2013-06-09

The Architecture of Consent - PRISM 2



Sitting at supper one evening many years ago in Metz, France, I asked a Canadian military acquaintance how he planned to vote in the upcoming Canadian federal election.

"Same way as last time", he replied rather curtly.

"Yes but how was that?" I ventured.

"For the retention of the secret ballot!" he growled.

I looked up sharply from my supper plate expecting some sign of humour, but found myself peering into the cold, almost belligerent stare of a man who had killed other men and survived attempts on his own.

He had nearly been killed flying Spitfires in Malta in 1942. He had faced the Viet Cong and been shot at again while a member of the Truce Commission in Viet Nam in 1956. Now (1962), he was the senior intelligence officer for the RCAF in Europe as the Berlin wall went up, the Cuban missile crisis was in full swing, and DeGaulle was being threatened with assassination by elements of his own military for pulling out of Algeria.

There were two legitimate monopolies in democratic society at that time: the armory, and the mint. They controlled the use of military weapons and the right to print money. Yet here was a soldier telling me he was willing to lay down his life, willing to die, to keep the keys to the gun locker in civilian hands!

The ultimate difference between democratic and totalitarian regimes.

Today, there is a third battle underway that is every bit as pitched and critical to human freedom as were the arsenal and the mint sixty years ago:  control over citizen identity.

In the first part of this essay on human consent I mentioned a new development currently sweeping through the Identity and Authentication industry, known as 'claims-based-authentication'.

During the early days of the Internet, data engineers assumed that citizen information would have to reside in unimaginably huge, centralized databases. Since then, the very thought of such repositories containing all personal identifiers makes both citizens and enlightened politicians squirm uncomfortably.

We all now realize that government systems are no more qualified or trustworthy than commercial interests to hold all this data.

Happily, visionaries among information technology professionals have taken up this task of re-locating citizen identity and human consent. Rather than assigning the keys to vested-interests in the private or public sectors, they are returning them smack dab back into the hands of each and every individual citizen! 
 
How can this be possible?

Through a kind of massively distributed, blockchain-based, cryptographic and peer-to-peer process called 'claims-based-authentication', a kind of third pillar of democratic governance inextricably rooted in the presumption of foundational anonymity.

The most disturbing aspect of the warrantless powers of surveillance that Dick Cheney and Barack Obama have given Homeland Security (DHS) and the National Security Agency (NSA) is the accompanying fallacy that privacy is only about avoiding embarrassment and hiding sins.

Nothing could be further from the truth. In fact, just making that assertion, in itself, violates natural Law and betrays the United States Constitution.

Do you want a payment receipt at Disneyland in Florida to reveal to a ring of thieves that you are temporarily away from home in Dayton?

Do you want details in your municipal civic registration to hint to political hacks or partisan employers how you voted in the last election?

Should an advertiser be able to bribe a computer clerk at the local hospital to sell them your medical history when you prefer to wait another year before worrying your family about prostate or cervical tests?

These situations have nothing to do with feeling ashamed or hiding personal wrongdoing.  Love others though you might as a good friends, this kind of information is nobody else's business if you prefer to keep it to yourself.  Anyone who advocates risking its disclosure under a 'nothing-to-hide-if-you-have-a-clear-conscience' argument, is advocating twenty-first century civil war!

With luck, the ten year betrayal of civil liberties in both government and finance since 9/11 will be reversed during the next decade through the ever increasing choice of ordinary citizens to use cryptographic and peer-to-peer data management software.

We are on the verge of Identity being re-rooted in human consent and its attendant presumption of initial anonymity.  Both will be embedded at the very core of modern communications technology.

PRISM might soon mean Privacy Restoring Identity Systems and Monitoring.


... part 3 continues next month.

2013-06-08

The Architecture of Consent - PRISM 1


I've watched the tweetsters, blabsters and blogsters debate privacy for the last several months.

The invective against government-sponsored intelligence gathering is colourful, but not very helpful. Meanwhile, their opponents see every wish for anonymity as a sign of tax evasion, money laundering, terrorism or pornography.

Both sides cite real or imagined constitutional constraints, wallowing in the kind of law that relies on 'Thou Shalt Not'. Tell someone “Don't think of blue!”, and they must think of blue in order to understand your command.  That's why legislated prohibition often produces the opposite result.

Odd thing though, neither side seems particularly competent in the other kind of law.  You don't go to jail for gaining altitude too quickly. The airplane simply stalls, crashes and you die. The laws of nature and mathematics.

That's why thousands of software engineers and data architects are quietly building new systems that will soon succeed where enforcement has failed, because "that's just the way it works"? They're called 'disruptive technologies', not because they upset the rest of us, but because they might make spies, regulators and most banks seem a little silly and beside the point eventually.

These disruptive technologies all have one fascinating thing in common. They store identity separately from service information. Ta-dah!

Wait a minute. Is that all there is to it?

Yep.   That's it.  Anonymous data.

The database with your name, birth date, address, finger prints and retinal scan won't include your eyeglasses prescription, your bank balance, your blood pressure readings, your parking tickets, your ethnicity, your religion or your shopping preferences. All that stuff will be kept in separate data tables that aren't linked to your identity, except when you authorize it. Or when a qualified judge orders it. Not because it's not allowed, but because that's just the way these databases will be built.

Spies, regulators, banks and business hackers will be thrilled. They won't have to break in to profile service data anymore.  The NSA and Homeland Security will have a ball.  They will be allowed to monitor traffic patterns to their heart's content.

They can track how many Muslims with high blood pressure, a university education and more than two pairs of bi-focals are boarding a flight from Amsterdam to Madrid after requesting a vegetarian meal.

But they won't be able to link that information to individual identities on their own any more.

Not because it won't be allowed, but because that's just the way these systems will be built. That's how they'll work.

Anonymized data bases will free national defenders to engage in much more powerful terrorist profiling than current legislation allows, all without inappropriately invading innocent individual identity. Those data tables just won't contain identity information.

When the profilers detect a threatening pattern in the service stream, they will request corresponding identity information,  only on reasonable grounds, in a process similar to getting a traditional search warrant.

These 'disruptive technologies' will have preemptive anonymity embedded at the very core of their architecture.  They will restore a bunch of democratic and civil protections that earlier information architectures could not.

Curious political operatives won't bother to hack Watergate offices or voter registration systems hoping to find out how you vote.  Neither will a terrorist or thief disguised as a pharmacist, nor a Walmart cashier, nor a bank teller be able to hack payment systems to learn where you live, or how much credit you have, or whether your home is unoccupied while you travel.

Disruptive technologies will embody a whole new architecture of individual privacy and consent at their very core, not because the Walmart clerk isn't allowed to pry into your affairs, but because they simply can't. They won't have access. It won't work that way any more.

Engineers call this astonishing, elegant, even beautiful structure, 'claims-based authentication'. It is almost ready. Several pioneering health care and health records systems are already using it, testing it in the most sensitive data area of all.

Epidemiologists will love the enhanced profiling ability and patients will relish their absolute control over who peeks at their personal records.
  
The only difficulty I foresee is that when claims-based authentication systems come to the world of finance, they might neutralize some of the distorted processes that have unfairly fattened Wall Street at the expense of Main Street. That might indeed upset certain people.

Oh, and by the way?  Bitcoin already appears to be 'claims-based-compliant'.

Next time I'll examine the role anonymity plays in consent and a third essay is in the works to explain how claims-based systems work between you, your doctor, your pharmacy and your bank account.


   continue to part 2 :