Showing posts with label jerry fishenden. Show all posts
Showing posts with label jerry fishenden. Show all posts

19 June 2009

Managing Identity Without ID Cards

I've always been slightly conflicted about Jerry Fishenden. He obviously knew what he was talking about, but he was, you know, one of the *them* - a Microsoftie. Or rather, *was* a Microsoft since he's a free man now. And you sense a new freedom in his writing, too, which means that I can start recommending his stuff unreservedly.

Here, for instance, is nothing less than a core idea of how to manage identity in the 21st century without ID cards or any of the associated stupidities:


In the work of leading identity, security and privacy thinkers such as Stefan Brands and Kim Cameron,* it is possible to see the art of the possible (Cameron's laws of identity can be found here). Stefan’s work on minimal disclosure, for example, makes it possible to prove information about ourselves ("I am over 18", "I am over 65", "I am a UK citizen", etc) without disclosing any personal information, such as our full name, place and date of birth, age or address. Neither would the technology leave an audit trail of where we have been and whom we have interacted with. It would leave our private lives private. Indeed, it would enable us to have better privacy in our private lives than we do today, when we are often forced to disclose personal information to a whole host of people and organisations.

Got that? We can prove anything about ourselves that we need to, without giving up *all* information as the Labour government wants, and without leaving audit trails. Effectively, this is the public key cryptography of identity, where mathematical magic lets you do apparently impossible things.

This is so obviously exactly what we should be doing for identity management in a world that clearly requires it, and so exactly meets the needs of those of us concerned about profound issues of civil liberties, that you really have to wonder what bunch of utterly witless morons at the Home Office are stopping this eminently sensible thing from happening, and pursuing instead the worst of all possible worlds with an expensive, insecure, intrusive and unworkable system.

Follow me @glynmoody on Twitter or identi.ca.

16 October 2008

Why We Need More Spam

Jerry Fishenden is not somebody you'd expect me to see eye-to-eye with much:

Jerry Fishenden is Microsoft UK's lead technology advisor, strategist and spokesman. Since being appointed to the role in 2004, Jerry has been responsible for helping to guide Microsoft's vision for how technology can transform the way we learn, live, work and play. He plays a key role in an international team of technology officers who work closely with Craig Mundie, Microsoft's Chief Research and Strategy Officer. Jerry's popular blog on issues of technology and policy can be found at http://ntouk.com.

But he's put up an excellent analysis of all that's wrong with the UK Government's proposed super-snooping database that's all-the-stronger for being much more moderate in tone than mine often are:

I remain unconvinced that we should be using technology to progressively build a panopticon here in the UK. Technology has a huge upside that we should be using positively, not allowing its more toxic potential to erode our long cherished liberties.

But what really caught my attention was the following point about weaknesses in the plan:

scale and volume: at Microsoft, last time I looked we were having to deal with some 3 billion spam emails a day through our Hotmail/Windows Live Mail service. Let alone the volume of legitimate emails. The Independent states that about one trillion emails and more than 60 billion text messages will be sent in Britain this year, and that most homes and offices now have a computer, with an estimated 20 million broadband connections. That's a serious volume of data and a serious data centre or data centres we're potentially talking about - let about the analytics then required to make sense of that data.

Yes, of course: what we need to do is *increase* the volume of spam, say, a thousand-fold - easy enough to do if you sign up for a few obviously dodgy Web sites, and reply to a few spam messages with your address. That would be inconvenient for us, but not a problem given the efficiency of spam filters these days (Gmail catches about 99.5% of the spam that I receive). But multiplying the quantity of information that the UK Government's super-snooping database would need to hold by a factor of one thousand would really cause the rivets to pop. And once databases scale up to cope with that, we just turn up the spam volume a little more.

Perhaps the same approach could be applied to Web browsing: you could write an add-in for Firefox that pulls in thousands of random pages from the Internet every day (text only). This, again, would add enormously to the storage requirements of any database, and make finding stuff much harder.

If the UK Government wants to live by technology abuse, then let it die by technology abuse. Alternatively, it might try actually listening to what people like Fishenden and countless other IT experts say about how unworkable this scheme is, and work *with* us rather *against* us on this matter....