Thursday, February 3, 2011

Identity Ecosystem

http://arstechnica.com/security/news/2011/01/identity-ecosystem-inside-uncle-sams-trusted-identity-proposal.ars

This is an interesting article on an identify system that the US is proposing. It's interesting for a broad range of reasons. The first is that its clearly intended for use online, but the case study quoted is clearly an offline scenario.

The second obvious issue is that its US centric... again.  More on this later.

The third is that the US government is trying to farm it out to private organizations.... again. Lol.

It's both fascinating and saddening to see just how unable to change a large system like a government is.  Not little changes... things like letterhead or the name on a door, but the way it does business. Big stuff. The approach that can be taken to make something happens becomes more and more familiar. In the US case, its the involvement of the private sector in everything. There is still this fundamental concept that somehow it will be better if its not centrally managed. I am all for having a light hand on the tiller, but as a fairly ignorant spectator, I feel like there is more of a rush to privatize past a rational point in the back of the US policy makers heads.

The issues with a private trust and identity system should be obvious to everyone. Once you have a profit motive on top of what should be a universal service.... you have some conflict. It will always move toward a pay-to-play system.  So what happens with people who can't/won't/shouldn't pay?

Do prisoners keep their identities?
Do illegal immigrants buy an identity?
What about "homeless people"? How can you use an identity when you need a cell phone if you don't have a charger?
What about people who want to go off the grid? Runaway kids? Runaway spouses?
How does someone who has had their identity stolen? (With their cellphone perhaps?) recover their identity?
What about someone who leaves the country for some time and comes back... does their identity still exist? Can they pick up where they left off?

Who owns the transaction data on the use of the identity?

Basically, once the identity is a separate commodity and not directly tied to the physical being of a person, its just a product. Watch films like Gattaca or The Island and see what can happens when two people accidentally or intentionally share one identity. Watch any number of films about identity theft to see how that plays out (The Net, Single White Female... etc)

Digital Cloning.  (TM) 
To borrow, steal, share or jack someone's digital identity. Obviously its already happening and has been for some time. Once there is an even more divorced identity system where you are only one of three parties in the system who can assert your identity... you no longer even have a voting majority.

I also guarantee they will end up with an id number as the primary key in the identity record rather than a name or biometric data or even your face.  ( Now that would be a search key that would be hard to index. (Not a photo of the face, but a real, living breathing, blood pumping through it, age spots, facial hair and scars face.))  So potentially you will have to argue with two computers about whether you are or are not a particular number. How much fun will that be?

I'm becoming more interested in systems in various states of failure. Finding edge cases and writing rules to handle them is an endless game. The better designs treat everything as an edge case and have a way to gracefully degrade the performance of the system from an easy case toward the other end of the spectrum where the hard cases do not occur in a neat row. Its more a sparse array mixed with the splatter pattern of a plate of peas upended by a two year old.  
How do you design for situations where people fall out of the system, re-enter the system, find duplicates in the system, join a cult, digitally suicide, change their identity, leave the country and vow never to return, leave the planet (potentially), change governments, sell their kids identities, loose ownership of their identities through legal action, criminal behavior or stupidity?
The edge cases in a system like this are probably much more significant than the "normal" uses. How will people purchase embarrassing products when its all tracked by a private corporation (could this be worse than the current customer tracking systems?)

What happens when inevitably one of the identity databases gets cracked and uploaded on wiki-leaks or bit-torrent?  How do you fix a few million identities that might or might not have been compromised?

Trust is the key to it all.  I remember reading somewhere about the rules of a trust system. (Probably in a book about 2m to my right....) the one that stuck with me is "Trust is not transitive" (See this article on Trust Relationships for a background if you're bored.  http://technet.microsoft.com/en-us/library/cc977993.aspx)

Computer systems can establish and maintain trust relationships like this but the reality is that within a system like the one being proposed it would not be a neat triangle with three players. It would be hundreds and hundreds of computers all playing nicely together to form the chains of trust required to implement such a system, even for a single person. Think of all the communication stacks in between, all the man in the middle players, in both the primary "trust establishment" transaction and even worse, the secondary "trusted" transactions.

Just think of the skimming possibilities at any of these points... how can we pretend this is trust?

No comments:

Post a Comment