A number of people have confided that they worry the committment to privacy and openness I make in my work can't “possibly” reflect the ideas of the “official Microsoft juggernaut”. So I hope this interview by Financial Times writer Richard Waters will help people see the Bill Gates I know, and how deeply he understands the need for privacy and the possibilities inherent in the virtual world. You'll also see he fully supports an identity metasystem which is open and reaches across platforms.
FT: You have talked about building a “trust ecosystem” on the internet in which users’ identity information can be shared between websites. Would this be a closed system, or an open one?
BG: It’s totally standards-based and totally open. It runs on all platforms. It’s a series of standards that we’ve worked on – in fact, IBM has been one of the key participants in these standards. It’s got to work across all systems or it’s not worthwhile. It’s a great industry standard, just liked we’ve helped to extend HMTL for everybody to use, and TCP-IP for everybody to use.
We have an implementation of it that will compete on the implementation. But the whole notion of the protocols, how it’s done, that’s all in these WS-Trust standards. Believe me, we know a lot about this. When we did Hailstorm, four or five years ago – it wasn’t a plot to be the central root of trust or anything like that, but it was perceived as such. Our guys who work in this area have made it so clear that this is open, that everybody connects up to this. We are so clear on this.
FT: Is this the Hailstorm vision under a different name?
BG: No, no, it’s not even worth going back to that. We partly didn’t know what it was, and certainly what the press said it was wasn’t what we thought it was, but even what we thought it was we didn’t end up doing all of that. That’s old history.
This is very simple. There are statements like, “I, the employer of this person, have given them a secret” – either a password or even better a big number, a key. So I, Intel, say if they present this secret back to me, I, Intel vouch that they are an employee. Then we at Microsoft collaborate with Intel, and we decide do we accept statements of that type to decide who can get into various collaborative websites for joint projects.
That’s called federation, where we take their trust statement and we accept it, within a certain scope. So they don’t have to get another user account password. There’s no central node in this thing at all, there never can be. Banks are a key part of it, governments can be part of it. The US, probably not as much.
In a lot of countries, statements like “this person is over 18”, “this person is a citizen”, the governments will sign those statements. When you go into a chat room, for example, in Belgium, they’ll insist that you present not necessarily the thing that says who you are, but the thing that says the government says I’m over 18. This trust ecosystem has so much good designed for privacy. This thing is amazing, where you can prove who you are to a third party and then, in the actual usage, they don’t know who you are. A lot of the previous designs had the idea that if you authenticated, then you gave up privacy. There are lots of cases where you want to be authentic but not give up your privacy – or not give up your privacy except in extreme cases.
So all these things that exist in the real world about trust have to mirrored in these digital systems – and the real world is very complex in these respects. When you hear somebody on the phone, that’s enough evidence that you’re willing to tell them some things. The basic architectural framework lets us mirror a lot of these real world things. But these real world things, they take no set-up time.
Your brain is just so good at recognizing somebody’s voice, or somebody’s face, or somebody’s handwriting. It’s all just so implicit. When you leave your office, it would be strange for somebody nobody knows to come into your office and sit there at your computer – you didn’t write a memo to everybody nearby, it’s so implicit: give me a break, you guys just let that guy walk in there and walk away with my computer! In the digital world, there’s far less that’s implicit like this.
Describing these things is hard. Now in some ways, the digital world is superior. The ability to have anonymity is actually better when you want it. There’s no such thing as going to a soapbox and saying the government’s corrupt and not having the intelligence service see your face. In the digital world, that can be done.