Category: Identity

People who saw Adele and me on TV over the last few days have been writing to ask if we're OK – they saw us lined up at the Cancun airport trying to “escape hurricane Wilma.”

Thanks to everyone who has expressed their concern. We are fine!

It's funny how TV works. The image and interview became part of the Wilma system. They were replayed day after day as Wilma stalled and mercilessly bashed the Yucatan.

The truth is, I had registered for Cancun weather notifications prior to starting my vacation. Monday morning, I received this email:

The tropical depression # 24 was upgraded this morning to Tropical Storm Wilma and it was located this morning at 502 miles east southeast of Cancun, Mexico. Interests in Cancun, Isla Mujeres, Cozumel, Puerto Morelos, Playa del Carmen, Puerto Aventuras, Akumal, Tulum and the Costa Maya area must monitor the development of Wilma over the next few days.

To see the most complete information about the storm please go to: http://www.cancun.bz/cancunweather.htm

The tropical storm names for this hurricane season has been depleted, this happened only in 1933 and Wilma ties that record.

I checked the site periodically. Tuesday evening the storm suddenly developed into a category 5 hurricane coming straight towards us.

As I told the TV crew, “I've been in a hurricane before, and don't want to be in another one.” Visions of holding out in an emergency shelter with no air conditioning spurred me to lay down my Margarita and get to my feet.

Again using the Internet, I bought tickets on a flight the next morning to Puerto Vallarta. That's another beautiful Mexican town, far from Cancun on the Pacific side of Mexico, where the sun was still shining and the dolphins still playing.

Only thirty-six hours before the eye of the storm hit Cancun, we drove to the airport on an empty road. Many of the local Mexicans, veterans of endless minor hurricanes, were skeptical that this one would hit them head on. Our ticket agent told us we were crazy to leave – he said we should go back to our hotel, where “recreation directors would be throwing hurricane parties in the ballrooms.” Tourists weren't aware of what was coming either. When I was interviewed by the TV crew, the only reason I was in a lineup at all was because I had accidentally joined a group of French tourists who were clogging the checkin lane waiting for their tour guide to arrive. The airport was no busier than it normally is.

Whatever the explanation, it all made for a good visual. And apparently got replayed many times.

The images coming back from Cancun and the Riviera now are more than frightening. The devastation is terrible. My heart goes out to the local people, who I have always found to be endlessly friendly and helpful. They know a lot about how to handle hurricanes, and I'm sure they'll recover as quickly as anyone could.

As for me, I count myself super lucky to have had access to information and mobility. It's another example of how much is changed by the Internet.

[tags: Wilma, Hurricane, Cancun, Puerto Vallarta]

Kris Magnusson, who was open source program manager at Novell, pinged me recently to tell me about his new blog called http://planetary.net. I see postings like this:

Yes, I Am. . . an advocate for the Identity Metasystem. Craig Burton convinced me for reasons he didn't know about and reasons I didn't explain to him.

The big reason I believe in it was that it fit my criteria for becoming Internet infrastructure, with an exception that I think can be rectified over time, namely that multiple reference open source implementations don't currently exist. However, the Metasystem is young and these things will most certainly change.

Everything else about the Metasystem is right. It doesn't displace any existing infrastructure, requiring only a simple plugin for web sites to interoperate with the Metasystem. The InfoCard system is a great way to put users safely in control of their own identity claims, and it looks like it will find its way into alternative browsers like Firefox and Safari, making it ubiquitous.

I really have a distaste for silos now that I've experienced the openness of the Metasystem. You'll have to pardon me if I seem too hard on them, especially Sxip, who have their heart in the right place by putting claims back in the hands of users, more or less. It's just that having worked with Dr. Marshall T. Rose and having had a taste of what standardizing Internet infrastructure is all about, and having had exposure to the Metasystem's openness, I don't want to go backward to silos and proprietary networks.

My gosh: Marshall T. Rose – author of the Open Book and the Little Black Book and grand savant of OSI. That brings back memories. Anyway, moving on, I continue to hope that sxip and lid and other emerging systems will develop implementations that are part of the proposed identity metasystem.

In his email, Kris sets up a direct question for me:

My hope is that the metasystem will become true internet infrastructure in the same way dns/bind or http is currently. I think in order for this to happen that multiple open source reference implementations have to be developed. I don't think Microsoft can go it alone. Moving the WS* specs through OASIS is fabulous, as is getting support from IBM and hopefully later from Sun, but open standards are not sufficient to make a software system internet-standard. Ubiquitous implementation is key. So i'm hoping that someone will step up to the plate and develop an open source implementation of the metasystem for non-windows platforms. What do you think about this?

I totally agree. I have heard Craig's recording of “I, I, I cry ubiquity…” and thought it pretty much catches the spirit of the times. Hard-wiring is fading fast, and we will need identity metasystem capabilities in every nook and cranny of the Internet.

[tags: Identity Metasystem, Craig Burton, Planetary]

Jerry Fishenden, who is Microsoft's National Technology Officer for the UK, just contributed this first rate piece to the Scotsman:

A WELL-DESIGNED UK national identity card could help tackle many problems, including the upward trend in identity fraud and theft. But important technical, security and privacy issues need to be tackled to ensure its success.

One major challenge is that no computer system is 100 per cent secure. We've seen various prosecutions arising from unauthorised access to computer systems such as the Police National Computer and DVLA. Putting a comprehensive set of personal data in one place produces a “honeypot” effect – a highly attractive and richly rewarding target for criminals. Forty million users’ personal credit card records were compromised recently in the US – highlighting the very real risks such systems face.

We should not be building systems that allow hackers to mine information so easily. Putting all of our personal identity information in a single place is something that no technologist would ever recommend: it leads to increased and unnecessary risk. And it is poor security and poor privacy practice. Inappropriate technology design could provide new hi-tech ways of perpetrating massive identity fraud on a scale beyond anything we have seen before: the very problem the system was intended to prevent.

The UK identity card also intends to exploit advanced biometrics – technology for measuring and analysing human body characteristics (such as scans of your face, fingerprints and retina). Correctly used, biometrics can provide a useful additional technology to assist with identification – acting as a cross-reference when you need to authenticate yourself.

But as the British Computer Society has commented: “No scheme on this scale has been undertaken anywhere in the world and the technology envisioned is to a large extent untested and unreliable on such a scale. Smaller and less ambitious systems have hit technological and operational problems that are likely to be amplified in a large-scale national system.”

The security and privacy implications of storing biometrics centrally are enormous. Unlike other forms of information such as credit card details, if core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones.

The ID card itself also needs to be carefully designed to ensure it doesn't add to identity fraud problems by carelessly “broadcasting” personal information every time it's used. Using the same identifiers wherever we present the ID card is a highly risky technical design. Would you be happy if online auction sites, casinos or car rental company employees are given the same identity information that provides you with access to your medical records? It's unnecessary: we can already design systems that ensure the disclosure of personal information is restricted only to the minimum information required (a pub landlord, for example, needs only to know that you are over 18). Keeping identity information relevant to the context in which it is used is both good privacy and good security practice.

The US government has already started to re-think the way it approaches some of their large-scale government IT systems: for example, they actively encourage IT privacy and security experts to attempt to find flaws in their new electronic passport system so that it can be improved.

This is proving a successful model that should be more widely adopted, to the benefit of the UK identity card.

A well designed identity card could help simplify our interactions with public services, provide additional protection from identity fraud and improve public service delivery. But we need to ensure technology industry expertise and successful models, such as that being adopted for the US e-Passport programme, become an integral part of projects such as the UK identity card. There is no need to contemplate designing a system embodying so much risk when the same results can be achieved without any risk at all.

After all, if someone were proposing to build the most ambitious bridge the world had ever seen and engineers could see that it would fail, and suggest ways in which it could be improved, we would expect their views to be taken into account.

This is a great article and I hope it will get discussion going about other ways to approach the problems the card is meant to address. Jerry speaks for most of us when he points out the unnecessary and troubling risks of the proposed system. And his analogy with a misdesigned bridge could not be more apt.

I've received a number of notes from investigators and Ph.D. candidates in North America and Europe who want to focus on “digital identity management”. I think this is one more indicator that the importance of digital identity is permeating the intelligentsia. If I'm right about this, let the bells ring and the banners fly… How can we nurture their interest?

Academic research represents a great opportunity in our quest to “get identity right”.

We need the participation of the university. We need unimpeded research, review and contemplation. We need the next generation, born nearer to the world of virtual reality than many of us were, to start looking at identity technology as one of the key mechanisms for shaping and controlling a world which, no matter what, will be startlingly different from this one.

Jamie Lewis has generalized the idea of “cross-cutting concerns” used in aspect-oriented programming and applied it to digital identity. Refracting this into academia we can see that the study of digital identity should be cross-disciplinary.

So let's brainstorm. What about Identity Studies? Does it already exist? If not, I predict it will. We can be certain that software, robots, agents, avatars and many aspects of the built environment will learn to adapt to those who interact with them. At some point it will become obvious that we need people who understand the many implications of such technological innovations. Here's a first sketch…

Identity Studies: the discipline that grasps how who we are both changes and reflects the behavior of the world we inhabit – a theory of praxis, but one reaching beyond philosophy. It extends from understanding the mechanisms through which identity is acquired and transformed, to a theory of its protection, transmission, reception and perception. It looks at how different kinds of systems respond to – and evolve – through this perception, ultimately resulting in feedback and the transformation of identity itself.

Identity Studies will be founded by computer scientists, information theorists, cryptographers, privacy and security experts, semiologists, psychologists, sociologists, philosophers, architects and designers, lawyers, criminologists, political scientists, and policy researchers. All of these disciplines have important insights to contribute.

There are already programs at innovative universities which could evolve in the direction of this new discipline.

Several people have asked me to give “guidance on sub-areas of DIM that, based on your experience, you will recommend for research”.

In subsequent postings I'll suggest a couple of specific projects. But before I do, I'm going to give a better answer: set up Identity Labs and drop your preconceptions. Ask what happens when your environment has been programmed to respond to you. What is that you? What is that programming? What assumptions drive the interrelationships? Will you be able to alter your environment's view of you? How?

Identity Blog has been selected as one of CNET's top 100 blogs. More info here. And here's how CNET describes what they have tried to do:

With more than 14 million blogs in existence and another 80,000 being created each day, how is a person supposed to find the ones worth reading?

That is the question CNET News.com is attempting to answer with our first Blog 100 list. This effort adds to features such as News.com Blogs, Extra, My News, TalkBack, Newsburst, and Blogma, in which News.com editors and reporters are helping find the best news and views on the Web for the convenience of our readers.

Blogs have become an important source of information, but the signal-to-noise ratio makes it hard to find the gems. In our pursuit, we spent weeks checking out technology-oriented blogs based on the recommendations from our reporters and readers.

Of course, such a list is bound to generate vigorous agreement and vehement dissent. It's impossible to even get universal agreement on the definition of a blog.

For our search, we decided to be very liberal. You'll find blogs produced by a single person and others that have grown to include a staff of contributors. Some are associated with major news outlets, while some are published by large companies. The bottom line is that they all are produced by passionate people who have a wealth of information about their corner of the tech world.

After defining the types of blogs that could be considered for our list, the next question was to determine just what constitutes a “good” blog.

There are a lot of reasons people find particular blogs worthy of their time. Some are valued solely for their aggregation of pertinent news, while others have formed a devoted following based on the robust and educated comments of their readers. Still others have become popular because of their humor or for the biting tone of their writers’ opinions.

Feel free to send us feedback on our list, which we intend to regularly update as blogs change in quality. With a blog being created about every second, there are bound to be a few more good ones. And we'll help you find them.

I hope I can use this opportunity to bring identity issues to the attention of a larger audience.

Those of us in the identity community are lucky to have committed journalist colleagues like those at CNET who take the time to understand our complex issues – and who are able to explain them to a wide audience.

[tags: Digital Identity, Identity, CNET, Blogging]

Bruce Schneier just published this beautiful piece on identity theft in Wired News:

Last week California became the first state to enact a law specifically addressing phishing. Phishing, for those of you who have been away from the internet for the past few years, is when an attacker sends you an e-mail falsely claiming to be a legitimate business in order to trick you into giving away your account info — passwords, mostly. When this is done by hacking DNS, it's called pharming.

Financial companies have until now avoided taking on phishers in a serious way, because it's cheaper and simpler to pay the costs of fraud. That's unacceptable, however, because consumers who fall prey to these scams pay a price that goes beyond financial losses, in inconvenience, stress and, in some cases, blots on their credit reports that are hard to eradicate. As a result, lawmakers need to do more than create new punishments for wrongdoers — they need to create tough new incentives that will effectively force financial companies to change the status quo and improve the way they protect their customers’ assets. Unfortunately, the California law does nothing to address this.

The new legislation was enacted because phishing is a new crime. But the law won't help, because phishing is just a tactic. Criminals phish in order to get your passwords, so they can make fraudulent transactions in your name. The real crime is an ancient one: financial fraud.

These attacks prey on the gullibility of people. This distinguishes them from worms and viruses, which exploit vulnerabilities in computer code. In the past, I've called these attacks examples of “semantic attacks” because they exploit human meaning rather than computer logic. The victims are people who get e-mails and visit websites, and generally believe that these e-mails and websites are legitimate.

These attacks take advantage of the inherent unverifiability of the internet. Phishing and pharming are easy because authenticating businesses on the internet is hard. While it might be possible for a criminal to build a fake bricks-and-mortar bank in order to scam people out of their signatures and bank details, it's much easier for the same criminal to build a fake website or send a fake e-mail. And while it might be technically possible to build a security infrastructure to verify both websites and e-mail, both the cost and user unfriendliness means that it'd only be a solution for the geekiest of internet users.

These attacks also leverage the inherent scalability of computer systems. Scamming someone in person takes work. With e-mail, you can try to scam millions of people per hour. And a one-in-a-million success rate might be good enough for a viable criminal enterprise.

In general, two internet trends affect all forms of identity theft. The widespread availability of personal information has made it easier for a thief to get his hands on it. At the same time, the rise of electronic authentication and online transactions — you don't have to walk into a bank, or even use a bank card, in order to withdraw money now — has made that personal information much more valuable.

The problem of phishing cannot be solved solely by focusing on the first trend: the availability of personal information. Criminals are clever people, and if you defend against a particular tactic such as phishing, they'll find another. In the space of just a few years, we've seen phishing attacks get more sophisticated. The newest variant, called “spear phishing,” involves individually targeted and personalized e-mail messages that are even harder to detect. And there are other sorts of electronic fraud that aren't technically phishing.

The actual problem to be solved is that of fraudulent transactions. Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names. The institutions make a lot of money because it's easy to make a transaction, open an account, get a credit card and so on. For years I've written about how economic considerations affect security problems. They can put security countermeasures in place to prevent fraud, detect it quickly and allow victims to clear themselves. But all of that's expensive. And it's not worth it to them.

It's not that financial institutions suffer no losses. Because of something called Regulation E, they already pay most of the direct costs of identity theft. But the costs in time, stress and hassle are entirely borne by the victims. And in one in four cases, the victims have not been able to completely restore their good name.

In economics, this is known as an externality: It's an effect of a business decision that is not borne by the person or organization making the decision. Financial institutions have no incentive to reduce those costs of identity theft because they don't bear them.

Push the responsibility — all of it — for identity theft onto the financial institutions, and phishing will go away. This fraud will go away not because people will suddenly get smart and quit responding to phishing e-mails, because California has new criminal penalties for phishing, or because ISPs will recognize and delete the e-mails. It will go away because the information a criminal can get from a phishing attack won't be enough for him to commit fraud — because the companies won't stand for all those losses.

If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem. And not just the direct financial losses — they need to make it less painful to resolve identity theft issues, enabling people to truly clear their names and credit histories. Money to reimburse losses is cheap compared with the expense of redesigning their systems, but anything less won't work.

Bruce is right. Let me put it this way. Sites must move as quickly as they can towards what Toby Stevens calls “Data Rejection“, minimizing retention of individually identifying information. They must ensure that PII which needs to be retained is encrypted, decipherable only through systems which are quaranteened from the Internet and have the proper operational controls.

The InfoCard system has been devised to allow companies to practice Data Rejection. It uses cryptography to recognize digital relationships so personal identifying information can be made available to an internet site while a transaction is in progress but not be stored there – except, perhaps, in encrypted audit logs.

In a private thread on digital identity, the ever-witty Dave Kearns observes, ‘If anything screams ‘Please use another term for this!’, it's this review of a new computer game:

“***** Top Spin 2

“One of the top Xbox sports games, in both sales and popularity returns for another victory on Xbox 360. Everything you loved about Top Spin is back and made even better. The peerless player-creator is reborn with the powerful DigitalIdentity that truly puts you in the game. Experience the pro tour in venues that are alive and dynamic with environmental elements that react to your play. Characters are even more stunning with the addition of HD technology and the inclusion of the top players in the world like Maria Sharapova, Venus Williams, Andy Roddick, Lleyton Hewitt and Roger Federer. Put it all online and you once again have the greatest tennis game ever created.

“Digital Identity – Create realistic player models and customize them with the highest level of details. Hairstyles, shirts, shorts, shoes, etc. allow you to create a player with your look and your style. Coupled with the ability to taunt your opponents with different attitudes, Top Spin 2 truly gives your player his own Digital Identity ()

I'm fascinated by the line, “Coupled with the ability to taunt your opponents with different attitudes”. Could this technology have broad applicability to a number of professional uses???

Anyway, I think these player models – and all other virtual entities – are, in fact, examples of digital identities.

People learn a lot about the world by playing with toys. And its not just kids who learn this way.

The emergence of digital identity toys tell us that we are using the right name, not the wrong one. They represent an important step forward on the road to Craig Burton's “ubiquity”.

[tags: Digital Identity, Dave Kearns, Toys, Games]

Thanks to Entrust's identity blog for pointing us to this website describing research by Li Zhuang, Feng Zhou, and J. D. Tygar on the privacy of typed material in the presence of microphones. The site contains links to their paper, and will shortly be supplemented with raw versions of their experimental data and setup. Note that it will be changing its URL to keyboard-emanations.org.

We show that using a generic microphone, we can successfully recover almost all text typed on standard keyboards. Unlike previous research our method works even if we have no information about the typist, the keyboard, and no “training data” (examples of the typist typing known text). Simply put a microphone in a room with a typist, record 10 minutes of data, and our algorithms recover the typed text … including arbitrary text, such as passwords. Our work breaks even “quiet” keyboards that are designed not make sounds. Our results suggest that recovery is possible even if microphones are outside the room (using parabolic microphones).

Paper: Keyboard Acoustic Emanations Revisited (to appear at the November 2005 ACM Conference on Computer and Communications Security)

[tags: Privacy, Passwords, Accoustics, Privacy Threat Analysis]

As the following article by Ben Charney from eWeek shows, toolbars can make excellent pharming implements. I predicted this in one of my early blog postings, and of course it had to come true. Please note that I'm not hitting on Google – I'm pointing out a problem much broader than any one company or technology.

An Internet security specialist says a new threat forces computers to install faked Google software, which then goes phishing.

Phishing is where e-mails, IM (instant messages) or Web sites parody a legitimate company, and try to get users to provide personal information or financial account numbers and passwords.

I actually see this as pharming as much as phishing, since the toolbar resides on your PC and continues to harvest information. But hey! Maybe it does both at once!

The latest cases involve bogus Google software spread via IM, and appear to be a variety of the infamous CoolWebSearch phishing scheme, according to Foster City-Calif.-based FaceTime Security Labs. CoolWebSearch has never been spread via IM before.

In the recent cases, IM users unwittingly download a rogue tool bar, which is installed on a Web browser and provides easier access to an Internet search provider.

Tool bars also contain measures to block pop-up advertisements.

The only working feature on the fake Google Toolbar saves credit card details, according to Christopher Boyd, the security research manager of Foster City, Calif.-based FaceTime Security Labs. A bevy of others, including one to “enable pornographic ads,” do not work.

IM is increasingly a target of phishers, as the latest attacks show.

Some IM-related attempts date back to 2003.

Most recently, in early March, Yahoo Inc. confirmed that some of its Yahoo Messenger customers received a message that appears to be coming from a buddy-list contact.

Users can be lulled into directing a Web browser to a Yahoo Web page requesting log-in information for Yahoo accounts, according to an analysis by Akonix Systems Inc.

The cases in point appear similar to a rather infamous method of hijacking Web browsers known as CoolWebSearch, Boyd adds.

Instant messaging is increasingly a target of phishers, as the latest attacks show.

Some IM-related attempts date back to 2003. Most recently, in early March, Yahoo Inc. confirmed, came under attack through Yahoo Messenger, its IM service.

In the attack, users receive an IM message that often appears to be coming from a buddy-list contact.

The IM attempts to lull users into clicking on a URL, which then takes them to a spoofed Yahoo page requesting login information for their Yahoo accounts, according to an analysis by Akonix Systems Inc.

Let's work on holistic solutions that protect against these attacks and leverage progress made in one application across all others. As I told Mary Branscombe of the Guardian,

Improving site security with a better password system, or a toolbar that checks you are at the right site, can't fix a general security problem. “There are excellent people working on these things, but they can't counter current threats without changing the way computers behave in a distributed fashion,” Cameron says. “We need to work together.”

[tags: Identity Theft, Pharming, Yahoo, Toolbar]

Craig Burton has a Master of Infrastructure from Novell. A co-founder, he was the major force in transforming it from a hardware company to one of the most innovative software forces in the history of networking. Later he got his Doctorate in Infrastructure from the Burton Group, which he founded with Jamie Lewis, proposing the Network Services Model.

Today, he released a new single on his blog, which went like this:

(To a Marley reggae beat): I, I, I cry ubiquity…

Ubiquity rules.

Identity 2.0 is a tough problem. This is because it not only requires a new architecture, but because it requires that the user rethinks how identity works.

It's a shift from

Identity 1.0–server-based user name and password

to

Identity 2.0–network-based user verified credentials.

This is no small shift. It changes everything.

However,

It will only change everything when Identity 2.0 infrastucture becomes ubiquitous. Free. A given. Like air and sunshine.

Most would-be identity systems–OpenID, Ping, Sxip, Liberty to name a few–are not well designed to become ubiquitous. They each require that you buy into their architecture to work. You must adopt their protocols and system intrinsics. Open and Simple by itself just doesn't cut it.

What is needed is an architecture that is independent of mandated adoption.

This is part of the bueaty of Kim Cameron's Identity Metasystem. I can't emphasize the importance of such a design towards the objective of ubiquity.

I, I, I cry ubiquity.

By definition, a metasystem must be inclusive of the other underlying systems. So for those new to the discussion, InfoCards are not positioned against any of the systems Craig mentions. In theory you could have an InfoCard that represented an identity provider based on SXIP technology, or on Liberty technology or whatever else. In fact a number of people are thinking about building this type of offering.

Would the underlying systems have to add a bit of code? Yes.

But ubiquity and inclusiveness make such a potent combination that it would be well worthwhile.

[tags: Digital Identity, Identity Metasystem, Ubiquity, Identity 2.0, Craig Burton]