[Dave Birch] There was an interesting twittervation going on about pseudonyms, stimulated by this post
I do want to talk about what the “no pseudonyms” policy adopted at G+ means for women, LGBT folk, and civil servants.
Hey! What about me! I want pseudonymity too! It isn’t about people being able to “hide”, it’s about given people choices about how they interact and the ability to interact in different ways via different persona. I don’t think this in conflict with having an identity infrastructure, I think it should be part of that infrastructure. As far as I’m concerned we need an infrastructure more than ever, which is why I find this kind of comment puzzling.
It won’t work; and if it did, you would have to trust big government to stay benign as it tracks your every online step. As for the latter, ask the citizens of Egypt, Tunisia, China, Iran, and other countries that closely monitor their citizens’ Internet usage (or block it in whole or part).
Let’s put to one side the question of whether the US wants to monitor or block citizen’s internet usage (although generally on behalf of Disney rather than democracy) and address the central point. What has NSTIC got to do with trusting the government? Most people will use IDs provided by their bank, mobile operator, sports team or favourite pop group. I really, really doubt that the DMV will be able to compete for the business.
Olden suggests building a single sign-on from a handful of IDs that are in wide use. Think Facebook, Gmail, perhaps Yahoo. Facebook alone is emerging as a kind of de facto single sign-on with 500 million users… So scratch Commerce’s NSTIC, and find ways to lace together the passwords we already use.
This is confusing two entirely different issues. Issue no.1 is what framework we use for identity, and NSTIC seems to me to be as good as any other (although, as I have often written, I would have liked to have seen an emphasis on pseduonymity as the norm). Issue no.2 is which identities we use. If we only use the same, single identity everywhere that we go through the interweb tubes, then the “owner” of that identity will indeed be able to monitor our journey. I don’t care whether that owner is the Feds or Facebook, I don’t want it to happen.
Personally, I would want a pseudonymous identity from someone like my bank. That why I could do stuff online, and people online could interact with me knowing that the bank knows who I am, if you see what I mean. I don’t think that managing a few identities will be at all different, thanks to the magic of the mobile phone. I spotted an interesting comment on this mobile future in a very positive review of Google Wallet in the Wall Street Journal.
Google Wallet can’t hold your driver’s license or other official forms of identification, so even if it takes off and works everywhere, you’ll still have to carry your license with you.
In the long run, as we all know, it’s the digitisation of identity that will have the biggest impact on society and it’s very interesting to me that the arrival of mobile wallets has stimulated these thoughts.
It would be easy to carry an MIC, or “Mobile Identification Card” on my phone, instead of a physical card in my leather wallet (Google, are you listening?)
So what would it take to get my bank pseudonym and (in the US example) the driver’s license into the Google Wallet? We have the technology and we have a framework—NSTIC in the USA and Identity Assurance in the UK—but we need some thing to kick-start and coagulate the swirling possibilities. If we’re all agreeing that government identities are going to do it, then perhaps we should focus on something else.
Government agencies could (and should, in my opinion) become attribute providers, so there’s no reason why the couldn’t issue an electronic drivers license in the NSTIC framework. You provide your proof of identity to the DMV along with a digital identity (in essence a public key from a key pair held in the secure element of the Google phone and accessible from the Google Wallet) and the DMV sends you back a public key certificate (your public key together with the relevant attributes signed by a DMV private key). This would combine my private sector identity and my public sector attribute to deliver the Google Wallet fantasy mentioned above.
Federal Chief Information Officer Steven VanRoekel last week released a long-awaited memorandum requiring that, over the next three years, agencies launching or upgrading sites that prompt people to obtain a username and password also must be compatible with logon services handled by certified third-party vendors.
It’s a small step, but requiring government sites to offer (in essence) NSTIC-compatible access alongside usernames and passwords will help to get things moving: companies will begin to develop software that offers this possibility. Yes there’s a long way to go, but I think both public and private sector organisations can at least begin to formulate strategy bounds and think about the strategic role of identity in their futures.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The English language version of this work is licensed under Creative Commons Attribution-ShareAlike 3.0 Unported License. If you wish to acquire the rights to make a foreign language translation of the work, please contact Consult Hyperion.
Please note that by replying in this Forum your comments become the property of Consult Hyperion and you assign all rights in your comment to us. Your comments may be edited for length and used online and in print but will always be attributed.
Meet us at:
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010