January 22, 2008
Privacy is a highly seasonal topic. Witness how each national championship brings us the latest about scalping. After basketball, here comes american football fever and Joe Nocera's perceptive comments (*). According to him, anti-scalping laws were used to entertain "the illusion" that your ability to "go to a big-time sporting event" did not depend on the thickness of your pocketbook. I challenge the sports monopolies to prove him wrong. Embrace "economic rationality" as you must, but create a value-based market, reflecting buyers' profiles into the price to show a genuine concern for the fan. Ironically such complex markets are enabled by the very same Internet which obsoletes anti-scalping laws (1).
Some topics though are perennial. Look no farther than Chris Nuttall's report on Yahoo's announcement that it will support OpenID (**) and a Boston Globe editorial on the Real ID (***). Identity is indeed central to our motto, Privacy, Identity, Responsibility. Real ID is a federal mandate (2) while OpenID is a private, non for profit initiative (3) but to stress this difference would be missing the point.
Identity is above all an illustration of our Rule of three. A party relies on an independent service provider to ascertain an individual's identity prior to some transaction. While calling for vastly different implementations, Real ID and OpenID are similar in that essential respect. In such a classic recommendation scheme, responsibility is clearly established. Fraud when the individual forges the recommendation, reckless complacency when the relying party fails to verify the recommendation with the recommender, and tort when the recommender issues an incompetent recommendation.
Danger however is clearly present. The Globe editorial relays the worries of Carol Rose, of the ACLU of Massachusetts. "Mission creep" may push Real ID well beyond "a driver's license that would also let its holder aboard an airplane". What a boon turning a relation-specific id into a universal ID could be for surveillance and targeted advertising, not to mention the opportunity to create a $1B business in ID theft protection.
Unfortunately Big Brothers, whether established or aspiring, are not the only problem. Bigger is the inherent conflict between ease of use and security. Quoting the Zero Day blog, Chris Nuttall reminds us that "the consolidation of identities represent[s] an "irresistible honeypot" to hackers".
Individuals cannot escape their share of responsibility. Global platform opened to any ID service provider, OpenID is decentralized as the best recommendation systems should be. Nothing prevents users to take advantage of this feature, use different providers for different relations and thus cut hackers' expectations down to size. Nothing that is but the very rationale for OpenID. What OpenID promises is to free users from the chore of maintaining a whole list of specific id's, i.e. the login information required by each online business relationship. Multiplying one's ID service providers may prevent id consolidation and discourage hackers but at the cost of recreating the chore. Why bother?
It is possible though to overcome this dilemma. The rule of three is a robust process which hackers cannot break without substituting themselves to the recommender. Requiring a human contact prior to establishing a recommendation would eliminate phishing attacks (4). Limiting the scale of each recommender would discourage direct attacks on the recommending site. A Luddite's fancy? Hardly. Bank ATM's have been so successful, local bankers are happy to notarize documents for a chance to meet their clients. A sure recipe for bankruptcy? Read Jeremy Kahn's report on Basix field agent network in India (****) and learn how to marry high technology with face to face labor. "The low end is a new source of innovation".
To this quote from C.K. Prahalad (5) by Jeremy Kahn, let me add that local agents, not central servers, brings the best out of global networks (6).
- (*) ......... Internet Puts A Sugarcoat On Scalping, by Joe Nocera (New York Times) - January 19, 2008
- (**) ...... Yahoo backs common web IDs, by Chris Nuttall (Financial Times) - January 17, 2008
- (***) ... Why not a national ID?, editorial (Boston Globe) - January 20, 2008
- (****) Third World first, by Jeremy Kahn (Boston Globe) - January 20, 2008
- (1) To organize efficient value markets, see ePrio's solution for so-called domain makers
- (2) for more information, check the Real ID Act in our Identity Theft lecture reading list
- (3) for more information, see OpenID in the Wikipedia
- (4) as a bonus the same process makes age verification fairly trivial
- (5) C.K. Prahalad is known for having called competitors to focus on core competences
- (6) if Martin Lukes, the creovation champion, ever bribes his way out of jail, he should follow this advice and starts thinking glocally.