Posted 9:59 AM (1) comments

Anti-social networking

Jim Kobielus has some interesting comments today about the potential dark side of "social networking."

In discussing an article he read in ComputerWorld, Kobielus says: "This sentence caught my eye: 'Social networking technology helps connect friends, business partners and others using a variety of tools such as search and data mining.'
'And others...tools...search…data mining.' I’ll bet 'social software' is a major tool for identity theft, facilitated by identity mining that’s enabled through indiscriminate linking at the behest of faux friends and business acquaintances."

I know there was a good reason that I always refuse the "invitations" to become LinkedIn, now I understand why. As Jim says, it "...makes you wonder what these 'people' [the ones who invite you in] expect to get from linking to you, and you to them. But of course - your resume, with all your personal data arranged neatly, spelled correctly, and packed efficiently into a scannable data structure."

I'll stay LinkedOut for now.

Posted 5:54 PM (0) comments

Repetitive recursion in defense of uniqueness

Timothy Grayson comments on Phil Wndley's post talking about Jon Udall's observation about the importance of identity. Specifically, Timothy quibbles with Phil's idea about multiple identities:

Phil makes the following statement: "Our online and offline identities are, for the most part, separate." The implicit assumptions here are that (a) identity appears to be tied to unique credentials and (b) there are or can be several identities for any individual. I rail against such a definition of the word because is contrary to my belief about (core) identity.

Don't give up your believe, Timothy! AS long as there are a few of us left who firmly believe that "identity" is a unique quality there's hope for mankind. References are here, here, and especially here.

Posted 1:30 PM (0) comments

REAL ID Act forum/symposium

Dan Greenwood has asked me to extend the following invitation to the MIT public forums on the REAL ID Act of 2005, which I'm very pleased to do.

You are invited to participate in the first Real ID Forum, convened by the MIT Media Lab and MIT E-Commerce Architecture Program. The first forum is an online discussion, facilitated by experts in the relevant fields, and taking place from Monday, September 19th at 3pm Eastern Time through Friday, September 23rd. Is the Real ID going to be a National Identity for the USA? Does it represent the ultimate convergence of physical identity cards and your digital log in? Are the privacy, civil liberties and administrative issues addressed adequately? How should the various competing interests surrounding implementation of the Real ID Act be balanced? These are among the questions that will be addressed in the online Forum. There will also be a face to face meeting, held at the MIT Media Lab in November, 2005. To find out more information and to register for this free program, please click the link above.

The tracks and moderators include:

Track 1. Real ID And National Convergence of Physical and Digital Identity (facilitated by Dan Combs, President of Global Identity Solution)

Track 2: The Need for a Secure Driver License (facilitated by Colleen Gilbert, Executive Director, Coalition for a Secure Driver’s License)

Track 3: The Need for Privacy and Civil Liberties (facilitated by Lee Tien, /Senior Staff Attorney, /Electronic Frontier Foundation)

Track 4: Practical Implementation Issues (facilitated by David Lewis, Former CIO, Massachusetts and President of American Association of Motor Vehicle Administrators)

Track 5: Balancing Interests Going Forward (facilitated by Professor Michael Froomkin, University of Miami School of Law)

In addition, there will be a section of the web site called What is Real ID? This is where we'll house the background information on the Act itself.

While you are encouraged to register and participate from the start of this event, we will be accepting new participants throughout the week. We sincerely hope you will join us for this important and timely event.

Best regards,
- Daniel Greenwood
Lecturer, MIT Media Lab and Director of the MIT E-Commerce Architecture Program

Posted 10:49 AM (0) comments

Toby Stevens

I3: The Identity Indemnity Index

Each individual possesses numerous identifiers - such as credit cards, driving license - that make up their overall identity, and each of these identifiers has an implicit value if stolen or subverted (although in some cases this value is negligible and the identifier may be treated as 'consumable'). A change in the individual's circumstances or the nature of the relationship with the identity provider may change the value of the identifier. Multiple low-value identifiers may be used to prove the individual's eligibility for a higher-value identifier.

Individuals and identity providers must be able to evaluate and compare the value of identifiers in order to determine the level of security required, and assess the liability - and hence the indemnity - associated with each identifier.

This paper proposes a simple framework for the evaluation of the liability and impact of an individual identifier, which will in turn facilitate comparison of different types of identity.

Posted 10:32 AM (0) comments

Cruising the slippery slope

I'm back, rested and rejuvenated after two weeks cruising in Alaska. But Identity issues were never far from my thoughts. One incident, in particular, is nagging.

When you board a modern cruise ship, your picture is taken and stored electronically. You are also issued a mag-stripe or barcoded plastic card. This card is your cabin key, the charge card you use to purchase goods and services aboard ship and your identity token. When getting off the ship in a port, your card is swiped and (presumably) you are marked as "out". On return, your card is swiped again, and you are marked "in." But that return swipe also brings up your picture on the security guard's console so he can verify that it really is you. (in the "old days" you had to show a picture ID along with your token card). That isn't the problem.

One evening my wife and I made a reservation to eat in the ship's specialty restaurant. As we entered the restaurant, the maitre d' came forward with his arm outstretched and said "Welcome, Mr. & Mrs. Kearns." Now, there were others with reservations at the same time as us. There were others entering the restaurant at the same time also. I'd never seen this maitre d' before. The only possible way he could have recognized us was by viewing the security pictures.

The incident itself didn't trouble me, but the thought that a security picture might be used for social and/or marketing (to give me a "good feeling" about the restaurant treating me as an individual) purposes without my explicit permission is troubling. It's something we need to guard against lest we find ourselves on the slippery slope to Big Brother tracking of all of our activities. The price of liberty really is eternal vigilance.