Dave Weinberger has compiled emails between a group of cohorts discussing digital identification over the Internet, otherwise known as digID. The main points are:
- The digID would be an unique and verifiable identifier to be used in commercial and other official transactions.
- The digID is primarily a tool to protect privacy and personal information. You will be able to control how much of your personal information is available to which entity, perhaps being able to sell or barter your information for services provided.
- There was reference to a connection between the digID and digital rights management (DRM). In short, the corporations will only sell to those with digIDs as a way of watermarking the file.
- The internet will evolve into a two-tiered network, one being "private" and the other "public". To get into the private network, you need a digID. This way the public sphere can continue to flourish as the greenhouse of intellectual innovation.
This last piqued my interest the most, particularly in light of the new DARPA initiative, the Total Information Awareness (TIA) program. The stated goal of TIA is to connect all database transactions in this country in real time so that investigators can run very detailed pattern matching algorithms in order to predict terrorist behavior and events.
DAM With this in mind, here are my observations about the digID scheme.
- The usefulness of a unique identifier is clear. What isn't as clearly stated is the usefulness of the absence of unique identifiers. That is the only way to ensure information privacy.
- The selling opportunities are few and only for the early adopters. Once the system has been established, there will be no need for collectors to pay individuals because all the revelant data is already out there to be had. And once the data is out there, the laws favor the collectors. All significant privacy protection is so loopholed as to be virtually meaningless. Information wants to be free.
- The tie between the digID and products is clear. In a short time, the subject will not be called digital rights management but instead Digital Access Management. You will be unable to access significant content without a digID, and the class of digID you have will determine what level of access, both in terms of content and throughput, available to you.
- And once DAM has been established, the "public" network will be marginalized, like the AM radio band is now. Only conversations on the "private" net will have any impact, because no person of any credibility will waste their time mucking through the pr0n and spam on the public net. This will also simplify surveillance. TIA will only have to look at the private net, because that's the only place where commercial transactions, like making airline reservations, will occur, and that's where every transaction will be trackable by the digID. Sure, there will be bladerunners patroling the dark net, but the underground will be forced offline.
DBs
There are two articles in particular that I have found helpful in understanding the structure of the issue. The first is a relatively oldarticle from itcon.org on the issues of database integration within the construction industry. The author examines two prevalent methodologies. The first is the wholistic approach, where there is one humongous database which captures all relevant data. The example given was a door and hardware database which, after much effort, was still incomplete and no allocation for maintenance. The other is the modular approach where the effort is placed on connecting existing databases into a meaningful and useful framework. The problem with this, of course, it being able to identify the same product or process across multiple databases.
The second is a recent article by Craig Shirky on digital dna. Craig explains in clear terms how a unique identifier is the key to getting various databases to talk to each other. He then suggests that there is no better personal better marker than dna -- the ultimate digID. Over time, if all sigficant records are marked with a dna id, then it becomes a relatively trivial task to cross query multiple databases.
OPERATIONS The questionable assumption of TIA is whether it is possible to construct algorithms that are sufficiently robust to tease out of an avalanche of data a meaningful pattern made up of a relatively miniscule number of discreet events over time. For instance, the fact that the 9/11 terrorists bought a handful of one-way tickets on the same credit card over the course of a number of days is the type of pattern that DARPA hopes to flag.
The operational concern is that the algorithms won't be or can't be adequately robust and that the number of possible patterns is so great, day in and day out, that law enforcement will be overwhelmed. And if law enforcement is overwhelmed, then the system is, in practical terms, useless for its stated goal.
This line of reasoning leads to the conclusion that, good intentions notwithstanding, TIA is not a proactive system but instead is a reactive one. One scenario has the system creating dossiers of real or perceived patterns of indiscretion (i.e. circumstantial) to be used for political intimidation and blackmail. Probably an even worse scenario is a reactive system used coercively by a blind bureaucracy, a la the movie Brazil.
Even without a Total Information system, the growing interconnectedness of private and government databases has reduced the marketable value of personal information to almost nothing. Rather than chasing after a horse that is long out of the barn, a more meaningful discussion is what will be the long-term effects on the notion of individual identity in a world where information is so promiscuous.
Some other links: The Genio Protocol: an open and distributed Digital Identity protocol designed with the identity owner's needs in mind. It focuses on flexibility, elegence in design, and being completely user-oriented. Joho Archive: Weinberger has more musings, especially towards the beginning of Jan 2003 and end of Dec 2002. Poindexterization: Keep in mind that the TIA site linked to above has been stripped of content since it gained notariety. Declan McCullagh: on other initiatives at DARPA. RFID.org: radio frequency id tags embedded where ever.
|