Category: Identity

Clay Shirky at the ICA

I went to see Clay Shirky speak at the ICA this afternoon, as part of a tour to launch the paperback version of Here Comes Everybody. And even though I’d heard him launch the hardback (at the RSA, around a year ago), I found what he had to say fresh and compelling.

Clay spent some time extending his “group action just got easier” theme. As a recent example, he took a look at Improv Everywhere and their No Pants Day; as ever, he kept reminding us of the possibilities afforded by group action. In his words “What happens if you take something that people are good at doing, that people like doing, and make it simpler and cheaper?’ “What happens when the medium of communication is global, ubiquitous, social and cheap?”

He then spent some time on the “social” third sector, distinguished from the revenue- and profit-driven private sector and the social-value-creation driven public sector. Comment was also made on the ability of small groups in such social contexts to protect themselves against freeloaders, in contrast to the tolerance shown to freeloaders by larger groups, ostensibly as a result of their inability to defend themselves.

The Gnarly Kitty example was also interesting, with its “in the public but not for the public” stance. Intriguingly, in this context, Clay averred that journalism had morphed from a profession to an activity.

The most interesting part of the debate was when he touched various aspects of Barack Obama’s campaign and early presidency. He walked us through the Will.I.Am video and its impact, particularly when one bears in mind the fact that the Obama campaign didn’t commission the video, pay for it in any way or even endorse it; yet it had a material effect on making people believe that the Obama presidency was actually possible, that it had moved into the bounds of reality.

There’s a lot more I could cover, but I will not be able to do it justice here; you’re better off reading others like Michael Mahemoff, who covered it well here. Better still, go buy the book. In the meantime, I’d like to spend some time on one particular aspect of the session. Clay talked to us about the way marijuana legalisation was voted as No 1 of all the issues facing Obama, as reported here.

He suggested that hen something like this happens, there are really three choices. To act on the suggestions as ranked, seems wrong, in effect letting the gamers win. To cherry-pick from the suggestions seems undemocratic. So we have to do something else, which is to fix the system. And this is hard.

Why is it hard? Well, for one thing, to make this happen properly, we need to fix the treatment of identity. We need to make sure that those who were entitled to vote did so. We need to make sure that those that were entitled to vote did so once and once only. And we need to make sure that the votes so cast are collated and counted fairly and accurately.

He made a really important point here. This issue of identity is not one that is held up by the unavailability of appropriate technology; rather, it is held up by adoption, which is a social and cultural thing.

I discussed with him the possibility of learning from online communities such as opensource, which are usually governed by some version of benevolent despotry: 1000lb gorilla, moderator, core, whatever. While we can learn from such communities, we need to remember that governments differ from such communities in some critical ways: for example, people can leave opensource communities if they don’t like what’s going on; or, where they like some aspect of the output but disagree with the direction, they can fork from them; this is not easily possible with government, there are physical constructs that don’t play out as easily as the virtual or digital aspects.

I left there musing about something which has exercised my mind before in this particular context. Voting alone does not seem enough.

I think the answer has to do with taxes. What I visualise is this:

Each of us is given the opportunity to “allocate” our taxes against the specific initiatives we would like them spent on. In effect each of us would choose from hundreds of initiatives and public expenditure heads, and allocate the tax we pay, in increments, across the initiatives we want to support. The withholding of tax against a specific heading becomes a form of protest. The allocation of tax monies towards a specific initiatives becomes a strong indicator of support.

There are some risks. Prima facie such a system would be biased towards the rich, if the actual sum of money was seen as a vote. To prevent this, each person has exactly 100 units of tax-vote. My tax-vote may be worth more or less than my next-door neighbour, but from a voting perspective it carries the same weight. A widow’s mite is the same as the billionaire’s largesse.

Another risk is in the likely imbalance between the allocation of funds and the usage of funds, as it were. When people withhold funds from initiatives they will definitely gain from, in effect “fractional freeloading.” One way to avoid this is to make everyone’s allocation visible.

Which in turn leads to an interesting question. As we proceed down this route, as we become more and more reliant on the internet to exercise our democratic rights, duties and powers, what price anonymity? Will a person’s vote stay secret? Should it?

One thing is clear. While there are many technological advances in the context of democratic action, there are still many issues to solve. Identity, confidentiality and privacy form one set. Freeloading and the Tragedy of the Commons forms a second set. These are not the only sets, but probably the most important. And they have to be seen in the context of social and cultural change, and not as technical or process barriers.

What does bad look like? And related questions

I was in conversation with an old colleague, Sean Park, a few days ago; with a little bit of luck, we’ll be able to spend a little time together next week in San Francisco, at Supernova. During the conversation, this post by Chris Skinner came up.

First, a few disclaimers.

One, I am not against cyberlibertarians. I count many cyberlibertarians as my friends. In fact I’d even let my daughter marry one. Some people think I am a cyberlibertarian. And I don’t argue with them.

Two, despite all that, I signed up with the UK Border Agency IRIS scheme as soon as I could, use it regularly, and will probably sign up with its equivalent for the US and Europe as soon as I can. So I am not against the technology.

Three, I like what Bruce Schneier has to say about many things, and particularly about things to do with security. This liking predates (by a long way) and is completely unconnected with, our becoming colleagues much later. [Incidentally, we have never met, either as colleagues or before then, although we’ve been in the same room quite a few times. Maybe this will change, we’re both at Supernova.]

Having said all that.

There’s identity and there’s identity. “Identity” covers things I assert about myself, things that only I can assert about myself. It covers things that others assert about me, things that only others can assert about me. It also covers things that I assert, but where my assertion is weak unless it is backed up by someone or something else.

When I say that I like Grateful Dead or Traffic or Crosby Stills Nash and Young or John Mayall or Jim Croce, I am asserting something about myself. A last.fm audioscrobbler attached to iTunes can see whether my listening habits match my stated likes, but it cannot say what I like. That is for me to say. When a bank says that I have a credit rating of X, they are asserting something about me that I cannot assert about myself. When a government gives me a token to help me assert who I am (such as a passport or a driving licence), the government is doing something I couldn’t do as well.

So there’s identity and there’s identity. It’s all the rage, it’s the happening thing, there are now more people working in the identity space than in call centres worldwide. [Doesn’t it feel like that to you?].

And, as Chris Skinner says, it looks like biometrics will become more important, more dominant, more pervasive. Shivers down spine. Collywobbles. Paroxysms of sweat. I begin to get a teensy weensy bit concerned.

Why? Not because I think someone’s going to gouge my eye out and re-use it. Not because I think that someone’s going to chop my finger off. [Yes, there are times and there are places where this can and probably will happen, but in this conversation I consider the Chopping Off argument to be a Red Herring.]

I’ve been concerned about the use of biometrics in everyday life for a few decades now. Nearly 30 years ago, when I worked for Burroughs Corporation, we had a division that manufactured ATMs. And I remember seeing a presentation where people queued up to a hole in the wall to draw money, presented their eyeballs to an even smaller hole in the wall, had their retinas scanned before the hole vomited out cash. And I thought to myself, who designs these things? Who imagines that someone would actually do this? Did they talk to anyone, any would-be customers?

If you want to understand the pros and cons of biometrics, you must read this article in ACM by Bruce. So what if it’s almost a decade old, the points he makes still hold true. It’s an expansion and improvement on an another note by him, written a year earlier in his Crypto-Gram newsletter.

Here are some excerpts:

  • [B]iometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can’t do that, it can’t work
  • Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.
  • Once someone steals your biometric, it remains stolen for life; there’s no getting back to a secure situation.
  • Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy.
  • [B]iometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it’s not hard to imagine some very unsecure situations arising.

As a frequent traveller, I am happy to use biometrics-based processes when it mean my immigration and security queues are shortened significantly. IRIS has been a boon for me.

But if my bank asked me to start using iris recognition based schemes, I would probably change bank.

Why?

Now you must be used to people tritely asking you “So what does good look like to you?” [What an appalling question. Why can’t they ask you what you want? I’m old and patient now, so I forgo the temptation to “throw them under that question”, a la that other appalling phrase “throw them under the bus”. Who thinks this unadulterated crap up anyway?]

So humour me for a second and allow me to use the phrase “What does bad look like?” When I use IRIS, “bad” means that someone has managed (a) to get a copy of my iris as stored in some humongous central database somewhere (b) convinced some hardware and software in a booth that he/she is me returning to the UK. Depending on my actual travelling status, that may throw up some conflicts and errors, and the worst that could happen is that I spend some time sorting out the mess when I next pass through. But the facts will be on my side, and I don’t live in a police state. People may be appalled by CCTV Britain, by Guantanamo Bay, by 42 day detentions, but none of that is as scary as The Emergency was to me in 1975-77. Not even close.

It’s not as if someone can leave my iris behind at a crime scene. If someone finds my eyeball rolling around alongside a corpse, the chances are the corpse is me. if someone leaves a photograph of my iris behind as a calling card, not even the Keystone Cops will assume that I’m the likely perpetrator.

So bad doesn’t look too bad in many of these cases.

When it comes to banking, it’s a different story. Bad can look bad. If you’d like a humorous way of finding out why, listen to this clip by Mitchell and Webb. [Oh the humanity. Worth listening to for that line alone.]

We already use biometrics for banking, the common-or-garden signature is a biometric, particularly if you start analysing pressure and time and emphasis and all that jazz. People have tried to forge signatures, and if electronic signatures become more common, then I am sure that people will try even harder to forge signatures.

I try and adapt to changes in the environment around me. For example I think about where I want to use my credit or debit cards so as to minimise the risk of cloning, and avoid the places where I think the risk is high. If my bank said I could use iris recognition in order to withdraw cash, I wouldn’t sign up. I would use other ways. if they said that it was the only way, I would use other banks. Simple as that.

It doesn’t mean that I am against the use of biometrics. Rather, I am against the use of biometrics in environments where the weaknesses of biometrics overwhelm the strengths. As stated before, I use biometrics to enter the UK. And I would be happy to use biometric locks in my front door, as Xeni Jardin refers to here.

As Bruce says in that article, if someone wanted access to my house, they can make a surreptitous copy of my key or throw a rock through my window. They don’t have to cut my finger off.

Biometrics aren’t bad. Biometric banking is already here, as in the use of signatures. But we need to think hard about allowing increased use of biometrics in banking. Because bad could then look very bad.

Let’s be careful out there.

Follow the money

Deep Throat: Follow the money.
Bob Woodward: What do you mean? Where?
Deep Throat: Oh, I can’t tell you that.
Bob Woodward: But you could tell me that.
Deep Throat: No, I have to do this my way. You tell me what you know, and I’ll confirm. I’ll keep you in the right direction if I can, but that’s all. Just… follow the money.

All The President’s Men, Woodward and Bernstein, 1974

Identity theft. Mmhmm. A term that hasn’t been around that long. Just what gets “stolen”? Maybe Mitchell and Webb can help us understand that: just watch this clip. [Thanks to Kevin Marks for giving me the tweet-up.]

Of markets and conversations and horses’ mouths

Kathy Sierra met Christopher Locke for the first time a day ago. If you want to know what they spoke about, watch CNN on Monday between 6am and 9am (I am assuming EST, if anyone knows better please comment). Link.

Reviewing identity

When I speak to people about identity, many of the responses go very quickly into detail about federated models and use of microformats and OpenID and and and. This is great, because we clearly have a community talking about standards and fashioning them via usage — trying them out — rather than abusage — pontificating in front of slideware.

As I said, this is great. So what’s the problem? The problem is that it’s a small community. We aren’t going to solve this issue unless we have a somewhat larger number of people truly engaged. One way of engaging people is to keep raising awareness of what identity is about.

Yesterday I promised to review what I thought and felt about identity, and to kick that off, here’s an extract from a year-old post:

The identity debate seems to encompass many disparate things, either directly or indirectly, so I’m going to just list them to begin with:

  • Ecce Homo: A means of identifying who I am, with some other relatively static data, eminently suitable for “microformat” treatment, and probably needing to be combined with some other way of confirming who I am, “two-factor authentication”. Like having a card and a PIN or signature. This is as permanent as can be, a metaphorical passport or fingerprint or iris pattern or whatever. This probably includes all the numerical tags I collect like frequent flyer and affinity memberships. It can include my credit cards and accounts. It is the same regardless of the specific relational or transactional conversation I happen to be in. My gut feel is that each person should have only one of these, and that it should be “small but perfectly formed”. And that it has to exist and be verifiable in a dotorg state.
  • Letters of Intent: A means of letting people know about my intentions, what I’m interested in or looking for. I make known my preferences and interests. Some of them are temporary, some of them are permanent. I choose who I want to tell. As in Doc looking for rental cars. As in my signalling to individuals in my social network that I will be within n miles of where they are at a given time. My information. Signalled to whom I want to. When and where I want to. Giving the listener an opportunity to converse with me and relate to me. Even things like last.fm are variants of this.
  • Tell them Phil sent ya: A way of associating other people’s perceptions of me with me, both qualitative as well as quantitative. This is trust that I can acquire but not control. Ratings I have, whether credit or eBay or college scores or whatever. Variable over time. Not suppressible by me. But challengeable by me, so that dispute or contention can be flagged. I may have many such ratings, used for different purposes, but inspectable at the behest of the requestor. And changed as a result of the conversation.
  • Trust me, I’m a doctor: A way of telling other people my own perception of me. Kitemarking my sites and blogs and articles and photos and quotes and whatever. Here what I am doing is endorsing stuff in the public domain about me, indicating (a) this came from me or (b) even though it does not come from me, I nevertheless approve it, I endorse it. This is like a great seal, a way of stamping that something is Orl Korrect. Or that Kilroy was Here.
  • My name is Bond, James Bond: A licence to do something. Granted by someone else. Usually not transferable. Usually not permanent either.
  • Come up and see my etchings: My choosing to expose things I have done, expired and executed letters of intent. Pictures of my activity with others. Kiss-and-tell. My information. My choice as to whom I share it with. And I can make this choice single-use or temporary or permanent. Probably even includes financial transactions and medical history.

Above and beyond this, I think identity is as much about what I stand for, the community I belong to, the community that will have me as a member. Identity itself is essentially social rather than individual. I will spend the next couple of days going through my own thoughts and notes on the subject, and then summarise them for readers. All this is distinct and separate from design and implementation issues, which will follow later.