FUTURE ID: Developing digital protocols to protect online security and anonymity
SUZANNE BEAUBIEN
Province
‘Everybody should have the right to be anonymous,’ says Richard Rosenberg, professor emeritus at the University of B.C.
For many people, a typical morning on the computer goes something like this: check e-mail messages, scan Facebook for new friend requests, rearrange the DVD queue on Zip.ca, pay bills, download a couple of songs from iTunes before checking for new job postings.
All these online transactions require signing on, using a password and user name. Some also require additional personal information, such as address and telephone number, or credit card data.
And according to the annual technology predictions report by international business-services giant Deloitte, Internet users should prepare themselves for even more rigorous authentication in 2008 as the ability to be anonymous online declines.
“Over and over, we’re going to see more putting your name down,” says Duncan Stewart, director of research at Deloitte Canada Research and one of the report’s authors.
With users, traders and regulators calling for more widespread authentication of users’ identities to combat malicious use of the Internet by pedophiles, online-auction fraudsters, and defamatory commentators, Duncan says that’s proof the technology is growing up.
“Back in the day, the whole point of the Internet was its anonymity.” Early chatrooms wouldn’t accept real names, he noted.
And now, while you might be able to read your favourite blog without signing on, these days fewer and fewer will let you comment without a user ID. Even some news sites block users without an individual log-in ID.
That means remembering a lot of passwords and filling out a lot of forms. And each time you do that, you could be opening yourself up to fraudsters seeking valuable personal information that can be used to steal your identity — both online and in the real world.
“Most people use a very small number of passwords … that becomes more of a security risk,” says Dick Hardt, CEO of Vancouver-based identity and access management developer Sxip Identity.
Current methods used to authenticate identity are imperfect, says Stewart, who predicts a new industry aimed at authentication will soon emerge to change all that.
“Anytime you make a password that is secure enough, it’s too hard for people to remember, and they write it on a sticky note,” which defeats the purpose, says Stewart. In the future, he predicts, computer users will prove their identities using a single sign-on user profile — complete with photo and voice recognition — and the risk of online identity theft will go down.
But for some privacy advocates, that idea is terrifying.
“Everybody should have the right to be anonymous,” says Richard Rosenberg, president of the Freedom of Information and Privacy Association and a board member of the B.C. Civil Liberties Association.
“It’s one of the most important things, especially in countries where they have political problems, like China,” says Rosenberg, a professor and author who has written about the social impact of computers.
“For people in some places, it’s a question of, ‘How can I carry on a political debate if I’m not anonymous?’”
There’s enormous pressure to develop systems that can identify suspicious behaviour, adds Rosenberg.
However, some industry leaders say you can have it both ways.
“Definitely in some parts of the Internet we want people to be accountable,” says Hardt.
“But there’s no way you’re going to have complete authentication.”
However, authentication protocols currently being developed will allow for both more security and anonymity — at the same time.
Hardt likens the digital credential, called OpenID, to a driver’s licence for the Internet.
With it, computer users can have different online identities and share personal information more easily — but only as much as they want to with each site.
“You can have your online church group and your online gambling group and the two don’t have to know about each other,” explains Hardt.
This digital driver’s licence could also help reduce the risk of data theft by limiting how many companies and organizations store your valuable information.
The concept, developed by Hardt and other industry leaders, is gaining momentum. Last month, Microsoft, Google, Yahoo, IBM, and VeriSign all joined the OpenID Foundation’s board, vowing to make a universal sign-on a reality in the near future.
