| |||||||||||||
Trusted internet identity and privacyTrusted internet identity and privacyPosted Jan 13, 2011 12:18 UTC (Thu) by bud (subscriber, #5327)Parent article: Trusted internet identity
I'm pondering these days about privacy issues of digital identities and wanted to bounce off some thoughts to see what feedback I get on this.
I've been active in the European scene of government-issued eIDs for some time (and have promoted the use of open source) and am participating in a European Thematic Network that gives input on where Europe should be going in the area of digital identities. So I have a natural interest in the U.S. NSTIC effort.
I full-heartedly subscribe the objectives which I think are defined really well. Reaching these objectives is certainly very ambitious and challenging and what can be achieved is all to be seen.
Acceptance by users is IMHO the most critical factor to success--and privacy is a key issue in this. (As is clearly stated in the NSTIC document).
After this introduction, here some thoughts that I would like to get feedback on.
We are on the brink of an era where much of our activities are moved from the physical world into the virtual world of cyberspace. Identity is intrinsically linked to virtual activities and we cannot avoid it but have to try to get it right.
In my view, there are two important differences between the physical and the digital world:
In the physical world, every activity takes place in a certain location that controls the audience who can observe our actions. Someone may speak at a public conference that has press coverage, or have a beer at a bar with her friends. The choice of a location restricts the possible audiences we have and we typically chose different modalities of behavior in different places: For example, language or dress-code that is perfectly acceptable in one location, may be totally unacceptable in another.
The second point is one of life-time of information. In the physical world, the imprints of our actions fade away with time. People forget (forgive), even paper articles disappear in unsearchable paper archives and collect dust. Cyberspace is VERY different and it (potentially) never forgets. Each of our imprint is un-deletable and remains for life (and beyond, just that we may care less afterwards).
Because of these intrinsic differences between physical and virtual worlds, the consequences of our actions may be vastly different. If I drank a beer too many one night at the bar with my friends [which in this wider audience I have to disclaim is purely hypothetical and has never happened], consequences are none or very limited and will be forgotten in a couple of days. If I do something equivalent on some social network, it will be found by a potential employer who mines my behavior and I may not get that job I really need. This negative imprint in cyberspace may not even be true but falsely claimed by someone else...
Evidently, identity, and linking imprints based on identity, is the key problem in this area.
It seems to me that most things in cyberspace are public or close to public since many are clear text in the first place, others are "private" in the hands of third parties whose security meant to protect privacy is insufficient to withstand attacks, policy changes, commercial interests, or national security interests. I personally believe that once it's out there, it can be accessed (maybe not by everyone, but possibly by some who we don't like to know and for purposes that are not in our own interest).
I think for our personal well-being, it is important to have private places to retire to and save harbors where we can refuel before sailing again in the open seas. We have to find ways of doing this in cyberspace too.
The only way I see to achieve this is that we use multiple (digital) identities for different "virtual locations" that are not linkable. We need to have a free choice of an unlimited number of possibly pseudonimous or anonymous identities. This is not because we have something to hide, because we engage in illegal activities, but because this is a normal thing in our daily life experience in the real world.
(BTW, this is not my invention but called "partial identity", a term created by the FIDIS network some time ago).
I'm looking forward to get your reactions on this.
(Log in to post comments)
important Credit Posted Jan 13, 2011 13:02 UTC (Thu) by bud (subscriber, #5327) [Link]
While I gave credit to the FIDIS network [1] for "partial identities", I forgot to mention that the Austrian Government has pioneered the approach of unlinkable, sector-specific person identifiers [2] both in their legislation and in their Citizen Card (that provides a digital identity).
[1] http://www.fidis.net/
Trusted internet identity and privacy Posted Jan 13, 2011 13:44 UTC (Thu) by ortalo (subscriber, #4654) [Link]
Personnally, I would say "of course".
Of course we need several independent "identities" for different usages of computers. In fact, by the way, I would rather say that we use different independent sets of access rights with different security constraints on them, than true different identities (even virtual ones).
But I would even say that we also need more than "simply" several "named" sets of rights (or identity if you want). We also need identities shared by several people (think to document validation in most companies, big or small, families identification). We need to be able to copy some of them or split them (think to real door keys you share with your family or children). We need to be able to destroy them easily in some cases (and conflicting opinions may have to be arbitrated ;-). In other cases, on the contrary, we need third parties (possibly even a government) to guarantee their persistence and level of trust at the highest possible level.
Note by the way that I have sayed "named" sets of rights. Not "authenticated". In some cases, we do not even need these names to be authenticated - we do no need trust in someone else identity. We just want to identify them. (Well, with some level of trust maybe, but nothing that cannot be done well enough even without a true authentication procedure, especially a password.)
So, for me, saying we need several IDs (or certificates) is just the first step. It's nice because it has allowed us to understand that we need to reach another level. But not yet enough to build the stair needed to go there.
What I think is needed now are new distributed authorization and authentication servers, with an extended set of new functionalities: several different authentications, several authorization schemes, etc.
What's annoying is that nobody seems interested in seriously helping even only the specification phase. (Many people are interested in security as a domain, but most fewer are interested in doing actual security work.)
|
|||||||||||||