What is Global Smart ID?
- It’s a way to prove who you are, online. It is sometimes called remote authentication.
- The security industry tends to call it ‘federated ID’, or ‘single sign on’.
- It’s already being used by the military, and large corporations.
- It starts by signing up with an Identity Provider (IdP), who will then act as a go-between when you want to access services online, and are asked to prove your ID. From proof of age, to driving entitlements, to ‘trustworthiness’, all of it can be confirmed by your IdP.
- It can be used for a number of applications with a number of form factors – more industry speak for: you can use it for all sorts of things, e.g. payments, tickets, opening doors (ie keys), accessing company records, clocking into work, logging into the smart grid, etc, with a number of gadgets and technologies (such as NFC, and biometric scanners) – there has to be a chip involved, because this contains your encrypted ID including biometrics. It’s likely this will be in a smartphone or smart card at first (though the NSTIC is currently piloting use of rings or bracelets), but eventually it would have to be sub-dermal, to avoid loss or theft.
Why don’t we hear about it in the news?
- Perhaps, when an industry is as big as the security industry has become, the public doesn’t need to know until it’s ready for market! Then we can’t really say ‘no’!
- It seems to be mainly because they’re having trouble getting relying parties on board. It’s not the consumers they need to convince, it’s the businesses. They are the relying parties. We are classed as ‘users’ while the Identity Providers are the third party acting as a go-between. The relying party pays the Identity Provider for the service. Once government, banks, and businesses start asking you for a federated credential, you’ll be drawn in.
Can’t we just ignore it?
- NOT AT ALL – the biggest relying party is the government – they will use the services of the Identity Providers – digitised, “e-gov” – Universal Credit, Obamacare, driving licences, the IRS….
- There won’t be a choice (after the tipping point in usage, there won’t be an alternative, they will close down all the phone lines and offices which facilitate human to human interaction. Up goes the solid wall of digital bureaucracy).
- LIABILITY – businesses may be drawn in by this, as they could be made liable for checking our IDs to the specified standard.
- Almost no attention is being paid to what to do if your online ID fails – there is supposed to be a (global) Revocation Authority, which will ‘fix’ your problem, but there doesn’t seem to be any rush to sort that bit out. (And who would pay for it?)
- Because it’s a Universal Unique Identifier, which you are stuck with for life. It creates immense wealth for the data controllers, and puts the keys to the Internet in their hands. It allows the IdPs and those who are granted access, to gain an intimate understanding of your personality and the patterns of your daily life, like where you go, and who you see. (All of the Identity Assurance privacy principles are waived for purposes of National Security, health, etc.)
- The NSA uses metadata to make ‘predictions’ about crime – doesn’t this just make it easier for them?
- The social (or federated) login reveals so much about you. It sweeps Twitter and the Internet for everything you’ve ever said or done, and collates it with credit bureau/telco/flightlist information, etc., to create an ID profile. Social logins are being advocated by the UK and US governments – it basically involves clicking on either Google, PayPal, Twitter, LinkedIn, Facebook, or a few others, to log in at first (i.e. to the system, which is the Internet), and then involve the IdPs further when we need stronger authentication, such as biometrics, for payments, etc.
- Because it means putting all your eggs in one basket, which is open to perpetual abuse by the powers that be. It is also open to hackers, and system failure, even from natural phenomena such as comets. ‘Complexifying’ the system in this way will make society more liable to collapse.
Now you understand all that, I can write articles which look at these issues in more detail…. Meanwhile, please make use of all the links I’m uploading to my website; I want others to investigate and write about this.
We haven’t got long left. Even Bitcoin is entering the ID ecosystem – Earlier this year, it was announced that the“online identity verification service miiCard… entered a partnership with Tradehill, the American Bitcoin Exchange”. Miicard is a member of the Open Identity Exchange – initiated by the NSTIC, this is becoming the standard trust framework for federated ID. Miicard is partnered with Toopher and Yodlee and encourages users to link their account to their social networks.
miiCard’s patented Level of Assurance 3+ identity verification leverages the authority and security inherent in a member’s online financial accounts to prove identity to passport or photo ID standard. (Source)
Canada also has ATMs which exchange fiat cash for Bitcoin but require the user to scan their QR code, and their palm, first. Biometric authentication for Bitcoin, eh? What next, the Brixton Pound?
This article first appeared on Julie Beal’s site GetMindSmart.
Recently by Julie Beal: