The woman writing the article is very clear on the identity “creep” that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.

She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.

She articulated why she chose initially to sign up for the service using her “Real Name”

When Real ID came out a few weeks ago, I threw caution to the wind. Although my name is fairly uncommon, I immediately added everyone in my guild. I did this mostly because I like my guildmates, I trust them, and I’m an officer of our guild; it would be strange for me to not use this service. We killed heroic Lich King together, we make all kinds of obscene jokes, and although I’m one of two females in the entire guild of forty or so people, harassment is never an issue. I’m an equal. I’ve been here for over a year, and as such, giving these players my real life name wasn’t an issue.

Listen to her language carefully – she says “in this context” I trusted sharing my real name and my gender which is likely given away by her real name.  She knows her guild mates and they don’t harass her.

there was a smaller problem. The guildmates I’d friended had friends who could see me as well because of this. For some reason, Real ID came with the feature that everyone can view other people’s friends–that is to say if I friend Joe, I can then see Joe’s friends and Joe’s friends can see me.

In the process though her “real name” was leaked beyond this trusted group to their friends.  Some of whom may not have known her gender.

Now their “Real ID” system is being extended farther.

Blizzard announced today that all posts on their forums will be now using Real ID. This is mandatory–if you want to post, you have to post this way….real life names will be next to those who post. This will affect everyone, even Blizzard employees. They are also adding a karma feature that will be a lot like Reddit or Digg.

You think why is this “so bad” we should all just be comfortable being “out” about our gaming life or what we say online.

1st she highlights why anonymity is good:

The internet is largely what it is because of its anonymity–for better and for worse. Many great discussions have been had solely because someone could submit their words without worry of being judged.

She acknowledges ”greifing” happens because of this but that this is mitigated by moderation.

She says those who really do want grief other people are being given more tools to do so with by actually revealing people’s real life names, and addresses (in physical or online space).

by using a full name, players are tied to their real life persona and unable to separate themselves from their online one.

Taking away the freedom to “disaggregate” yourself is where the issue is.  People need to be able to be gamers and NOT have it leak into their real lives where it could affect their livelyhood or standing in a totally different community.

In this system, it becomes linked forever in search engines. This means potential employers could find out if a player was a World of Warcraft fan and even the characters they have with a simple search.

If you don’t think it is an issue perhaps you are not in a minority or in a “target population”

Women might find it harsher with new avenues of harassment opened. Transgendered people could be inadvertently outted when someone sees Sally, the friendly Paladin chick, posting under the name Steve. Someone could have a distinctive name and be disregarded solely because their name sounded like a person of a certain background, race, religion, or otherwise. And if someone’s a minor–or even major–celebrity, having their name exposed could be damaging.

Those in charge of and designing systems need to think twice before making changes.

Like I said, there were options. Unfortunately it seems Blizzard executives chose not to look into them and then turned a blind eye. It’s just a shame that this lack of foresight will probably at the very least result in the harassment of many thousands of individuals–if it doesn’t end up causing something worse for a select few.

As for me, I haven’t forgotten about the person from France who spent over six months to track down and attempt murder on a guy who fragged him in Counter-strike (NY Daily News). Call me pessimistic all you want, but I have to wonder if Blizzard’s marketing department even thought about it.

Related posts:

1. Queer Identities and discrimination online
2. Web Wariness is real
3. Social network suicide a possible response to these Yahoo! plans.

Fed Up with Facebook Privacy Issues? Here is how to End it All.

It highlights two different Web 2.0 suicide machines; one is an art project called Seppukoo.com .

The service creates a virtual memorial for you and posts you on a suicide wall & they give you points for how many friends you had and how many of them choose to follow you to the “after life”. The leader board is here.  You can see the RIP page for one of the creators of the service - Gionatan Quintini here.

It received a cease and desist from Facebook and responded.

The response is not covered in the article (it wasn’t out when I wrote it). It has some great quotes that sound like language coming from the user-centric identity community.

5. My clients have the right to receive information, ideas, and photographs from those people whom are the legitimate proprietors of this data and can decide to share this data or to store it, with the prior consent of its respective owners. All of this is freedom of expression and the manifestation of thought and free circulation of ideas that is accepted and guaranteed in Europe and in the U.S.A.

6. Facebook cannot order the erasure of data that does not belong to it, acting against the free will of the owners of such data. This is not protection of privacy, but rather a violation of the free will of citizens that can decide freely and for themselves how to arrange their personal sphere.

Web 2.0 Suicide Machine is more comprehensive – covering LinkedIn & Twitter as well.

Here is the previous Read Write Web post on the changes in what is and is not public.

Related posts:

1. Other negative Cybermobs: Live Suicide
2. The Facebook Borg are coming.
3. Facebook SocialAd’s & Privacy

Related posts:

1. E-mail and Identity on Opening Move
2. Personal Anchor on the Web for Digital Identity – CC Images
3. Future Proof your e-mail address

TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists.

The GAO reported that about 100 million records were collected.

The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it’s gathering information about, what kinds of information, why it’s being collected and how the information is stored.

And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected.

Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004.

Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names – who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names.

It brings up some serious concerns about how information collection and validation is done by the TSA for airline passengers. How can we trust governments to collect this much information about us just because we travel.

This week I wonder why care about airlines passengers because security is so tight that airlines do not seem to be a place where the next round of attacks will be. If London is any indication it will be on mass transit. Given the level of police/security presence on the transit systems in the Bay Area this week is certainly seems like there is some concern that mass transit will be attacked. They have started random searching of bags to get on the NYC subway. One wonders if they will start issuing ‘identity passes’ to get on such systems.

On the city subways, which are used by 4.5 million people on the average workday, the inspections started on a small scale Thursday afternoon and were expanded Friday.

The New York Civil Liberties Union opposed the searches, saying they violated the Fourth Amendment. Mayor Michael Bloomberg said he hoped the NYCLU would recognize that the city had struck the right balance between security and protecting constitutional rights. He said the bag-checking program is part of a policy to “constantly change tactics” and “may, or may not, be there tomorrow.”

Related posts:

1. UK to start fingerprinting ALL passengers on domestic flights
2. 2007 a year of Data Breaches
3. Catalyst: Government Adoption of Federated Identity

Tourists visiting Disney theme parks in Central Florida must now provide their index and middle fingers to be scanned before entering the front gates.

The scans were formerly for season pass holders but now everyone must provide their fingers, Local 6 News reported. They have reportedly been phased in for all ticket holders during the past six months, according to a report.

I think it’s a step in the wrong direction,” Civil Liberties Union spokesman George Crossley said. “I think it is a step toward collection personal information on people regardless of what Disney says.

I think this is self explanatory in terms of why it is concerning. It seems to goes along with what is now happening with FastTrack passes (automatic toll readers) that I heard about last night at the Hillside Club CyberSalon where Esther Dyson was speaking. I googled the phenomena and here are some excerpts of what I found.

In New York State, readers have been multiplying ever since September 1997, when the New York Police Department (NYPD) used E-Z Pass toll records to locate and track the movements of a car owned by Nelson G. Gross, a New Jersey millionaire who had been abducted and murdered. The NYPD had neither a subpoena nor a warrant to obtain those records; the police simply asked the Metropolitan Transportation Authority (MTA), and the MTA complied. This set a very bad precedent. Though Gross wasn’t alive to complain about it, his privacy had been violated. Access to those toll records also permitted access to all sorts of sensitive information, including his billing address, his credit card number, his license plate number and his Social Security number.

In February 1998, the MTA announced that — near the Tappan Zee Bridge (the site of the first reader in New York State, installed in 1993) — it had just concluded a successful “experiment” with readers that could detect and extract information from transponders even though the cars to which they were attached didn’t slow down. These “high-speed readers” were only three-feet tall and could be placed just about anywhere. As a result, they permitted the ETC system to do something it was never intended to do: namely, collect truly huge amounts of information about such non-toll related phenomena as traffic flows, speeds, densities and delays (all of which, incidentally, can be videotaped by either flow monitoring or security cameras that have been automatically activated by the readers).

Since then, high-speed readers have been installed along a great many State-owned roads and highways; they’ve also been installed atop many residential buildings in New York City.

Related posts:

1. Web Finger! moving out into world
2. Big Brother coming to NYC
3. TSA data cloud searching – Flights today, Subways tomorrow?

Opening – Sermon on Laws

Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures

A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.

Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes

• Commercial Interest – Convenience
• Government Interest – Security
• Individual interest – Privacy

Definition
Privacy: is the ability to lie about yourself and get away with it.

Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.

• Prince -> symbol
• Michael Jackson Black -> Plastified

Axiom: Obscurity
Identity attributes can be

• what you know – you can lie
• what you have – loose / leave
• what you are – alter disguise

Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information

Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.

• You can’t control what other people think or say about you.
• You can’t even know who knows what about you.
• Can control what you tell people but not what people find out

Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.

In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.

Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.

IDENTIFICATION REQUIRES DUE PROCESS

But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.

They do it because they like costumer intimacy.

Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.

The business case fore identity service provider infringes privacy.

The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.

Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.

Fable about MARIA

Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.

Related posts:

1. Catalyst: Government Adoption of Federated Identity
2. Catalyst: SSO Simple Secure and Open – Dick on Identity .20
3. Catalyst Round UP

What if one would create a crawler application that, using all of these sources, could compine a complete “view” of my digital online self?

The problem though, is that “social” internet tools, that effectively visualize this stuff, are not all that common yet. Bloglines, Del.icio.us, and Flickr, and a few others, are still few and far between.

And then there is privacy. Now personally, I have no problem sharing all this metadata about myself. I would not even mind my browsing habbits being monitored to service the “social” metaspace like I do with the above-mentioned services, provided I had complete and transparent control over when what was monitored.

Wouldnt it be kinda creepy, once we indeed had a centralized match-and-compare system for all of this data, if you where to run into another person online that mirrored you and your interestes in every way? And online doppelganger, so to speak.

Related posts:

1. Google Data Privacy Called for:
2. Identity at Organizers Collaborative & A Model for Nonprofit Tech
3. IC and Data Portability

Before privacy laws or the Charter, there was little if anything to stop police or national security operatives from cajoling or coercing information from private sector organizations. A civic-minded government department or company could blab all it wanted about its customers or employees.

Our privacy laws changed this, although they didn’t really try to put a stop to it. In BC, our public sector privacy law gives public bodies discretion to disclose personal information for law enforcement purposes, without warrant, but there are (some would argue, weak) constraints on this. The same can be said for our private sector privacy law. Still, these laws, together with the Charter, have until recently insulated against over-enthusiastic private sector co-operation with all and sundry state inquiries. Is this still true? If it is, how long will this last?

After the 9/11 attacks, governments everywhere felt compelled to act, and to be seen to act. This was in an important sense responsible of government. It was also mandated by political Darwinism. But a profoundly important aspect of the post-9/11 changes is the blurring of lines between collection and use of personal information for law enforcement purposes under criminal and other penal laws and use for national security purposes. A defining characteristic of police states is the blurring of distinctions between law enforcement and national security functions, the danger being that the rule of law eventually gives way to arbitrary decision-making by law enforcement authorities and the rights of ordinary citizens lose meaning. Democracies depend on clear and effective rules suited to the state activities that the rules are intended to govern and that reflect the essential values of a free society.

In Canada, post-9/11 amendments to the Customs Act and regulations authorize officials to require private sector organizations to provide border officials with extensive advance information about arriving passengers. These changes expanded the federal government’s ability to use and share that information, not only for national security purposes, but also for ordinary law enforcement and other purposes, including (according to government statements in 2002) public health surveillance. The information-sharing authority includes a broad ability to share personal information about Canadians and others with foreign governments. The amendments don’t restrict information-sharing arrangements to national security uses they could easily include ordinary law enforcement or other purposes defined on a case-by-case basis or in an agreement with another nation.

Also, Public Safety Act amendments to the Aeronautics Act allow the RCMP Commissioner to require any air carrier or operator of an air reservation system to, for the purposes of transportation security, disclose specified information in its control to any person the Commissioner designates. Despite the Public Safety Act reference to transportation security, the amendments allow this data to be matched with other data and to be disclosed to assist in executing certain outstanding arrest warrants. This effectively compels the private sector to assist the state, in the absence of a warrant or court order, in surveillance of all air travellers for the broader general purposes of both national security and ordinary law enforcement.

Consistent with these powers to conscript the private sector into both national security and law enforcement activities, Public Safety Act amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) permit private sector organizations to collect personal information without an individual’s knowledge or consent in circumstances that amount to an invitation to, and in some cases compulsion of, the private sector to assist the state in surveillance for both general national security and ordinary law enforcement purposes.

The Public Safety Act also amended the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to authorize the Financial Transactions and Reports Analysis Centre of Canada to collect information it considers relevant to money laundering or financing of terrorist activities from publicly available information, including commercially available databases. FINTRAC is also authorized to obtain, under information-sharing agreements, information maintained by federal or provincial governments for law enforcement or national security reasons.

FINTRAC expanded powers point to the fact that, when it comes to co-opting the private sector, 9/11 can’t be blamed for everything. Laundering of dirty money was of sufficient concern before 9/11 to lead to extensive transaction-reporting requirements for banks and others. You can easily find other examples of legislative responses to individually pressing policy challenges that draft private sector organizations into state service in the name of public safety or order. One example is the current federal government lawful access proposals, some of which would apparently require ISPs to hand over at least identifying customer information and perhaps more on simple request by state officials, and for a pretty broad range of uses.

Also, at the local level, at least in BC, we see more and more local government bylaws compelling businesses to hand customer information over to police for a variety of reasons. Pawnshop reporting requirements have been around for a long time, but now were seeing bylaws requiring businesses to regularly give police information, without request, in a variety of situations (such as information who’s been buying pepper spray, hydroponic supplies or chemicals that could be used to make drugs and who’s been renting mailboxes at commercial mailbox centres).

And governments are now large purchasers of personal information from the private sector. So far this is being seen mostly in the US think of Total Information Awareness, MATRIX, Secure Flight and so on but to think that our own governments will ignore the expanding private sector trove of electronic personal information much longer.

As databases proliferate, become more comprehensive and become lifelong, it’ll be harder and harder to resist those who say that, since the information is out there, the state should be able to use it. Time and time again over the last six years I’ve been told by middle-aged, middle class Caucasian males that they have nothing to hide, so why should anyone else feel differently? Let the government have the information it needs to protect us, they say.

Now, I don’t doubt the good faith of BC’s police agencies not for a minute. But, thinking thirty or fifty years down the road to a time when the lines between national security and law enforcement have blurred to vanishing, will there be any meaningful rules? If not, will our belief in the good faith of state officials, set adrift without guiding rules, be enough to sustain our privacy and other rights?

Related posts:

1. MS/HP – National Identity System Kim does it Follow the Laws?
2. Canada Exploring Web Servalance
3. Privacy Commissioner of Canada opens CFP

The card provides strong security against traditional outsider attacks, but unfortunately has not been designed with privacy in mind. In fact, it features one of the worst privacy designs imaginable. Two glaring problems:

The citizen certificates on each ID chipcard contain the cardholder’s name and RRN (the œrijksregistratienummer,” a single government-wide identification number for each natural person). The name and RRN are disclosed whenever a card is used at a relying party. The RRN (which has a simple structure based on the citizen’s birthday) serves as the key to numerous databases containing citizen information; on the basis of this number, all cardholder actions and movements with the eID chipcard can be electronically traced and linked (not merely by the government itself!).

The eID card specifies the following information, both visibly on the card itself and stored within the card’s chip: cardholder’s photo, surname and first names, gender, nationality, place and date of birth, signature, RRN, and the validity period of the card. In addition, the chip also stores the cardholder’s current address. Some of this information is privacy-sensitive, yet the cardholder has no control over its disclosure. (Historically, this is the same information as has always been on Belgium identity cards, and so arguably this does not constitute a reduction in privacy; however, in most countries around the world an information-rich national identity card would not pass in the first place.)

The privacy problems do not stop here. Each eID chip contains two X.509v3 identity certificates (each specifying the citizen’s name and RRN number, one for authentication and one for digital signing), as well as a basic signature key to authenticate the card with respect to the RRN. The certificates and public keys, which are assigned by the central issuing authority, by themselves serve as “omni-directional” identifiers that are globally unique. For a detailed account on the various privacy problems caused by this use of PKI, see, for instance, here.

Related posts:

1. National Identity Cards in Australia
2. Australian – ID Plan Srapped…
3. India is working on a National ID Card