obvious and basic way to protect free speech, free assembly and whistleblowers: it means doing more police work, naturally, but it can be done. By comparison, “knee jerk” reactions, attempting to force the physical world’s limited and simplistic identity model into cyberspace, will certainly have unintended consequences.

Facebook’s real-name-only approach is non-negotiable – despite claims that it puts political activists at risk, one of its senior policy execs said this morning.

[From Facebook’s position on real names not negotiable for dissidents • The Register]

I’ve had a Facebook account for quite a while, and it’s not in my “real” name. My friends know that John Q. Doe is me, so we’re linked and can happily communicate, but no-one else does. Which suits me fine. If my real name is actually Dave bin Laden, Hammer of the Infidel, but I register as John Smith, how on Earth are Facebook supposed to know whether “John Smith” is a “real” name or not? Ludicrous, and just another example of how broken the whole identity realm actually is.

For Facebook to actually check the real names, and then to accept the liabilities that will inevitably result, would be expensive and pointless even if it could be achieved. A much better solution is for Facebook to help to the construction and adoption of a proper digital identity infrastructure (such as USTIC, for example) and then use it.

The implementation of NSTIC could force some companies, like Facebook, to change the way it does business.

[From Wave of the Future: Trusted Identities In Cyberspace]

That’s true, but it’s a good thing, and it’s good for Facebook as well as for other businesses and society as a whole. So, for example, I might use a persistent pseudonymous identity given to me by a mobile operator, say Vodafone UK. If I use that identity to obtain a Facebook identity, that’s fine by Facebook: they have a certificate from Vodafone UK to say that I’m a UK citizen or whatever. I use the Vodafone example advisedly, because it seems to me that mobile operators would be the natural providers of these kinds of credentials, having both the mechanism to interact FTF (shops) and remotely, as well as access to the SIM for key storage and authentication. Authentication is part of the story too.

But perhaps the US government’s four convenient “levels of assurance” (LOAs), which tie strong authentication to strong identity proofing, don’t apply to every use case under the sun. On the recent teleconference where I discussed these findings, we ended up looking at the example of World of Warcraft, which offers strong authentication but had to back off strong proofing.

[From Identity Assurance Means Never Having To Say “Who Are You, Again?” | Forrester Blogs]

Eve is, naturally, absolutely right to highlight this. There is no need for Facebook to know who I really am if I can prove that Vodafone know who I am (and, importantly, that I’m over 13, although they may not be for much longer given Mr. Zuckerberg’s recent comments on age limits).

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Tough choices

The relationship between identity and privacy is deep: privacy (in the sense of control over data associated with an identity) ought to be facilitated by the identity infrastructure. But that control cannot be absolute: society needs a balance in order to function, so the infrastructure ought to include a mechanism for making that balance explicit. It is very easy to set the balance in the wrong place even with the best of intentions. And once the balance is set in the wrong place, it may have most undesirable consequences.

An obsession with child protection in the UK and throughout the EU is encouraging a cavalier approach to law-making, which less democratic regimes are using to justify much broader repression on any speech seen as extreme or dangerous…. “The UK and EU are supporting measures that allow for websites to be censored on the basis of purely administrative processes, without need for judicial oversight.”

[From Net censors use UK’s kid-safety frenzy to justify clampdown • The Register]

So a politician in one country decides, say, that we should all be able to read out neighbour’s emails just in case our neighbour is a pervert or serial killer or terrorist and the next thing we know is that Iranian government supporters in the UK are reading their neighbours emails and passing on their details to a hit squad if the emails contain any anti-regime comments.

By requiring law enforcement backdoors, we open ourselves to surveillance by hackers and foreign intelligence agencies

[From slight paranoia: Web 2.0 FBI backdoors are bad for national security]

This is, of course, absolutely correct, and it was shown in relief today when I read that…

Some day soon, when pro-democracy campaigners have their cellphones confiscated by police, they’ll be able to hit the “panic button” — a special app that will both wipe out the phone’s address book and emit emergency alerts to other activists… one of the new technologies the U.S. State Department is promoting to equip pro-democracy activists in countries ranging from the Middle East to China with the tools to fight back against repressive governments.

[From U.S. develops panic button for democracy activists | Reuters]

Surely this also means that terrorists about to execute a dastardly plot in the US will be able to wipe their mobile phones and alert their co-conspirators when the FBI knock on the door and, to use the emotive example, that child pornographers will be able to wipe their phones and alert fellow abusers when the police come calling. Tough choices indeed. We want to protect individual freedom so we must create private space. And yet we still need some kind of “smash the glass” option, because criminals do use the interweb tubes and there are legitimate law enforcement and national security interests here. Perhaps, however, the way forward to move away from the idea of balance completely.

In my own area of study, the familiar trope of “balancing privacy and security” is a source of constant frustration to privacy advocates, because while there are clearly sometimes tradeoffs between the two, it often seems that the zero-sum rhetoric of “balancing” leads people to view them as always in conflict. This is, I suspect, the source of much of the psychological appeal of “security theater”: If we implicitly think of privacy and security as balanced on a scale, a loss of privacy is ipso facto a gain in security. It sounds silly when stated explicitly, but the power of frames is precisely that they shape our thinking without being stated explicitly.

[From The Trouble With “Balance” Metaphors]

This is a great point, and when I read it it immediately helped me to think more clearly. There is no evidence that taking away privacy improves security, so it’s purely a matter of security theatre.

Retaining telecommunications data is no help in fighting crime, according to a study of German police statistics, released Thursday. Indeed, it could even make matters worse… This is because users began to employ avoidance techniques, says AK Vorrat.

[From Retaining Data Does Not Help Fight Crime, Says Group – PCWorld]

This is precisely the trajectory that we will all be following. The twin pressures from Big Content and law enforcement mean that the monitoring, recording and analysis of internet traffic is inevitable. But it will also be largely pointless, as my own recent experiences have proven. When I was in China, I wanted to use Twitter but it was blocked. So I logged in to a VPN back in the UK and twittered away. When I wanted to listen to the football on Radio 5 while in Spain, the BBC told me that I couldn’t, so I logged back in to my VPN and cheered the Blues. When I want to watch “The Daily Show” from the UK or when I want to watch “The Killing” via iPlayer in the US, I just go via VPN.

I’m surprised more ISPs don’t offer this as value-added service themselves. I already pay £100 per month for my Virgin triple-play (50Mb/s broadband, digital TV and telephone, so another £5 per month for OpenVPN would suit me fine).

How smart?

I had an interesting conversation with the CTO of a multi-billion company at the Mobile World Congress in Barcelona. He, like me, felt that something has been going wrong in the world of identity, authentication, credentials and reputation as we try to create electronic versions of physical world legacy constructs instead of starting from a new sets of requirements for the virtual world and working back. He was talking about machines, though, not people.

Robots could soon have an equivalent of the internet and Wikipedia. European scientists have embarked on a project to let robots share and store what they discover about the world. Called RoboEarth it will be a place that robots can upload data to when they master a task, and ask for help in carrying out new ones.

[From BBC News – Robots to get their own internet]

RoboEarth? No! Skynet, please. And Skynet needs to share an identity infrastructure with the interweb tubes, because of the rich interaction between personal identity and machine identity that will be integral to future living. The internet of things infrastructure needs an identity of things infrastructure to work properly. Our good friend Rob Bratby from Olswang wrote, accurately, that

The deployment of smart meters is one of the most significant deployments of what is often described as ‘the internet of things’, but its linkage to subscriber accounts and individual homes, and the increasing prevalence of data ‘mash-ups’ (cross-referencing of multiple databases) will require these issues to be thought about in a more sophisticated and nuanced way.

[From Watching the connectives | A lawyer’s insight into telecoms and technology]

I can confirm from our experiences advising organisations in the smart metering value chain that these issues are certainly not being thought about in either sophisticated or nuanced ways.

“The existing business policies and practices of utilities and third-party smart grid providers may not adequately address the privacy risks created by smart meters and smart appliances,

[From Grid Regulator: The Internet & Privacy Concerns Will Shape Grid: Cleantech News and Analysis «]

Not my words, the Federal Energy Regulatory Commission in the US. Too right. The lack of an identity infrastructure isn’t just a matter of Facebook data getting into the wrong hands or having to have a different 2FA dongle for each of your bank accounts. It’s a matter of critical infrastructure starting down the wrong path, from which it will be hard to recover after the first Chernobyl of the smart meter age, the first time some kids, or the North Korean government, or a software error at the gas company shuts down all the meters, or publishes all of the meter readings in a Google maps-style mashup so that burglars can find out which houses in a street are empty, or the News of World can get a text alert when a sleb gets home, or whatever.

My CTO friend was, I’m certain, right to suggest that we need to start by working out what we what identity to look like in general and then work out what the subset of that in the physical world needs to look like. If we do start building an EUTIC or a UKTIC to complement NSTIC then I think it should work for smart meters as well as for dumb people.

Theoretically private

The Institute for Advanced Legal Studies hosted an excellent seminar by Professor Michael Birnhack from the Faculty of Law at Tel Aviv University who was talking about “A Quest for a Theory of Privacy”.

He pointed out that while we’re all very worried about privacy, we’re not really sure what should be done. It might be better to pause and review the legal “mess” around privacy and then try to find an intellectually-consistent way forward. This seems like a reasonable course of action to me, so I listened with interest as Michael explained that for most people, privacy issues are becoming more noticeable with Facebook, Google Buzz, Airport “nudatrons”, Street View, CCTV everywhere (particularly in the UK) and so on. (I’m particularly curious about the intersection between new technologies — such as RFID tags and biometrics — and public perceptions of those technologies, so I found some of the discussion very interesting indeed.)

Michael is part of the EU PRACTIS research group that has been forecasting technologies that will have an impact on privacy (good and bad: PETs and threats, so to speak). They use a roadmapping technique that is similar to the one we use at Consult Hyperion to help our clients to plan their strategies for exploiting new transaction technologies and is reasonably accurate within a 20 year horizon. Note that for our work for commercial clients, we use a 1-2 year, 2-5 year, and 5+ year roadmap. No-one in a bank or a telco cares about the 20 year view, even if we could predict it with any accuracy — and given that I’ve just read the BBC correspondents informed predictions for 2011 and they don’t mention, for example, what’s been going on in Tunisia and Egypt, I’d say that’s pretty difficult.

One key focus that Michael rather scarily picked out is omnipresent surveillance, particularly of the body (data about ourselves, that is, rather than data about our activities), with data acted upon immediately, but perhaps it’s best not go into that sort of thing right now!

He struck a definite chord when he said that it might be the new business models enabled by new technologies that are the real threat to privacy, not the technologies themselves. These mean that we need to approach a number of balances in new ways: privacy versus law enforcement, privacy versus efficiency, privacy versus freedom of expression. Moving to try and set these balances, via the courts, without first trying to understand what privacy is may take us in the wrong direction.

His idea for working towards a solution was plausible and understandable. Noting that privacy is a vague, elusive and contingent concept, but nevertheless a fundamental human right, he said that we need a useful model to start with. We can make a simple model by bounding a triangle with technology, law and values: this gives three sets of tensions to explore.

Law-Technology. It isn’t a simple as saying that law lags technology. In some cases, law attempts to regulate technology directly, sometimes indirectly. Sometimes technology responds against the law (eg, anonymity tools) and sometimes it co-operates (eg, PETs — a point that I thought I might disagree with Michael about until I realised that he doesn’t quite mean the same thing as I do by PETs).

Technology-Values. Technological determinism is wrong, because technology embodies certain values. (with reference to Social Construction of Technology, SCOT). Thus (as I think repressive regimes around the world are showing) it’s not enough to just have a network.

Law-Values, or in other words, jurisprudence, finds courts choosing between different interpretations. This is where Michael got into the interesting stuff from my point of view, because I’m not a lawyer and so I don’t know the background of previous efforts to resolve tensions on this line.

Focusing on that third set of tensions, then, in summary: From Warren and Brandeis’ 1890 definition of privacy as the right to be let alone, there have been more attempts to pick out a particular bundle of rights and call them privacy. Alan Westin‘s 1967 definition was privacy as control: the claims of individuals or groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.

This is a much better approach than the property right approach, where disclosing or not disclosing, “private” and “public” are the states of data. Think about the example of smart meters, where data outside the home provides information about how many people are in the home, what time they are there and so on. This shows that the public/private, in/out, home/work barriers are not useful for formulating a theory. The alternative that he put forward considers the person, their relationships, their community and their state. I’m not a lawyer so I probably didn’t understand the nuances, but this didn’t seem quite right to me, because there are other dimensions around context, persona, transaction and so on.

The idea of managing the decontextualisation of self seemed solid to my untrained ear and eye and I could see how this fitted with the Westin definition of control, taking on board the point that privacy isn’t property and it isn’t static (because it is technology-dependent). I do think that choices about identity ought, in principle, to be made on a transaction-by-transaction basis even if we set defaults and delegate some of the decisions to our technology and the idea that different persona, or avatars, might bundle some of these choices seems practical.

Michael’s essential point is, then, that a theory of privacy that is formulated by examining definitions, classsifications, threats, descriptions, justifications and concepts around privacy from scratch will be based on the central notion of privacy as control rather than secrecy or obscurity. As a technologist, I’m used to the idea that privacy isn’t about hiding data or not hiding it, but about controlling who can use it. Therefore Michael’s conclusions from jurisprudence connect nicely connect with my observations from technology.

An argument that I introduced in support of his position during the questions draws on previous discussions around the real and virtual boundary, noting that the lack of control in physical space means the end of privacy there, whereas in virtual space it may thrive. If I’m walking down the street, I have no control over whether I am captured by CCTV or not. But in virtual space, I can choose which persona to launch into which environment, which set of relationships and which business deals. I found Michael’s thoughts on the theory behind this fascinating, and I’m sure I’l be returning to them in the future.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Having another go

The UK’s last attempt to introduce a national identity infrastructure, the national ID card, failed pretty badly and left everyone involved under a cloud (except for the management consultancies who billed tens of millions of pounds to the project).

The Home Office slipped out the final report of the Independent Scheme Advisory Panel (ISAP) this week, more than a year after it was written. The ostensibly independent report, which reveals how the ID system had been compromised by poor design and management, was submitted to the Home Office in December 2009.

[From Henry Porter – Home Office suppressed embarrassing ID cards report]

The report says that there are no specifications for usage or verification (which we knew – this was one of my constant complaints at the time) and, revealingly, that (in section 3.3) that “it is likely that European travel” will emerge as the key consumer benefit. This, I think, is an interesting comment. As I have pointed before in tedious detail, what the Identity & Passport Service (IPS) built was, well, a passport. It had no other functionality and, given the heritage, was never going to have. Hence my idea of renaming it “Passport Plus” and selling it to frequent travellers (eg, me) as a convenience.

As an aside, the report also says (in section 5.5) the “significant” number of change requests after the contracts had been awarded would likely increase risk, cost and timescale. Again, while this is a predictable comment, it is a reflection on the outdated consultation, specification and procurement processes used. Instead of a flagship government project heralding a new economy, we ended up with the usual fare: incomplete specifications, huge management consultant bills, massive and inflexible supply contracts.

The report repeated the same warnings ISAP had given the Home Office every year since the system blueprint was published in December 2006 by Liam Byrne and Joan Ryan, then Home Office Ministers, and James Hall, then head of the Identity and Passport Service (IPS).

[From Home Office suppressed embarrassing ID cards report – 1/7/2011 – Computer Weekly]

How did it all go do wrong? Liam Byrne should have known something about IT as he used to work for Accenture, as did James Hall (Joan Ryan was a sociology teacher who later became famous for having claimed for more than £1,000,000 in MP’s expenses). Yet somehow the “vision” that emerged was profoundly untechnological, backward-looking and lacking in inspiration. What’s different now?

Well, a key change is that the new administration is heading more along the lines of the US (with USTIC) and the Nordics, where people use their bank IDs to access public services. We’re working on a project with Visa Europe and our good friend Fred Piper at Royal Holloway to develop a pilot implementation right now.

Consult Hyperion, working with Visa Europe and Codes & Ciphers, is the industry lead for a Technology Strategy Board funded research project; Sure Identity, for Secure Authentication of Online Government Services. This innovative pilot scheme will investigate the security and cost benefits of consumers using new bank-issued electronic Visa debit cards to securely access online government services

[From Digital Systems – DS KTN Member receives funding from Trusted Services Competition for research into the secure authentication of online Government Services – Articles – Technology Strategy Board]

It’s possible to at least imagine some form of “UKTIC” that is interoperable with the US version, certainly to the extent that an American with a US bank account might be able to open a UK bank account, things like that. And it’s possible to imagine a kind of EUTIC that sets certain minimums in place so that UKTIC can interoperate with France TIC and Germany TIC and so on. I already have one or two ideas about where UKTIC may differ from USTIC. Let’s go back to the EFF’s comments on USTIC.

A National Academies study, Who Goes There?: Authentication Through the Lens of Privacy, warned that multiple, separate, unlinkable credentials are better for both security and privacy. Yet the draft NSTIC doesn’t discuss in any depth how to prevent or minimize linkage of our online IDs, which would seem much easier online than offline, and fails to discuss or refer to academic work on unlinkable credentials (such as that of Stefan Brands, or Jan Camenisch and Anna Lysyanskaya).

[From Real ID Online? New Federal Online Identity Plan Raises Privacy and Free Speech Concerns | Electronic Frontier Foundation]

If we were to make UKTIC something like USTIC but with the addition of a class of unlinkable credentials that might be mandated for certain uses, then we could take a really important step forward: instead of a physical national identity card, the administration could trumpet and virtual national privacy card. (Actually, I’d be tempted call it a Big Society Card in order to get funding!)

Ageing problem

The simple and prosaic case of age verification has always been a litmus test for digital identity infrastructure and it’s taken on new dimensions because of social networking. We need some clear thinking to see through fog of moral panic, made worse by the turbocharging impact of the mobile phone, because it is such an individual and personal device. The spectre of legions of perverts luring children via their mobile phones is, indeed, disturbing. If only there were some way to know whether your new social networking friend is actually a child of your age and not an adult masquerading as such.

A mobile phone application which claims to identify adults posing as children is to be released. The team behind Child Defence says the app can analyse language to generate an age profile, identifying potential paedophiles.

[From BBC News – Researchers launch mobile device ‘to spot paedophiles’]

Of course, it ought to work the other way round as well. One of my son’s friends told me that members of his World of Warcraft Guild (all 13- and 14-year olds) enjoy pretending to be “grown ups” online (by pretending to have jobs and wives). But this seems an odd way to move forward, as well as something that will surely be gamed by determined perverts.

Why on Earth can’t we just do this properly, at the infrastructural level. If we had a half-decent digital identity infrastructure, there would be no need for this sort of thing. Look, here’s a simple of example of this, in Japan. If you want to use social networks via your mobile phone then it is the operator who verifies your age to the social network service (SNS) provider. Since the operator has the billing relationship, this makes sense.

KDDI announces age verification service for mobile SNS platforms; Gree, Mixi and MobaGa to start at the end of Jan

[From Mobile SNS Age Verification Service by Wireless Watch Japan]

Note that this has no implications for privacy. The operator could require you to come to one of their outlets and prove that you are, say, 18. Then they set a flag for service providers to tell them that you are over 18. It doesn’t tell them your age, or your name or where you are. Just that you are over 18. Note that this system hasn’t been invented for social networking: it is already used to prove age at vending machines (you can’t buy cigarettes or sake or whatever unless your phone says that you are old enough). It ought to be simple enough to do the same thing but using proper technology. Suppose that your Facebook page came with a red border if you have not provided proof of age? Then you could provide that proof of age and have your border changed to blue for under 18 or green for over 18 – then make the rule that anyone with a red border is only allowed to connect to people with green borders.

You see what I mean. Have something that is understandable at the user level and implement it using certificates, digital signatures and keys in tamper-resistant storage (in, for example, mobile phones). There would be no need to try and explain to people how PKI actually works (which killed it in the mass consumer market last time), just show them how to log in to things using their phones. There’s a waiting mass market for this sort of thing if you can be clear to consumers that it will protect their privacy and that market is adult services: porn and gambling, primarily, either of which should generate a decent income stream for the successful service provider. Simple. As a complete aside, there’s another connection between the adult world and social networking.

The surprise relationship between social networking and adult-themed sites came last September, when total page visits for social networking sites for the first time eclipsed that of adult sites.

[From BBC NEWS | Technology | Porn putting on its Sunday best]

So the internet isn’t all about porn after all!

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Real-time identity

Naturally, given my obsessions, I was struck by a subset of the Real-Time Club discussions about identities on the web at their evening with Aleks Krotoski. In particular, I was struck by the discussion about multiple identities on the web, because it connects with some work we (Consult Hyperion) have been doing for the European Commission. One point that was common to a number of the discussions was the extent to which identity is needed for, or integral to, online transactions. Generally speaking, I think many people mistake the need for some knowledge about a counterparty with the need to know who they are, a misunderstanding that actually makes identity fraud worse because it leads to identities being shared more widely than they need be. There was a thread to the discussion about children using the web, as there always is in such discussions, and this led me to conclude that proving that you are over (or under) 18 online might well be the acid test of a useful identity infrastructure: if your kids can’t easily figure out a way to get round it, then it will be good enough for e-government, e-business and the like.

I think the conversation might have explored more about privacy vs. anonymity, because many transactions require the former but not the latter. But then there should be privacy rather than anonymity for a lot of things, and there should be anonymity for some things (even if this means friction in a free society, as demonstrated by the Wikileaks storm). I can see that this debate is going to be difficult to organise in the public space, simply because people don’t think about those topics in a rich enough way: they think common sense is a useful guide which, when it comes to online identity, it isn’t.

On a different subject, a key element of the evening’s discussion was whether the use of social media, and the directions of social media technology, lead to more or less serendipity. (Incidentally, did you know that the word “serendipity” was invented by Horace Walpole in 1754?) Any discussion about social media naturally revolves around Facebook.

Facebook is better understood, not as a country, but as a refugee camp for people who feel today’s lack of identity-forging social experience.

[From Facebook: the heart in a heartless world | spiked]

I don’t agree, but I can see the perspective. But I don’t see my kids fleeing into Facebook, I see them using Facebook to multiply and enrich their interpersonal interactions. Do they meet new people on Facebook? Yes, they do. Is that true for all kids, of all educational abilities, of all socio-economic classes, I don’t know (and I didn’t find out during the evening, because everyone who was discussing the issue seemed to have children at expensive private schools, so they didn’t seem like a statistically-representative cross-section of the nation).

Personally, I would come down on the side of serendipity. Because of social media I know more people than I did before, but I’ve also physically met more people than I knew before: social media means that I am connected with people who a geographically and socially more dispersed. I suppose you might argue that its left me less connected with the people who live across the street from me, but then I don’t have very much in common with them.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Internet driver’s license?

Last year I said that I thought that the US National Strategy for Trusted Identities in Cyberspace (NSTIC) was heading in the right direction. I’m very much in favour of the private sector providing multiple identities into a framework that it used by the public sector and vice versa. I’m in favour of choice: if I choose to use my Barclays identity to access the DVLA or my DWP identity to access O2 it shouldn’t matter to the effective and efficient use of online transactions. There was one area where I felt it could have presented a slightly different vision, and that’s in the use of pseudonyms, which I think should be the norm rather than the exception.

People should consider it normal to get a virtual identity from their bank or their mobile phone operator in a pseudonymous name so that they can browse, transact and comment without revealing anything about themselves other than the facts relevant to a transaction.

[From Digital Identity: USTIC]

James Van Dyke, when discussing NSTIC (which seems have become known unofficially as “Obama’s Internet Identity System”) warned about

Apocalyptic fear-mongers. Yes I’m ending with the crazies here, but hear me out. The extreme cable networks and televangelists will surely jump on this as the digital incarnation of the Mark of either the Beast or “(gasp!) Obama liberals. Historians will recall that social security numbers were supposed to be an apocalyptic conspiracy.

[From Obama’s Internet Identity System: Could This Change Everything? – Javelin Strategy & Research Blog]

I don’t think the danger is the crazies — although I feel a little sheepish writing this a couple of days after a crazy did, in fact, murder several people and seriously injure a congresswoman — but the journalists, politicians, commentators and observers who don’t really understand the rather complex topic of digital identity. Or, as “Identity Woman” Kailya Hamlin (who some of you may remember from the first European Internet Identity Workshop that Consult Hyperion sponsored with our friends from Innopay and Mydex back in October) said about NSTIC:

I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative

[From National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC. | Fast Company]

She’s bang on with this. Here’s a couple of typical examples from the blogosphere:

CNET reported on January 7, 2011 that Obama has signed authority over to U.S. Commerce Department to create new privacy laws that require American citizens to hold an Internet ID card.

[From Internet Anonymity: Obama Pushes for an American Internet ID]


President Obama has signaled that he will give the United States Commerce Department the authority over a proposed national cybersecurity measure that would involve giving each American a unique online identity

[From Obama administration moves forward with unique internet ID for all Americans, Commerce Department to head system up — Engadget]

As far as I can see, NSTIC being managed by the Commerce Department has nothing to do with “privacy laws” and the idea that it will require Americans to have an “Internet ID” is a journalistic invention. The actual situation is that NSTIC is to go from being an idea to an actual system:

The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said. While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies,

[From Internet Identity System Said Readied by Obama Administration – BusinessWeek]

What this means is not that Americans will get an “Internet Driver’s License” but that they will be able to log in to their bank, the Veteran’s Administration, the DMV and their favourite blogs using a variety of IDs provided by their bank, their mobile phone operators and others.

[White House Cybersecurity Coordinator] Howard Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential, if I don’t want to,” he said.

[From Obama to hand Commerce Dept. authority over cybersecurity ID | Privacy Inc. – CNET News]

As long as it’s a matter of choice, I really don’t see a problem with this. The idea of NSTIC is that it is the infrastructure that is standardised, and this is good. We need standards for credentials and such like so that I can use my Woking Council ID to log in central government services and my Barclays Bank ID so that I can log in to do my taxes online: but I might pay Barclays for an additional ID that has some key credentials (IS_A_PERSON, IS_OVER_18, IS_NOT_BANKRUPT, that sort of thing) but does not reveal my identity. This sort of Joe Bloggs (or, for our cousins over the water, John Doe) identity would be more than adequate for the vast majority of web browsing and if other people want to wander the highways and byways of the interweb with a Manchester United, Prince or BBC ID, then it’s up to them. Let a thousand flowers bloom, as they say (well, as Chairman Mao said).

If the crazies want to be concerned about a single ID mark of the e-beast infocalypse, they’re perfectly entitled to, but I don’t understand why they are convinced it will come from the government in general or Obama in particular – there are half-a-billion people out there (including me) who have already handed over their personal information to a single unaccountable entity.

Facebook Login lets any website on the planet use its identity infrastructure—and underlying security safeguards. It’s easy to implement Facebook Login, simply by adding few lines of code to a web server. Once that change is made, the site’s users will see a “Connect with Facebook” button. If they’re already logged into Facebook (having recently visited the site), they can just click on it and they’re in. If they haven’t logged in recently, they are prompted for their Facebook user name and password.

[From Facebook Wants to Supply Your Internet Driver’s License – Technology Review]

Now, at the moment Facebook Connect just uses a password, so it’s no more secure than banks or government agencies, but it could move to a 2FA implementation implementation in the future. Widespread 2FA access to online services really should have become a business for banks or mobile operators already (think how long Identrus has been around) but it just hasn’t happened: I can’t use my Barclays PINSentry to log on to Barclaycard, let alone the government or an insurance company. But suppose my Facebook login required access to my mobile phone so it was much more secure: you know the sort of thing, enter e-mail address, wait for code to arrive on mobile phone, enter code (a proper UICC-based digital signature solution would be much better, but that’s another topic). Then I could use Facebook Connect for serious business. This would have an interesting side-effect: Facebook would know where I go on the web, which seems to me to be much more like the mark of the e-beast.

An interesting side benefit for website operators is that Facebook Login provides the site with users’ real names (in most cases) and optionally a variety of other information, such as the users’ “friends” and “likes.”

[From Facebook Wants to Supply Your Internet Driver’s License – Technology Review]

Which is, of course, why I don’t use it. On the other hand, if Facebook decided to use cryptography to secure and protect this sort of information, they could at a stroke create a desirable internet passport: by “blinding” the passport to prevent service providers from tracking the identity across web sites Facebook could significantly improve both convenience and privacy for the average users.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Masters key

[Dave Birch] This whole internet thing is getting more and more complicated. I’m trying to work out what government policies toward the internet are, so that I can help our clients to develop sound long-term strategies with respect to digital identity. To do this, we need to understand how the security environment will evolve and what the government’s attitude to security is. Should people be allowed to send data over the internet without interference? The US government thinks so.

Since 2007, Congress has inserted a total of $50 million of earmarks into the State Department’s budget to fund organizations dedicated to fighting Internet censorship.

[From Rebecca MacKinnon: No quick Fixes for Internet Freedom – WSJ.com]

Uh oh. This cannot be popular with people in favour of internet censorship, such as U2’s boss.

U2 manager Paul McGuinness said that the only reason the music industry had tanked over recent years was not because outfits like U2 peddled the same boring crap that they did in the 1980s, but because of the introduction of broadband.

[From Comment: Broadband only useful for pirates – U2 manager screams blue murder | TechEye]

Setting aside the fact that the British music industry earned more money than ever before last year, U2 are totally wrong to expect the rest of society to pay to uphold their business model in face of all technological change. Bono is wasting his time calling for Chinese-style internet censorship in order to maximise record company profits, or at least he is if the US government is going to continue funding the opposition.

China syndrome

[Dave Birch] What should government policy on identity be? Not specifically our government, or EU governments, or any other government, but governments in general. Or, let’s say, governments in democratic countries. OK, that’s a very big question to tackle. Let’s narrow it down to make a point: what should government policy on the internet be? No, that’s still too big and perhaps to vague. Let’s focus down further on a simple internet question: should the government be allowed to see what is going through the internet tubes. Of course! One of their jobs is to keep me safe from drug-dealing Nazi terrorist child pornographers who formulate devilish plots with the aid of the web.

According to reports, the FBI is asking for the authority to require all Internet communications platforms build in a “backdoor” allowing law enforcement easy wiretapping access

[From Should Government Mandate “Backdoors” for Snooping on the Internet? | Center for Democracy & Technology]

In parallel, the FBI is talking to technology companies about how they could be making it easier for criminals to see your credit card details and for the government to read to your e-mail.

Robert S. Mueller III, the director of the Federal Bureau of Investigation, traveled to Silicon Valley on Tuesday to meet with top executives of several technology firms [including Google and Facebook] about a proposal to make it easier to wiretap Internet users.

[From F.B.I. Seeks Wider Wiretap Law for Web – NYTimes.com]

This, superficially, sounds likes a good idea. Who could object? We don’t want the aforementioned Nazi drug-dealing child pornographers plotting terrorist acts using the interweb tubes with impunity. No right-thinking citizen could hold another view. But hold on…

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

[From U.S. enables Chinese hacking of Google – CNN.com]

It’s not that simple, is it? If you create a stable door, then sooner or later you will find yourself bolting it long after the horse has had it’s identity stolen. What I can’t help but wonder about in this context is whether the content actually matters: suppose you can’t read my e-mail, but you can see that a lot of mail addressed to Osama bin Laden is coming from my house? Surely that would be enough to put me under suspicion and trigger some other law enforcement and intelligence activity?

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.