imaginary family values presents

yesh omrim

a blog that reclines to the left


Wanted: digital passports

27 July 2010

Teresa Nielsen Hayden, bemoaning how CNN requires you to sign away your digital soul in order to post a comment on its Web site, remarks:

In the United States, we don’t have many laws protecting our personal information. We need more than we have. The alternative, the one we’ll get by default if we don’t do anything, is to have our online identities mediated by Facebook. If the government had proposed an online identity system that prone to holes, leaks, and exploits, we’d have been up in arms.

Which reminds me…

In the Anglo-American legal tradition we’ve always been antsy about government officials saying “papers, please”, but authentication of identity is one of the traditional functions of the state. The paper trail certifying that I really am Seth Gordon, for all transactions where it really counts, terminates in two places: a birth certificate issued by the State of Illinois, and a driver’s license issued by the Massachusetts Registry of Motor Vehicles. (If I had changed my name since birth, of course, that paper trail would have taken a detour through some probate court.)

The governments of Estonia and Lithuania have brought state-authenticated identity into the digital age with systems that combine a smartcard, a PIN, and the OpenID protocol. (My Web browser cannot authenticate the Web site for Lithuania’s national OpenID provider, which suggests there are a few kinks to be worked out of the system.) Why can’t the United States do the same thing?

For financial and medical transactions, this would create a single strong system for logging into the Web sites of multiple banks, credit-card issuers, and so forth. For non-financial transactions, a government-backed identity broker could authenticate a user by revealing the minimum amount of information that a Web site operator actually needs, rather than the maximum amount that some profit-seeking broker wants to share. The government could protect citizens’ privacy by offering them proxy identities: “account 2b740996-9919-11df-80f3-001aa0739303 is associated with a lawful US resident over the age of eighteen and you don’t need to know anything else about them”. And a Web site that accepted any OpenID-based authentication system could let users certify their identity through LiveJournal, AOL, Google, or any other private provider, so people who didn’t want to involve the government wouldn’t have to.

Obviously no system is perfectly secure, and letting a single agency manage hundreds of millions of digital identities raises the spectre of catastrophic failure. However, I believe that the current way we handle digital identity, juggling dozens of half-remembered usernames and passwords, is even less secure, because none of the institutions managing these databases have a strong incentive to do it right, and an attacker can wreak havoc by simply penetrating whichever system is weakest. The alternative to authentication by the government is not authentication by Bruce Schneier, but authentication by Facebook.