Category: Identity

It seems too cruel, but Katrina's victims have one more thing to worry about: identity theft.

An AP story speaks of Social Security cards, driver's licenses, credit cards and other personal documents literally floating around New Orleans, raising the prospect some hurricane survivors could be victimized again — this time by identity thieves.

According to Betsy Broder, the attorney who oversees the Federal Trade Commission's identity theft program:

Survivors giving personal data to insurance adjustors or Federal Emergency Management Agency representatives should be certain they're dealing with legitimate individuals and “not crooks who are trying to trick them out of their information so they can commit identity theft.”

Once victims are able to get access to phones, Internet and mail, they should check their credit card and bank statements to see if there's been any unusual activity.

Meanwhile, scams have arisen to bilk people who are donating money over the internet.

The FBI also warned people wanting to donate money for Katrina survivors to beware of scammers who solicit online donations to lure victims into giving up credit card numbers and other sensitive information.

“There are people out there who are willing to stoop so low as to scam people who are willing to open their hearts and wallets to people in need,” said FBI spokesman Paul Bresson.

Yes, there are professionals “out there” organized internationally so as to scam us with apparent impunity. This is a key point made in the Laws of Identity whitepaper.

He said the bureau has identified about 2,000 Web sites related to the Katrina relief effort. Most are legitimate, Bresson said, but the FBI is investigating about a dozen for possible fraud.

According to other reports, the main scam sites are posing as well-known organizations like the Red Cross. After stealing your personal identifying information, including credit card numbers, they pop you back on to the legitimate site creating a real sense that all is normal.

This is yet another case where we need an Internet Identity Metasystem with a consistent user experience that allow us to be sure – when we want certainty – about who we are talking to on the internet.

[tags: Identity Theft, Katrina, Scams]

Here is a new briefing related to the identity catastrophes we've been following in this blog. Its intent is to guide legislation. The publisher is The Center for Democracy and Technology (CDT).

It will be interesting to see if anyone lines up against these proposals, which seem, though I am not a legal expert, matters of common sense. But for us as technologists, statements like “require entities that electronically store personal information to implement security safeguards” need to be operationalized, and in fact, the effectiveness of the proposals depends on how this is done.

I would like to see our legislators embrace forward technical thinking: putting in question what needs to be stored; and producing a set of technical requirements that offers real protection. I'd like to see them come to understand ideas like Data Rejection – the use of handles with no retention of identifying information except when encrypted for audit purposes under asymmetric keys and decipherable only on off-line systems.

Other advanced techniques should be considered as well, including decentralized storage of aspect-specific information and aspect-specific identifiers such as those enabled by InfoCard technology.

But I digress. Here is the briefing.

(1) Congress Considers Data Security Legislation

If nothing else positive has come from the seemingly unending string of data security breaches at corporations, universities and government agencies over the past year, they have, at the very least, illustrated the need for Congress to establish stronger protections for citizens’ sensitive personal information.

Data compromises at ChoicePoint, LexisNexis, the U.S. Air Force and other high-profile companies and organizations have heightened public concerns about loss of privacy and personal information. Federal and state lawmakers have responded to those concerns by proposing new legal protections specifically designed to protect citizens against the adverse effects of data security failures.

As a starting point, it must be recognized that there is still a need for baseline federal legislation to address the panoply of privacy issues posed by the digital revolution. Maintaining strong security is only one of a number of obligations that should apply to those who collect, use and store personally identifiable information. However, it is unlikely that current legislative efforts will address the larger issues of consumer privacy in the digital age, since enacting federal legislation on the full range of privacy concerns will require a longer and more inclusive dialogue than is currently underway.

Nonetheless, CDT believes there are a number of security issues, going beyond simply notifying citizens when their privacy has been compromised, that merit immediate attention. They share a common theme, arising from the rapid growth of the information services industry, the steep escalation in identity theft, and the government's increasing use of commercial data. These issues have been the subject of hearings and are addressed in one form or another in multiple pending bills.

CDT believes that any data privacy and security legislation that emerges from this Congress must represent a meaningful step forward, from a consumer perspective, over what states are already doing. CDT would oppose legislation that addressed the recent spate of data security breaches in an unduly narrow manner or in a way that resulted in consumers having weaker protections than those afforded under current state laws.

Further references:

CDT's April 13, 2005 congressional testimony on securing electronic personal data

CDT's March 2005 Policy Post on information security breaches

(2) CDT Recommends Key Elements of Legislation

In CDT's view, federal data security legislation should include the following elements:

Notice of Breach: Entities, including government entities, holding sensitive personal data should be required to notify individuals in the event of a security breach. The notice of breach provision should afford at least as much protection as the California notice of breach law, while avoiding over-notification.

Security Safeguards: Because notice would be given only after a breach had occurred, Congress should require entities that electronically store personal information to implement security safeguards, similar to those required by FTC rules under Gramm-Leach-Bliley (GLB) and California law. Civil fines should be available against companies that fail to comply with their own safeguards programs.

Government Uses of Commercial Data: Congress should address issues raised by the federal government's growing use of commercial databases, especially in the law enforcement and national security contexts, by requiring public disclosure of the databases to which the government subscribes, government scrutiny of these databases’ security safeguards as part of the contracting process, and measures to ensure data quality and redress when decisions about individuals are made on the basis of commercial data.

Credit Report Freeze: Currently, consumers have limited options to protect themselves from fraud when they are notified of a breach or otherwise have concerns about the use of their data. Congress should allow customers to request a security freeze on their credit reports, as at least 10 states already have done.

Social Security Number (SSN) Protection: SSNs have become the de facto national identifier and, especially when used as an authenticator, are key enablers of identity theft. Congress should seek to end the use of the SSN as an authenticator and should impose tighter controls on the disclosure, use, and sale of SSNs, with an appropriate phase-in period.

Consumer Access to Data: Enabling individuals to access their personal data files is an important safeguard against inaccuracy and misuse, particularly when personal data is collected and maintained for disclosure to third parties for their use in risk assessment or other decision making. An access regime is well established under the Fair Credit Reporting Act (FCRA). Data security legislation should impose similar access requirements on information services companies that aggregate and sell personal data.

Carefully Crafted Preemption: Nationwide notice of breach legislation should preempt individual state breach notification requirements, provided it affords at least as much protection as California's notification law. Federal legislation also should preempt inconsistent state legislation on other specific subjects addressed in the federal law (for example, security standards), following the model of GLB. Federal legislation should not, however, take the unusual step of preempting state common law or general consumer protection law.

(3) The Current Legislative Landscape

There are a number of bill in Congress in various stages of evolution that address some of the key elements listed above. Although several Senate and House committees have competing jurisdiction over these issues, three bills have emerged with bipartisan support from members of key committees. Given the public pressure to improve data security protections, these measures could come up this fall, even though lawmakers will be primarily focused on hurricane response efforts and Supreme Court nominations.

The Senate Commerce Committee has considered and approved a bill (S. 1408), introduced by Senators Smith (R-OR), Stevens (R-AK), Inouye (D-HI), McCain (R-AZ), Nelson (D-FL), and Pryor (D-AR), that provides for notice of breach, security safeguards, social security number protections, and a security freeze. While some of the provisions in the Senate Commerce Committee bill provide good consumer protections, in CDT's view the preemption provision goes too far. It is drafted so broadly that it might preclude common law causes of action (cases alleging simple negligence, for example) under state law.

Prominent members of the Senate Judiciary Committee and House Energy and Commerce Committee are also working on bills, although neither committee has held a markup. The Senate Judiciary Committee bill (S. 1332), introduced by Committee Chairman Specter (R-PA) and Senator Leahy (D-VT), includes provisions on notice of breach, security safeguards, government use of commercial data, social security number protections, and consumer access to data.

Top members of the House Energy and Commerce Committee have circulated a draft bill that covers notice of breach, security safeguards, and consumer access to data. Lawmakers are likely to introduce the bill in September.

Other committees with potential claims of jurisdiction over some of these issues include the Senate Banking, House Financial Services, Senate Finance, and House Ways and Means. These committees could take up such issues as credit report freeze requirements or social security number protection.

More information:

Senate Commerce Committee bill, S. 1408

Specter-Leahy bill, S. 1332

Other bills pending in Congress can be found here.

[tags: Data Protection, Identity, Identity Theft, CDT, Congress]

Robin Wilton from Sun wrote to comment on “Just a few scanning machines“. He says:

I was invited to attend Microsoft Tech Ed 2005 in Amsterdam this year. One of the first things the warm-up presenter told us was that we'd all been RFID-tagged.

However,

1. as I say, we were all told in the opening session;
2. it was made clear to us that the RFID tag numbers were not cross-referenced to our names.

So, for instance, when a couple of raffle winners were announced at the end of that session, only their RFID tag numbers were displayed on screen – it was up to us to check our own badges.

Robin then refer's to another comment on the post by Felipe Connill:

Pretty crazy that [the organizers of the Computers, Freedom and Privacy Conference – Kim] did this [tracked conference participants using bluetooth – Kim] without notifying everyone. But it really drives the point that people [and] equipment manufacturers need to start applying the laws of identity or if not our privacy is going to be invaded at every point.

Robin concludes:

Felipe's comment is spot on: had we not been told, none of us would have known we'd been tagged. This is absolutely a policy and implementation issue, not a technology one. Policy and implementation have to be based on a clear understanding of the subject's relevant rights to privacy and informed consent.

Robin is such a gentleman. But this kind of demonstration makes me scratch my head. What exactly were we trying to achieve? I suppose the idea must have been to show how powerful this new technology is. The demo sure accomplishes that! Maybe the idea was to give everyone the creeps so they would think about how not to use RFID tags. That's a novel approach for a product launch. Novelty is important. Anyway, I'll find out one day, and I'll let you know.

Meanwhile, it goes to show how much work we have left to do in getting a wider set of people to think about the relationship between identity and technology, especially tracking technologies. We haven't gotten the message out clearly enough.

To be continued…

[tags: RFID, identity, Tracking, Robin Wilton]

The digital ink on my last Bluetooth piece was barely dry, if digital ink dries, before Roland Dobbins wrote with a comment I'm sure will be subscribed to by many readers:

If you'd either a) disable Bluetooth on your phone, etc. (the safest option) or b) at least set them so that they're not visible/browsable (due to design flaws in Bluetooth, they can be detected by an attacker with the right tools and motivations, but it still raises the bar), you'd be a lot better off, IMHO.

You're right, and I have turned it off. Which bothers me. Because I like some of the convenience I used to enjoy.

So I write about this because I'd rather leave my Bluetooth phone enabled, interacting only with devices run by entities I've told it to cooperate with.

We have a lot of work to do to get things to this point. I see our work on identity as being directed to that end, at least in part.

We need to be able to easily express and select the relationships we want to participate in – and avoid – as cyberspace progressively penetrates the world of physical things.

The problems of Bluetooth all exist in current Wifi too. My portable computer broadcasts another tracking beacon. I'm not picking on Bluetooth versus other technologies. Incredibly, they all need to be fixed. They're all misdesigned.

If anything has shocked me while working on the Laws of Identity, it has been the discovery of how naive we've been in the design of these systems to date – a product of our failure to understand the Fourth Law of Identity. The potential for abuse of these systems is collosal – enterprises like the UK's Filter are just the most benign tip of an ugly iceberg.

For everyone's sake I try to refrain from filling in what the underside of this iceberg might look like.

Since I seem to be on the subject of Bluetooth again, I want to tell you about an experience I had recently that put a gnarly visceral edge on my opposition to technologies that serve as tracking beacons for us as private individuals.

I was having lunch in San Diego with Paul Trevithick, Stefan Brands and Mary Rundle. Everyone knows Paul for his work with Social Physics and the Berkman identity wiki; Stefan is a tremendously innovative privacy cryptographer; and Mary is pushing the envelope on cyber law with Berkman and Stanford.

Suddenly Mary recalled the closing plenary at the Computers, Freedom and Privacy “Panopticon Conference” in Seattle.

She referred off-handedly to “the presentation where they flashed a slide tracking your whereabouts throughout the conference using your bluetooth phone.”

Essentially I was flabbergasted. I had missed the final plenary, and had no idea this had happened.

Of course, to some extent I'm a public figure when it comes to identity matters, and tracking my participation at a privacy conference is, I suspect, fair game. Or at any rate, it's good theatre, and drives home the message of the Fourth Law, which makes the point that private individuals must not be subjected – without their knowledge or against their will – to technologies that create tracking beacons.

Later Mary introduced me to Paul Holman from The Shmoo Group. He was the person who had put this presentation together, and given our mutual friends I don't doubt his motives. In fact, I look forward to meeting him in person.

He told me:

[tags: Bluetooth, Bluecasting, Digital Identity, Fourth Law Of Identity]

I've been contemplating the web site run by the Bluespamming outfit I wrote about here. Their powerpoint is essential reading – download it and wonder!

For example, consider the flexibility of Bluecasting with respect to who you can track and annoy:

Jason Lee Miller picked up on some of this in a piece he did recently at WebProNews. As Jason says:

“What if, in real life, only 15% of the people you approached for a conversation responded to you? You'd probably feel like a shmuck, a social pariah. Fifteen percent is enough to make a direct marketer's thick head spin, and Bluecasting, sending ads via Bluetooth technology to unsuspecting phone-toting passers-by, offers that promise…

And really, the annoyance factor, once the bug hits the States, is going to be huge. Just try walking by a shopping mall, a subway station, or a town square, for that matter, without your phone constantly buzzing at your side asking if you want to check out the latest exercise machine from Tony Little. Gives me shivers.

But at least we can count on the fact that products will be developed to block “de-listed” signals one day, defending our right to not be annoyed as we catch our planes.

Jason also refers to a piece by Mike at techdirt. He had this to say:

… [Y]ou just have to cringe when some marketers do things so obviously bad that you just know it's going to continue the downward spiral of the view of what marketing really is about.

A few weeks ago, we wrote about a test of a system in the UK called “Bluecasting” which was more accurately described as “Bluespamming”, where terminals were set up to send commercial messages over Bluetooth to unsuspecting people passing by with Bluetooth-enabled mobile phones. The companies behind this plan insist it's fine because rather than just sending you the commercial message, they first spam you to ask you if it's okay if they send you a commercial message.

For some reason, these folks then thought it was terrific that they only wasted the time of 85% of the people they spammed. Sure, compared to direct mail, that's a high return, but it's quite a different situation.

Buzzing someone on their phone as they're walking through a train station is likely to really interrupt them as they're on their way somewhere. Yet, due to blind marketing-think, the folks behind it still are insisting it's wonderful and are expanding the program to bug even more people — pretty much guaranteeing that most folks are going to start turning Bluetooth off on their phones.

The people behind it are in denial about how annoying this really is. According to the manager of some airport lounges where this will be used: “I think it's done very well because it enables the customers [to choose]. It doesn't force it on them.” But, it does force it on users — by pinging them without permission to see if they want the ad. That's the spam. Being interrupted as they're trying to do something else. If it was really completely up to the user, they would just put up signs telling people they could request info or content on their phones using Bluetooth. But actively sending them messages via Bluetooth is intrusive and, to many, many people, clearly seen as spam.

We do have a right not to have our own devices interrupt us.

If people don't get this, we'll just get new devices that conform with the Laws of Identity. They won't allow marketers to hit us over the head, distract us and track our behavior without our consent. They'll reward marketers who develop actual positive relationships with us and respect our right to privacy.

[tags: Bluetooth, Bluecasting, Bluespamming]

Here is some important information, reported in New Scientist, from the Bureau of Intrusive Stupidity:

Ignoring adverts is about to get a lot tougher with the development of billboards and advertising posters that use Bluetooth to beam video ads direct to passing cell phones.

Is this the return of the repressed? I thought that was over.

Don't you love it? The video ads are not directed at us – who are, after all, people who have had their fill of peddlers sticking things in our faces. They are directed at passing cell phones. No, but wait:

As people walk past the posters they receive a message on their phone asking them if they wish to accept the advert. If they do, they can receive movies, animations, music or still images further promoting the advertised product.

Yes, we are lonely and need to be contacted by billboards. We desperately want them to phone us. Isn't there a song about this?

“It's all about delivering high quality content, tailored for mobile usage,” says Alasdair Scott, co-founder and chief creative officer of London-based Filter UK, who created the system, called BlueCasting.

Chief Creative Officer? Give this man treatment immediately! I wonder what his mother says?

Here is an example of what he calls “high quality content”.

The posters detected 87,000 Bluetooth phones over a two week period, of which about 17% were willing to download the clip, says Scott.

Right. Would you be expecting a phone call from a billboard? Not really. You might take the first call.

If BlueCasting still sounds too intrusive, there is always one solution, says Whitehouse: “Just make sure your Bluetooth device is set so that it’s not discoverable to other devices.”

How dare Mr. Whitehouse tell me I need to turn off my phone's discoverability if I don't want his billboards connecting to my device?

No. I should not be bothered by passing billboards unless I subscribe to the Billboard Interruption Service, or whatever these people are going to call it. It had better be “opt in”. Of course, Bluetooth's fixed addresses (in contravention of the Fourth Law of Identity) make it easy to put your phone's tracking key on such a list – so you can get your fill of billboard spam.

Meanwhile, where is the noble Steve Mann? With his digital glasses, you can opt to have billboards filtered out of your vision, if you want. Or just particular billboards, if you grow to detest some which are run by demented goofs.

People are coming up with some really interesting new proximity technologies whereby if a person wants to obtain information from a poster, she can take a simple action (like clicking her phone) to get it. Such a technology does not intrude, and can succeed. As for this one, not only would I not invest – but, to quote Jamie Lewis, I'd rather keep my money in a shoe.

Until then, I take this as just one more sign that Bluetooth needs desperately to evolve to a new standard in compliance with the Laws of Identity.

[tags: Bluetooth, Bluecasting]

From New Scientist via slashdot, some concete numbers to anchor estimates of impending bitrates in wireless connectivity:

Cellphones capable of transmitting data at blistering speeds have been demonstrated by NTT DoCoMo in Japan.

In experiments, prototype phones were used to view 32 high definition video streams, while travelling in an automobile at 20 kilometres per hour. Officials from NTT DoCoMo say the phones could receive data at 100 megabits per second on the move and at up to a gigabit per second while static.

At this rate, an entire DVD could be downloaded within a minute. DoCoMo's current 3G (third generation) phone network offers download speeds of 384 kilobits per second and upload speeds of 129 kilobits per second.

The technology behind NTT DoCoMo's high-speed phone network remains experimental, but the 4G tests used a method called Variable-Spreading-Factor Spread Orthogonal Frequency Division Multiplexing (VSF-Spread OFDM), which increases downlink speeds by using multiple radio frequencies to send the same data stream.

The article goes on to say:

Some countries have already begun cooperating on [such 4G] standards. Japan and China signed a memorandum on 24 August to work together on 4G. NTT DoCoMo hopes to launch a commercial 4G network by 2010.

[tags: Wireless, Future Trends]

Steven Grimaud has written to point out Bruce Schneier‘s very nice posting on the heartbreak of global secrets:

Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them.

Unfortunately, this isn't a thief who got lucky. It happened twice, and it's possible that the keys were the target:

The keys, each of which could start every train, were taken in separate robberies within hours of each other from the North Shore Line although police believed the thefts were unrelated, a RailCorp spokeswoman said.

The first incident occurred at Gordon station when the driver of an empty train was robbed of the keys by two balaclava-clad men shortly after midnight on Sunday morning.

The second theft took place at Waverton Station on Sunday night when a driver was robbed of a bag, which contained the keys, she said.

So, what can someone do with the master key to the Sydney subway? It's more likely a criminal than a terrorist, but even so it's definitely a serious issue:

A spokesman for RailCorp told the paper it was taking the matter “very seriously,” but would not change the locks on its trains.

Instead, as of Sunday night, it had increased security around its sidings, with more patrols by private security guards and transit officers.

The spokesman said a “range of security measures” meant a train could not be stolen, even with the keys.

I don't know if RailCorp should change the locks. I don't know the risk: whether that “range of security measures” only protects against train theft — an unlikely scenario, if you ask me — or other potential scenarios as well. And I don't know how expensive it would be to change the locks.

Another problem with global secrets is that it's expensive to recover from a security failure.

And this certainly isn't the first time a master key fell into the wrong hands:

Mr Graham said there was no point changing any of the metropolitan railway key locks.

“We could change locks once a week but I don't think it reduces in any way the security threat as such because there are 2000 of these particular keys on issue to operational staff across the network and that is always going to be, I think, an issue.”

A final problem with global secrets is that it's simply too easy to lose control of them.

Moral: Don't rely on global secrets.

[tags: Global Secrets, Bruce Schneier]

I'm glad to say that my long-time friend Bob Blakley of IBM has started what is guaranteed to be a fascinating blog called “Ceci n'est pas un bob“. He's writing with a philosophico-literary bent about what he calls the “axioms of identity”. To get you hooked, here is his first piece on the axioms.

‘Pam commented:

‘”If you were to open an old photo album, and see a picture, let's say this picture was taken by an aunt or uncle. And this picture showed one of your children at christmas, looking up with delight just after they found out what their present was. Would you look at that picture and see that the lighting was all wrong, and that cousin Mervin was picking his nose in the background – or would you register that this loved one of yours was experiencing a moment of joy? Isn't it possible that you would register both? And that the emotion that is valid for you and a small handful of people within this very specific context makes up for the artistic absence?”

‘This is precisely right! I would register both a (negative) feeling for the photographic aesthetics and a (positive) feeling about my child. And a small group of people who know my children would register the second feeling, too (they might not register the first feeling, unless they too have The Photographer's Eye) – but most viewers would have either just the first feeling (“that photo sucks”) or they would have the first feeling together with a generic feeling of affection toward a child at Christmas.

‘Why does my feeling about this (hypothetical) photograph differ from the feelings of the multitudes who might view the photo on flickr? Because of the first axiom of identity:

‘IDENTITY IS SUBJECTIVE

‘Umberto Eco has said that a novel is a machine for generating interpretations; the same thing is true of a picture. But which interpretation a picture generates depends on one's experience.

‘When I see a picture of my own child, I recognize the child. Because of my experience, I know a rich, detailed story about the child, and I associate the picture with that story (the story is, from my point of view, my child's identity – since An Identity Is A Story).

‘A stranger – someone who doesn't know me or my children – has nothing to associate with the picture when she sees it, but she has to react anyway.

‘Because the stranger's experience does not provide her in advance with a story to go with the picture, she has two choices:

• She can associate the picture with a generic story which seems suitable to the content of the picture (here she may be using something like a Norman Rockwell painting of a child opening Christmas presents as an archetype).
• She can have a purely aesthetic reaction to the picture, without thinking of any story at all.

‘The picture doesn't contain either my version of my child's identity story or the generic story which the stranger makes up when she sees the picture; it's just kind of reference to those stories. Over time, more and more people either forget the stories, or forget what the subject of the stories looked like; this tends to disassociate the picture from the stories and make the picture less useful as a reference. (I remember a photo.net thread which asked “what do you most wish were in old pictures?”; the best answer was “name tags”.)

‘There's an important lesson here for people who want to use biometrics as identifiers; biometrics are essentially pictures of people, and people change over time. The practical effect of this is that the biometric database, over time, will tend to “forget” what the subjects of its stories look like (because it will be relying on old pictures) – and indeed one of the design parameters for biometric systems is the rate at which peoples’ physical features change.

‘In fact, of course, everything about a person changes over time – his physical appearance, his attitudes and beliefs, his creditworthiness, his address, his name (OK, more often her name), his bank account number, his employer, and so on. This is in fact our second axiom of identity:

‘IDENTITY CHANGES OVER TIME

‘This is blindingly obvious if you think about it; if An Identity Is A Story, then of course an identity will change over time – because the story keeps developing (unless you're reading some awful psychological novel or play where nothing ever happens).

‘But let's leave discussion of the second axiom for a future post. We haven't yet exhausted the riches of Eco's observation that a story is a machine for generating interpretations.

‘Anytime there's a story, there's also a storyteller and an audience. The storyteller has an intention in telling the story – just as I have an intention in taking a picture. But the members of the audience don't necessarily know what that intention is, and they don't share all of the storyteller's experiences; they bring their own attitudes and experiences to the the campfire around which the story is told.

‘Each listener's attitudes and experiences generate a unique interpretation of the story, just as Eco observed. And this means, of course, that if I tell an identity story, each member of my audience hears a different identity story. So when our first axiom says that IDENTITY IS SUBJECTIVE, it's not just saying that different observers know different parts of the same story. Even if two listeners hear exactly the same story, each of them feels and remembers a different story.

‘If you think about it, this is why more than one credit agency can exist; if all credit agencies had the same algorithms for taking information about me and turning it into a credit report, or a credit score, then they would all be delivering exactly the same product, and there would be no basis (except price) for competition and no reason to consult more than one agency. It's precisely the subjectivity of identity that creates the possibility of, and the need for, competing services.

‘Eco is careful to note that no interpretation should be considered privileged or canonical (as indeed the credit agency example makes clear; if one agency's interpretation were correct, that agency would be able to put the others out of business quickly).

‘The storyteller's own interpretation is particularly suspect (Eco writes “The author should die once he has finished writing. So as not to trouble the path of the text.”) What he's saying here is that interpretations are essentially subjective – that there can be no such thing as a true interpretation. And this too is true of identity stories; certainly the person the identity story is “about” is an unreliable narrator – he's got too much invested in the happy ending to be trusted to give us the unvarnished truth – but he's also the only one who knows all the facts!

So far, I'm in agreement with the “grand lines” of Bob's argument, and appreciate how beautifully he has presented his ideas.

Rather than expressing them as “Laws” or “Axioms”, I captured the ideas of subjectivity and change in the very definition of digital identity on which the Laws rest:

A digital identity is a set of claims made by one digital subject about itself or another digital subject.

Subjectivity is built in to the definition.

At the same time, I adopted the OED's definition of claims as “an assertion of the truth of something, typically one which is disputed or in doubt”; and defined a digital subject as “person or thing represented or existing in the digital realm which is being described or dealt with”.

The introduction of this notion of doubt is really no different from saying, “no interpretation should be considered privileged or canonical.”

I continue to feel it is better – given my role and goals with the metasystem – to avoid discussions of ontology and phenomenology, about which I fear humankind will continue to disagree. But Bob's piece explains some of the thinking that led to the definitions I proposed, and pulling these ideas out as “axioms” deepens the discussion.

I'm looking forward to having Bob joining the discussion. He has a wonderful mind and a great deal of experience in everything related to security.

[tags: Identity, Digital Identity, Bob Blakley, Umberto Eco, Axioms Of Identity, Laws Of Identity]