Identity Crisis? What Crisis?

  • Article

Jerry Fishenden, National Technology Officer for the UK, here ... 

Jerry FishendenIf you think the current problems of online safety and Internet e-crime (or cybercrime if you prefer) appear challenging, what on earth is going to happen when the Internet pervades every aspect of our daily lives?

As the Internet beings to power and monitor health and energy saving devices in our homes, enabling us to live richer, fuller lives in our own communities, will problems of cybercrime and threats to identity, security and privacy scale at the same rate: and thwart our aspirations to use technology to improve society? Will we finally reach Internet meltdown?

Right now, it’s all too likely the answer would be – “Yes.” If we don’t get the foundations right – and address some of the most fundamental issues that currently plague Internet safety – anything else we might construct on top of its inadequate infrastructure is unlikely to be sustainable.

But the Internet is not some autonomous, sentient, self-evolving life form – even if at times it might feel that way. It’s a by-product of decisions technologists took in the past, are taking now and will take in the future. So the problems we see today are fallout from failures in design – failures in technology design and in human-computer interaction design. And cyber-crooks are of course always amongst the quickest to exploit such flaws. After all, the digital world is no different to the real one – and that includes the preponderance of criminal activities based on exploiting weaknesses in both systems and people.

One of the most obvious contributory causes to our existing Internet problems is the lack of an identity layer. I can’t prove it’s me when I’m online – and I can’t prove to a reasonable level of satisfaction whether the person or thing I’m communicating or transacting with online is who or what they claim to be. Which really isn’t a good place to be. Unless you’re a cyber-crook, in which case, hey, this is great news and highly lucrative with it since it makes online attacks such as phishing and spam email possible.

If we’re serious about realising the Internet’s true potential we need to act now to fix the identity issues we’re seeing. These issues need to be resolved before we can seriously contemplate letting the Internet move into far more important areas – such as technology-assisted healthcare at home and the whole idea of assisted-living. After all, how are we going to do that if none of the devices can be certain who or what they’re communicating with? In front of us lies a vision where everything and everyone is linked and joined through an all pervading system. Billions of devices and communications happening every second, a complex mesh of systems communicating within and between each other in real time.

Now try to convince me you can build that – and trust it – without first fixing the problem of identity.

Which raises the question: identity, what is it anyway? For the sake of the point I’m making here, identity is about people - and "things": the physical fabric of the Internet and everything in (on) it. And ultimately it’s about safeguarding our security and privacy.

If we're to avoid exponential growth of the issues that plague the current relatively simple Internet as we enter the pervasive, complex, grid age, what principles do we adhere to? How can we have a secure, trusted, privacy-aware Internet that will be able to fulfil its potential – and have our trust too?

The good news is that these problems are being addressed: have you heard of the "laws of identity"? The “laws” are a set of design principles evolved over the last few years by some of the most respected authorities on identity using the crucible of the blogosphere. Kim Cameron (father of meta-directories and now Chief Identity Architect at Microsoft) has gathered together these lessons into a set of powerful guidelines. They help ensure that digital systems exhibit better behaviours than today - particularly around digital identity and ensuring security and privacy. They encompass everything learned about the good and the bad of digital identity systems. Lessons learned the hard way over the last 30 years or so of real world experiences. And these “laws” are already beginning to gain recognition: the Information and Privacy Commissioner of Ontario for example has issued an independent public endorsement (see https://www.ipc.on.ca/docs/7laws-whitepaper.pdf).

Without the application of underlying principles such as these "laws of identity" the future Internet will suffer entropy, massive breaches of security and privacy – and probably make the scale of today’s cybercrimes look like a golden era of online law and order by comparison. But with the “laws”, we may finally be able to realise the truly transformational benefits of the Internet.

Digital identity - of people and "things" - is a fundamental requirement of the coming pervasive Internet age. Equally clearly, we need consensus on the identity framework required before we go much further. So go and read the “laws” and see what you think: you can find them online at https://www.identityblog.com/?page_id=354.

And then let’s get moving on fixing these issues – before the whole idea of the benefits of the next generation of Internet developments gets a bad name and our dreams end up as just that: dreams, rather than a reality.

- Jerry’s personal blog can be found at https://ntouk.com