Private IDs - or - Time, space, and Leuven
Managing identities in 2010, impressions from LSEC event.
By Eh'den (Uri) Biber
“We are governed not by armies, but by IDs”
Paraphrasing Caird Mona (1854-1932)
It was a sunny day as I was heading from Brussels to the “Katholieke Universiteit” of Leuven, One of Belgium's most prominent academic powerhouses. Ulrich Seldeslachts from LSEC invited me to participate in a conference entitled "Managing Identities in 2010", which I gladly did (Thanks Ulrich!). Benjamin Franklin once said “The Way to see by Faith, is to shut the Eye of Reason”. In many ways the conference we participated in was all about the same subject – faith and reason. Does having both faith and reason make us half blind? Maybe, but is it the science or our faith that blinds us, or both?
It is my first blog entry in my new domain. If you look for a professional review of the Identity management conference I ask you – sorry - I beg you – run away. If you're looking for a summary of the event – I ask you – sorry – I beg you – run away. If you like to know my personal perspective of the subject of Identities please stay, but bear in mind that it is the equivalent of me after drinking three Belgian beers – you're might get a little bit shocked. And yes, there is a meaning to it all...
In that in mind, let the journey begin :)
I arrived to the University campus where the event took place and got lost for almost an hour in a magical academic center. Warm day, everything is so full of light, water steam running via the campus grounds, small hills covered with green fresh grass, big trees shading over playgrounds and hidden garden wonders. The Leuven university is full of those academic marvels, representing the googleplexes of their times. The event itself took place in the auditorium of the thermodynamics department which hold place to a huge collection of engines from all ages.
“It is of the nature of ID to be communicated: written, spoken, done. The ID is like grass. It craves light, likes crowds, thrives on crossbreeding, grows better for being stepped on.”
Paraphrasing Ursula K. Le Guin, “The Dispossessed”, Chapter 3
In many ways our existence today is a combination of both a physical and virtual entities. I know a lot of you think “hey, I can understand multiple virtual entities but what the {tootsie footsie} are multiple physical entities?” It's time for the first story of the day: A few weeks ago I waited for 45 minutes to my friend to come to where we said we will meet. We were supposed to meet at 11:30, I called at 11:45 and was told “I'm arriving in 5 minutes”. At midnight I called her to tell that I turned into pumpkin, and after 15 minutes she arrived. To be honest, she looked sensational. I mean - extremely hot. So hot, that I told her immediately “I didn't even know that you had such a body!”
(Olivia Newton John singing in the background)
Back to Virtual entities
Unless you live in a cave, a third world or you're just Amish you already have an electronic ID, or, as we geeks like to call it eID. We have so many eIDs those days, ranging from our google IDs to our corporate smartcards. We live in a world where we are bombarded on a daily basis with request to identify ourselves in order for us to do our jobs and in order to gain our goodies (and by that I didn't mean giving your credit card to an online half-naked woman). So many eIDs, yet most of us invest little to no time whatsoever thinking of the impact of those IDs on our lives.
A quote from their invitation to the conference: “Managing identities in 2010 has become a real challenge. The reality of Identity Management in 2010 is that most companies today are still trying to understand why Identity Management would need to be important to them, the type of challenges that effective identity and access management can help resolve and how it fits within their organization.”
The reason why it is hard for organizations to grasp the importance of IDs (so true in many ways) is simply because we, as human beings, still have very vague understanding that our lives today are totally different then the lives our parents had. As Gil my friend like to call it a child's mind is “a living sponge” (And yes, some of us still got stuck at the SpongeBob SquarePants stage). We are extremely good in imitating things we see and do when we are young, and what we see today is something we never experienced as children.
As a father to three wonderful kids I had observed them closely I can tell you, for certain, that I can tie their current behavior patterns to events in the past. The earlier the experience is, the more we relate to it over time.
The internet revolution had brought the usage of eID to everyone, and, like the industrial revolution - it is leading us to wonderful places and horrible places all at the same time. It allows us to progress more rapidly then we ever did before but also can bring up huge dangers we never imagined happening. In the core of everything is us. You. me. Everyone.
But who are we? Before I will get lost into a philosophical discussion, let's stick to the reality. We are human beings, we had parents (at least a mother) that was involved in our creation. We came to this world, we were registered... and off we went wondering around.
That single ID - the birth certificate - was used to represent for centuries the essence of our existence - and still does today. I can tell you that when I moved to Belgium 9 years ago I was asked to translate this document as a proof that all the other documents I have provided is valid. Obviously, the Mossad did an excellent job as no one suspected the validity of my papers ;)
Take a visit to the city hall and you will find that in the old days people been registered when they were born, when they got married, and when they died. Life wasn't really complex those days, maybe because people didn't lived for many years (Thanks to excellent hygiene practices of the middle ages and the peace that existed between nations)
Negative Rewind (AKA Fast Forward)
If I would ask you “With how many people did you had sex with during your life - including the time you got so drunk you didn't even remember your name when you woke up? (Call me Raul!!)” and you would have replied something like “I don't know, I don't even have the faintest idea”
That would have sounded like you are a really responsible person, wouldn't it? That's actually a great date-stopper, if you are ever in a date from hell you can raise it up and see your date running away. Advice - if she doesn't, then I suggest YOU to run away LOL
If I ask you the same question but instead of “how many people did you had sex with” I would ask “how many electronic IDs do you have” …. I think you might get where I'm headed for.
I know, I just compared IDs with sex. I'm a naughty boy who should be punished (Call me, mistress X)
In the past our human authentication were physical. If you ever had the chance to read “The Three Musketeers” (Les Trois Mousquetaires, a novel by Alexandre Dumas) – in the 17th century they used to have “official pass” papers with a royal seal that allowed the owner of that ID to do anything that was written on it - from leaving the premises of a city to simply killing anyone they didn't like. Ah, the good-old-days!
My childhood and adolescence IDs: I had a birth certificate, then had this “mini booklet” that tracked the immune shots I got (as you can see by my current state obviously I should have had much more shots so if you're German, good looking, have tight leather cloths and you're into it, please send me a private message. Call me, Olga!!!). When I grew a little older I had a national ID card, then driver's license, and then a soldier ID. All of them were made out of trees that were cut down to make paper out of them, so someone could print them for me. Ah, and there was that one time I got really drunk that I ended up with a marriage certificate (As they say, what happens in Vegas stays in Vegas. Call me Monique and Sheila!!!).
I still remember being asked to show my ID when I went to dance in a clubs (I miss my feather costume) . I remember of handing it over, making sure the guy return it to me after he examined it. My ID. Now days all I need to ask what ID are you talking about.
Today most of our passes are virtual and we never experienced the connection between providing an eID to what it really means – exposing our personal, private information to someone else. We can't correlate that in our mind as we can't reference it to what it really means.
Wait, what am I writing about?
“Identity management.” Oh, yes, thank you for remind me!
“Are you going to stop talking about yourself?”
No...not really.
I Kim, I saw, I conquered
The conference was excellent – LSEC did a great job in bringing experts from different parts of the Identity Management spectrum to cover all elements that are involved with eIDs.
BUT, With all due respect to the excellent speakers and subjects raised during the conference, I do have a shorter span of attention then George W. Bush and as such I want to concentrate on the one lecture that grabbed my attention. It was given by Kim Cameron who is the Chief Architect of Identity in the Identity and Security division at Microsoft. Seriously - I ask you - How can you not a love a guy named after the Israeli Superhero Kim? (Well, don't ask that question in North Korea, you won't going to get an honest answer LOL)
Now to better understand Kim I did some googling (or binging), and I found a great interview that was done with Kim 5 years ago -which led me to a HUGE surprise.
You might didn't know it but Kim also have a nick name, David, and he also works in his spare time as the British prime minister. Now, before you start blaming the proximity of the Dutch coffeshops across the border I can tell you that according to ZDNET this guy:
Is also this guy:
If you still think I spent every weekend in a coffeeshop, click here
While everyone else was focusing about the present or the near future, Kim approached the eID from a holistic, longer vision approach. Listening to Kim felt like listening to a talented professor of history giving a fascinating lecture about the French Revolution. I think if you would have given Kim the option he would have been gladly volunteered to use a guillotine to cut the resistance of governments to L-I-S-T-E-N to the industry privacy experts.
The sad point is that he people who need to make decisions about electronic IDs are people who have (surprise surprise) NO KNOWLEDGE about the subject. We already covered that subject before – and if I still have sometimes conceptual misunderstanding of the magnitude that privacy has and I've been involved in this business for... a lot of years – then politicians have really ZERO knowledge.
The reasons why governments fuck up on privacy is because governments do not want to give you any privacy! (hey, I used the F word, and I only used it now. I think I deserve a medal)
What is a Government anyway? A government is the organization, or agency through which a political unit exercises its authority, controls and administers public policy, and directs and controls the actions of its members or subjects. Read the words. Do see any word that even reminds you the concept of privacy?
Privacy is the enemy of governments. Why? Because via privacy there is the risk of people questioning the authority, the control and administration of the government. The politicians can not afford to fight with the ministries they are suppose to run, and those ministries will rather not work then give up their power. Power is the enemy of Privacy, and vise verse.
After Kim's lecture he was kind enough to spend a minute or two for a chat. We talked about facebook, which I still consider to be one of the biggest privacy risks to us as human beings. Kim, on the other hand, believes that people will not be insane enough to pay their telephone bills via facebook.
This reminded me the fact all human being are born with a fear of heights (well, except the few rare people who end up building all those skyscrapers buildings). This fear is what prevents us from jumping from a balcony, even if other people will tell us to do so. I told him about the fear of heights and the block it generate in us and I told him that I wish one day we as human beings can extend our conscious to include a fear when we will be doing something that will be a risk to our privacy. Kim said I should write about it, and this is why I wrote this blog, He also asked if I could come up with a name to this capability, and I just replied instinctively with “reason”. We both laughed :)
By the way - to my fellow Israliens - who's government is about to deployed upon USELESS DIGITAL IDs - please read this. Gus Husein is an expert on privacy, he and team of experts warned the British government that their eID project is a mess and no one listen to them, until the project got canceled. The worst part is that the Israeli design will invite a horrible, horrible privacy issue. but that's for another time.
Why do we need Privacy?
Without privacy, we will become a human ant colony
And so, how can I summarize this journey I had? First of all, I wish that more people will part of this important debate the industry is going through. Privacy is a matter for EVERYONE
If you don't believe me or you want to argue with me, or your name is Mark Zukerberg – I have just FEW word for you, let's see if that might convince you:
SEX
Do you want everyone in the world to have the ability to google your name, and next to it he could see how many times you went to a porn site, what is your favorite sex videos types, and what sexual preference you have. Or do you want the list of videos you ordered in that hotel at that trip to be available on google? This can turn your wife/girlfriend from a smiling, loving angel to miss Lorena Bobbitt running around you with scissors...
FREEDOM
Ask the chinese - If you're Chinese, most chances you will never going to even have the ability to read what I write, because most changes the blogging service I am using is blocked by your country. I am sure that every Chinese citizen can spend all their days at work surfing sites about the events in the Tienanmen square.
HEALTH
Do you want every record of your life to be available to your possible employer? Do you want them to know about that sex disease you had 3 years ago, or that injury you got in your knee when you where a child and that statistically might cause you a possible damage when you will be 45 so the insurance company at your work will increase your premiums by 50% because of that.
FRIENDSHIPS
A world with no privacy is a world with no real friends – we are a living tissue with a very complex computer sitting on our neck and that computer process information in a different way then any other computer ever created. As we are so, we think differently then anyone else on earth. We need our privacy or else we will be in a constant conflict or stress mode. Privacy is a mental requirement, without privacy we will be a damaged unit.
FINANCE
Would you like the world to know your money spending habits? Your gambling habits? Do you want your parents to know you don't eat Kosher, or Halal, or just the fact you ate snails in a French restaurant and it was delirious!
A world without privacy is a cold world where you are so exposed you are forever alone. We need to find a way to “sell” all those boring technical terms to the rest of the people who are not part of the very small circle of computer experts that talk about that. And don't you dare to ooohhh me!!!! I'm just quoting one of my friends who heard that I spent a day at the conference “Oh, poor you! It must have been so boring!!!”
Maybe we should open a facebook group about it?
Peace, Love, and Privacy
PS
Kim, if you ever read this blog - about facebook - take a look here. I still fear facebook. I get a Zukershiver just by thinking about a future where everyone are on facebook.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.