Showing posts with label minimal disclosure. Show all posts
Showing posts with label minimal disclosure. Show all posts

19 June 2009

Managing Identity Without ID Cards

I've always been slightly conflicted about Jerry Fishenden. He obviously knew what he was talking about, but he was, you know, one of the *them* - a Microsoftie. Or rather, *was* a Microsoft since he's a free man now. And you sense a new freedom in his writing, too, which means that I can start recommending his stuff unreservedly.

Here, for instance, is nothing less than a core idea of how to manage identity in the 21st century without ID cards or any of the associated stupidities:


In the work of leading identity, security and privacy thinkers such as Stefan Brands and Kim Cameron,* it is possible to see the art of the possible (Cameron's laws of identity can be found here). Stefan’s work on minimal disclosure, for example, makes it possible to prove information about ourselves ("I am over 18", "I am over 65", "I am a UK citizen", etc) without disclosing any personal information, such as our full name, place and date of birth, age or address. Neither would the technology leave an audit trail of where we have been and whom we have interacted with. It would leave our private lives private. Indeed, it would enable us to have better privacy in our private lives than we do today, when we are often forced to disclose personal information to a whole host of people and organisations.

Got that? We can prove anything about ourselves that we need to, without giving up *all* information as the Labour government wants, and without leaving audit trails. Effectively, this is the public key cryptography of identity, where mathematical magic lets you do apparently impossible things.

This is so obviously exactly what we should be doing for identity management in a world that clearly requires it, and so exactly meets the needs of those of us concerned about profound issues of civil liberties, that you really have to wonder what bunch of utterly witless morons at the Home Office are stopping this eminently sensible thing from happening, and pursuing instead the worst of all possible worlds with an expensive, insecure, intrusive and unworkable system.

Follow me @glynmoody on Twitter or identi.ca.