Robin Wilton's esoterica

Thanks to Pat and Rich for alerting me to this fun site.
* Updated 15/4/2005 because I can now add the Czech Republic to my tally...
I spent a day in Prague last week at an Accenture Security Practice event, and not only was the event very productive (many thanks to John Velissarios of Accenture for hosting us there!), but Prague really is as friendly and picturesque as they say. Make your own Map of Visited Countries
The mapping part is great, and then there's the bonus feature of a lot of really alarmingly bone-headed, small-minded, politicised, racist or downright wrong comments added by various visitors.
Deserves to be a cult site.
create your own visited countries map or vertaling Duits Nederlands

I saw chrisg's post about the "aggregated blogs" discussion which has been going on, and like him, started to wonder whether anyone (colleague or otherwise) would really want to aggregate my blog with theirs. I propose a new terminology: if blogs have *good* (to be defined) content, they aggregate. If they have garbage content, they flocculate. Especially if you have the same definition as my dictionary does for flocculant: n. a substance which promotes the clumping of particles, especially one used in treating waste water.

Thanks to anonequity.org for alerting me to Steve Mann's Leonardo award-winning article: "Existential Technology: Wearable Computing is not the Real Issue" If you were starting to think you had a handle on the main issues relating to Identity and Privacy, this will make you think again - and should give you a laugh too, albeit with a slight feeling of unease. If you have read Frank Herbert's two books featuring Jorj X McKie of the Bureau of Sabotage, ("Whipping Star" and "The Dosadi Experiment") you'll recognise some of the ethical threads Steve Mann teases out. If you have read Neal Stephenson's "Snow Crash", you'll see his concept of 'gargoyles' nicely subverted here.

Very nice post from Masood on the nature of trust (and the implications for bloggers... named and anonymous, for those who have seen the email bait-ball on that topic!) Trust and Cyberspace

It's funny, isn't it, how even the best thought-out actions can have unexpected, counter-intuitive or even downright perverse consequences? Here's an example from, you guessed it, the world of data security, privacy and identity... Context 2005 is 'the year of e-government' for the UK; at any rate, it's the year the government set itself as a deadline for public services to be available 'in electronic form'. With that, of course, comes a potentially huge increase in the amount of personal data processed online amongst public sector bodies. The UK Data Protection Act 1998 (DPA), among its other provisions, contains measures to prevent 'fishing' enquiries - i.e. those where a request is deliberately vaguely framed so as to solicit large volumes of data from which the desirable items can then be selected. Section 29 of the Act allows law enforcers to request an exemption from the Data Protection provisions if they are asking for information relating to an offence. The following is a real-life example ("only the names have been changed", as they say). Example In this example, a police authority's request to a local authority under Section 29 of the act was rejected on the grounds that they were 'fishing'. The police authority therefore re-issued a more detailed request including the subject's identity and the reason for the request – i.e. the alleged offence. This was done by email – unencrypted and without proof of origin, proof of integrity or proof of correct delivery. The local authority took the view that. although they should satisfy the request, it would be wrong to reply by the same medium; it would only provide the requested data in hard-copy to an identified officer in person. So, and here's the perverse bit, the same piece of legislation was leading one agency to increase the amount of sensitive personal data it transmitted, while at the same time leading the other agency to revert to hand-carrying instead of online exchange. Conclusions Is it possible to draw any useful conclusions from this... beyond the fact that Murphy's Law clearly applies to public policy-making? Well, as usual, I think the issue breaks down into three layers:

• Policy
• Architecture
• Technology

The Policy objectives and their likely consequences need to be thought through carefully; in this case, what are the implications of setting e-government objectiveswhile providing adequate protection for user privacy? Policy considerations should also extend to the departments in question and their end users: in this case, perhaps the police should have been better trained about 'fishing' and about email security. The Architecture must be capable of furthering the policy objectives. In this case, one could argue that a lot more design and investment was needed, over and above ensuring that both parties had an email account (!). OK, hindsight is, as usual,a wonderful thing, but I don't want to understate the problem. This example just describes two parties - realistically this kind of communication could be required between dozens of public sector bodies. It isn't easy... Finally, without the right technology in place, there was no easy way for the police to submit a secure, authenticated request and be sure that it reached the right recipient... or for the local authority to respond in the same way. In particular, notions of identity (authentication) and auditability (digital signing, logging) come to the fore. One final reassuring thought: in this example, there was a human being at each end... imagine what fun we are guaranteed when everything happens through web services!

An exciting change for me last week, as my internal transfer finally came through, and I took on a new role in Sun. I have moved from the sales & marketing organisation into the CTO (Chief Technology Office) group, in a team called Business Alliances. I am still entirely focussed on identity-related matters, but will now be looking at those areas where Sun can either partner externally or 'join the dots' internally to further its strategic interests. I am really looking forward to this, not only because the subject-matter is interesting, but also because it will exercise me in new areas, and because the team I am joining is full of interesting, intelligent and motivated people with a great sense of humour. Not that the previous teams weren't. In fact, now that I think back over the last 10 years or so, I have been very lucky and worked with many amazing people. You know who you are..... you also know me, so if you're expecting mush, forget it. Here's to the next 10 years.

So this is what has now been passed into UK law, but with a built-in review after one year. That review will be by MPs, not - as appeared to be the Government's original plan, by a single QC (Queen's Counsel). At this point, it's worth taking a step back from the record-length dispute between the upper and lower houses over this bill, and looking at the measures provided by this legislation and the laws which expire on March 14th. It was their expiry which imposed a de facto deadline for the new law to be put in place. The fact that the Prime Minister is now claiming that persistent opposition objections to the bill "put the security of the country at risk" prompts me to wonder whether the whole process was set up for a bit of brinkmanship by the government. "Previous anti-terror laws, introduced in the wake of the 11 September attacks, that allowed foreign terror suspects to be imprisoned without trial had been ruled unlawful by Law Lords. These laws expire at midnight on Sunday." (BBC News) Two questions remains unanswered: First, how acceptable is it for people to be detained 'on suspicion', indefinitely, and possibly without knowledge of the charges brought against them? 1 - Detention on suspicion means that the person need not have committed an offence in order to be penalised. 2 - There seems no mechanism for judging when such a person ceases to be 'under suspicion'... so how are they to be released? 3 - Someone who is not informed of the charges against them cannot mount a defence. Second, this bill has consistently been characterised as 'preventive'. However, there's no getting away from the fact that the control orders allow for measures which punish the suspect. Again, how justare those punishments in cases where there is only suspicion that an offence might be committed? And what is the mechanism for deciding when the punishment measures should be lifted? Both these questions raise issues which seem hard to justify by any notion of justice. They also seem a poor way of mitigating the long-term risk presented by a terrorist threat.

Here are two more good links on the topic of Identity Cards in general Justice/Clifford-Chance ID Card paper and UK Identity Cards specifically The Register: UK Passport-ID Card link The Clifford Chance paper has overviews of the relevant technologies, and then a survey of the status of ID cards in various countries around the world, whether they are in the implementation or discussion phases. It's very readable, and some of the stats on technology like facial recognition may surprise you. For instance: "For top systems, where the length of time between acquisition of the images and the presentation of the new images increases, performance degraded at around 5% per year." Where the elapsed time is up to 60 days, the top identification rate is around 80%." "Older people are easier to recognise than younger people. For every ten years increase in age, performance increases by approximately 5% until age 63." Here's the ToC from the document, just to give you an idea. Part I: Biometric Technology IA Facial recognition (paras 5-12) IB Iris recognition (paras 13-21) IC Fingerprints (paras 22-28) Part II: The experience of identity cards in other countries IIA Germany (paras 29-41) IIB Hungary (paras 42-48) IIC Malaysia (paras 49-59) IID Spain (paras 60-66) IIE South Africa (paras 67-75) IIF Thailand (paras 76-82) IIG Finland (paras 83-88) Part III: Public debate in other common law countries IIIA United States of America (paras 89-94) IIIB Canada (paras 95-103) IIIC Australia (paras 104-117) Part IV: Travel to Ireland and the EU context IVA Travel to Ireland (paras 118-129) IVB The EU Perspective (paras 130-139)

Just a quick post to link to Kim Cameron's excellent Identity-related blog. There is a wealth of good thought here, as well as many links to other relevant info. It's invidious to single out one entry - so browse around while you are there. However, this post on the UK identity debate is particularly timely. http://www.identityblog.com/2005/03/07.html#a156 Kim's blog has gained a lot of air-time (rightly) because of his forumlation of the "Seven Laws of Identity". http://www.identityblog.com/stories/2004/12/09/thelaws.html A particularly useful quality of the Laws of Identity is the way in which they take technology specifics out of the discussion to enable an objective and pragmatic discussion of the issues and success factors. There's benefit in that for all...

I sincerely hope this does not morph into a hideous troll... it is certainly not intended as one. I am trying to get a handle on what affects citizen uptake and usage of Identity Cards, bearing in mind that this country (UK) has only minimal collective memory of such a thing. As far as I can see, the most likely factors (more or less in ascending order of optimism) are:

1. Legal compulsion: (you will get nicked if caught not carrying it)
2. Direct benefit: (convenience, risk avoidance, incentive)
3. Citizen Culture: "The Greater Good", or "We've always had one..."
4. Fashion: OK OK, I did say optimistic, but just imagine: "ID Cards... the new iPod" ;^)

On the other side of the scales,

• People will break the law en masse if they are really opposed to something like this
• Notions of fairness, justice, proportionality and personal liberty figure in the equation, although they can be outweighed by the factors above...
• Trust seems important too: if people don't trust that identity data is being used in their interest, they are less likely to comply with its use.

Am I missing something? Comments genuinely welcome...

Sir John Stevens, former Commissioner of the Metropolitan Police, weighs in heavily on the side of proposed legislation to deal with the terrorist threat.
He estimates there may be up to 200 active Al Qaeda supporters at large in the UK, and accuses opponents of proposed legislative measures
of being naive about the 'brutal reality' and 'true horror' facing our democracy. The legislation is question is widely thought to erode fundamental civil liberties in the UK (for example, it allows for house arrest without trial), and has provoked heated exchanges in both houses of Parliament; not least over the implicit March 14th 'guillotine', which is when current provisions expire.
The government is citing this as one reason for opposers to vote in favour now, rather than continue to press for amendments (such as having judges, rather than politicians, impose pre-emptive detention). Which raises the question: if the civil liberties of 50 million people are being dispensed with because of the threat posed by 200,
who has won?

A nice, clear article about how the principles of identity management apply to the education environment... Identity Management on the Campus

Thanks to Dave Renshaw for spotting and forwarding this link: GM Liberty article at eweek.com A couple of quotations which bear comment: (1) "GM is fully deploying federated SSO for 70,000 users of its employee portal. While Jackson estimated the technology should take no longer than two months to deploy, he said legal and business issues may cause the project to take as much as one year to complete ... There are issues around the business that still need to be resolved," Jackson said. "But these issues are not limited to General Motors. They affect any company trying to federate identity." This is a recurrent theme of security/identity implementations... you need to devote at least as much thought and effort to the business and contractual aspects as to the technical stuff. (2) "GM is looking at other services it wants to enable using Liberty Alliance federation. Because the automaker has systematically outsourced business processes, Jackson said it makes sense for it to federate with as many third-party providers as possible. GM units have built systems using a standard set of products, but each has its own solution, such as a portal for the engineering division and another for manufacturing. Because of this, Jackson said, federation may also be handy internally. "General Motors is a big business to run globally," he said. "Rather than try to build one large infrastructure for the entire company, it may make more sense to federate." " This really captures the 'federation' message. No large enterprise is starting with a clean slate here, and as one of my clients said to me recently: "We need you to leverage what we already have... don't come to us and say you can solve all our problems provided we 'rip and replace'". Fortunately, there was no need for me to say anything of the sort 8^)

I have been trying to think what to say about this. I don't know what it was that enabled Hunter S Thompson to maintain the balance between living like a wild man and writing like an angel - and I can't know what it was that finally, irreversibly undid the equilibrium. But, to get Gonzo for just one moment, I have my suspicions... who would not (and who needs to be run out of town like a poison troll to redress the balance)? It's conventional to say Rest In Peace... but that's just the problem. I have no right, and anyway it seems the last thing he would want to do. We have lost something irreplaceable. "Only a fool or a whore would say anything else".

So, what is this “identity” thing, anyway? When we assert the identity of a person, we are usually asserting that the person presenting a given set of credentials (a passport, a user-ID and password) is identical with the person to whom those credentials were originally issued. Credentials such as Certificates of Birth or Marriage derive their validity from the various forms of proof available at the time of their creation. That validity is often used as the basis for the issuing of subsequent credentials (such as passports), which in turn are used to underpin other credentials (such as visas and airline tickets). The issuing of the credentials and their subsequent validation are seldom performed by the same entity. (For instance, UK Driving Licenses are issued by the DVLA but usually checked by the police. Passports are issued by the Passport Service but usually checked by Customs & Immigration officials). This makes explicit several factors which are otherwise often ignored in practice:

• - There are discrete roles for issuing credentials (“Identity Provider”) and using them to authenticate the holder (“Service Provider”);
• - The use of credentials is a very 'transitive' process. Authentication depends on a 'chain of trust', which extends from the issuing of the credentials to the point where they are presented. If the original registration process, the credentials themselves, or the validation process can be subverted, then the chain of trust is broken and the authentication is undermined.
• - Identity is seldom asserted for its own sake; it is usually asserted in order to establish an entitlement to something (whether that is health treatment, or the less welcome 'entitlement' to have one's licence endorsed...).
• - It may be possible to establish that entitlement on the basis of the credentials alone, or it may require some additional piece/s of information. A good example is that a passport may provide good evidence of identity (i.e. that the holder identified themselves to the satisfaction of their passport issuer), but the entitlement to enter the country usually derives from a visa inside the passport which conveys additional information.

It therefore makes sense to think of assertions of identity as the foundation for other layers of assertion: for instance, assertions of entitlement, or other attributes such as creditworthiness, subscriber status, location, or other data relating to this individual or this service request. We can expect multiple instances of data to exist at all these layers, and to be distributed among identity providers and service providers. In the model adopted by Sun, the Liberty Alliance and the Organization for the Advancement of Structured Information Standards [OASIS], those layers of assertion are embodied in a set of specifications known as SAML – Security Assertions Mark-up Language. This provides an open, standard way of defining and exchanging assertions about authentication (identity), authorisation (entitlement) and other service- or user-related data (attributes). An emerging requirement is for services to be granted on the basis of attribute-level data while preserving the individual's anonymity at the authentication level. This is represented in the 'Privacy-Enhancing Technology' currently being considered in support of legislation such as the European Privacy Directive.

On 21st. February 1952, identity cards were abolished in the UK. The National Registration Act 1939 established identity cards for the enforcement of security, conscription and rationing. By the date of their abolition, the identity records were being used by 39 government agencies. This has been cited as an example of "function creep" - but that's not quite accurate. After all, the "function" of the identity card remained the same: it was used to establish identity, albeit in a number of different contexts. In some, such as rationing, it wasn't even used to establish entitlement: there were ration books and food coupons for that.
To my mind, the message is actually that if the identity credential exists, then agencies will tend to make use of it. "Because it's there".
Just as it's far easier to get into a war than to get out of one, so it's far easier to make increasing use of an existing credential than it is to come up with reasons to stop using it.
Look at the contrast between the recently-introduced US biometric immigration checks, and the Schengen agreement on cross-border passport inspection. It's a lot easier to increase border checks than it is to get agreement to dispense with them.
In an interesting cross-over between the physical and virtual worlds, consider how the then US Secretary of State, Colin Powell, summed up the policy: "secure borders, open doors" Compare that with the current trend of focusing less on 'hermetic network borders' and more on 'carefully locked doors': what the Jericho Forum terms 'de-perimiterisation'. Trackback to Firewall discussion...

Hi, and welcome to my new blog.

Disclaimers first: I am not one of nature's bloggers. I can't keep a diary either. Do not expect fancy formatting, graphics, masses of clever links and so on. Do expect stuff that strikes me as thought-provoking. All I can promise is that I will blog occasionally if I think of something which might be of wider interest. That means it is likely, at least for the time being, to concern one of the following topics:

- Identity

- Privacy

- Enterprise Security

- The Liberty Alliance

- Regulation and legislation on identity, privacy, etc.

But there will also be wild off-topic digressions, and if you're really unlucky there could be the occasional haiku... Here's one to start with.

"On the first bonfire of Spring":

Yesterday's bonfire

Waves a thin white flag of smoke.

Birds invade the lawn.