There's a lot of talk about identity at the moment.
The government is arguing for an identity card system, whereby people will be issued with smartcards containing identity information. The idea being that the government will issue you with a card containing information they know about you - name, DoB, address, some kind of serial number, that sort of thing - and biometric information such as fingerprints and a photo, all on a chip that only responds when it's given a correct PIN, which they also tell you. So that if you present the card and you enter the correct PIN into a reader device and you look like the photo and have the same fingerprints, then the reader can be confident that the name, DoB, address, and serial number really do relate to you.
That's one form of identity, and one that governments like: everyone has precisely one identity, so they can't commit a crime with one, have a well-paid job under another, and then go and claim benefits with a third. "Proving your identity" means proving your real name and address.
But that is a particularly rigid idea of identity. Many people would like to have more than one identity. You might think of criminals as being the main customers of such a system, but there are many legitimate uses. For a start, most authors and celebrities work under pseudonyms, in order to build a "brand". Cherilyn Sarkisian LaPiere is better known to us as Cher. When Alice Mary Norton started writing science fiction in 1934, an era in which science fiction written by a woman would not have been taken seriously, she wrote under the androgynous name of Andre Norton. Fiction authors are particularly prone to multiple pen-names, as many of them operate in more than one genre, but the novel-purchasing market tends to like to feel that if they like one book by a given author they'll probably like others - so the authors often use a different name in each genre.
Also, there are legitimate reasons to be hiding your try identity. Somebody writing essays about How They Coped With Drug Addiction might well not want to use the same identity as they use for professional purposes; yet they would still want to use an identity that they can prove, since it would still be damaging to them if people wrote other essays under their identity, perhaps parodying their difficult struggle. And an author writing under a professional pseudonym should be able to prove that a given work of fiction was written by them under that identity, without needing to tell people what their real name is.
On a similar vein, there can be role identities, which should be just as valid as your legal name. The seat of Editor of the Financial Times is an identity that is held by different people at different times (or could even be held by a team of people; perhaps it is, I don't know...), but it's a valid identity that the current holder should be allowed to prove they hold, without necessarily needing to reveal the real name (and date of birth and home address...).
So, even despite the security implications and costs of having a central identity database, I think that a system that only allows you to have a single identity is fundamentally flawed.
Which is why I'm keen on Public-key cryptography and webs of trust. Under these schemes, anyone can create a keypair, then use that keypair to sign a statement saying "The keypair with this public key belongs to Bob Jones", and then publicise the public key and the statement (which is pretty much how a PGP public key works). My holding of the corresponding private key means I can sign other digital things (anything that can go in a file on a computer; text, photos, whatever) with that key, and anybody can get the public key and then check the signatures on all the things I sign, and see that they're all signed by the same identity.
Now, this may sound meaningless, since anybody on Earth can create a keypair and attach a signed statement to it saying "The keypair with this public key belongs to Alaric Blagrave Snell-Pym", and all claim to be me. There's nothing to stop them lying. So what good is it for me to create such an identity?
Well, the thing is, what my actual legal name is is irrelevant. If I write a series of great essays and sign them all with the same key, all that matters is that it's the same person-who-claims-to-be-called-Alaric. My name is rare, but by the same argument, you might ask what the point is in a government ID card (or birth certificate, passport, etc) saying your name is John Smith; there are countless John Smiths on Earth.
Your given name is just a label.
If you want to tie your real-life identity - as in, your friends know you by a name (which may or may not be your legal given name) and your face and voice, then you can, when meeting them in the flesh, tell them your public key (or, more likely, tell them where to get it and tell them a small fingerprint of it so they can check it's the real one you made and not an imposter). That, for them, will tie those two identities into one, as long as they trust you not to be claiming ownership of somebody else's cryptographic identity!
If you want to do it better, then you can have them issue cryptographically-signed statements using their identities saying "I, John Smith, believe that the keypair with fingerprint 1234 5678 1234 5678 1234 5678 1234 5678 1234 5678 does indeed belong to Alaric Blagrave Snell-Pym", in effect countersigning your statement of ownership. Then anybody who trusts their digital identity can decide to trust the claim of your identity, too, based on the referral.
Or you can go to a keysigning party, and prove your legal name to people you don't know by producing photo ID and giving them your cryptographic identity details. They can then issue signed statements saying that they've seen the same person produce a photo ID with the name "Alaric Snell-Pym" on it, where the photo matched their face, and then claim to own the specified cryptographic key which also has their name on it. Which, in effect, is a claim that they have reasonable confidence that the key really does belong to an Alaric Snell-Pym.
But what if you want a pseudonym? After all, a big part of the appeal of the system is that you can create multiple identities. How do you prove you hold a name you've just made up?
Well, again, the important thing is to stop focussing on the name. It's just a label. Focus on the deeds done under that identity, for they are what actually define it. If, under a pseudonym, I write a great series of essays that inspire the reader with immense admiration for my wisdom, experience with the computer industry, and critical faculties, then under the same pseudonym I write the sentence "Microsoft's next product will be a failure", then that statement will carry a lot more weight than if it had been written by an anonymous person. The fact that the same cryptographic identity signs all of the essays and the unsubstantiated statement is what matters. The fact that it might also sign a statement reading "I would like to be known as SuperNerd007" is only marginally relevant.
So, to summarise, identity is NOT about name. Look at the root of the word - the same as identical. An identity merely associates a series of deeds with a single doer-of-deeds. Associating identities with names is a convenience to let us discuss them with other people; but the name is not the same thing as the identity.
The reason governments want each of us to have a single identity, associated with our legal name, so that everything we do is lumped into one, is simple: it makes it easier for them to fight crime. If your crimes have to happen under the same identity that you use for legitimate interactions with society, then once you've had a crime associated with your identity, any place your identity is checked can also check against a list of wanted criminals and bring you in. And then the logs of everything you've done under that identity can be scrutinised for evidence.
However, if they managed to do this, it has terrible consequences for people with legitimate reasons to want to use pseudonyms or roles.
And... they can't do it. An identity card system will only force people who don't want to commit the crime of fraud to live under a single identity, because criminals will figure out ways to get fraudulent ID cards. Places with ID card schemes have recorded cases of officials who issue them being bribed - or fooled with forged paper ID in the first place. ID cards can be stolen from people with similar appearances to yourself, their fingerprints copied (if necessary), and the PIN tortured or tricked out of them. The underlying technology of the readers can be attacked, and readers tricked into saying "YES" when they mean "NO".
And the fact that, with self-created digital identities, I might publish slander and child pornography under one identity then live a respectable life with another, isn't actually that great an obstacle for the police. After all, with a simple court order they can have ISPs release their logs about the activities of my criminal identity, and thus trace back to the place where I physically go online, then a couple more court orders can find other identities that are also used from that location, or even my actual legal name, if it's an Internet connection I pay for myself in anything but cash. The use of multiple identities does nothing to protect me from the traditional tool of criminal investigation that's worked for years - the authority of the police to have private information revealed to them by organisations. It's as simple as that.
Alaric, Crypto / security, Scheme | alaric | 
Tue 27th Jan 2009 10:53 am | 
Comments (3) 
Subscribe