Day: February 17, 2005

Responding to my comments on Patrick Keefe's Village Voice “Darknet” piece, Todd Dailey writes:

“If your point is that better identity management would prevent phishing and other end-user identity theft attacks, I agree. However most of the techniques described in the article point to the need for better security, such as firewalls, virus protection, and software updates, not the need for better identity management. The only way identity management would solve this problem is if you had to identify yourself in some secure way before you were able to use the internet, perhaps a global 802.1x network. I think that's still a little way off. :)”

I had said that Keefe's contention that the machines of unsuspecting consumers are being hijacked by sinister forces:

“… speaks directly to the urgency of the need for an identity system for the Internet: an identity system that people fully understand and are willing to buy into because it is designed in accordance with the laws of identity.”

Now I agree that fixing these problems requires better “firewalls, virus protection and software updates”. But what software is safe, and what isn't? Isn't identity required here – identity mechanisms that are understandable (i.e. in keeping with the sixth law, where the three foot channel between the computer and the individual's brain is a reliable one)? And exactly who should be allowed in through firewalls? So, solving this problem goes beyond ascertaining the identity of the computer user. It involves knowing the identity of organizations, and of the products they produce. It also includes various important intersections.

Multiple Intersecting Identities

As a user, for example, I should be able access my contact list. Since I use Outlook for mail, Outlook should be able to access my contact list when I am using it. But some attachment I download through Outlook shouldn't be able to access it.

There are many identities that need to work together in a harmonious system if we want to nail this scenario – my identity as a user of a computer, Microsoft's identity as a supplier of the software I use, Outlook's identity as a specific Microsoft product, the identity of my Contact List, and that of some policy which hooks them all together. And we need the right ways to “reify” these identities so they are easily understood.

Specific is Good

The idea of having some “secure identity” before gaining access the network won't in itself keep sinister forces at bay (they can be stolen and purchased). The best way to protect a resource is by making it necessary to have not only “some identity”, but a very specific identity. Then the only way for a sinister actor to obtain access to the resource is to procure one of the very specific identities which are able to access the resource. Doing this requires knowing what the specific set of identities is. The combined effect is a very high barrier.

Extrapolating a bit further, we need to get to the point where the only way you can get to resources on internet machines is to have the very specific identities which open those very specific resources. This approach, combined with the security measures you talk about, is the only road to progress on these problems.

What stands in our way?

Outside of the enterprise, current identity systems are too hard to deploy. They are too hard to understand. And too hard to use. The different systems exist in silos, making everything harder still, and the number of silos is likely to increase. Many people feel the only way to get anything done quickly is turn protection off – maybe with the intent of turning it on later… But if you forget, there is no way to know what you've left undone or who can access what.

All of this needs to be fixed. At the center of everything is the construction of a unifying and easily used identity system.

Whispers of Probing Mind points out that the Brittan School District may be the first in California to use RFID tags for children, but not in the US or around the world:

November 18, 2004: Suburban Houston school district is tagging 28,000 students with RFID-equipped ID badges that are read when children get on and off school buses. The children's’ locations are automatically sent wirelessly to police and school administrators. School officials say the $180,000 system was enthusiastically supported by parents as a school safety measure. We're guessing the kids haven't yet hired ACLU or EFF lawyers.

In Japan, Schoolkids were tagged with RFID chips in larger scale.

July 12 2004: The rights and wrongs of RFID-chipping human beings have been debated since the tracking tags reached the technological mainstream. Now, school authorities in the Japanese city of Osaka have decided the benefits outweigh the disadvantages and will now be chipping children in one primary school.

The tags will be read by readers installed in school gates and other key locations to track the kids’ movements. The chips will be put onto kids’ schoolbags, name tags or clothing in one Wakayama prefecture school. Denmark's Legoland introduced a similar scheme last month to stop young children going astray.

Again, from my point of view there are two issues here – consent (law 1) and omnidirectionality (law 4).

James Kobelius argues that by sending your child to a school you consent to the way that school is run, and that informing parents about use of RFID is basically a formality. This argument touches on the relationship between societies, individuals and their childrens’ schools – issues which are far beyond the scope of this blog. My point here is simply that one way or another, consent is required, or there will be a ruckus which undermines the success of the system. For the system to succeed, consent should be as clear as possible. In the California incident, a number of parents did not feel they had given their consent, so the consent was not clear. I am very curious to see whether the system will recover from this.

Given my interests, I generalize from this whole experience: When trying to build a successful system of identity for the Internet, let's all agree to make this kind of dynamic a thing of the past by ensuring that above all, the users of the system are in firm control of it.

In terms of omnidirectionality, I very much suspect that the children in the all these cases wear their tags home. And that the tags are omnidirectional, cabable of being energized by any compatible reader employed by any stranger. I believe we need to nip this in the bud. If children are to be tagged, the devices employed should refuse to respond except to readers run by parties known and approved by their parents. The identity of the party monitoring the children is at least as important as the identity of the children. We are capable of building such systems for use in protecting our children, and don't have to fall back to technologies suitable for boxes of cereal.

A reader of yesterday's piece on bodynets suggested checking out this Vodafone site, which is a must-see for the identity affectionado. It's superbly put together, although at one point I got trapped in Vincenzo's incredibly messy bedroom as he played, if you can believe this, a mediterranean version of “This is my dog” to a Mitch Miller-like bouncing ball reborn on a foldable organic screen. But many of the scenarios are very concrete and believeable.

This world is lush with communicators sensing your digital ID and adjusting all aspects of your environment in cahoots with your visual bracelet, a kind of wrappable cellphone that filters incoming events on your behalf. It is Eric Norlin's polycomm scenario gone Hollywood, with privacy issues galore. All in all, a great accomplishment.

Of course we have a lot of work to do in figuring out the implications of the laws of identity for these scenarios. I wonder if Vodafone has a paper on these issues?

From Scott C. Lemon, this intriguing post:

Funny what you find on the net! While reading through some links related to wearable computer research I cam across this great page with some thoughts by Ana Viseu about “bodynets” and Identity. Besides that fact that I really like the look of the web site, I like this train of thought:

Identity, loosely defined as the way we see and present ourselves, is not static. On the contrary, identity is primarily established in social interaction. This interaction consists, in its most basic form, of an exchange of information. In this information exchange individuals define the images of themselves and of others. This interaction can be mediated-through a technology, for example-and it can involve entities of all sorts, e.g., an institution or a technology. I am investigating this interaction through the study of bodynets.

Bodynets can be thought of as new bridges or interfaces between the individual and the environment. My working definition of a bodynets is: A body networked for (potentially) continuous communication with the environment (humans or computers) through at least one wearable device-a computer worn on the body that is always on, ready and accessible. This working definition excludes implants, genetic alterations, dedicated devices and all other devices that are portable but not wearable, such as cell phones, smart cards or PDAs.

Besides the matters related to identity, bodynets also raise serious issues concerning privacy, which in turn feedback on identity changes. Bodynets are composed of digital technologies, which inherently possess tracking capabilities, this has major privacy implications.

If you like this, continue reading … there is a lot of additional material. Whenever I see the University of Toronto, I have to guess that Steve Mann is involved. These are all important directions to look at.

I couldn't agree more.