One of the most shocking developments today is the proliferation of digital surveillance and identity profiling, with little or scant regard for the protection of individual liberties or the sanctity of our society as a whole. What makes this particularly galling, is that despite there being so much wellrespected, high quality and widely read literature on the subject, both our governments, and we as citizens, have failed miserably to contain or manage the risks associated with the digital theft of our real freedom.
The greatest tragedy of this abuse of our digital identities is that it erodes our confidence in the very technologies that we need to forge our Path to prosperity. We need digital communications technology to drive the blossoming of microeconomic activity, the super-economy of our future. But this is only going to happen if the average citizen can trust the technology to be their asset, rather than an instrument of those that might oppress or manipulate them.
The status we have now is rather like wearing a kimono. If we really wanted to maintain our privacy we would have to abstain from virtually every aspect of modern life: no credit cards, no e-mail, no telephone, no taxes, not attending any major event or walking the streets of any town or city. But we don’t live that way, and who would want to live under those conditions? The trouble is that we assume that there is a rule of law in the digital world, just as there is in the real world. In actuality the digital world has streaked ahead of our legal protections, and operates in a space with about as much oversight and regulation as the credit default swap and derivatives markets, i.e. none at all. If you open your kimono even a crack, you may as well be naked. In the digital world there is nothing to prevent a whole host of people and organizations from tracking your every move, snooping on your communications, storing private information about you, and correlating that with who knows what they think they know about your friends. To make matters even worse, they’re going to mix your identity up with the data they have about everyone else in the world with a name spelled vaguely similarly to yours, and whomever now has your old cell phone numbers.
Neither politicians nor the senior members of our legal establishment have had the technical understanding to be able to grasp the fibers of the digital world. We need to subject digital information to the same rigors and standards that we have developed in the pursuit of, and protection for, the liberty of the average citizen – liberties won at great personal cost to many over the centuries. The digital world needs the rule of law, just as much as the real world does.
We must start by accepting that digital identity is part of our present and our future. Once we’ve done that, we can move on to purposefully create a secure digital identity system that has our privacy and the protection of our freedom at its core. It’s not too late, but we really need to get on top of this one right now.
We need a founding legal framework that enshrines our right to privacy, and includes the right to review any personal information held by any other party. Once we have codified the concept of digital privacy and enshrined the rights of the individual to that, we can move on to use technology in ways that will truly serve us.
A secure digital identity system is possible, and we already have all the technology necessary to build one. The security of the system and the protection of our freedom are not to be found in the technology itself, but in how it is structured and deployed. By separating identity from information, we can control our exposure and simplify the system. Imagine if your medical records at your doctor’s offices did not have your name on them; they have all the information about your health, but only a key to your identity. That key only links the information to you when you turn the key in the lock, using parts of your private identity. That is how digital identity should work.
Here are some of the vital elements of a functional digital identity system, to give you an idea of what we are going to have to build in order to harness the benefits of modern technology to serve us all, as we travel down the Path.
- One of the most important standards, is to avoid the collection of large amounts of data in one place. Data should be dispersed, as much as possible, into separated storage silos, each with their own security and access controls. This limits the exposure of any security breach, and makes it almost impossible to mine for information without the appropriate permissions.
- A functional digital identity system will also allow the individual to disclose only those parts of their identity that they wish to, for any given transaction. Buying a train ticket and cashing a check can require completely different levels of identity verification.
- All this can be done without obliging anyone to carry any form of digital identity card, certificate or token. It can all be achieved with a combination of biometric and biognostic information. If we value our freedom, we can never let it be an offense to be peaceful in public without a form of identity.
- Another important feature of a secure system is that it requires the buildout of a secure network that is used to transmit sensitive information, separate from the general access Internet.
Interoperability between the distributed systems is required for the overall functionality of the system, and that means that we need universal standards for the basic elements of digital identity. Without such standards, the systems and the data they contain will remain veiled behind the barriers of commercial intellectual property.
The xID standards developed as part of the Standards of LIFE provide a framework for the key elements we need, including:
- The content of a digital ID record
- A mechanism for verifying the quality of an identity match
- Audit, search, investigation and management processes
We need to start building a secure, privacy-orientated, public, global digital identity system now.The timescale to implement this is a minimum of three years, and is more likely to be five years, which is half the time we have available to turn our societies into functioning super-trio environments.
We can, and must, start building different aspects of The Path now, and implementing a digital identity system is a keystone element that will make full super-trio functionality both easier and faster.
The reason why all of this matters, is because we need to be able to trust digital systems. Digital communications are vital to enabling the new micro-economy, essential for an energy-efficient future and necessary for administrating our new super-democracies. So we need to reach a place where we can be reasonably assured that allowing our identities to be digitized is not sacrificing our freedom. We need underwear under our kimonos.
Part 19 in the serialization of the The Path to A Future – published 2009.
A new section will be posted every 2 weeks during 2011. Enjoy!
To get a free PDF of the book go to www.standardsoflife.org/thepathtoafuture.