by Julie Bea

October 27, 2012

from GetMindSmart Website
 

 

 

 

 

Fencing the Internet:

Identity Management Launched in the UK

 

 

A gated community on the Internet is about to take shape.

 

It begins with identity and deals with mis/trust; sorting the wheat from the chaff. It facilitates auditing of all e-transactions, to fight cybercrime and ensure compliance.

 

This is the new smart world, where control of identity is key.

Eleven years in the making, the system of global Identity Management (IdM) is backed by those with the most to protect, and will bring in Internet Governance by the back door. It will give everyone a unique ID, for life, and make us all very careful about what we do online, as all e-transactions will be marked with the time, date, and identities of those involved.

All the public is being told, however, is that we need these measures to protect against identity theft, and other cybercrimes, and that surfing the Net will be easier.

 

IdM experts in the US have just released a short draft of scenarios envisaged for online ID:

Mary is tired of remembering dozens of user names and passwords, so she obtains a digital credential from her Internet service provider that is stored on a smart card [and so] is willing to conduct more sensitive transactions...

  • logging into her bank and obtaining digital cash

  • buying a sweater at a new online retailer

  • signing documents to refinance her mortgage

  • reading the note her doctor left in her personal health record

  • sending an email to confirm dinner with a friend

  • checking her day's schedule on her employer’s intranet portal....

The UK government has just announced its intention to offer a digital sign-in to access government services online.

Coverage of this report suggests Facebook will be used as an Identity Provider (IdP), but a little digging reveals that Facebook could only be used for low-security log-ins, such as browsing websites.

 

The global identity ecosystem (below video) involves making all online identity protocols work together under the same set of rules.

 

 

 

 

 

 

 

 

 

Governance is achieved by bringing the Trust Frameworks for all the various ID systems into alignment with global standards.

 

Websites will be expected to display a trust mark to show that they can be trusted as a ‘relying party’, and can interact with consumers through their IdP.

 

As more websites and people sign up, the trusted community expands, and the Identity Providers (and governance bodies) become the Internet gatekeepers, especially since all online payments will require authentication, and cash is on its way out.

Some privacy groups point out the UK plan is not a centralized government database, and there is no physical ID card.

 

These points are irrelevant since databases do not need to be centralized, just accessible - and an ‘information card’, for people without a smart phone is likely, as it adds authentication to the password.

All of this brought to you by the Identity Providers, most of who have designed and promoted this system from the start.

You will be asked to trust banks and corporate giants (yes, really), including,

  • Google

  • Paypal

  • Verizon,

...with your credentials.

 

Sure, you get to spread them around a little, but they will be in far fewer places, and marked with your ID number.

 

These Identity Providers are all linked under one system (i.e. ‘federated’), and the same sets of rules, such as those devised by the TSCP, whose members include,

  • the US Department of Defense

  • the US Secret Service

  • the UK Ministry of Defence

  • Microsoft

  • Lockheed Martin

Identity management is the way the Internet of Things (IoT) is controlled; this involves gathering vast amounts of personal data.

 

As part of this, ID chips will be placed into most everyday objects, such as clothing, indicating our behaviors and preferences.

 

Each object will be tracked against the identity of its owner, hence each person and each object needs to have a unique ID, enabled by trillions of unique ID address spaces created by IPv6. Thus, each entity has a signifier to denote its attributes, so it can be understood by complex computers; this enables efficient processing of 'things', and their relationships, in the information network.

Data is king; telecoms and banks have "merged to surge" in this age of everything everywhere enabled by smart phones and sensors.

 

Data sharing is the focus, as foreseen by dozens of Internet giants back in 2001; Sun Microsystems (below video), in opposition to the launch of ‘Passport’ by Microsoft, formed the Liberty Alliance, together with companies which included,

  • Intel

  • MasterCard

  • Nokia

  • Oracle

  • Royal Mail Group

  • Vodafone

 

 

 

 

 

 

 

 

Morphing into the Kantara Initiative in 2009, the group has worked closely with the International Telecommunications Union (ITU) over the years, developing standards to ensure global interoperability.

The Alliance began working with governments around the world in 2006, when the UK government won the Liberty Alliance IDentity Deployment of the Year Award , as,

“international recognition of outstanding work around open, interoperable authentication in the e-government sector”,

...achieved with a one-time password system, for filing tax returns, etc., as is now being proposed as part of the “digital by defaultdesign.

Evolving from these concepts is the real standard setter for the global identity ecosystem - the National Strategy for Trusted Identities in Cyberspace, or NSTIC, officially launched in 2011 by the U.S. government (below video):

 

 

 

 

 

 

 

 

 

A report by the NSTC Subcommittee on Biometrics and Identity Management (2011) expects smart phones, and their “expanding suite of sensors” to,

… provide secure user authentication for trusted transactions and still allow for forensic analysis of transactions under judicial authority when cause is shown.

The identity ecosystem gives you privacy from most but not all.

 

You will have little to no control over your identity, because the Identity Provider holds the purse strings, and simply ‘allows’ you to take out a token (an ‘attribute’) sometimes and show it to someone, but then you’ve got to put it back in the purse, because the purse does not belong to you.

 

Your IdP can show all the tokens in the purse to third parties, namely neuromarketers and law enforcement agencies (the data is also invaluable to researchers, insurance companies, and employers).

 

But the IdPs hold the purse strings, and profit directly from the data they hold on you.

Numbered, ranked, and kept in line - and profiled to the nth degree - the commodification of identity adds value to reputation capital gained from online status and changes the game of commerce; risk, liability, and non-repudiation.

The simple fact that IdM allows for auditing and forensics will be enough to radically alter behaviors and relationships.

 

Day-to-day ID control will entail the persistent monitoring of our biometrics to counter identity spoofing, while smart phones will become too valuable to lose (below video):