Working late one night a few months back, I was just about to sign off when I decided to check my email. At the top of my inbox was a message from PayPal, “confirming” a change in my email address. But I hadn't changed the address. In an exhausted panic, I clicked the link to correct an obvious fraud.
For a split second the browser opened not to PayPal but to an unrelated IP address. Then, almost instantaneously, the screen was replaced by what looked exactly like a PayPal window, requesting my password to sign in. This wasn't PayPal; it was a phishing bot. Had I been just a little drowsier, I might have been snagged by the fraud in the very act of trying to stop it.
We who celebrate the brilliance of the Internet – and in particular, its end-to-end open design – tend to ignore the maliciousness that increasingly infects it. The Net was built on trust, and it lacks an adequate mechanism to prevent fraud. Thus, it's no surprise that phishing expeditions nearly doubled last year – and phishing is just one of many evils proliferating online. It's only a matter of time until some virus takes out millions of computers or some senator's identity is stolenin. When that happens, the liberties inherent in the Internet's early design will erode even faster than the liberties said to be protected by the Constitution.
Now, with the debut of the InfoCard identity management system, Microsoft is leading a network-wide effort to address the issue. To those of us long skeptical of the technology giant's intentions, the plan seems too good to be true. Yet the solution is not only right, it could be the most important contribution to Internet security since cryptography.
The InfoCard system will first be distributed with Vista, Microsoft's newest Windows OS, set for release this year. The system effectively adds an “identity layer” to the Internet, accomplishing what security companies have been promising for years: making it difficult to falsify an identity and easy to verify your own. Here's how it works: Users’ computers (and potentially cell phones and other devices) will hold files called InfoCards that give encrypted sites access to authenticated information about the user. An American Express InfoCard, for example, might carry your name, address, and account number, all authenticated by American Express. When a Web site requests personal data, you choose whether to release that information, securely and with the verification of the card's issuer.
The resulting system is more precise and comprehensive than the hope-it-works hodgepodge of security measures we use now, argues Kim Cameron, Microsoft's chief architect of identity and access. “Auto-complete and cookies and passwords are part of a patchwork solution. With InfoCards, users will always know exactly what's happening and can always control it.”
This might sound scary to friends of privacy. It shouldn't. The InfoCard system gives you more control over your data, not less. The protocol is built on a need-to-know principle: While an InfoCard might hold 30 facts about me, only the data I choose to reveal is shared. If I need to certify that I am a US citizen, then that fact is verified without also revealing my name, age, or place of birth. And when it comes to that fake PayPal site, the InfoCard system wouldn't recognize it – it wouldn't have theproper credentials.
Again, if this sounds scary to those suspicious of Microsoft, it shouldn't. It's a protocol – a set of rules for exchanging information – not a Microsoft product. Any company can provide certified protection for data using the protocol, and many will. So unlike Microsoft's Passport system, the dubious personal info repository that alarmed many people a few years ago, no central administrator decides how privacy is protected or trust secured. Instead, the protocol solves the problem of security the same way the Internet solved the problem of browsers – through competition on an open, neutral platform. This is infrastructure for a digital age. It's TCP/IP for privacy and security.
None of this means there isn't a role for (smart) government policy and laws against online fraud or theft. There plainly is. But if this identity layer sticks, then there is a wider range of solutions to the problem. In particular, there is one that seemed impossible to me just a year ago, one that's consistent with the decentralized design of the Internet. That's an extra?ordinary gift to the online world, from a giant that increasingly depends on the Net's extraordinary design.