Plurality of Identities, and trouble ahead with biometrics

| November 1, 2007

The idea of biometric authentication plays straight into the view that each user has one “true” identity underpinning multiple authorisations.

I recently noted in the thread on identities and keys that: [We need] identity frameworks (like the Microsoft developed Identity Metasystem aka Cardspace) that permit as many “identities” as there are contexts in which we assert ourselves.

We are in the midst (I hope!) of a shift to a new paradigm based on a plurality of identities. And I think I’m using the over-wrought “p word” here in its proper context. The current “singular identity” paradigm has had a deep and unhelpful influence over the way we think about all sorts of things, including smartcards, PKI, biometrics, the semantic debate over “authentication” versus “authorisation”, and therefore the underlying architecture of many approaches to federation.

I recently noted in the thread on identities and keys that:

[We need] identity frameworks (like the Microsoft developed Identity Metasystem aka Cardspace) that permit as many “identities” as there are contexts in which we assert ourselves.

We are in the midst (I hope!) of a shift to a new paradigm based on a plurality of identities. And I think I’m using the over-wrought “p word” here in its proper context. The current “singular identity” paradigm has had a deep and unhelpful influence over the way we think about all sorts of things, including smartcards, PKI, biometrics, the semantic debate over “authentication” versus “authorisation”, and therefore the underlying architecture of many approaches to federation.

Maybe the very idea of federation would be transformed by the acceptance of a plurality of identities?

Ironically I suspect that the “singular identity” paradigm is a phenomenon of the new discipline of Identity Management, and not the other way around. That is, before the advent of IdM as a field (and before the Internet) I reckon we lived in a universe of plural identities. Traditionally we organise our lives according to strict and very intuitive separations between our identities as citizens, spouses, company directors, employees, customers, members, patients etc. as applicable. It seems it was only after we started getting computer accounts that it occured to people to think in terms of one “true” identity plus a constellation of “roles”; or to use the orthodox jargon, one authentication plus several authorisations. So the irony is that the advance of Identity 2.0 might take us back to the way identities were before the Net.

Now at the risk of drawing a very long bow, let’s consider the possibility that this singular identity paradigm has enabled, without anyone noticing, the rather too easy acceptance by security experts of biometrics.

The idea of biometric authentication plays straight into the orthodox world view that each user has one “true” identity that underpins multiple authorisations. The strong intuitive attractiveness of biometrics must be based on the idea that “what matters” in all transactions is the biological organism. But it’s not. In most real world transactions, the “role” is what matters, and it’s only under rare conditions of investigating frauds that we go into the forensic exercise of locating the organism.

There are huge risks if we were to make the actual organism central to routine transactions, by deploying biometrics too expeditiously. It would make everything intrinsically linked, implicitly violating Privacy Principle No. 1: Don’t collect personal information that is not required for the transaction at hand. The stakes in biometrics are extremely high. As yet there is no proven way to cancel and re-issue a compromised biometric template (and I worry that fundamentally it can never be done properly without trading off integrity). And despite the very finite, often suprisingly large false match rates, biometrics are still thought of, even promoted, as proving “unique” identity.

Why is the IT community, especially in these times of trepidation, so willing to embrace so quickly such a risky approach as biometrics? Have we all been inadvertently seduced by the idea that a single identity is sensible? And has that idea only originated very recently in history, as a side effect of the computer age? If the idea of a single identity is really immature (or simply wrong) but at the same time it dulls our critical faculties when it comes to evaluating the radical new field of biometrics, then there’s trouble ahead.

Cheers,

Stephen Wilson.

SHARE WITH:

0 Comments

  1. Nick Mallory

    November 2, 2007 at 1:42 pm

    some thoughts

    There's an iron rule which holds that the more the word 'paradigm' is used in any particular argument, the more risible the proposition being put forward. Anyone who's ever been unfortunate enough to read any post modernist tract would certainly attest to that. Mr Wilson is obviously aware of that rule but flirts dangerously with breaking it all the same. I would disagree with his argument that IT has changed the nature of identity, see the use of biometric IDs as a merely technological challenge the same as any other and argue that the problem is not how we are asked for our identity but how often we are currently required to reveal it.

    Despite what the piece asserts, this is not a new problem. A huge percentage of our brain is devoted to 'identity management' – it's called recognising and remembering people's faces. That's still something at which humans excell and computers are terrible at. Our faces alone used to be the difference between being welcomed back round the campfire and getting clubbed to death with a mammoth bone. The fact that we have evolved this ability proves that it's always been an important issue for our species. As we now live in a modern mass society, rather than in an extended family group chucking rocks at zebras on the savannah , we need more than our faces to be recognised sometimes so we produce the technology we need to do that. This new technology doesn't suddenly change the nature of who we are.

    I would think that virtually everyone in the world considers that they have one identity while, at the same time, they consciously play a host of different roles in their life. We are, of course, sons and daughters, husbands and wives, friends and work colleagues, voters and bank account holders and customers and random people walking down the street but there is only one 'me' and only one 'you' and computers don't change that. We may pretend to be different people in different circumstances – hence the panic we feel when two people we know from two separate parts of our life meet and we have to create an emergency 'composite' personality on the spot – but we still only get one gravestone.

    We are no more, to other people, than what we need to be to them but we are always 'us' to ourselves. Perhaps this is something so obvious that only very bright computer visionaries actually have to realise it. The higher the stakes of the transaction the more we have to prove who we are, but this has always been the case. Anyone can walk into a shop and buy a screwdriver with a ten dollar bill with no more fuss than that, one would hope that all kinds of specialised ID have to be shown to walk into a nuclear missile launch control room. This isn't something which has suddenly occurred since Bill Gates attained puberty, the virtual world of the internet has merely added a new page to a very old part of the human story.

    The whole point of biometric identification is to provide proof that the human being we claim to be is the human being we are. A photograph in a passport is a 'biometric' ID in a way and an iris print is simply harder to fake than a photograph. If fraud involving existing means of identification renders old ways too risky then human ingenuity will invent new ways of proving we are who we say we are until they too are compromised and something else has to be invented. This is a battle between criminal and individual which has been going on since the dawn of time, rather than 1992.

    If old fashioned photo IDs are too easily forged and yet the scanning of biometric IDs are still too inaccurate then that's something which improved technology will solve. Mr Wilson offers no clue as to what might be better than biometrics and it's a rare science fiction film which doesn't have eye or hand prints being scanned to ascertain someone's identity. In the end our identities are absolutely intrinsic to the organism. Descartes was simply wrong, there is no duality between individual essence and corporeal existence. If you want a unique identifier than our DNA, iris or fingerprint is by definition the best you're going to get and the hardest thing to fake because our physical self is what we are. If the James Bond film Thunderball didn't teach us that, it taught us nothing.

    The danger is that if we have one 'card' and we are asked to produce it for everything then if that card is compromised then every facet of our life is affected. The solution is improve the technology of that card as much as possible, minimise the number of times we have to produce it and realise, above all, that nothing in life is perfect but that almost all apocalyptic scare stories are merely smoke and mirrors too. It's not a question of whether biometric IDs are infallible, merely whether they are better than existing methods at reducing fraud and convenient and cost effective to use. They are a change in degree, not in kind. There won't be a mass revolt if a biometric credit card proves impossible for fraudsters to crack, only if the Government starts locking up citizens who, when stopped on the street by the police, don't produce their 'papers'. This is a political, rather than technological, issue.

    A free market in identity management sees equitable solutions evolve naturally. If a bank allowed any stranger to ransack someone else's bank accounts by claiming to be 'joe bloggs' over the counter without having to prove it then it would soon go out of business, as would a bank which demanded our grandmother's birth certificate every time we wanted twenty dollars from an ATM. The customer and bank negotiate a level of identity management acceptable to them both. It doesn't need anyone in Government to interfere and inevitably distort things.

    The problem isn't the means of identification – what's wrong with a passport and driving license exactly? – but the spiralling number of times that we are asked for an ID by monopoly providers. When we need ID at a post office to post a calendar to our mother abroad then things have got ridiculous. If it's full of semtex then I'm hardly likely to be using a real ID in the first place. Why, exactly, should we have to prove our identity at all as a matter of routine in transactions? The whole point of money as a means of exchange means that 'the organism' isn't central to routine transactions because one man's money is as good as anyone elses. That's the whole basis of our economic system. If a switch to 'plastic' and credit cards means most transactions don't involve cash, and those credit cards have been all too easily used for fraud, then new measures such as pin numbers and now perhaps biometrics will evolve to prove the owner of the card is who he says he is or else nobody – company or consumer – will trust them. Again, the free market sorts it out.

    People involved in the computing world sometimes forget that humanity somehow managed to muddle through millennia without computers. IT does not change the nature of our existence, Conrad did not write, and Gang of 4 did not sing, 'we live, as we dream, in a plethora of malleable identities'.

  2. StephenWilson

    November 3, 2007 at 7:00 am

    Calibrating biometrics

    Nick Mallory wrote: 

    [It's] a rare science fiction film which doesn't have eye or hand prints being scanned to assertain someone's identity … If the James Bond film Thunderball didn't teach us that, it taught us nothing.

    Should science fiction movies inform public policy and security analysis? It's a rare sci fi flick that doesn't show flying cars but these are not high on the list of priorities for transport regulators. Not sure which scene from Thunderball bolsters the case for biometrics. Doesn't Blofeld clone himself, perpertrating the perfect identity theft? My favorite Bond film is "Diamonds are Forever", which includes a practical demonstration of how easy it is to lift and replicate fingerprints.

    But let's get serious. Nick also wrote:

    … recognising and remembering people's faces. That's still something at which humans excell and computers are terrible at.

    Indeed. Another reason biometrics need to be treated with rather more caution.

    Cheers,

    Stephen Wilson
    http://www.lockstep.com.au