Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
The social problems facing Digital Identity

By mcherm in Technology
Sat Apr 13, 2002 at 02:53:07 PM EST
Tags: Focus On... (all tags)
Focus On...

I am a Kuro5hin reader with absolutely no connection to DigitalIDWorld.com. But since we've started this discussion on the topic of Digital Identity, I thought I would share some of my thoughts on the matter.


I would like to begin by describing four different scenarios. Each of these scenarios is completely within the reach of our current digital identity technology, in fact some of them have already been implemented! The technology itself is really not the point of these examples.

Scenario 1: You have two keys to your house, and a key to the garage. Then there's the key to your car, and to your husband's car, and two keys for work. Throw in the key to the gym, the mailbox, and perhaps a few others and it's a wonder you don't suffer from back trouble just carrying them all around!

Imagine if you had just a single "key" -- some sort of an electronic identifier. You would set the locks on your house, your car, your office, etc to admit that key. You could easily set your house locks to let the neighbor's kid in with HER key for a week so she can feed the cat for you while you're on vacation. It's a technology that makes everyone's lives easier in a number of tiny little ways.

Scenario 2: We issue ID cards to all of our employees. Each ID card has a picture, along with their title and clearances prominently displayed. Everyone is required to present their card in order to enter the building. Visitors such as family members are permitted, but must be accompanied at all times by someone with an appropriate ID card. The elevator to the executives' floor will only operate if presented with an executive card, so anyone else must call ahead to be accompanied by an authorized individual.

Both of these scenarios are possible, using the same technology. One exists today, the other is a pipe dream.

Scenario 3: Handing your credit card number and expiration date to every clerk you encounter is a real security risk. And quite a few people are (or were at first) especially wary about using a credit card over the internet. We've all heard about the cases (fortunately quite rare) where thousands of credit cards had to be re-issued because a hacker compromised an online retailer's database.

Imagine if you set up a web-purchasing client -- call it an "e-wallet" -- running on the end consumer's machine alongside their browser. When the merchant wanted to make a purchase, they could supply a cryptographically tagged "invoice" for the amount. The software on the customer's machine could then "approve" the charge, and return some cookie to the merchant. The cookie would be sent to the card processor, who could verify what card it came from and the amount of the charge authorized, but card number would never even be transmitted, thus eliminating all risk of it's secrecy being compromised!

Scenario 4: The same idea of an "e-wallet" running on the customer's machine and integrated with their web browser could be used in a different fashion. The idea of preventing credit card details from being transmitted openly sounds good, but it might not be universally compatible, so we'll simply transmit the data without special protections. One big advantage to the customer is that they won't need to actually TYPE IN the number off of the card -- the software can pre-fill it for them along with their name and address. The other thing that this software could do would be to monitor every purchase that the consumer makes, and every website that they visit while simply browsing. THIS information could then be collected by the company offering the "e-wallet" service, and it would be very valuable indeed if sold to advertisers.

There IS a technology known as "e-wallets", and it works as described in scenario 4.

. . . . . . . . . .

So by now I think you can begin to see the point that I am trying to make here. In my opinion, the technical hurdles -- fascinating though they are -- are not the biggest problem facing Digital Identity. Most of what we want Digital Identities to do has been possible since the invention of public key cryptography, and is only advanced, not fundamentally altered, by recent advances in fingerprint scanning, facial recognition, and so forth.

No, the biggest problem facing Digital Identity is a social and cultural problem. There is a difference (a significant one) between those applications which would benefit individual members of society, and those applications which would benefit large influential corporations.

Unfortunately, the kinds of systems that we are talking about can really only be implemented by large corporations. Such systems -- even if they save money once implemented -- require large initial capital outlays. They also tend to work best only when very widely used, which makes it difficult for individuals make independent choices. And evaluating Digital Identity systems involves some fairly advanced and technical considerations, which most individuals are woefully ill-equipped to research and evaluate. So such systems are almost sure to be designed and set up by (and for) large corporations.

Thus, I assert that the largest problem Digital Identity is that, despite much potential for benefiting everyone, our current social structures are such that AS IMPLEMENTED it will benefit a few large players (mostly corporations or governments), to the detriment of the individual. If the social implications of these technologies are not properly addressed, then instead of eagerly awaiting the promise of Digital Identity we fear it.

To my mind, an open discussion forum such as this one is the perfect place to begin addressing those social implications, and discussing what we (as a society) can do to make Digital Identity technologies work for our benefit.

-- Michael Chermside

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Kuro5hin
o Also by mcherm


Display: Sort:
The social problems facing Digital Identity | 34 comments (32 topical, 2 editorial, 0 hidden)
I need a security blanket... (4.55 / 9) (#1)
by CluelessNewbie on Sat Apr 13, 2002 at 11:33:59 AM EST

I don't actually like the idea of having all of my 'important' information in one 'thing' (be it card/key/whatever). Part of me does, because I keep all of my physical keys on one ring. But as a gut reaction I find it a bit worrying.

One thing springs to mind. If I lost the 'receptical' for my digital identity (and did not have a copy), and it contained every thing, then I would have to go through some process to regain 'my' identity. Perhaps this would be some central repository for this information? In fact this leads on to your point about it benefiting big players, because if there is some central agency then the information on me held by them could be sold, either directly or indirectly. The process of regaining my identity would be important also, it would have to be hard to discourage fraud.


-------------------------------------------------
"Do you know what nemesis means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by a 'orrible cunt. Me."
BrickTop
lost recepticle (4.60 / 5) (#2)
by Skippy on Sat Apr 13, 2002 at 12:00:17 PM EST

The recepticle simple needs correctly engineered. It needs two parts. A "storage and key maker part", let's call it a base station, and the "key".

The key and the base station both hold the same encrypted information. The key uses a "simple" authentication method such as a strong password (obviously NOT stored on the key). This makes it simple for you to authenticate for purchases/access. If you lose it, it is still unusable to someone who finds it and you still have your information in the base station.

If you lose your key you should be able to go buy a new blank key and load it from your base station using a strong authentication method such as a biometrics/password/third-party. This makes sure that a) it's actually you with a two-factor authentication and the third party can verify that you are not creating a key under duress.

I REALLY like this article. I especially like the thought experiment in number 3. Good job!

# I am now finished talking out my ass about things that I am not qualified to discuss. #
[ Parent ]

Base Station (4.00 / 1) (#14)
by Kwil on Sat Apr 13, 2002 at 09:08:23 PM EST

This is a good idea.
Combine it with a key that expires regularly, and then if someone steals your key-holder, they have a limited time to make use of it.

Of course, even better would be a key-holder that if lost lets you call a number or go to a certain place and report it as gone. The key is immediately expired, and any transactions after that or since you claimed it was gone are halted and the key tracked.

Of course, the problems with this have been discussed in the previous article - who do we trust enough to allow to track our every movement and purchase?

That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze


[ Parent ]
+1 Fp, yeah i'm a community whore.... (1.15 / 19) (#3)
by sisyphus on Sat Apr 13, 2002 at 12:04:35 PM EST

but they pay the bills.Can't be assed reading the article, but i'm assured it must be good...


The gods had condemned Sisyphus to ceaselessly rolling a rock to the top of a mountain, whence the stone would fall back of its own weight. They had thought with some reason that there is no more dreadful punishment than futile and hopeless labor.

Payment doesn't depend on story posts (5.00 / 3) (#6)
by fluffy grue on Sat Apr 13, 2002 at 02:28:57 PM EST

They pay for the section whether it exists or not.

On the other hand, your comment should have been editorial.
--
"...but who knows, perhaps [stories about] technology and hardware will come to be [unpopular]." -- rusty the p
[
Parent ]

Er... (none / 0) (#28)
by fluffy grue on Mon Apr 15, 2002 at 04:21:35 PM EST

I mean, whether it gets posted to or not.
--
"...but who knows, perhaps [stories about] technology and hardware will come to be [unpopular]." -- rusty the p
[
Parent ]
It takes only two people (4.00 / 2) (#4)
by imrdkl on Sat Apr 13, 2002 at 12:19:44 PM EST

interacting over a network or other medium where they cannot see each other, to (possibly) give rise to the need for digital identification, authentication, privacy, and (in legally binding transactions) non-repudiation. Sure, corporations, governments, and other large groups of people can utilize the benefits of digital id, but that doesn't stop it from being useful for small groups. Families, for example, can use digital Id's to participate in a private family website.

I think that your contention is somewhat typical, due to lack of interest in and understanding of the uses for simple digital id implementations. To address this, I intend to outline a simple web CA in the very near future, in this section.

Scenario 5 (4.62 / 8) (#7)
by localroger on Sat Apr 13, 2002 at 02:52:48 PM EST

You have the digital ID, the single ID that grants access to your credit card, your house, your bank account, starts your car, and opens the executive bathroom for you...

...and it gets stolen or cloned.

Now, instead of a minor problem affecting your car, your bank, your credit rating, or your ability to take a leak at the board meeting, you have a BIG problem affecting your entire life.

So we go to Scenario 6, where the highly secure RSA-encrypted transponder is surgically implanted into [insert body part]. Now all you have to do is present [body part] and nobody can steal it from you...

...unless they decide to separate you from your [body part]. Now instead of being robbed you've been more or less mutilated, depending on which [part] you use. Same problem comes up for biometric ID. Does the fingerprint scanner know whether the finger is alive? Does it know whether it's still connected to its original owner?

The more the ID is used for, the more tempting a target it makes. It might not be worth chopping off your hand or gouging out your eye to steal your car, but if the same crime allowed the criminal to clean out your bank and retirement account, run up all your available credit, and bomb your employer, you'd have much more cause to worry.

I'll keep my traditional keyring, thanks. It spreads the risk around so that if I lose a key or card I don't lose everything. Any form of centralized ID makes too tempting a target for criminals.

P.S. The government can be such a criminal too. When they decide, as at the beginning of Margaret Atwood's The Handmaid's Tale to decitizenize [selected scum class] it's a lot easier if they can go in through your convenient single ID and erase your life.

I can haz blog!

5 for sensibility but ... (4.00 / 2) (#8)
by Kalani on Sat Apr 13, 2002 at 03:28:30 PM EST

... don't lose your keyring. ;)

-----
"I [think] that ultimately physics will not require a mathematical statement; in the end the machinery will be revealed and the laws will turn out to be simple, like the checker board."
--Richard Feynman
[ Parent ]
Biometric identification (4.66 / 3) (#11)
by sampad on Sat Apr 13, 2002 at 04:21:26 PM EST

At the current state of technology, stealing someone's ID is harder than it sounds. Most modern identification systems check to make sure that the ID is still connected to the person. High end fingerprint scanners can pick up pulse, heat, or conductivity in order to make sure the finger is still attached. The scanners that check the person's iris or retina are smart enough to tell the difference between a living eye and a photograph. At the moment, it is easier to ID someone than to forge that ID, but this is going to be a continual arms race. Sooner or later, someone is going to figure out how to create a synthetic finger or eyeball than can mimic and person, but hopefully that will be too complex or too expensive that we won't have to worry about it for a while

[ Parent ]
Yeah, but lots of people watch bad movies (5.00 / 1) (#24)
by pietra on Sun Apr 14, 2002 at 11:07:03 PM EST

and don't bother to do much research. Quite frankly, I'm pretty sure that there will be lots of amputations and mutilations if biometric keys take off, at least initially. Eventually thieves will figure out that detached fingers don't operate as biometric security devices, but that won't do you much good if your finger has been cut off. I'd rather not take the risk in the first place. I know far too many people who have seen Total Recall, for instance, and they tend to be quite convinced that gouged-out eyeballs will work dandy with an iris scanner.

[ Parent ]
Also (5.00 / 1) (#26)
by Cro Magnon on Mon Apr 15, 2002 at 11:30:31 AM EST

When the BadGuys (tm) do catch on that chopping off your body parts won't work, they'll just force you to withdraw the money yourself, and maybe kill you afterwards so you won't be around to report it. Technology will never eliminate crime.
Information wants to be beer.
[ Parent ]
Technology will never eliminate crime. (none / 0) (#29)
by mami on Mon Apr 15, 2002 at 09:14:49 PM EST

no, it usually makes crimes more efficient, faster and more destructive.

[ Parent ]
A few points (4.50 / 6) (#9)
by quartz on Sat Apr 13, 2002 at 03:48:05 PM EST

Scenario 1: If I have only one key for everything, all someone who wants to screw up my life (from script kiddies to the government) needs to do is to get a duplicate of that key. Uh... no thanks. While having many keys can be inconvenient at times, it increases security. I like convenience and all, but not when it interferes with my security.

Scenario 2: that's actually more inconvenient than relying entirely on security provided by human security guards. That's why it's currently being done in high-security facilities, but not in your average office building.

Scenario 3-4: There's a much simpler solution available today (at least from my CC provider): whenever I need to buy something online, I go to my CC provider's website and get a unique transaction number, which I present to the merchant as my CC number. The number becomes useless after I make my purchase. Simple, convenient, and portable. Plus, I can use it from any OS I happen to be running at the moment, without having anything "integrated" into my browser.



--
Fuck 'em if they can't take a joke, and fuck 'em even if they can.
Keys (4.00 / 2) (#21)
by premier on Sun Apr 14, 2002 at 08:10:06 PM EST

What you say about having a different key for everything increasing your security makes sense. However, 99% of people carry their keys on a common keyring. Thus, when you lose that keyring, you lose them all, not just one key.

[ Parent ]
Security not stupidity (3.00 / 1) (#22)
by quartz on Sun Apr 14, 2002 at 10:00:33 PM EST

I wasn't talking about what happens if you lose the keyring. I was talking about what happens if someone decides to poke their nose in you private life: if you use one key to access everything, they'll duplicate the key and have instant access to everything; otherwise, they'll have to duplicate all your keys, which requires a significant amount of effort on their part.



--
Fuck 'em if they can't take a joke, and fuck 'em even if they can.
[ Parent ]
Credit card crimes (4.00 / 1) (#10)
by theboz on Sat Apr 13, 2002 at 04:08:06 PM EST

I think that using credit cards has become a little more secure from one of the major ways it used to be used. Until the past few years, you could order stuff from a catalog without using a real credit card number, or at least one that verifies against your name and other information. People on the internet would trade card numbers and programs to generate valid card numbers based on the prefix. Basically, if you wanted to rip off a bank, you would just find out the prefix used on their cards, then make up some B.S. for the rest of the number, and it would look like a valid charge to the old system. This resulted in a problem between the bank and the retailer, and one of them always had to eat the cost.

Now I think there is a little more protection for the retailer in that they verify more information, and often wait until the transaction is completed before sending you what you ordered. Sometimes it comes back that this information is fake and the bank screws them over, but this is not as easily done as it was in the old days. Banks have a whole lot more protection anymore, although they still can suffer losses. Then there's the consumer. I feel that very little has been done to help consumers. With the increasing amount of debit cards over credit cards, it is getting easier and easier to steal money from people. If a thief takes your credit card number and buys something, you simply have to call your credit card company and tell them you didn't make those purchases and ask them to give you a new card. However, with a debit card, the burden is on you to get your money back, and the banks make it very difficult for you to do.

I think that the pace of the advances of digital IDs and transactions are going slowly because of these problems. People have been bitten by crime too often, and seen too much on TV to give them a lot of confidence in the system. I think that's a good thing, and gives everyone time to come up with the most secure digital id that they can. I look at driver's licenses as a good example. It wasn't too long ago that states would print out a paper with your information and a photograph on it, that would just be laminated. These were very easy to fake or modify, so they evolved to using a piece of plastic with holograms and other things to make it harder to counterfit. I think if this can be done in the real world, it can be done in the computer world too.

Stuff.

Debit cards (5.00 / 1) (#12)
by pdw on Sat Apr 13, 2002 at 05:10:50 PM EST

With the increasing amount of debit cards over credit cards, it is getting easier and easier to steal money from people.
I've seen similar claims before, but I don't understand them. I probably should say I live in Europe (Belgium to be specific), and I don't know anyone who has a credit card. Debit cards on the other hand are ubiquitous here.

I always viewed credit cards as the less secure system. If a thief steals your credit card, he basically has your money. If he steals your debit card, he only has a piece of worthless plastic, as he doesn't know your PIN code.

Wait... I think I see the problem. My guess is that American-style debit cards don't have any kind of code associated with them. I can see that in that case, credit cards are preferable. Am I correct in this?

[ Parent ]

U.S. Debit Cards (4.50 / 4) (#15)
by theboz on Sat Apr 13, 2002 at 09:15:09 PM EST

The debit cards here act as many things. They can be used as an ATM card, a credit card, and occasionally something else.

For example, if I were to go to buy groceries and use their machine, I can use it as an ATM card and get cash back. This requires a PIN. If I were to use it as a credit card in a restaurant, then I only have to sign a reciept, exactly like a credit card.

Also, the way it works in the U.S. is that you aren't using a credit card to pay with money you have. It's the same as getting a loan in a sense. However, if someone steals your card it's usually pretty easy to cancel the card as stolen and not have to make the payments on those purchases. A debit card takes money from your checking/savings accounts instantly, so if it is stolen and used as a credit card, your money is already gone before you realize it.

Stuff.
[ Parent ]

PIN codes (5.00 / 1) (#25)
by Mashx on Mon Apr 15, 2002 at 04:31:01 AM EST

I find it quite intriguing how PIN codes are seen in France/Belgium for the debit cards like Carte Bleu, as they just have not been accepted so readily in UK. I think the problem was that a standard non-chipped card could be read so easily that the PIN codes just aren't trusted yet: using a Carte Bleu is so much quicker than using my Switch card in UK.

Interestingly though, my AmEx card and the last Credit Card I got from one of my suppliers have the same chip technology as the Carte Bleu, even if the Carte Bleu readers don't recognise them yet..

I would say that it is not credit versus debit system but the signature versus chip/PIN combination. I've had some fun in Paris signing my credit card receipts 'Mickey Mouse' etcetera to see what I could get away with... Definitely not very secure!
Woodside!
[ Parent ]

Fraud (OT) (none / 0) (#31)
by juahonen on Tue Apr 16, 2002 at 03:01:23 AM EST

signing my credit card receipts 'Mickey Mouse' is called creadit card fraud, not what I could get away with.

[ Parent ]
Hmm (OT) (none / 0) (#32)
by Mashx on Tue Apr 16, 2002 at 02:17:11 PM EST

Well, I can see what you are getting at, but I'm only defrauding myself. So, I am seeing what I could get away with, rather than defrauding someone else....
Woodside!
[ Parent ]
There's also a liability issue (5.00 / 2) (#27)
by aphrael on Mon Apr 15, 2002 at 03:50:06 PM EST

if someone steals my credit card and I report it missing, then I am only liable for *50 dollars* worth of fraudulent charges they run up; the credit card company has to eat the rest of it.

if someone steals my debit card, i'm responsible for *all* of the charges they run up before the card gets cancelled; the money is drawn directly out of my account, and nobody is going to put money back into it.

[ Parent ]

Interesting Difference between UK and France (none / 0) (#33)
by Wildgoose on Fri Apr 19, 2002 at 09:09:41 AM EST

A friend of mine used to work in a Durham bookshop, (he studied French and German at Durham University). He had a French couple attempt to buy some books with a credit card they hadn't signed, and so he asked them to sign it first.

This caused some consternation.

He was told it is common in France not to sign your credit card because then any thief knows what your signature looks like, thereby enabling them to forge your signature on the credit card slip.

As UK citizens we found this concept interesting to say the least...

[ Parent ]

Good Read Thnx (3.66 / 3) (#13)
by underscore on Sat Apr 13, 2002 at 06:47:49 PM EST

A concise clear presentation of a viewpoint I hadn't considered. The why of the Tao of K5 for me :) Thnx.

Maybe (e.g. Canadian) federal governments will have to implement and maintain the infrastucture as they are directly responsible to the people (in theory) and are presently the final arbitrator of anyone's legal indentity. The tax money could be made available to underwrite development and the federal government is already predisposed to handle confidentiality in such matters as say taxes.


a geek possessed of animal cunning
is a most fearsome adversary

nice article (4.00 / 3) (#16)
by chale on Sat Apr 13, 2002 at 11:22:24 PM EST

this is the type of story i was thinking this section would generate. and i do not think that this takes anything away from the sponsors. in fact, they could use articles like this to show what they think of the issues raised in such articles.

while the issue of a digital identity does not have a great impact on my life(i am after all using one for posting here), having these issues thought about for the future could prevent many problems.

clarence


Last week, I began a sentence by saying, "If Bush had any imagination..." and then I hit myself. Silly me. "Molly Ivins"

Digital evidence in a court (3.33 / 3) (#18)
by juahonen on Sun Apr 14, 2002 at 06:54:35 AM EST

Digital IDs allow gathering information of vast amounts of activities of an individual. Perhaps the data is scattered across thousands of systems with which the person interacts, but gathering them is possible. Now, there's nothing bad at storing the information, the systems doing that might require such information. But there's a problem if such an evidence is allowed in a court of law.

Without digital IDs a person can "get away" of embarassing situations. People forget about them or they just don't mention they know. It's all different with computer records, they don't forget and they certainly will mention it.

Also, such records would make people draw conclusions before they know anything of the situations ("so, he has had his identity checked twice in a shop! he must be a shoplifter"). And when that kind of records are used in a court, they might not have a mention that the person was on a honest business.

Hmmm, perhaps an underground... (4.00 / 2) (#19)
by CluelessNewbie on Sun Apr 14, 2002 at 12:00:35 PM EST

You're right about the 'audit trail', I wonder if there will be alternatives to the DID, a sort of underground trading system?

There are definitly things that I do that I would not want anyone else to find out about, I don't NEED that gps and my wife would kill me if she found it! Perhaps a body for anonymous transactions would start up - much as you can get 'anonymous' e-mail or use 'freenet' for example. It would just show up as a sort of third party on your records.

Then we get to the questions of how the authorities would handle this kind of service...


-------------------------------------------------
"Do you know what nemesis means? A righteous infliction of retribution manifested by an appropriate agent. Personified in this case by a 'orrible cunt. Me."
BrickTop
[ Parent ]
m$ kind of view. (2.50 / 4) (#20)
by seele on Sun Apr 14, 2002 at 08:07:09 PM EST

just a comment on scenario 3 and 4.. this reminds me alot of the passport system microsoft has set up for .NET . im not sure what i would like better.. the government in charge of my shiznt.. or a corperation

How so? (none / 0) (#34)
by alge on Sat Apr 20, 2002 at 02:58:58 PM EST

How is scenario 3 like passport? As I see it in scenario 3 the client will have to sign and encrypt the "cookie" with strong crypto, and doesn't require anything secret info (just billing address etc) on the serverside. AFAIK is passport all serverside?

vi er ikke lenger elsket her

[ Parent ]
about scenarios 3 & 4: (4.00 / 3) (#23)
by KiTaSuMbA on Sun Apr 14, 2002 at 10:44:10 PM EST

We usually think of a wallet as an object we keep with us: this is not the case for internet. Some considerations:
1) Internet protocols are not per se secure, as they were designed in an era that network security was the last issue. So the basis for "thefts" of transactions will always be there.
2) The most efficient (but still not absolute) way of securing internet transactions is the strong encryption. Yet some conservative people argue that it should be illegal and abolished (think about living in a house of glass walls). How many digital ID packages are encrypted securely enough?
3) The use of cookies for transactions is the most dangerous proposal I've ever heard of. There is no easier thing to steal from a web browser than cookies. Even if they are designed to be a "unique, one-use" kind of thing, if you steal enough of them, it wouldn't be that hard to reverse-engineer the algorythm behind them. Dammit you could crack your own for starters and see how it works.
4)Above (point 3) considerations are valid for embedded in-browser software to automaticaly give your transaction data. Plus, another issue: where do you keep your money? Under the pillar or in a bank? In a bank of course, because a) you can never be sure enough of your house's security. This is even more valid for your computer!
b) your money in the bank are insuranced. You won't lose a dimme if they rob it. Yet the internet economical crime is deployed as a trick of impersonating you, and it is usually laborious if even possible to prove it was a trick and not yourself purchasing.
5) the "one key opens it all" comodity: if taken away, one key breaches everything too! No thanks, I prefer handling those 10 different, 16 chars-or-more, completely irrational passwords!
I am very sceptical of using credit cards over the net. As a matter of fact, I do so only if the site supports the latest SSL and I have a second (notably "dry") credit card for doing so, since I wouldn't be happy to find that some kid on the other side of the plannet spent my month's income overnight in pr0n accounts :-P. So, before going another step ahead, that is in Digital ID, I urge you to *consider* the technologies behind it: there is so much of the discussion and research still to be done! Commodity will always be an opposing force to security.

There is no Dopaminergic Pepperoni Kabal!
To be frank (4.66 / 3) (#30)
by mami on Mon Apr 15, 2002 at 09:39:12 PM EST

what bothers me the most:

1. identities can't be verified with hundred percent security (aside may be from biometric identification)

2. my purchase or thinking patterns can be registered, collected, sold and used to profile me.

3. the programmer and the system admins with root access can't be controlled (I think, I guess)

4. the owners of the businesses, who collect the data on their servers, can't be controlled.

Any normal person would run away from that kind of technology. The fact that we don't just shows that we are hopelessly addicted.








The social problems facing Digital Identity | 34 comments (32 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!