Sovereign Identity

December 27th, 2002 | Posted by paul in Uncategorized

There has been an ongoing discussion about Digital Identities between Doc Searl, Eric Norlin and David Weinberger. And this months CIO has a great survey of which #8: Identity Crisis talks about the necessity of decentralizing our identities. It makes the very important point that if we rely on increasingly unique biometric identifiers it would only make the problem of identity theft worse. If someone is able to spoof your fingerprint or other biometric identifier, then how would you be able to prove you were you? The answer lies in giving you back control of your identity. Afterall, as long you have control over your identity, does Amazon really need to know who you are, as long as you can secure payment?

John Gilmore is also challenging identity by refusing to give his ID to board an airplane.

Freedom of Travel. I’m suing Attorney General John Ashcroft and various federal agencies, to make them stop demanding that citizens identify themselves in order to travel. Not only airports, but trains, buses, and cruise ships are now imposing ID requirements. This violates several constitutional rights. Stop showing ID whenever someone asks (or demands) it, and you will start to discover just what your rights are.

From this months CIO:

“As long as security relies on identity, then ID theft becomes an effective way of committing fraud,” Schneier adds. “And creating stronger IDs [through biometrics] only makes the problem worse.” Likewise, putting all of your customer information in one central database only heightens the chance that identifying information will be stolen. After all, it’s much easier to break into a large centralized database than small separate databases. And resourceful thieves will always find a way around the toughest security, as Ford and Experian have learned to their chagrin.

To avoid a similar disaster on their turf, CIOs should insist their company’s customer data be kept in separate databases protected by a number of different security measures. And they should push their company to adopt safer business practices that require customers and employees to use a number of different identifiers to gain access to personal data. For retailers, that might mean implementing other business safeguards, such as matching the shipping address with the home address on customers’ credit reports. In the meantime, legislation that bans the use of Social Security numbers and other personal identifiers in instant credit e-mails or letters has already been passed in California and is being considered in other states.

“If you had a dozen IDs and they weren’t linked together, now that would be difficult to steal,” Schneier says. “Decentralize, distribute. There is never one answer to security.


You can follow any responses to this entry through the RSS 2.0 Both comments and pings are currently closed.