Interview with Bob Blakley on User-centric identity: Platforms, trade-offs, and next steps
20 November 2007, 11:00 AM EST
Bob Blakley of the Burton Group is a leading thinker on the potential and pitfalls of online identity systems. Recently he has been explaining the concept of the Identity Oracle and how it is a business, not a technology.
He also recently summarized the status of open identity technology in Recapping the Catalyst user-centric interop from a June meeting in San Francisco as well as last month's meetings in Barcelona. He will take our questions about identity, privacy, related technology, and probably the Longhorns.
Read more about Bob Blakley
Transcript
Dave Witzel:
After the June User-Centric Identity Interop in San Francisco, you said "there is a running identity metasystem". Would you explain for us what this is and what it means for online community?
Bob Blakley:
Sure. There's an infrastructure of OpenId and CardSpace identity providers and relying parties. You can get OpenIds from a variety of providers today and use them with a host of relying parties - mostly blogs and other online properties which are doing personalization and customization but not commerce.
The future of the identity metasystem looks promising - you'll probably be able to sign up for an identity with one provider and use it in many different places. The fly in the ointment is that different identity providers today offer different classes of service, so you'll probably still need to have multiple IDs.
In the future I imagine that you'll be able to sign up with a single trusted provider and configure an account which will then be used to manage many of your online interactions but which will reveal only what you want revealed in each transaction you undertake.
The future of the identity metasystem looks promising - you'll probably be able to sign up for an identity with one provider and use it in many different places. The fly in the ointment is that different identity providers today offer different classes of service, so you'll probably still need to have multiple IDs.
In the future I imagine that you'll be able to sign up with a single trusted provider and configure an account which will then be used to manage many of your online interactions but which will reveal only what you want revealed in each transaction you undertake.
Dave Witzel:
Did you see much progress between the June and October Interops?
Bob Blakley:
There was a lot of progress, but there's still a long way to go. I'm an optimist, so to me this means the glass is half full.
In June the interop participants demonstrated that a variety of commercial and open-source parties could all talk to one another over a common set of protocols. This went a long way toward showing that Microsoft's Open Specification Promise wasn't just hot air - real projects were able to use it to produce real code which really worked in multi-party interactions.
The June interop also highlighted a bunch of issues. The October interop's goal was to test solutions to the issues identified in June and to identify new issues which needed to be resolved before seamless, out-of-the-box interoperability could be supported by all the participants.
The October interop demonstrated progress but not completion. There's clearly still the need for a comprehensive set of scenarios and testcases which will demonstrate that each component of the identity metasystem lives up to its obligations - both technical and policy.
The next interop - at the RSA conference in April, 2008, will demonstrate more progress. The technology is maturing but not yet mature, so it will be interesting to monitor the results of the ongoing series of interops and try to judge when the technology is ready for prime time.
In June the interop participants demonstrated that a variety of commercial and open-source parties could all talk to one another over a common set of protocols. This went a long way toward showing that Microsoft's Open Specification Promise wasn't just hot air - real projects were able to use it to produce real code which really worked in multi-party interactions.
The June interop also highlighted a bunch of issues. The October interop's goal was to test solutions to the issues identified in June and to identify new issues which needed to be resolved before seamless, out-of-the-box interoperability could be supported by all the participants.
The October interop demonstrated progress but not completion. There's clearly still the need for a comprehensive set of scenarios and testcases which will demonstrate that each component of the identity metasystem lives up to its obligations - both technical and policy.
The next interop - at the RSA conference in April, 2008, will demonstrate more progress. The technology is maturing but not yet mature, so it will be interesting to monitor the results of the ongoing series of interops and try to judge when the technology is ready for prime time.
Dave Witzel:
You say the meta system "is not grown up yet, and it still suffers from a number of issues". What are the most serious problems were facing?
Bob Blakley:
The most serious question we're facing - and really it trumps all the others - is "how do identity providers make money"?
This is important on all kinds of different levels.
Obviously there can't be an identity provider which is a going concern if it doesn't make money. Individuals want an identity provider to be a going concern because they want to depend on it to provide identity services - they want to use these services to make their lives easier, less risky, and more private in the electronic world.
Businesses want an identity provider to be a going concern too - they want to use it to lower their cost of identity management and to reduce their transaction risk due to identity fraud.
And of course the identity provider itself wants to make money because it wants to continue in business.
On a broader level, society wants stable identity providers to emerge, because they can serve as foci for regulation and accountability - if I can lobby my legislator to make a single identity provider behave itself (with respect to my privacy and identity), I'm much more likely to succeed than if I have to lobby for broad regulation constraining the behavior of all businesses.
This is important on all kinds of different levels.
Obviously there can't be an identity provider which is a going concern if it doesn't make money. Individuals want an identity provider to be a going concern because they want to depend on it to provide identity services - they want to use these services to make their lives easier, less risky, and more private in the electronic world.
Businesses want an identity provider to be a going concern too - they want to use it to lower their cost of identity management and to reduce their transaction risk due to identity fraud.
And of course the identity provider itself wants to make money because it wants to continue in business.
On a broader level, society wants stable identity providers to emerge, because they can serve as foci for regulation and accountability - if I can lobby my legislator to make a single identity provider behave itself (with respect to my privacy and identity), I'm much more likely to succeed than if I have to lobby for broad regulation constraining the behavior of all businesses.
Francis:
Hi Bob. Thanks for taking questions. Here's mine -- What is the biggest threat to identity today?
Bob Blakley:
That's a really interesting question. In the past, we had the sense that our identities arose from our status as human persons. I think the biggest threat to our identities today is that as a society we might fall into the trap of reversing this relationship, and come to believe (or at least act as if we believe) that our status as persons derives from possessing an electronic "identity" - that is, a record in a database.
If this happened we'd be in danger of becoming "unpersons" whenever someone erased our identity record in the database.
If this happened we'd be in danger of becoming "unpersons" whenever someone erased our identity record in the database.
Dave Witzel:
How do you feel about the recent arrest of Dan Egerstad for demonstrating a weakness in the Tor anonymity service?
Bob Blakley:
In general our security is weakened by any attempt to suppress information about security flaws. The theory that we're safer if we don't discuss these things stems from an assumption that our adversaries are not as smart as we are, and will not find out about weaknesses if we don't tell them.
This assumption is false. Our adversaries must be presumed to be smarter than we are, and they are in fact at least as smart as we are. All we do by suppressing information about weaknesses is deny ourselves the advantage of giving some of the defenders a headstart on solving the problems - though we also delay the date of reckoning for bureaucrats who initiated the use of the flawed systems in the first place.
Dan Egerstad had tried several times to alert the very authorities who eventually arrested him to the Tor weaknesses without publicizing those weaknesses. He is essentially being punished for their failure to listen.
This assumption is false. Our adversaries must be presumed to be smarter than we are, and they are in fact at least as smart as we are. All we do by suppressing information about weaknesses is deny ourselves the advantage of giving some of the defenders a headstart on solving the problems - though we also delay the date of reckoning for bureaucrats who initiated the use of the flawed systems in the first place.
Dan Egerstad had tried several times to alert the very authorities who eventually arrested him to the Tor weaknesses without publicizing those weaknesses. He is essentially being punished for their failure to listen.
Mike Shade:
The idea of an Identity Provider service has been tried many times in the past. You outlined a few of the problems in your blog post, linked in the description, but what about another obvious issue -- incentive?
What incentive do service providers have to begin using, or migrate their current login databases to, an Identity Oracle? There need to be concrete gains on the service provider side to make this succeed. While identity metadata providers can benefit the user by safeguarding private information and consolidating logins, the gains to the service provider seem slim.
What incentive do service providers have to begin using, or migrate their current login databases to, an Identity Oracle? There need to be concrete gains on the service provider side to make this succeed. While identity metadata providers can benefit the user by safeguarding private information and consolidating logins, the gains to the service provider seem slim.
Bob Blakley:
Your observation that past attempts to build identity providers have failed largely for economic reasons seems to me to be correct.
I think Identity Oracles might not have worked economically until a few years ago, but the world has changed now in two ways that seem to me to enable a viable business case for commercial identity providers if they are structured correctly.
The first thing that's happened recently is a lot of publicity surrounding identity theft; we have the California legislature and its SB 1386 breach notification requirement to thank for this. What this has done is raised peoples' awareness of the consequences of losing identity data online; this in turn serves as a demand driver among consumers for secure identity services. In other words, maybe the problem has gotten bad enough or at least public enough that people might be willing to lay down a few cents to protect their own identity information.
The second thing that's happened is compliance mandates - most particularly the PCI-DSS standard. Compliance mandates create financial risk for organizations which collect identity data but don't protect it. This means that there is now - for the first time really - a business cost to the collection and use of identity information. The core notion behind the Identity Oracle is that the Oracle can be a business which specializes in handling identity information, and because it specializes it can do a better job than its customers, and because it does a better job it can do the job at a lower cost, and because it can do the job at a lower cost, it can charge its customers less than they would pay to do the job in-house and still make a profit.
I think Identity Oracles might not have worked economically until a few years ago, but the world has changed now in two ways that seem to me to enable a viable business case for commercial identity providers if they are structured correctly.
The first thing that's happened recently is a lot of publicity surrounding identity theft; we have the California legislature and its SB 1386 breach notification requirement to thank for this. What this has done is raised peoples' awareness of the consequences of losing identity data online; this in turn serves as a demand driver among consumers for secure identity services. In other words, maybe the problem has gotten bad enough or at least public enough that people might be willing to lay down a few cents to protect their own identity information.
The second thing that's happened is compliance mandates - most particularly the PCI-DSS standard. Compliance mandates create financial risk for organizations which collect identity data but don't protect it. This means that there is now - for the first time really - a business cost to the collection and use of identity information. The core notion behind the Identity Oracle is that the Oracle can be a business which specializes in handling identity information, and because it specializes it can do a better job than its customers, and because it does a better job it can do the job at a lower cost, and because it can do the job at a lower cost, it can charge its customers less than they would pay to do the job in-house and still make a profit.
Jennifer G.:
It looks like people, in general, are willing to trade "privacy" for pretty small things -- a little bit of money, service, even better advertising. Do "real people" even care about personal identity issues online or just not understand?
Bob Blakley:
Real people understand but they often discount the risk until something bad happens to them. It's well known that people over-value current rewards vs. future risks, which goes some way to explaining why people will tell you their passwords in exchange for a chocolate bar.
But I think people rightly distinguish between "giving out information" and "having their privacy invaded". They make this distinction because they're used to real social situations. In real social situations, I tell you something private as part of a relationship which develops over time and conforms to social norms. In this kind of a social situation, when I tell you something private, I don't expect that you're going to publish it in the Wall Street Journal, mail it to my boss, or spray paint it on my fence.
In online situations we still tend to behave as if we're in real social situations when in fact we're often dealing with strangers (who feel no reciprocal social obligation to us) or with corporations (which are incapable of social behavior). So we're acting "out of context" - we think we're being social but we're not in a real social situation and the other party has no intention of acting in a social way. In this sense they don't understand what they're doing.
It may be that the best thing to do to get people to behave in their own interests is to provide them with better context cues so that they understand what kind of a situation they're really in before they give out information (and by "better context cues" I do NOT mean a 20-page legal notice of privacy practices!)
But I think people rightly distinguish between "giving out information" and "having their privacy invaded". They make this distinction because they're used to real social situations. In real social situations, I tell you something private as part of a relationship which develops over time and conforms to social norms. In this kind of a social situation, when I tell you something private, I don't expect that you're going to publish it in the Wall Street Journal, mail it to my boss, or spray paint it on my fence.
In online situations we still tend to behave as if we're in real social situations when in fact we're often dealing with strangers (who feel no reciprocal social obligation to us) or with corporations (which are incapable of social behavior). So we're acting "out of context" - we think we're being social but we're not in a real social situation and the other party has no intention of acting in a social way. In this sense they don't understand what they're doing.
It may be that the best thing to do to get people to behave in their own interests is to provide them with better context cues so that they understand what kind of a situation they're really in before they give out information (and by "better context cues" I do NOT mean a 20-page legal notice of privacy practices!)
Francis:
How are identity and authentication related?
Bob Blakley:
That's complicated. I've posted on my blog that "an identity is a story". In this sense I have many identities, because different people have different stories about me. Dave, our host, has one set of stories about me because we went to grade school and high school together. My colleagues at the Burton Group have another set of stories about me because I've been attending their conferences for 10 years and have been working for them for a year now. My family has another set of stories about me, and of course I have stories about myself.
In this sense each individual who knows me (or Googles me!) constructs their own "identity of Bob". These identities don't have to be the same, and some of the information in each identity probably isn't even true (mine's probably the least accurate by now - I find as I get older that I remember fewer things that DID happen and more things that DID NOT happen.)
But all these identities are related in the sense that they are all "about me" in some way.
Authentication is not the process of determining whether these identities are "about me" or whether they're "true". Instead, it's the process of determining whether my claim that "I am Bob Blakley" is "true".
This process is very complicated (in fact it turns out to be surprisingly hard even to defined what it means for that claim to be true!), but it turns out that we can use identity information to help figure out whether my claim to be Bob Blakley is true.
If there are things that everyone knows happened to Bob Blakley (for example, everyone knows that Bob was the president of the Bryan High School Science Club, because Dave tells them so), but I don't remember those things, then it seems a little less likely that I'm Bob.
On the other hand, if someone has a copy of Bob's fingerprint from his Texas Driver's License application and my fingerprint looks the same, then it seems a little more likely that I'm Bob.
In this way, various "identity attributes" can be used to support the authentication processl
In this sense each individual who knows me (or Googles me!) constructs their own "identity of Bob". These identities don't have to be the same, and some of the information in each identity probably isn't even true (mine's probably the least accurate by now - I find as I get older that I remember fewer things that DID happen and more things that DID NOT happen.)
But all these identities are related in the sense that they are all "about me" in some way.
Authentication is not the process of determining whether these identities are "about me" or whether they're "true". Instead, it's the process of determining whether my claim that "I am Bob Blakley" is "true".
This process is very complicated (in fact it turns out to be surprisingly hard even to defined what it means for that claim to be true!), but it turns out that we can use identity information to help figure out whether my claim to be Bob Blakley is true.
If there are things that everyone knows happened to Bob Blakley (for example, everyone knows that Bob was the president of the Bryan High School Science Club, because Dave tells them so), but I don't remember those things, then it seems a little less likely that I'm Bob.
On the other hand, if someone has a copy of Bob's fingerprint from his Texas Driver's License application and my fingerprint looks the same, then it seems a little more likely that I'm Bob.
In this way, various "identity attributes" can be used to support the authentication processl
Dave Witzel:
What about online privacy and electronic health records? Are these issues related? Are they being addressed by the same people?
Bob Blakley:
Electronic health records shouldn't even be attempted without both good privacy protections and good security protections. The HIPAA security and privacy rules were supposed to provide a foundation for this, but have in practice been a disappointment.
I worry that not enough attention has been paid to these problems, and that as a society we have not had an informed discussion of the risks. What I'd like to see is an independent security risk assessment and privacy impact assessment of the general notion of an electronic health record and also of every proposed specific implementation, and I'd like to see these assessments published and widely discussed, both by Congress and by the public in the USA and also in any other jurisdiction where electronic health records are proposed.
Wikipedia has a great page on this topic (http://en.wikipedia.org/wiki/Electronic_health_record)
I worry that not enough attention has been paid to these problems, and that as a society we have not had an informed discussion of the risks. What I'd like to see is an independent security risk assessment and privacy impact assessment of the general notion of an electronic health record and also of every proposed specific implementation, and I'd like to see these assessments published and widely discussed, both by Congress and by the public in the USA and also in any other jurisdiction where electronic health records are proposed.
Wikipedia has a great page on this topic (http://en.wikipedia.org/wiki/Electronic_health_record)
Max:
What is "user-centric identity"? What does this mean? Is it important?
Bob Blakley:
The general notion of "user-centric identity" is that identity systems should not disclose identity information to anyone without the user's involvement and consent.
The idea is important, because it addresses an asymmetry in the relationship between "data subjects" (that is, people like you and me) and data collectors.
In the online world today, if you want a service, you pretty much have to agree to any terms the service provider establishes for the use of your information. The idea behind user-centric identity is that you should be more in control in your relationships with data collectors; you should, for example, have some power to negotiate the terms under which your information will be collected and used.
The technical details are mildly interesting, but what's really important about user-centric identity is that it tries to level the playing field so that individuals are at less of a disadvantage against organizations who want to collect and use information about them.
The idea is important, because it addresses an asymmetry in the relationship between "data subjects" (that is, people like you and me) and data collectors.
In the online world today, if you want a service, you pretty much have to agree to any terms the service provider establishes for the use of your information. The idea behind user-centric identity is that you should be more in control in your relationships with data collectors; you should, for example, have some power to negotiate the terms under which your information will be collected and used.
The technical details are mildly interesting, but what's really important about user-centric identity is that it tries to level the playing field so that individuals are at less of a disadvantage against organizations who want to collect and use information about them.
Dave Witzel:
You say 'we'd be in danger of becoming "unpersons" whenever someone erased our identity record in the database.' This sounds like sci-fi but it seems like our government may already rely on this without databases, especially for "enemy combatants". Will the online systems exacerbate this problem?
Bob Blakley:
I suspect that there are in fact databases containing the details of extraordinary renditions of enemy combatants.
Online systems will definitely exacerbate the problem. You've undoubtedly been in retail stores where the clerk couldn't do something simple like exchange a sweater because "the computer won't allow it". The temptation in broadly computerized systems will be to deny people basic rights rather than doing something the computer doesn't easily support, and this is a real danger.
On the other hand, you don't need an online system to become an unperson - all you need is to get the presumptions wrong. I'm hoping someone will write the story of what has happened and is still happening to all the people whose birth records, medical records, educational records, and financial records were destroyed by Hurricane Katrina.
Online systems will definitely exacerbate the problem. You've undoubtedly been in retail stores where the clerk couldn't do something simple like exchange a sweater because "the computer won't allow it". The temptation in broadly computerized systems will be to deny people basic rights rather than doing something the computer doesn't easily support, and this is a real danger.
On the other hand, you don't need an online system to become an unperson - all you need is to get the presumptions wrong. I'm hoping someone will write the story of what has happened and is still happening to all the people whose birth records, medical records, educational records, and financial records were destroyed by Hurricane Katrina.
Dave Witzel:
Right. Arguably, I have _the best_ stories about you! Fortunately, we weren't able to post our escapades to MySpace. What will happen to the wired generation when they realize they revealed more than they wanted to? Or will they care?
Bob Blakley:
(Let's not talk about that chemical weapons attack, OK?)
The wired generation arguably already realizes a lot more about how things work online than we give them credit for. Our kids aren't stupid - my teenagers pointed out to me that the threat model generally described on TV for Myspace and Facebook was the wrong thing to worry about.
The nightly news wants you to believe that a 50-year-old child molester is the main threat on Myspace and Facebook. My kids (one boy and one girl) pointed out that teenage boys who go to school with them are much more of a threat to them than child molesters are, and that Myspace and especially Facebook make it ridiculously easy for the Romeos and bullies at their schools to find out lots of information about them.
On the other hand, I do think that broad public disclosure of lots of information by teenagers will change the way society works in the future. The optimist in me wants to believe that it will reduce public hypocrisy; maybe Chelsea Clinton won't have to say that she didn't inhale.
The wired generation arguably already realizes a lot more about how things work online than we give them credit for. Our kids aren't stupid - my teenagers pointed out to me that the threat model generally described on TV for Myspace and Facebook was the wrong thing to worry about.
The nightly news wants you to believe that a 50-year-old child molester is the main threat on Myspace and Facebook. My kids (one boy and one girl) pointed out that teenage boys who go to school with them are much more of a threat to them than child molesters are, and that Myspace and especially Facebook make it ridiculously easy for the Romeos and bullies at their schools to find out lots of information about them.
On the other hand, I do think that broad public disclosure of lots of information by teenagers will change the way society works in the future. The optimist in me wants to believe that it will reduce public hypocrisy; maybe Chelsea Clinton won't have to say that she didn't inhale.
Francis:
So about the Egerstad arrest. I see it is being called "the hack of the year". I guess we can assume he is a "good guy". But how should we handle problems with our security systems? Especially if security is in some sense, to protect us from our protectors?
(www.theage.com.au)
(www.theage.com.au)
Bob Blakley:
Actually Ergstad's trick with the Tor exit server was called "the hack of the year" before he was arrested (in fact it was probably that publicity which led to the arrest).
We should handle problems with our security systems by building better security systems. Ergstad is trying to tell us that we have a security system which either doesn't work or at any rate doesn't do what we think it does.
Tor isn't the only such system; Hushmail also doesn't do what a lot of its users think it does, as at least one user found out the hard way.
What protects us from our protectors - if by protectors you mean government - is not technical security systems but in fact the law and its enforcement. What we should do about that is insist that government itself obey the law. I've recently blogged about Andrew Napolitano's book "A Nation Of Sheep". It's about why the fourth amendment is still important even if the government doesn't really feel obligated to respect it. Highly recommended.
We should handle problems with our security systems by building better security systems. Ergstad is trying to tell us that we have a security system which either doesn't work or at any rate doesn't do what we think it does.
Tor isn't the only such system; Hushmail also doesn't do what a lot of its users think it does, as at least one user found out the hard way.
What protects us from our protectors - if by protectors you mean government - is not technical security systems but in fact the law and its enforcement. What we should do about that is insist that government itself obey the law. I've recently blogged about Andrew Napolitano's book "A Nation Of Sheep". It's about why the fourth amendment is still important even if the government doesn't really feel obligated to respect it. Highly recommended.
Nyk Cowham:
What do you feel are the major privacy issues that user-centric interop might present? Who are the people thinking about the ways to steal a person's online identity and feed this intelligence into the community?
Bob Blakley:
There are lots of people thinking about how to steal your identity. People who want to cross borders with false papers think about this. Petty criminals who want a new iPod think about it. Governments who want to conduct espionage think about it. Organized crime syndicates who want to syphon money out of banks think about it.
Some of these organizations are highly professional and lavishly funded.
Still, identity theft isn't necessarily a privacy problem. Lots of identity theft is strictly about financial fraud. You lose money, but you aren't embarrased in public, divorced, or fired from your job.
User-centric identity is designed more to protect your privacy against misuses of your information by legitimate businesses (TJX) and government agencies (IRS) with whom you conduct transactions than it is to protect you against identity theft.
Some of these organizations are highly professional and lavishly funded.
Still, identity theft isn't necessarily a privacy problem. Lots of identity theft is strictly about financial fraud. You lose money, but you aren't embarrased in public, divorced, or fired from your job.
User-centric identity is designed more to protect your privacy against misuses of your information by legitimate businesses (TJX) and government agencies (IRS) with whom you conduct transactions than it is to protect you against identity theft.
Dave Witzel:
You mention the RSA conference in April, 2008. Any other events or dates we should keep an eye on?
Bob Blakley:
Well, you should of course plan to attend the Burton Group Catalyst Conference in San Diego on 23-27 June 2008. Details are here: http://www.catalyst.burtongroup.com/
I thought even before I joined the Burton Group that this was the premier identity and privacy conference in the industry, and now that I get to give several talks instead of just one it's even better :-)
I thought even before I joined the Burton Group that this was the premier identity and privacy conference in the industry, and now that I get to give several talks instead of just one it's even better :-)
Dave Witzel:
Bob, is there "an answer" to the identity/security problem. Do we have to have our eyeballs screened like in the Tom Cruise movie?
Bob Blakley:
Well, that's one answer.
There are answers to the identity problem and answers to the security problem. Because the threats keep changing, the answers have to keep changing too. But I think universal surveillance is more of a problem than a solution, and I think the experience of the UK provides good evidence in support of my position.
We do need to be able to identify people online and in the real world and we do need to reduce certain kinds of risks. At the Burton Group we're working on a set of concepts (the Limited Liability Persona, the Identity Oracle, the Relational Continuity Sockets Layer) which are designed to make use of identity online safer for all parties - for individuals, for the businesses they deal with, and for society in general.
The problem is of course very complicated, and it will take a lot more thought to get workable solutions. And the solutions will not just be technical; they'll be legal, social, and economic too.
There are answers to the identity problem and answers to the security problem. Because the threats keep changing, the answers have to keep changing too. But I think universal surveillance is more of a problem than a solution, and I think the experience of the UK provides good evidence in support of my position.
We do need to be able to identify people online and in the real world and we do need to reduce certain kinds of risks. At the Burton Group we're working on a set of concepts (the Limited Liability Persona, the Identity Oracle, the Relational Continuity Sockets Layer) which are designed to make use of identity online safer for all parties - for individuals, for the businesses they deal with, and for society in general.
The problem is of course very complicated, and it will take a lot more thought to get workable solutions. And the solutions will not just be technical; they'll be legal, social, and economic too.
Roy Bragg:
What about the people who lost all of their records in Hurricane Katrina? What sort of life are they enduring now, and what sort of future do they face?
Bob Blakley:
I haven't done as much digging into this as I'd like, but my guesses are:
trouble accessing healthcare
trouble accessing credit
trouble accessing retirement and unemployment benefits
trouble probating wills
and so on.
Society, of course, can also run into trouble. Losing the record of lots of people's outstanding warrants poses obvious problems too...
trouble accessing healthcare
trouble accessing credit
trouble accessing retirement and unemployment benefits
trouble probating wills
and so on.
Society, of course, can also run into trouble. Losing the record of lots of people's outstanding warrants poses obvious problems too...
Paul Hyland:
The concept of different identities for different audiences, or applications, and user-centric identity really seem related.
Can you comment on the implementations of these concepts in identity-management systems such as Plaxo, or in identity management policies for services like social networks. I've heard, for example, that Facebook plans to give users more fine-grained management of personas, ability to define them and assign them to different groups of friends. (At least I hope that's true.)
Can you comment on the implementations of these concepts in identity-management systems such as Plaxo, or in identity management policies for services like social networks. I've heard, for example, that Facebook plans to give users more fine-grained management of personas, ability to define them and assign them to different groups of friends. (At least I hope that's true.)
Bob Blakley:
Personas are a good idea; it's good to be able to invest only the relevant pieces of one's identity in an environment or a transaction.
It's also good to be able to invent an entirely new identity in environments in which linkage to past identity isn't important (would you go see a rock concert starring Reg Dwight?)
There are of course obvious abuse cases, and systems which support personas need social mechanisms to prevent certain sorts of fraud and abuse.
It's also good to be able to invent an entirely new identity in environments in which linkage to past identity isn't important (would you go see a rock concert starring Reg Dwight?)
There are of course obvious abuse cases, and systems which support personas need social mechanisms to prevent certain sorts of fraud and abuse.
Patrick:
No system is unpenetrable. So why should a user rely on one system more than another? Wouldn't it make more sense for businesses to implement a verification system for certain things that could be used for evil, i.e. SSN, credit card numbers, etc. The hot thing right now in regards to online identity seems to be adding layers of security as opposed to yet another holder of information. I'm not convinced we are ready for an identity oracle given how much information many people have already proven they are willing to give to businesses with a chance to win an ipod.
Bob Blakley:
Verification of identity information isn't the main difficulty right now. The main difficulty is preventing personal information from being leaked to the public after it's been collected and verified. The TJX data breach is now north of 90 million records. This presents enormous opportunities for financial fraud and also possibly other kinds of mischief.
We currently have a system in which every organization that accepts credit cards has to have strong security in order for my privacy to be protected. That's insane, and it cannot possibly work. I want to concentrate responsibility for protecting my private information in the hands of a much smaller and much more competent group of organizations - like Identity Oracles. And I want to be able to sleep at night because I know the managers of those organizations won't be able to feed their kids unless they keep my data safe.
We currently have a system in which every organization that accepts credit cards has to have strong security in order for my privacy to be protected. That's insane, and it cannot possibly work. I want to concentrate responsibility for protecting my private information in the hands of a much smaller and much more competent group of organizations - like Identity Oracles. And I want to be able to sleep at night because I know the managers of those organizations won't be able to feed their kids unless they keep my data safe.
Paul Hyland:
Speaking of scary books, another recommended read is "Takeover: The Return of the Imperial Presidency and the Subversion of American Democracy," by Pulitzer Prize winning Boston Globe reporter Charlie Savage.
In it, he describes how the current administration is flouting laws - issuing a record number of signing statements - that already give it more than enough legal authority to violate Americans' privacy.
Charlie, Whitfield Diffie, and Marc Rotenberg discussed this and more at a recent Electronic Privacy Information Center event that I blogged about here:
http://www.paulhyland.com/2007/10/eventful-october-part-1.html
In it, he describes how the current administration is flouting laws - issuing a record number of signing statements - that already give it more than enough legal authority to violate Americans' privacy.
Charlie, Whitfield Diffie, and Marc Rotenberg discussed this and more at a recent Electronic Privacy Information Center event that I blogged about here:
http://www.paulhyland.com/2007/10/eventful-october-part-1.html
Bob Blakley:
Thanks; I'll check it out. I also like the recent book "Privacy at Risk" by Christopher Slobogin.
Dave Witzel:
Bob, thanks so much for joining us today. That's all we have time for. Are there any last comments or references you'd like to leave us with?
Bob Blakley:
I'll leave you with one comment and two references.
The comment is this. Privacy is not about keeping personal information secret. It's about ensuring that people who handle personal information respect the dignity of the individuals to whom that information refers.
The references are my personal blog and my Burton Group Identity and Privacy team's blog.
The comment is this. Privacy is not about keeping personal information secret. It's about ensuring that people who handle personal information respect the dignity of the individuals to whom that information refers.
The references are my personal blog and my Burton Group Identity and Privacy team's blog.
HereĀ are materials referenced during this interview:
- Wikipedia's article on electronic health records
- A Nation Of Sheep by Andrew Napolitano
- Burton Group Catalyst Conference in San Diego on 23-27 June 2008
- Takeover: The Return of the Imperial Presidency and the Subversion of American Democracy by Charlie Savage
- Privacy at Risk by Christopher Slobogin
© 2010 Forum One Communications, some rights reserved. |