Bob Blakely at Catalyst last week gave an excellent presentation on secrecy. His main message "Secrecy - get over it since the battle is already lost". He rightfully maintains that in today's world there is no secrecy since just about every action is captured somewhere digitally and then is accessible by the public, private or government enterprises in one way or another.
One of Bob's main points was that in order to provide control over this environment it requires transparency and accountability in order to offer the individual privacy. As Bob always says, secrecy does not equal privacy.
With this thought in mind, I will take up a point about identity registration and apply Bob's principles to this.
One of the main weak spots in today's digital world is the lack of ties of an official identity credential to the identity physically. While it is true that many instances of identity don't require official recognition (thus using different personas), in some cases there is the need for tying an identity to a real person at the legal level.
The four main ways of doing this today are:
* Birth certificate
* Name registry
* Passport
* Driver's license
A birth certificate is a record of birth However, it does not tie the individual holding the birth certificate claiming to be the identity to the physical identity. Further, the use of forgery to obtain these documents is quite common. Therefore, while this form of identification is used to tie the identity to the person, it is unreliable.
The name registry that governments run, legally defines the names that apply to an individual. However, these registries use identity registration types like birth certificates and passport to confirm the individual applying for the name change is who they claim to be. As this blog will explain, these certificates don't tie the individual holding them to the physical identity. Thus, a name registry has little use in tying an identity claiming to be someone to the actual physical identity.
A passport is a device where there is usually more importance attached to it to verify that the person who is holding the passport is the physical person they claim to be. Normally, a birth certificate or driver's license is required to apply for a passport as well as providing professional people as references. Then the police do a background check to ensure the identity has no criminal record. However, there is no actual way that ties the passport physically to the holder of the passport. If they have a birth certificate, proof of citzenship and have references and no criminal record, then the passport is issued. It does not tie directly to the physical person, only to the tokens they presented.
A driver's license is a token that has become a key identity token. This is because most people now have a driver's license and, it is easily searchable. The driver's license is obtained by providing identity tokens like a birth certificate and a passport. The actual token therefore doesn't tie the individual holding the token physically to the token.
From a legal perspective, the whole identity system is built on a house of cards (tokens). People wanting to establish a high degree of legal trust with an identity assume that the person has used bonafide tokens which hopefully mean that the person is who they say they are.
Looking ahead to the future I can see identity registration becoming much more troubled. Cloning people is going to occur. As we have done with sheep and other mammals, the day is fast approaching when human cloning becomes fact rather than fiction. Then determining who is who becomes much more difficult.
From a scientific perspective, the answer is to use DNA and biometric fingerprints to differentiate one person from another. DNA works in all cases except for genetic twins. In these cases digital fingerprints can differentiate one person from another.
I proposed in a draft paper I wrote last year that a new identity registration system be used that ties an individual to their DNA and fingerprints. I further proposed that this system be run by the governments as a new birth and naming record agency.
This proposal was met with much criticism since many people didn't want a "centralized" source of identity information that the government runs. Using Bob's principles I want to apply them to what I am proposing versus the "fear" factor that my original paper was met with.
First, I am proposing that the identity's national birth and name registry information only be searchable with the consent of the identity. This means that every time someone or an enterprise wants to do a search on the identity, the individual must provide consent.
Compare this to today's world where at no time do you know who is doing a search on your passport, driver's license, birth or name records. By putting control in the hands of the individual it provides transparency to the process. Bearing in mind Bob's assertion that secrecy is gone- get over it, I believe that by providing the identity with transparent control over their identity they can have a greater degree of privacy than they currently have now.
In my proposal, the agency monitoring the identity has limited authority. At no time can they interconnect the birth/name registry with other government databases. This puts a high degree of accountability on the registry. The only searches that could be done across the registry would be for instances like a dead body with no name being found and a name wanted for the dead person.
Compare this to today's world. There are several million DNA records on file in both the UK and the USA for criminals. These are constantly being searched by law enforcement agencies without the individual's consent. Then there is the numerous cross-linkages that agencies like the NSA, FBI, CIA and other government agencies run between driver's licenses, tax forms, passports etc. There is little accountability for these agencies from the individuals perspective.
I further proposed that at time of registration, the individual would be given a card that contains a digital certificate embedded within it. Until the age of majority is reached, the legal guardians would control this card after which the individual would control it. This card would work like an identity oracle.
So, let's say that you want to purchase some alcohol. You would walk into the store and swipe your card through a reader. The digital certificate would then be sent to the birth/naming registry. If it matches with the cetificate assigned to you, then a message would be sent to the retail terminal saying that the identity is over the minimum age. BUT, the identity of the individual wouldn't be revealed. The identity oracle, the birth/naming registry, would only confirm that the person holding the card is of the minimum age.
Compare that to today. The person going into the store must show their driver's license with their name, photo Id and birthdate to the retailer. The individual has no control over the retailer seeing more information about them than is necessary.
The token however is open to mis-use by someone other than the card holder swiping the card through the reader. However, this token can actually tie to the true physical identity unlike existing current tokens in use like driver's license.
I also said that if the situation arises where the individual must confirm their true identity for legal purposes (filing a tax claim, etc., when they are arrested, etc.), the individual should approve the process. I proposed that the individual would go to an accepted third party approved by the government where they would provide a DNA and fingerprint sample. The third party would then securely digitize the samples and submit them to the birth/naming registry. The birth/naming registry would then compare to the identity they person is claiming to be. It would then submit a response to the third party agreeing or not that this is the individual. The third party would then attest to the enterprise that the individual is physically who they claim to be.
Finally, I wrote that at any time, the individual can request a list of all searches on their birth/name registry. This puts full accountability in the hands of the individual.
Remember, secrecy is dead. However, PRIVACY ISN'T. By using the principles of transparency and accountability, my proposal is to create a new identity registration system that meets the requirements of the age in which we live. It offers greater privacy than current registration and search systems.
Comments?
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us
Comments (2)
OK, it might be over for us. We're too late; the horse is out of the barn, and so forth.
But what about the next and future generations? What can be done now that will benefit them?
Some native American tribes have as part of their culture what could be called "the principle of 7 generations". Think about the impact of what you're doing today will have 7 generations from now.
Posted by Eric Norman | July 26, 2007 12:02 PM
Posted on July 26, 2007 12:02
Your comment about looking forward several generations is the main reason I wrote this blog. Within one generation it is quite likely that human cloning will become scientifically easy to do. Then we will have the possibility of multiple people who could say they are the same person.
Within our generation, we face the increasing reality of governments able to cross-link searches on identity databases. The age of "Big Brother" is here.
Currently, there are few laws that pertain to digital information that is you. What I mean by this is that when digital scans are done of your biometrics, there are few laws governing how they should be used.
Add to this the increasing ability during the next several years to take a piece of you, say a hair, and be able to reconstruct a clone of you, then this puts new twists on identification.
My vision is to create a legal database of individuals that is not by law permitted to be connected to other government databases. Then, to use the best science (which is currently DNA and fingerprints) to identify the individual. Finally, to put control over who can do a search on the individual identity within the database in the hands of the individual identity.
Guy
Posted by Guy Huntington | July 27, 2007 9:39 AM
Posted on July 27, 2007 09:39