19 June 2009

Managing Identity Without ID Cards

I've always been slightly conflicted about Jerry Fishenden. He obviously knew what he was talking about, but he was, you know, one of the *them* - a Microsoftie. Or rather, *was* a Microsoft since he's a free man now. And you sense a new freedom in his writing, too, which means that I can start recommending his stuff unreservedly.

Here, for instance, is nothing less than a core idea of how to manage identity in the 21st century without ID cards or any of the associated stupidities:

In the work of leading identity, security and privacy thinkers such as Stefan Brands and Kim Cameron,* it is possible to see the art of the possible (Cameron's laws of identity can be found here). Stefan’s work on minimal disclosure, for example, makes it possible to prove information about ourselves ("I am over 18", "I am over 65", "I am a UK citizen", etc) without disclosing any personal information, such as our full name, place and date of birth, age or address. Neither would the technology leave an audit trail of where we have been and whom we have interacted with. It would leave our private lives private. Indeed, it would enable us to have better privacy in our private lives than we do today, when we are often forced to disclose personal information to a whole host of people and organisations.

Got that? We can prove anything about ourselves that we need to, without giving up *all* information as the Labour government wants, and without leaving audit trails. Effectively, this is the public key cryptography of identity, where mathematical magic lets you do apparently impossible things.

This is so obviously exactly what we should be doing for identity management in a world that clearly requires it, and so exactly meets the needs of those of us concerned about profound issues of civil liberties, that you really have to wonder what bunch of utterly witless morons at the Home Office are stopping this eminently sensible thing from happening, and pursuing instead the worst of all possible worlds with an expensive, insecure, intrusive and unworkable system.

Follow me @glynmoody on Twitter or identi.ca.


Crosbie Fitch said...

I wouldn't be so sure.

The future of ID/reputation is certainly distributed, but then that has been its past.

However, any long-term viable technology has to be a white-box solution, not a black-box one.

That means a system that relies upon arcane mathematics is a black-box solution (despite appearing to be a white-box one to maths nerds).

For some reason those who search for a solution are invariably waylaid by the lure of control (centralisation) and/or obscurity (elitism).

Glyn Moody said...

As a mathematician, I feel obliged to object to your aspersions...

And what's the problem with "arcane maths"? Provided it's *correct* maths, it's fine - and correct means it can be checked. Are you against SSL connections too?

And what would be your solution to ID/reputation, given that we do need something in a digital world....?

Crosbie Fitch said...

No disrespect intended, but what mathematicians feel duty bound to trust, despite being opaque even to them, can be their undoing (because they have so much confidence in it, they become complacent in verifying it).

SSL and https are fine for computer systems maintained by nerds, but not for the common man.

The sort of solution I'm looking forward to (it will be arrived at by trial and error eventually) will be reminiscent of the sort of thing I describe here:
Ideating Identity.

It must operate in a manner that is primarily visible and comprehensible to those who use it - continuously. It may be backed up by arcane maths on those rare occasions when challenged, but arcane maths shouldn't govern its normal operation.

In other words, just as people need to be able to check their bank accounts to scrutinise them for fraud, so they also need to inspect their white-box identity system to assure themselves it is operating correctly.

No identity system can survive that relies upon its users having blind trust in the black boxes they are provided with (no matter the reassurances of maths geeks). ;-)

Glyn Moody said...

Interesting stuff, but it's still not clear to me now this would work in practice - and you mention private/public keys...

Crosbie Fitch said...

Yup, I was just trying to start the ball rolling in the direction of an ID/reputation system whose operation was a little more transparent and comprehendable.

I daresay what I sketched out can be improved considerably, made more layman-friendly, and less contaminated by PKI techniques (except where indispensible as emergency ID theft counter-measures).

But, my point is that fundamentally ID is a matter of memorable relationships, not of a single secret and a little black box (or chip&pin card). The person needs to see an account of those relationships that effectively produce each ID they possess. And let's not also forget that this is a distributed/p2p system - no central control.

Glyn Moody said...

yes, the relationships idea is cool: I just wonder how we'd implement it...

Crosbie Fitch said...

Frankly, I think it's pretty straightforward (!), but at the moment I'm working on the problem of exchanging art for money without copyright - in other words a system that enables the public to fund public works. This is thus indispensible for the funding of such public works as a distributed ID/reputation system, and distributed cyberspace. ;-)

Glyn Moody said...

I look forward to hearing more about it in due course.