Identity & Privacy in Internet
A New Form of Global Identity
John Perry Barlow, in his famous declaration of independence of Cyberspace, spoke to us about a new territory within the Internet that would overcome physical borders and that would belong to the people, but as the article Sovereignty in Cyberspace published recently by Christopher Shea, points: the internet world that Barlow prophesied is under threat.
The only way that we can overcome governments is with technology. Technology that is being created today by many SMBs like Amteus recently floated in the AIM market of the London Stock Exchange. Supporters of this technology are building a web to support the company that was recently the target of anonymous attacks.
The giants are providing technology to the governments so that censored internet is happening and borders within the internet a practical reality today.
A new and global concept for identity and Identity Based Encryption that breaks completely the actual approach will be the basis of a border breaking internet. This is what Amteus believes, but is also a must in the vision of Ray Ozzie's with his shared world of information and calendars... will Microsoft giant provide the people with a solution through Ray Ozzie...?
I doubt it. I have more confidence in what may come in a near future from some of these new companies that are proposing a new way to communicate.
The Conceptual Problem of Identity
Identity is a Human Right, probably the first human right, the right to identity. But in the internet we mostly work without identity, and precisely, not being the identity in the hands of governments it allows a somehow borderless environment. But... the lack of identity leads to lack of security and information flowing freely, whilst your identity is left in myriads of places, particularly if you do some sort of business in the internet, from owning a domain to buying a book or checking your account. This leads to a situation in which your identity is scattered all over the place. The details to your identity are easily accessible.
The Traffic Patrol Police asks you your driver’s number.... you answer your number... 334583
Traffic patrol then asks your password... you answer.... wRtthffyu
Then traffic control policeman asks you randomly information is showing on his screen about your personal data: the one he has pulled once you gave your Driver Number... He sees your password, checks it’s correct… Continues with zip code, S.S. number, etc... Information that you may or not remember. May be you changed homes for example... Too long, too tedious, too unsecured, too resource demanding.
More over if it is at passport control, and your identity is a passport number and a similar procedure... Would Homeland Security consider this as a valid way to guarantee identity of the the person that want to enter the USA?... may be with criminal intents...?
Something so much out of the mind of any government, to provide identity through the knowledge of information, has been adopted as common practice in the internet, so then identity theft starts...
Personal Information of the user is stored in a variety of web sites, including but not only credit card numbers, shipping and billing address, social security numbers, passwords (and we all tend to use the same passwords), etc… creating a big liability and risk for both user, web site and obviously financial entities that issued the credit cards and other financial instruments
WHY?
“Because information is identity when identity is virtual, identity theft is based on stealing or accessing to information… both easy to achieve these days”
The only way to protect your identity is if you carry it with you, like a Drivers License or a credit card. They have to rob it to you using violent or devious means and we tend to be alert so that it does not happen, but how can we be alert if someone is stealing our virtual identity?
And the only way that identity is not scattered around is if identity is read from your identity device and passed to the other party that wants to identify you, but it is not kept or stored by the other party. Like your drivers license... you show it and you keep it back in your pocket. Recently UK Government ICO came to propose the UK ID as a digital certificate in an ipod. Steve Jobs must be very happy about what he is listening to.
And then if you use identity within an encryption scheme that we all share but that is particular to the session of those two parties and never kept, then privacy, security and cross border free communications between identified and authenticated users becomes a reality. Like that digital certificate but in a dongle that you carry with your keys. The key to secure and private communications between identified users. A dongle that like a key can be activated easily, like you can easily get a copy to your key, but that it is you that carry it and needs your personal intervention to get a copy done. But within a simple and accesible to all technology.
The solution:
The Identity Dongle, a cheap USB memory stick with a crypto processor that is blank, and acquires identity when an identity provider activates it.
There is a presentation of this concept in my web to share this information under the GNU Lesser GPL License. By clicking on this link you accept viewing it under such agreement.
A Tree of Identified Domains using a Universal Identity Dongle which is something as easy to manufacture as is a key today, and that gets activated by an accepted Identifying Entity, which will hold your identity submitting itself to International Rules... may be even with UN intervention like with DNS. Each realm, of identified users, can share their level of trust with other realms, but this has to be yet spoken about and decided. The end result: we carry our identity, we allow our trusted digital identity provider to activate our key, but we carry the key, and the data stays in the key, we just share the data and use it to encrypt our personal comms sesions, be it with an email, IM, VoIP or browsing blogs and webs.
The right to have a secure conversation once you have identified yourself
The right to preserve the privacy of your identity and financial systems online.
The solution, a dongle.
The software, a p2p solution with Email and secure web browsing
Please post your articles about this initiative in my blog that I have opened for that respect in Gururaj Raman Ananda and share with me your opinions.