how to prevent the world wild web identity crisis

Monday, June 01, 2009 idplatform.eu 1

How to prevent the World Wild Web Identity Crisis

By idplatform.euidplatform.eu a non-profit organization in the process of foundationPresented by Helmer Wieringa

Contact details: [email protected]


Structure of this presentation A. What is the problem anyway? B. Identity and privacy problemsC. The struggle to solve the problems D. Learned lessonsE. Solution direction: certified open identity providers

F. How would that work G. Some innovations

H. Recommendations for International Collaboration 2.0 I. How could idplatform.eu help


A. What is the problem anyway?


Privacy?!...

I don’t care; I have nothing to hide…


WANTED:YOUR IDENTITY

BYCriminals

GovernmentEmployers

Business RelationsService ProvidersFamily & Friends

TO CONTROL YOU


But first some definitions…

Identity Personal information Privacy


There are two sides of the identity coin…


idem identity, meaning an identity based on an arrangement; the purpose is persistent identification Idem identity

Individual


ipse identity meaning the way you are identified and categorized by your self and others; the purpose is the construction of the self

Ipse identity

Individual

See summary of Future of Identity In the information Society FDIS The concept identity Ricoeur; Beller; Leerssen


What includes personal information?


Some Personal Information Facets*)

*) Reference: Privacy in the clouds, A. Cavoukian, Office of the Information and Privacy Commissionar, Toronto, Canada – combined with p3p categories

Biological Biographical Demographical Genealogical Professional ReputationalRelationalPolitical

AdministrationalComputational Historical Transactional LocationalEmotional Attentional Preferential


Many definitions of privacy here follows just one…


An individual's privacy is their ability to control the flow, boundary, andpersistence of their personal information*)

*) Privacy in the Clouds A. Cavoukian


So, do you want still to be identified without knowing this and why and to be constructed by others?


I still don’t care

That’s fine but stop listening to

or reading of this presentation


We return now to the daily problems...


Users hate to register for services and are frustrated by lengthy enquiries and often back off


Users can’t remember user names and passwords


… and have on average hundreds of those user/name password combinations


Users are exposed to the risk of identity theft

The number of US adult victims of identity fraud 8.4 million in 2007.

Total one year fraud $49.3 billion in 2007

The mean fraud amount per fraud victim $5,720 in 2007.


Users don’t read privacy policies and don’t trust service providers anyway…


… and they are right… service providers change privacy policies without notification


Individuals have no idea what others think to know about them and why


It is often impossible to unsubscribe from e-newsletters


Often impossible to correct personal information in databases

Kowsoleea is een Nederlandse ondernemer van Surinaamse afkomst die ten onrechte bij veel overheids-instanties te boek stond als een harddrugscrimineel. De reden hiervan was identiteitsfraude: een verslaafde aan verdovende middelen gaf zich met regelmaat voor hem uit. De overheid slaagde er niet in om de negatieve en zeer belastende registraties op naam van meneer Kowsoleea op de juiste naam, namelijk die van de echte dader te zetten.


Spam is distributed by the use of your own email address


Service providers - even with “good” reputation - track your behavior across websites by use of super cookies...


... only to be removed by special browser add-ons like Better Privacy for Firefox


Privacy legislation is too complex and is an obstacle for business and innovation;projects with insufficient privacy are rolled back.


Most organizations are not able to protect confidential data; information breaches are daily news


April 30, 2009State officials are notifying more than a half-million Virginians that their Social Security numbers may have been contained in a prescription drug database that was targeted by a computer hacker April 30. The hacker gained access to the Prescription Monitoring Program computer system, which is designed to deter prescription drug abuse, and demanded a $10 million ransom. The hacker has not been identified

Virginia patients warned about hacking of state drug Web site

http://hamptonroads.com/2009/06/officials-hacker-may-have-stolen-social-security-numbers


“Almost one in five businesses in the UK has unwittingly breached the Data Protection Act meaning illegal data transfer to third party” according to research of the British Standards institute


Enforcement of privacy legislation is practically impossible


IN SHORT: IT IS A MESS


We need fundamental change…


To summarize: we should reduce the cost and effort for…


… user enrollment and participation in a community, by improving usability and transparency about what is agreed on


…users to cancel a service and give them assurance that they can….


…leave without a trace and fear of stalking, resulting in more trust and openness


users to correct their personal information, by offering read/write access on their data


…service providers to effectively engage prospects and increase # of registrations, by rigorous standardization of procedures


… users to receive relevant and effective service and information by giving them control to define their needs in a consistent way.


…service providers to distribute targeted and effective information


…service providers to comply to data protection legislation


…service providers to design innovative personalized services by removing privacy headaches out of development projects


…service providers to regain trust by their users by embedding privacy enhanced technology


…providing transparency for users regarding service providers behavior by easy to understand standard notifications PRIVACY

HIGH PRIVACY

MEDIUM PRIVACY

LOW

PRIVACY ASSURED


…governments to enforce data protection and privacy legislation by embedding real-time auditability


All these improvements are necessary for two-way trust and effective communication


We have to reduce the cost and effort for: Participation Correcting personal data Preventing spam & stalking Canceling services

Engagement Data collection Data destruction Personalization

Compliance Obligation management Privacy assurance Enforcement

That is quite a lot… Do you really think that it will sort itself out?

And leave it to some legislation &complying service providers?


B. World Wild Web Identity Struggle

The struggle to solve the problems


The problems have been predicted by writers, philosophers but have been actually addressed since 1970 in the information technology domain.


Explosion of activities to solve the problem…


… of any scope, shape and form driven by Governments

As legislation developer As service provider As funding provider for programmes

Universities Standardization organizations Multi stake holder platforms Innovation institutes Technology vendors Service providers Online Child protection organizations Self regulation Open source communities Hackers Criminals Human rights organizations Political parties Citizens

Many at the table but the main stakeholder:

the citizen is missing


And no surprise: no consensus yet


C. World Wild Web Identity Lessons

Five main learned lessons


1. Everything should be done to give the user control over the collection, use and disclosure of their personal information by others…


…which is a critical success factor for any digital identity system to be built


… ignoring this lesson will result in projects doomed to fail


2. Self regulation has failed in the privacy and identity domain(does this sound familiar?)


…so compliance to legislation should be embedded in the technology without losing the freedom of the current Internet practice


3. Informational dominance ofone or a limited group of parties will not be accepted in the context of personal information…


4. Storage of personal information should be reduced as much as possible…


…service providers should adopt the just-enough-data-to-do-the job principle and work with partial identity


5. Migration strategy & tactics should be very smart and the execution should be a like a military operation…


…and develop a practical and feasible approach for semantically interoperability (shared profile)


D. World Wild Web Identity Solutions

idplatform.eu solution directions


Introduce the conceptCertified Open Identity Provider which…


… acts on behalf of the individual


…is a trusted custodian of a part of individuals personal information


…can be compared to a financial bank: protecting personal information instead of money


… is intermediary for all personal data transactions


…should also be able to assure anonymity of users


…should provide personal information to third parties only with explicit consent of the user


…should store the history of personal information transactions, only to show the user who knows what about me


… notify me when a service provider is changing a privacy policy


…should - if desired - send legal request to delete information about me, as part of a service cancellation


Service providers can outsource a lot of data protection and privacy compliance headaches to an Identity Provider


…and focus on their core services


Some rules and principles for identity providers


Everybody is allowed to act as an Identity Provider…


…but there should be some rules…


…IDPs should be certified by an organization which is installed by government but independent of it (like the legal power)


Some criteria for certification… Accessibility Usability Transparency Security Reliability Resilience Interoperability Identity portability Data protection Privacy assurance Fraud detection policy

That is quite a lot… Do really think that it will sort itself out?

And leave it to some legislation &complying service providers?


Users can choose a Identity Provider they trust and should be able to switch/migrate data to another Identity Provider if they wish


Expectation: individuals will use 5-10 Identity Providers for special domains like travel.id; volunteers.id; financial.id; care.id, ngo.id, governement.id


Still a lot to remember but better than hundreds of passwords


Advantages

Assurance of Privacy Security Accessibility

Enabling Effective communication Sustainable commerce Better services Innovation

Cost reduction


E. How would that work?


Alice stumbles upon an access controlled site schools4africa.com which is member of i2c.com federation


Alice enters only i2c.com in a login field on the site school4africa.com and clicks on the let me in button

I2C.com Let me in

Schools4africa is member of i2c learn more>>>


….meaning: hey schools4africa.com, you don’t know me yet, but let me in quickly the guys at i2c.com know some information about me


School4africa.com notices some knocking on the door, it is a stranger which is claiming to be member of i2c.com


Schools4Africa.com goes to i2c.com verify the identity of the stranger and requests do you know this person?


Two possibilities A. Alice is already logged on at i2c.comB. Alice is not yet logged on at i2c.com


If Alice is not logged on at i2c.com, 12c.com just requests to log on in traditional way user name/password


I2C.com does knows Alice’s identifying personal information


Alice’s identifying information at I2C MasterID: 5r7jd0spmas56dsffgh3ssapg Real name: Alice Waters Date of birth: 19-06-1970 Nationality: Gambia Email address [email protected] Profession: school director Organization: Water management University …… ……


By the way: Alice does trust I2C because they assure privacy

PRIVACY ASSURED


I2C.com confirms to Schools4Africa: we know the stranger knocking at your door, what do you want to know about this person?


Schools4africa to i2c.com: that is great, we need only information about the profession and nationality and the right to contact Alice. Can you ask this on our behalf to Alice?


I2C.com to Alice: For getting access to Schools4Africa this site would like to know the following information:Profession = “school director” Nationality = “Gambia”and they would like also the right to contact you Alice is that ok with you? … just click OK


I2C.Com to Alice …and by the way we don’t provide any further information to schools4africa other than an unique, dedicated reference number only known to you and schools4africa an us…


Assume this number to be an unique number representing your relationship with schools4africa; by the way you don’t have to remember this number: i2c does this for youYour relation number at school4Africa.com is http://i2c.com/re6tgw787w9hdh78wggfew555hh6hhh333656


Alice thinks that’s cool fasttrack registration! I like those smart guys at Schools4Africa now already. Of course are they allowed to know my nationality and profession.


So Alice is ok with School4Africa’s requests and confirms with one-clickProfession = Schoolteacher

Nationality = Gambia

Right to contact = yes

OK

Alice if you click ok, this information is sent to schools4africa.com


Schools4Africa receives just partial information and redirects Alice to the special area about school projects in Gambia


In future sessions between Schools4Africa and Alice, more information can be requested; But future personal transactions will all be logged by i2c.com


Schools4Africa does not have Alice’s email address but they have the right to contact…


…this means that schools4africa can only send messages via the identity provider: [email protected]


Alice can cancel the account at Schools4Africa and request to delete every data stored about her at Schools4Africa


It is a pity for Schools4Africa but they can easily fulfill this delete request, because every piece of data is stored under the relation number.


School4Africa can’t contact Alice anymore the relation number is canceled, but if would illegally an email, they would get caught by I2C.com and receive a warning or a fine. The message will not be forwarded to Alice.


F. Some innovations


Facebook connect a transparent user interface…


Showing the user what is happening


Vidoop smart password management


Only three categories to remember

Keys, Castles, Beverages

Q Y P

Every day

a different

password!


Confirmation of Vidoop registration


G. Recommendations to parties that want to federate


Establish an really independent organization to become the Certified Open Identity Provider as described


1 standard agreement instead of 36 approaches negotiations & contracts

2

1

35

6

4

IDP independent

neutral governance


… and assure interoperability


Sharing partial identity across service providers

2

1

35

6

4

IDP independent

neutral governance

Individual:

Yes provider 2 and 3

sharing information about me is fine


One interoperability example


Interoperability: User attribute verification

I2C.ID

GAMBIA.GOV.ID

CARE.ID

Schools4Africare6tgw787

Nationality =Gambia

Federated Services providers

I2C.IDhas requested us to confirm your nationalityfor an unknown

service provider

logged on gambia.gov.id

Yes, confirm my nationality

I2C can you confirm nationality of the individual with # re6tgw787….

1

2Gambia.Gov.id can you confirm nationality ?

3

4 5

6Nationality =Gambia

Heath4Africaf45dlnqs9

logged on

Government departments


Start simple and implement incremental improvements against a roadmap


H. The professional voluntary network organized by Idplatform.eu can help you with the roadmap and development


An overview of inspiration, relationships and activities of the IdPlatform.eu

Initiative IdPlatform.eu

Developingawareness

Political parties Public

GovernmentsCompanies Non-Profit

Funding

GouvernementCommercial

Private

StandardsProtocols

Semantics Interoperability

Security

LegalObligations

Enforcement Liability

PortabilityCertification

Idcommons.org

(mainly focused on developments in the usa)

DevelopmentOpen source

UsabilityAccessibility

Project: European

Digital Identity

InnovationVirtual relationmanagement

Privacy enhancement e-Democracy

includes activities:

inspired by seeks

collaborationwith (?)

Idealism Human digital rights organizations KnowledgeVirtual communities UniversitiesInnovation institutes Government programmesStandard organizations Commercial innovation

inspired by:

Knowledge management

Conferenceswiki.idplatform.eu

WorkshopsDevCamps

includes:

Potential Identity Providers

& Software vendors

can support

Potential Relying Service Providers

invited to contribute


Prototype development

Purpose: digital identity awareness and learning Goal: build an operational identity provider prototype Getting there:

Preparation Aug - Oct 2009 (Roadmap, Working groups, Wiki, Con calls, Open Source

Store ) Prototyping

Kick-off 9 – November Two weekends Delivery end of November


Roadmap [draft]

Shared Rules & terminology

E-Citizen Rights Shared approachEnrollment &

password managementdevice independent

Shared user attribute

profile schema approach

Shared rules & terminology

privacy policy & privacy assurance

Shared Rules & terminology

identifiers

Select one of more code sets as

starting point

European PrivacyData Protection

Directives

7-Laws of Identity XDI

OpenID/OAuth

PRIMEPrivacy and

identity management for Europe

Collect usability andaccessibility guidelines

Usabilityreview

Usabilityreview

Usabilityreview

Usabilityreview

Shared general architecture

& terminology

Shared approach User Data Exchange

Federation rules

European Digital Identity month location?

Thursday Nov 5 Identity debate Weekend Nov 6-8

Devcamp

Nov 9-21 Documentation

Evaluation

Weekend 23-25 Devcamp

Aug

Sep

t O

ct 0

9 pr

epar

atio

n ph

ase


Start with available Open Source Code: www.idkee.nl

An OpenId/SREG prototype Hosting sponsor Ruby code available Currently operational


Proposed prototype extensions Legal framework General usability improvements Identifier management

Directed Identity Anonymous, Pseudonyms, Real-names

Proxy email/Right-to-contact Device independent password challenge

Mobile phone, Phone, Desktop Semantic profile transformation

how to prevent the world wild web identity crisis

Technology

privacy problems

privacy commissionar

better privacy

includespersonal information

personal information

right service providers

summary offuture of

information society