Thoughts on the National Strategy for Trusted Identities in Cyberspace

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.

Here is my answer to the NSTIC Governence Notice of Inquiry.

And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.

Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

[Read more…]

Identity Books Arrive

So I had two book shipments arrive today – i thought I would share them in case any of you out there also are reading or hope to read these books soon. Let me know.

From AMAZON today came

Identity and Control: How Social Formations Emerge, Second Edition by Harrison C. White.
This one was recommended by the Value Networks mailing list that I am on. It dives into the construction of sociocultural context. Chapter one is titled Identities and Control. Should be good.

I am a Strange Loop by Douglas Hofstadter (author of Godel, Escher, Bach) This one was recomended to my by Scott David at lunch when I met him in Seattle recently. A mutual friend introduced us five months ago in e-mail. He is a lawyer based in Seattle and participating in the ID-Legal group . The book asks the question “What do we mean when we say “I”?

I got three books that I hope will be useful in gaining some more skills/tools for communicating about identity topics.

Back of the Napkin: Solving Problems and Selling Ideas with PICTURES by Dan Roam

Presentation Zen: Simple Ideas on Presentation Design and Delivery by Garr Reynolds (I saw him present at SlideShare recently.

and
Indexed (the space betwen short, nerdy and oddly attractive) by Jessica Hagy (her blog) – think Hugh MacLeod but with diagrams on index cards rather then cartoons on the back of business cards.

Books I bought in Boston and shipped home arrived :)

Buckminster Fuller:Staring with the Universe is the catalogue from the Whitney Museum exhibit about him. This gets to our identity as beings on spaceship earth in the universe.

Uniforms: Why we are what we where by Paul Fussel

Ok these’s don’t exactly have to do with identity but they are fun – and besides “you are what you eat” right?
Slow Food: why our Food should be Good, Clean and Fair by Carlo Petrini – it is a translation of his manifesto originally in italian – this weekend happens to be Slow Food Nation

On Guerrilla Gardening: A Handbook for Gardening Without Boundaries by Richard Reynolds.

Last week Cody’s Books was closing in Berkeley. The bank of the company that owned the store recalled the loans. The store closed about 6 weeks ago and sat there with all the books inside. Then 2 weeks ago they sold all those remaining books at 40% off.

I got four Identity related books

Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition (2007) by Whitfield Diffie and Susan Landau.
Less Safe, Less Free: Why Americans are Loosing the War on Terror by David Cole and Jules Lobel

Who’s Watching You? The Chilling Truth about the State Surveillance, and Personal Freedom by Mick Farren and John Gibb

and

cybertypes: Race, Ethnicity and Identity on the Internet by Lisa Nakamura. (cybertypes is her updated word for stereotypes that appear on in the context of cyberspace).

On “Democracy” in contemporary America

I just picked up two books by ‘the’ Naomi’s today.
I saw them in the book shop and I was compelled.

1) The End of America: A Letter of Warning To A Young Patriot
by Naomi Wolff

Naomi Wolff is on the Colbert Report
We don’t have a lot of time free societies close down very quickly she points out and we need a democracy movement to restore the rule of law.

2) The Shock Doctrine: The Rise of Disaster Capitalism
by Naomi Klein

This is a short film about the topic of the book.

3) I recently was pointed to the Century of the Self a film by the BBC. it is a documentary about the role of psychoanalysis, marketing, and public relations in the united states. The concluding installment covers the application of these techniques in the “democratic” political process.

It is well worth watching and is on the Internet Archive.

Identity stories from Slashdot

Yesturday was a rich day for identity related stories.
Feds Start Small on Smart IDs talks about the start of the roll out of

The use of personal identity verification, or PIV, cards for verifying the identities of all federal workers and contractors was mandated by Homeland Security Presidential Directive 12. The unfunded HSPD-12 mandate specified that agencies must adopt a common identification credential for access to government facilities and computer systems.

Friday’s deadline and an earlier one calling on agencies to develop procedures for verifying the identities and backgrounds of all workers by last October were both considered exceptionally aggressive because of funding issues and the technology and process changes required.


Does anyone know what the procedure they actually developed is?

The register reported that to buy a beer in the UK you will have to give your finger print. The rational is to reduce ‘drinking related crime’. It sounds freakishly Orwellian.

Beer fingerprints to go UK-wide:

The government is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities.

Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers.

The council had assumed it was its duty under the Crime and Disorder Act (1998) to reduce drunken disorder by fingerprinting drinkers in the town centre.

Some licensees were not happy to have their punters fingerprinted, but are all now apparently behind the idea. Not only does the council let them open later if they join the scheme, but the system costs them only £1.50 a day to run.

Oh, and they are also coerced into taking the fingerprint system. New licences stipulate that a landlord who doesn’t install fingerprint security and fails to show a “considerable” reduction in alcohol-related violence, will be put on report by the police and have their licences revoked.

Offenders can be banned from one pub or all of them for a specified time – usually a period of months – by a committee of landlords and police called Pub Watch. Their offences are recorded against their names in the fingerprint system. Bradburn noted the system had a “psychological effect” on offenders.

The Home Office distanced itself from the plans. It said it provided funding to Safer, Stronger Communities through the Department for Communities and Local Government’s Local Area Agreements. How they spent the money was a local decision, said a HO spokeswoman.

Winning The Digital Identity World Award

So today was a big day. Digital Identity World gave me their yearly award for my work ‘behind the scenes’ work with the Identity Gang and the Internet Identity Workshop. It feels great to be seen in for over two years of hard work.

I really owe a great debt to Jim Fournier and Elizabeth Thompson for founding Planetwork and bringing together an amazing community from which I learned a lot and got me inspired to work in technology. They worked hard to bring the Link Tank together who’s output was at least partially captured i n the Augmented Social Network White Paper. If you are trying to figure out user-centric identity and what it might mean socially this is still a critical document for that.

Owen Davis deserves a lot of thank yous for his personal vision, intellectual contribution and putting up his own money to work on addressing the social issues that arise with a user-centric identity layer by forming Identity Commons. His decision to hire me gave me my first real job in this space where I learned a lot and began building a network of relationships that became at the heart of the current community.

Of course we must thank our family and my husband Brian has been supportive of my crazy travel schedule to serve and evangelize about goings on inside the community.

I really love the community and thank all of you for your support and I must particularly thank Phil Windley and Doc Searls for there partnership with me in producing the Internet Identity Workshop and Identity Open Spaces.

Come to the Workshop in December it will be a great time.

Identity on Rails

Last weekend there as the first official Ruby on Rails Conference in Chicago. OpenID, Rails and Identity 2.0: Building and Cultivating an Identity Ecosystem. was presented by Matt Pelletier owner of EastMedia a Ruby development shop in NYC that has done a lot of the coding for the Verisign PIP And Kiran Dandekar is a colleague of David Recordon at Verisign and presented at a different time as well….

Here are some of the best summaries from the blogosphere…
Blogging RailsConf:

Digital identity sucks!
* Repetitive
* Complex and inconsistent
* Poor UI
* Lack of control
* Unnecessary

notkeepingitreal.com:

An Open Identity system should be…
* Extensible
* User managed
* Open
* Perpetual (not just used once)
It’s about you

* The general idea is that when you go to a site, you are redirected back to your site, where you log in. The site that you intended to go to communicates to your site and confirms your identity, allowing you into the site you wanted to go to in the first place. And best of all, once you do login once, you’re on: Single Sign On!
* There are attributes that you control. You can specify the attributes that you want to share with each site.
* Some attributes (such as age, like if you are on a site selling alcoholic beverages) need to be verified. Certain companies would then be in the business of verifying OpenID attributes.

Fingerprints of Casper Fabricius

Kiran Dandekar made an entertaining point out of demonstrating the variety of information that has be made available about him in different contexts like business, community, family or alumni. The problem is, he stated, that identities and identity attributes are site centric on the web, so you have to start from scratch entering this information on every site and even identifying yourself, as opposed to when you – for example – board in the airport, and all the airline need to verify your identity is your driver’s license. The driver’s license is not issued by the airline, but nevertheless is accepted to identify you, because the issuer of the identity is trusted.

Kuniforum:

Matt’s presentation on Sunday morning was on OpenID and is definitely something I intend to track, as the architecture seems really viable. Way smarter than Passport.

BloggingRailsConf:

Project Bantay
* Blend Yadis + OpenID and offer them as a service
* Building an identity 2.0 stack
o Protocol support
o Yadis
o OpenID 1.1
o http://openidenabled.com
o Mongrel
o A natural fit for HTTP-heavy protocols
o Tight, fast, secure
o Support for Handlers, Filters
o Zed Shaw is the man
o Identity server
o Single sign on
o Profile management
o Trust requests
o Consumer plugin
o Rails plugin
o Push-button simplicity
o Leverage Rails conventions
o Play nice with “old” idiom of user silo
o Bookmarks demo application
o Testing
o Interesting test environment
o Test libraries
o Test handlers
o Test Rails app
o Test cross-site functionality (Selenium)
o Mongrel Rules!

An identity ecosystem
* Cultivating Services
o Claims verification
o Dating sites: verify your gender
o pr0n: verfiy your age
o Job application: verify your green card
o No posting to kids’ blogs unless you’re <= 14
o Reputation
o Seller reputation
o Weenie reputation
o You can’t post blog comments
o No committing to Rails trunk unless you’re a verified pouty artsy wanker
o Trusting identity providers
+ Needs to be discussed
+ Trust chain
o Wide open marketplace
o Develop creative new services

Next steps
* Download the plugin – identity.eastmedia.com
* Download the bookmarks demo app
* Identity Server to be released this summer
* Play around. Use your noodle.

Canadian Identity Crisis

There is nothing like ego searching to get you back into blogging (I have take over a week off). I just found this post that points to my page on Canadian Identity Crisis because of the Bruce Mau Essay that I have up on a page at Identity Woman. It also points to the Molson – “I AM CANADIAN” television advertisement (I had never seen it until today). and makes an allusion that it is similar to another Canadian identity presentation we are all familiar with.

The saddest part is that Molson is no longer a canadian owned company.

dealing with Identity silos today.

I was talking to a colleague in the tech industry who shared with me a story of how they coped with the silos of identity.

They get e-mail sent to the corporation machine and forward it to their real machine outside the ‘silo’ to actually read it and respond. What are we doing to people these days? Silos create fragmentation that does not seem healthy or whole.

NTEN-SF: EFF Keynote

I had a really busy two weeks. It ended finally on Friday with the NTEN (Nonprofit Technology Enterprise Network) Conference on Emerging Technology. I got to hang with some of my favorite folks from the NonProfit Tech world but more on that later. One of the good things was we keynote talk from Kevin Bankston from the EFF.

He was less articulate then Daniel Solve about why the courts have ruled that information held by third parties are not protected under the 4th amendment. It is because the courts interpret a third party even the service provider of knowing your phone number (because they are providing you that service) as not private. In the digital age this third party status expands to so many many things.

He talked about the laws they have and are considering about e-mail. They basically mandate the service providers keep copies of everything that comes to your in-box and the records of where you travel on the net. He gave a great analogy about this. It is like the government is mandating the post office to photocopy every piece for mail you ever get and store it for 10 years in case some government agency needs to search it.

Technorati Tags: , , , ,

Spam vs. Ritual Gift Exchange?

So one of the things the folks building the i-name services will be building in with global launch is reputation services provided by Opinity (http://www.opinity.com) for messaging (e-mail, IM, phone calls etc.). The goal is to build in feedback to prevent bad behavior.

One of the instigators of the Berkeley Breakfast Cabal Ben Gross is publishing a paper on E-mail as Ritual Gift Exchange. It seems that there is an interesting use case to consider around reputation and messaging. There is a difference between forwarding a quirky e-mail or amusing link to friends and network colleagues.

Forwarding a quirky email or an amusing link or video attachment to colleagues may seem innocent enough, but it is the modern equivalent of ritual gift exchange and carries with it similar social implications, say US researchers.

Email forwarding is a familiar part of modern email communications, and has spawned many an internet phenomenon, the Star Wars kid, the Numa Numa dance, and Oolong the rabbitto name just a few.

Benjamin Gross at the University of Illinois, US, and colleagues studied email forwarding behaviour by conducting informal interviews among email users. He says forwarding emails plays a vital role in constructing and maintaining modern social ties, despite the phenomenon receiving scant attention from social scientists.

Update on Ben. he has re-branded his messaging work as identity management and is having success interviewing with ‘big’ internet companies for a job.

Documents for the Undocumented

This week the cover of Business week is Embracing Illegals. The frame is about how businesses see the 11 million+ ‘illegal immigrants’ as a great market opportunity. To function economically in western capitalism you need identity documents to be part of the ‘representation system‘ that enables trusted value generation and exchange.

It dives into detail about how ‘undocumented immigrants’ get documents to basically function as normal US residents.

Guided by friends and family, the couple soon discovered how to navigate the increasingly above-ground world of illegal residency. At the local Mexican consulate, the Valenzuelas each signed up for an identification card known as a matrí­cula consular, for which more than half the applicants are undocumented immigrants, according to the Pew Hispanic center, a Washington think tank. Scores of financial institutions now accept it for bank accounts, credit cards, and car loans. Next, they applied to the Internal Revenue Service for individual tax identification numbers (ITINS), allowing them to pay taxes like any U.S. citizen — and thereby to eventually get a home mortgage.

The corporate Establishment’s new hunger for the undocumenteds’ business could have far-reaching implications for America’s stance on immigration policy, which remains unresolved. Corporations are helping, essentially, to bring a huge chunk of the underground economy into the mainstream.


The political implications are less clear-cut. Further integration of illegals into the U.S. could help President George W. Bush in his uphill struggle over the past two years to launch a guest worker program. His plan would provide a path to amnesty and full legalization for many unauthorized residents. Companies are taking a position similar to the President’s, in effect saying: There’s no point in pretending that millions of people aren’t here, so let’s find ways to deal with them.

It quickly became apparent. Largely via word of mouth in Hispanic neighborhoods, Wells Fargo has opened 525,000 matrícula accounts, which now represent 6% of the bank’s total. It opens 800 new accounts a day across the 23 states in which it does business.

The success of the matrí­cula has encouraged the expansion of other financial products, such as home mortgages, using the ITIN. Created for people such as foreigners with U.S. investments who aren’t eligible for a Social Security number but still may owe U.S. income taxes, the agency issued 900,000 ITINs last year and a total of 8 million since 1996. In Chicago, Second Federal Savings has 620 ITIN loans worth $90 million.

Cato: Radical Evolution – Joel Garreau Pt 1

So this a reprint… it was on my old blog.
To clarify for those of you confused my comments are indented and in italics. I never did get to publishing part two either. Hopefully this week.

I heard this talk on June 17 at the Cato Institute / The Economist Luncheon LIberty, Technology and Prosperity in San Francisco by Joel Garneau author of Radical Evolution.
Joel’s introduction was given by The Economist SF corespondent.
He has five hats the most interesting of those seemed to be a TROLL as in the norse mythological figure who hangs out in the woods and looks after the forest.

He is editor of the Washington Post Style section. Is a scenario planner at the Global Business Network. He also has a consulting firm the Garneau group – with him and his best sources. He also dabbles in Academia.
He has authored three books – The

Nine Nations of North America, Edge City – life on the new frontier and the topic of today’s talk Radical Evolution: The Promise and Peril of Enhancing Our Minds, Our Bodies and what it means to be human.


Joel Garneau

We are at turning point in human history because of the fundamental changes in what it means to be human in the next 10-20-30 years. The change in the technologies we are working on today is that they are not focused outward on – fire, cloths,
They are focused inward on us – Modifying our minds, memory, metabolism our kids and what it means to be human.
These changes in science have significant political implications. They are changing VC’s have to look at the world.

When I heard this I mentally noted the oddity of it being the next statment. It sort of implied that there was a way in which their decisions had a profound effect on the future – and perhaps they do but should they have this big a power to shape it – how do we discuss and discern about these issues that affect the whole of society?

Their will be changes in cultures and values on our watch in real time. The future is being driven by the curve of accelerated change. How many people have heard of Moores Law – about 1/2 of the audience raised their hands. The data point on this is that normally only 10% of the audience does. We have had 29 doublings of computing since 1959 – that is 40,000,000 times.
This curve did not suddenly start out with the chip. We are in a third sort of evolution of what it means to be human. Darwin and chimps it took 8,000 years to get reading and writing.

Technosis is a great book to understand ‘writing’ as a technology that profoundly shaped culture.

To give perspective rail roads changed everything they touched and the number of miles of rail road miles was only 14 times.
In 1800 we started the industrial age an example of this curve is that in 1903 we had the first flight and 66 years later we were on the moon.
These changes are exponential and change all of society. This curve that we are riding – I don’t see where it levels off.
The limitations are – Quantum Mechanics – The Marketplace – Human ingenuity (he sees no limits to these three)

Finally our willingness to shape culture and values. I am interested in human relationship and love and lies.
WE ARE IN A TIME OF RADICAL EVOLUTION
We are charging the shape of what it is to be human.
Fleet of technology – affect how mind, memory and metabolism works.

I spent a year with DARPA Spent Year with DARPA. They see the week link in the war fighting machine as us – humans themselves. Lets meet the first telekinetic monkey who can move objects through her thoughts.

We hook her on computer games moving a cursor with a joyce stick.
Drill hole in head near motor quartex and put in a mesh of extremely fine Wires that connect with neurons.
See the patterns in the mind when operating the joyce stick
Disconnect the joyce stick.
Just use mind to move the cursor
Hook up robot arm that moves with cursor movements.
WHY????
The defense reason that F22 is difficult to control with joyce stick. If you could control with mind <-> machine connenction. Feeding information into skull real time…blur line between made and born. That is the official reason we are doing this. The real reason is the guy who heads the lab has a daughter with ceribal palsy who can’t walk on her own and what if she could control machines with her thoughts that moved he legs? This is a dramatic change in what it means to be human.
The Berry Bonds – steroid controversy – is the tip of the iceberg in terms of what does it mean to be enhanced? – what are the social implications? Should he have an asterix next to his name because he is not the same type of human being as those who’s records he broke?
There will be people who are delighted to adopt these advances.
There will be NATURALS who are like todays vegetarians
The REST – for reasons of geography or economics are not enhanced and will envy and despise those who are. THIS HAS POLITICAL CONSEQUENCES.
What is driving this is GRIN – Genetics, Robotics, Information and Nanotechnology.
To be continued…

Identity and Gaming

To prepare to talk with Susan Crawford I thought I would scan her three year old blog for any menitons of Identity. It turns out that Susan has done some extensive thought about identity and in particular in the context of online gaming. She has a link to a paperWho’s in Charge of Who I am?: Identity and the Law Online. Here are some good quotes…

Online identities are emergent. Identity is by definition a group project, something created by the context in which the identified operates.

Online walled gardens will be come more prevalent, as concerns about security, viruses, spam and the unknown increase, as valuable content is made accessible only to those who have been permissioned to see it, and as hardware and software systems made available to the masses increasingly taken on “trusted” aspects. Online games are precursors of these future more serious, walled garden online worlds. Key characteristics of both games and walled worlds are limited access, clear boundaries, rules, roles/players, and feedback mechanisms that create reputation. … These characteristics of games make them ideal laboratories for experimentation with rulesets.

This is a great mention of the word – rulesets. I have been thinking a lot about them ever since I read Thomas Barnett’s book – The Pentagon’s New Map. How we as a society and how institutions that govern us determine what the ruleset’s are is important to think about. With the complexifying world we live in – robust, legitimate and fair systems to create good rulesets are needed. This is particularly true in the online space that is really built by and for us. I hope that all the effort that has gone into creating the Identity Commons structure can be just such a place.

Back to Susan…

Who owns identity? who owns reputation? From the intermediary’s perspective, software creates rules that control what social context can be moved elsewhere. Your identity is “really” a database entry, and the intermediary can argue that your identity is their intellectual property, not yours. You may attach great importance to it, but this identity (and its reputation) will not as a practical matter survive outside the world in which it was formed. Walled world designers have incentives to raise switching costs and capture all the vale of this reputation. In other words, controllers of online worlds are gods. But users may defect from environments and attempt to constrain them in how persistent their reputations and identities are. The difficult task for developers/intermediaries is how much freedom to give their users. This takes us from the realm of risks to the realm of opportunities.

AS real work becomes a more common online activity, identity created in connection with groups will be more and more meaningful.

Human nature will always tend toward group-ness.

  • What would be made visisble? The fact that someone’s identity has been taken away, and the reasons why? Or speech-related actions of the intermediary that have an impact on identity (but are less then “disappearing” someone?)
  • What about reputation? Is it right that a user must leave her reputation behind when she leaves a particular online world? Is “reputation portability” possible? Or is reputation so context-dependent that the online world should be permitted to own it? And what does the online world own exactly? A group-created construct?
  • Is this entire problem avoided by staying out of “walled gardens” and maintaining our own domains? Will this be possible, as online worlds become more and more attractive, and as hardware and software increasingly intertwine?

In the end, it boils down to the fact that the best government is the one that you can trust, which will be the one you know personally: the people close to you in your virtual community, who are held accountable precisely because of community ties. Your best government is going to be each other, because the man behind the curtain isn’t going to know any more than you know him.

Conculusion:
We are still in the early stages of the first two steps dealing with any technology: fear and opportunism. Enlightenment is not far away. I want to suggest that we skip quickly through the fear, linger on the opportunism, and move on to human betterment. This social benefit may come (as so many things do) from playfulness. Games have a great deal to teach us about how we establish and maintain identity. Now we need to consider who is in charge of these identities. It may be, in the end, that we are.

We need to forge a direct link between how we live and work online (especially within walled gardens) and how we structure control over online resources. If the new mode of work online is collaborative peer-production of resources, who will own a shared online space of identities? This ownership may have to be collective. The fundamental problem that is yet to be address is that while reputations and identities are group projects, legal ownership of collectively-created intangible identities currently appears to reside (by default) in online intermediaries. We may need to make some noise about this and ensure a better fit. Perhaps the game should belong to the players.

She raises some interesting questions for us to think about. I think looking at the governance and how to actualize that – this is what the distributed governance form of Identity Commons is designed to do. I didn’t really realize that she was involved with XNSORG several years back. She really liked you all and mentioned Bill Washburn and Drummond Reed by name.

While talking with her about identity and her paper she mentioned her connection to the State of Play conferences. The third one is coming up this fall and is entightled Social Revolution. Two panels look very relevant:

  • Collective Action in the Metaverse: Groups, Community and Power
  • Identity in the Metaverse: On-Line Identity in Virtual Worlds

It is the day after Web 2.0 but might be worth the trip :)