Security
requires Authentication...
Authentication implies Identity...
Identifiable information threatens privacy...
Digital Government Needs Both.
In Order to Understand Identity, April 28th, Join the
The
Civic Scenario Process
The use of the method in the public realm is
usually dated to the Mont
Fleur event in South Africa in 1991-92. Other
notable examples include Colombia where in 1997-98 "Destino
Colombia" aided in the leaders in coming to
a common vision of peace, and Guatemala, where 1998-2000
"Vision
Guatemala" offered a path out of the
nation's nightmare. Each of these projects focused on the
construction of the future, and created a shared vision. The
United
Nations Development Program has adopted the
scenario process for both resolving and preventing conflict.
Obviously the optimal outcome for this
workshop would be a shared and compelling vision for a
digital government where accountability prevents
exploitation of government resources, and the cost of
participation is not privacy. Such a vision is invaluable
for the general move to e-government and urgently needed in
the post-9/11 world. The projects mentioned above are famed
because of their success. For each of these projects the
road is littered with failure. The distinctions are the
quality and activity of the participants, and the intensity
and adequacy of the preparation. Thus early preparation is
critical. To ensure success, this process was broken into
two discrete proposals, the first addressing the
technological uncertainty began May 2002. The second stage
covers the second set of activities.
Technological
Descriptions
The investigation begins with an underlying
understanding of the technologies. Task groups are writing
lay descriptions of authentication and risk management
technologies. The four technology description groups will
address:
-
Biometrics
-
Cryptography
with a focus on digital signatures
-
Secure
processing/computation; and
-
Reputation
systems.
The technological descriptions include a
brief technology background: what is it, how does it work.
Supplementing this will be a technological history that
identifies critical roads not taken. After this overview
specific current technologies will be examined.
Deployments and failures of deployment will
close the technology descriptions
Scenario
Development
The civic scenario process typically
requires a two day meeting with the construction of a set of
scenarios. Usually groups at the workshop first construct
and then critique the scenarios. However, in this case the
scenarios will be constructed in advance by a team. In the
technology description task groups there are a minimum of
four technical experts. Each technology description group
will be divided across the scenarios. Therefore each
scenario group will have one knowledgeable representative
from the technology description groups. The scenarios will
be completed before the workshop. The lead time for scenario
construction is enabled by simple list technology, and
allows for a shorter and more focused Harvard event.
By making the event shorter a higher level
of invitee can participate. Secondly, a long scenario
construction time enables more detailed analysis of the
technological assumptions in the scenario. Building two
scenarios on differing technological assumptions in real
time risks a workshop blown off-course by those
well-established technological debates closer to religious
than scientific argument. Advance scenario development
increases the probability of remarkable success in the
workshop. Each scenario will be subject to breakout groups,
with each group looking at each scenario once.
The second day will be used to define areas
of agreement and areas of disagreement. Ideally the scenario
meeting will result in all participants agreeing upon a
single scenario after extrapolating the others forward. The
workshop will be divided into groups after the areas of
consensus are well defined. Different groups will take this
consensus and work on different products. One group will
work to develop research questions to ensure that the
promise of the scenarios can be met. This group will be
guided by the results of the 2002 workshop on Digital
Government as well as the April, 2003 workshop. One group
will develop a set of guidelines for policy makers to use
when evaluation the inclusion of identity or different types
of identifiers in system design. Clearly this is an
optimistic agenda.
In order to make certain that the full two
days are available the participants will be asked to arrive
the night before. In order to make certain that no scenario
disagreements hinder cooperative work on the second day, the
first day will end with a lobster bake in a casual
environment. After the work has begun with the technologists
to discuss the technologies championed for identity on-line.
So-called digital signatures, biometrics identifiers, secure
processing, and secure routing will be explained for the lay
person. The initial planning for the workshop and the
technology descriptions were covered in a previous proposal.
Currently there are four proposed scenarios. Contributors
are invited to alter and create their own scenarios.
The five scenarios are:
-
Single national
identifier
The idea of a national identifier gained currency in the
wake of 9/11. The national identifier program is moving
forward through the coordination of the fifty state
drivers licenses' authorities. A similar implementation
can be seen in some identity management systems, which
concentrate all data in a single account. Currently the
Social Security Number is widely used as an identifier
but it cannot be said to be ubiquitous and universal.
This proposal will draw heavily on the secure hardware
technology group.
-
Sets of
attributes
The previous scenario offers a single
credential. In this proposal each person has a set of
identifiers stored in secure hardware or in a series of
devices. If the single credential is analogous to a
signature, then the set of attributes is analogous to
the key ring. In this case the multiple PKIs and devices
will have some limited interoperability and potentially
complex risk cascading issues. This scenario will draw
heavily on the reputation technologies work.
-
Business as
usual
In this scenario there will be a continuing
growth of ad-hoc identifiers in the business world. The
identifiers and practices in the business world are
adopted unaltered for e-government. Such adoption is
most likely in the form of closed code.
-
Ubiquitous
anonymity
Under this scenario the tools of
crypto-anarchy serve the ends of e-government. The most
effective tools for ensuring anonymity are linked with
particular assertions, for example, the assertion of
Veteran status. Yet financial transactions and
information requests can be made entirely anonymously.
-
Ubiquitous
Identity Theft
The widespread use of commonly available information has
systematically broken down. Assertions of identity are
still used from historical necessity. Yet the
assumptions about identity to information links on which
so many systems have been built have been broken down.
Continuing ad-hoc methods (such as call backs so that
individuals cannot simply call or contact service
providers including government) are subverted as soon as
they are widely implemented.
Each scenario will illustrate the promises
as well as pitfalls to be avoided. If no consensus is
reached, all scenarios with comments will be presented.
Hopefully all participants will agree on a single optimal
path. However, given the variety of participants (law
enforcement, civil libertarians, and technologists of
various political perspectives) it is quite possible that no
consensus will emerge.
The Harvard Meeting
At the invitation-only workshop the
participants will explore the set of technologically-based
scenarios. These scenarios will reflect possible visions of
the interaction of citizens and government in the digital
age and the digital marketplace. The workshop will end with
a final brainstorming session on a draft policy.
A meeting report will be available after the
meeting. To order the report use the registration
page.
|
