What could kill NSTIC?A Friendly Threat Assessment In Three Parts                       January 2013                      ...
High hopes for an ID ecosystem Can we get to an International, User-Centric           digital identity system             ...
High hopes for an ID ecosystemThis effort is driven in the United Statesunder a 2004 program initiated by theNational Stra...
Our findings, in short:The two most serious threats to NSTIC’s success:a user experience         imbalance amongthat doesn...
A dozen of us met•  to list and score threats to the NSTIC   Identity Ecosystem vision.•  Internet Identity Workshop,   Mo...
We asked:If NSTIC fails by 2016,what could havebrought it down?
HERE’S OUR HYPOTHETICAL2016 POST-MORTEM OF NSTIC    FAILURE SCENARIOS
We spoke in the past-tense    as if the failures     had happened.
We didn’t cooperate to build an IDecosystem. We should have playedwell with others.
We didn’t cooperate to build an IDecosystem. We should have playedwell with others.Took too long. Strung out by processpro...
We didn’t cooperate to build an IDecosystem. We should have playedwell with others.Industry failed to build it.(Capital an...
We didn’t cooperate to build an IDecosystem. We should have playedwell with others.NSTIC community became balkanized.NSTIC...
We didn’t cooperate to build an IDecosystem. We should have playedwell with others.The program was co-opted by a Big Broth...
Just because it’s built doesn’tmean they’ll use it.
Just because it’s built doesn’tmean they’ll use it.Worked, but was not trusted.(Failed Brand).
Just because it’s built doesn’tmean they’ll use it.Was subverted and insecure.(Legitimately Untrusted).
Just because it’s built doesn’tmean they’ll use it.Enterprise didn’t adopt it.(Business case not well made.)
Just because it’s built doesn’tmean they’ll use it.After one failure, supporters abandoned theproject. “Burned once, twice...
Just because it’s built doesn’tmean they’ll use it.The IE was an empty room. No critical massformed. There was an imbalanc...
Just because it’s built doesn’tmean they’ll use it.Citizens didn’t want trusted identity.(Poor market fit; lack of perceive...
We didn’t build the right thingsthe right way.
We didn’t build the right thingsthe right way.A local failure took down the whole identityecosystem.(Failures of ecosystem...
We didn’t build the right thingsthe right way.The IdP/RP/Trust identity model was inferiorto newer models.(Technology risk.)
We didn’t build the right thingsthe right way.The IdP/RP/Trust identity model broke atscale or broke in diverse contexts.(...
We didn’t build the right thingsthe right way.Miscommunication within the IdentityEcosystem contributed to its death.(Poor...
Failed User Experience.
Failed User Experience.UX was too hard.
Failed User Experience.Everything went wrong that could go wrong.
We Built-In Structural Instability.
We Built-In Structural Instability.Along with user experience, structuralinstability was the big issue, according tothe gr...
We Built-In Structural Instability.•  Four pillars of the ecosystem must be   strong     •  Technology     •  Economics   ...
We Built-In Structural Instability.Each of these pillars were operating ondifferent tempos.•  It was fast to iterate impro...
We Built-In Structural Instability.Motivations were misaligned.•  Some companies, for example,   engineered tariffs for da...
We Built-In Structural Instability.Core ideas didn’t survive translation.•  Several large Internet engineering   companies...
We Built-In Structural Instability.Liability was broken.•  Tragic risks were taken with some   technologies and contracts ...
This session was in October 2012.•  But wait, there’s more…
We did a similar exercise 18months earlier in May 2011with a similar group.https://secure.flickr.com/photos/philwolff/57138...
Key Risks (via 2011):
Key Risks (via 2011):Lack of adoption.
Key Risks (via 2011):Impatience for long learning curve.
Key Risks (via 2011):Usability failures. (early concern)
Key Risks (via 2011):Interop failures.
Key Risks (via 2011):Overscope.
Key Risks (via 2011):Security problems like phishing andmalware drawn by money.
Key Risks (via 2011):Perversion of principles.
Key Risks (via 2011):Chicken vs. Egg problems.
Key Risks (via 2011):Short Attention Span andthe Hype Cycle
Key Risks (via 2011):Regulatory blocks  privacy laws  antitrust concerns  uncertainty about liability
Key Risks (via 2011):Waiting for Winners
Key Risks (via 2011):Dystopian Fear
Key Risks (via 2011):Over-promising by tech communities topolicy communities
Key Risks (via 2011):•  Lack of adoption.           •  Chicken vs. Egg problems.•  Impatience for long         •  Short At...
We had time, in the 2011 session, tobrainstorm what might avoid ormitigate these threats.
Action:Small successes Build confidence
Action:Industry marketing, PR, Media/Voice  Build public understanding
Action:Community user experience sharing (KM)  Accelerate design
Action:Cultivate Engineering Focus  Developer relations
Action:Governance driving Interop Testing  Interop is a leadership challenge
Action:Clear/Graded Roadmap Short term plans, long term visions
Action:Electronic Authentication Guideline,NIST SP 800-63, and other threat comment  Connect to existing NIST processes
Action:Security Council / Antiphishing WorkingGroup  Make security an explicit IESG activity
Action:Government Affairs activity  Engage US and other governments
Action:OIX Risk Wiki  Engage the OIX community
The fear of “failure todeliver” was still there.WHAT CHANGEDBETWEEN THE TWOSESSIONS?
What changed between the twosessions?1.  Outside forces like dystopian fear    among users, security failures, and    regu...
What changed between the twosessions?The primary concern: leadershipOnce funding, staffing, and collaborationstarted: the ...
3. Last minute update...Arbroath Cliffs Warning Notice CC-BY-NC Alan Parkinson
Cuts are coming•  US federal government is cutting   spending in 2013 as we prepare this   paper in December 2012.•  By cl...
Direct effects.Nobody knows if this will directly affect NISTand the NIST staff managing the NSTICproject.
Direct effects.Could the stream of funding for NSTICinnovation grants dry up and will existingprojects be halted?
Direct effects.Will NIST’s funding for the IdentityEcosystem’s Secretariat, that coordinatesand supports the work of the I...
Direct effects.In a trillion dollar budget, today’s spendingon NSTIC is a rounding error.
Indirect effects.We don’t know how cuts in federalspending will affect the programindirectlyParticipating organizations ch...
eGovernment as customer.We also don’t know if the largestgovernment agencies that would be amongthe first implementers of t...
eGovernment as customer.Having huge customers as “anchor tenants”provides strong incentives for the privatesector to inves...
eGovernment as customer.Will spending cuts interfere with projectcontinuity?
eGovernment as customer.Will key personnel stay engaged?
Lots of unknowns.•  And no strategy to respond to these risks   from the Identity Ecosystem Steering   Group.•  Yet.
Our findings, in short:The two most serious threats:A user experience Imbalance amongthat doesn’t work the forces that    ...
What do you think is the biggest threat to making the dreamof an international user-centric digital  identity system that ...
Further Reading and Resources•  https://pensivepeter.wordpress.com/2012/10/23/death-   to-nstic-long-live-nstic/•  https:/...
A word from our sponsors…•  PDEC is a not-for-profit education, advocacy,   and research association, promoting the   emerg...
ThanksPhil Wolff              PDEC, the Personal Data   –  phil@pde.cc       Ecosystem Consortium, is a   –  @evanwolf    ...
What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.
Upcoming SlideShare
Loading in...5
×

What could kill NSTIC? A friendly threat assessment in 3 parts.

1,578

Published on

At two events 18-months apart, teams of suits, geeks, and wonks (industry experts, technologists, public policy analysts) brainstormed and scored what could lead to failure of NSTIC, an international effort to create an identity ecosystem. The whitepaper at http://pde.cc/nsticrisks recaps the long list of potential threats, a shorter list of preventive strategies, compares the 2011 and 2012 events, and names the two greatest threats: poor user experience (harming trust, adoption, use) and imbalance among the forces tying the identity ecosystem together.

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,578
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "What could kill NSTIC? A friendly threat assessment in 3 parts."

  1. 1. What could kill NSTIC?A Friendly Threat Assessment In Three Parts January 2013 Phil Wolff Strategy Director Personal Data Ecosystem Consortium phil@pde.cc. @evanwolf. Linkedin Download the whitepaper: http://pde.cc/nsticrisks
  2. 2. High hopes for an ID ecosystemCan we get to an international digitalidentity system?
  3. 3. High hopes for an ID ecosystem Can we get to an International, User-Centric digital identity system that works across Industries? Cultures? Technologies? Governments? Regulatory schemes?
  4. 4. High hopes for an ID ecosystemThis effort is driven in the United Statesunder a 2004 program initiated by theNational Strategy for Trusted Identity inCyberspace through theNational Institute of Standards andTechnology (NIST) of theUS Department ofCommerce.
  5. 5. Our findings, in short:The two most serious threats to NSTIC’s success:a user experience imbalance amongthat doesn’t work the forces that hold an identity ecosystem together.
  6. 6. A dozen of us met•  to list and score threats to the NSTIC Identity Ecosystem vision.•  Internet Identity Workshop, Mountain View, California – October 2012 – May 2011.
  7. 7. We asked:If NSTIC fails by 2016,what could havebrought it down?
  8. 8. HERE’S OUR HYPOTHETICAL2016 POST-MORTEM OF NSTIC FAILURE SCENARIOS
  9. 9. We spoke in the past-tense as if the failures had happened.
  10. 10. We didn’t cooperate to build an IDecosystem. We should have playedwell with others.
  11. 11. We didn’t cooperate to build an IDecosystem. We should have playedwell with others.Took too long. Strung out by processproblems.(Alternatives emerged.)
  12. 12. We didn’t cooperate to build an IDecosystem. We should have playedwell with others.Industry failed to build it.(Capital and management didn’t prioritize.)
  13. 13. We didn’t cooperate to build an IDecosystem. We should have playedwell with others.NSTIC community became balkanized.NSTIC community lost cohesion; didn’tlisten to each other.(Little to no interop.)
  14. 14. We didn’t cooperate to build an IDecosystem. We should have playedwell with others.The program was co-opted by a Big Brothergovernment.(Not trustworthy internationally and for manypurposes.)
  15. 15. Just because it’s built doesn’tmean they’ll use it.
  16. 16. Just because it’s built doesn’tmean they’ll use it.Worked, but was not trusted.(Failed Brand).
  17. 17. Just because it’s built doesn’tmean they’ll use it.Was subverted and insecure.(Legitimately Untrusted).
  18. 18. Just because it’s built doesn’tmean they’ll use it.Enterprise didn’t adopt it.(Business case not well made.)
  19. 19. Just because it’s built doesn’tmean they’ll use it.After one failure, supporters abandoned theproject. “Burned once, twice shy.”(Shallow, brittle commitment; low tolerancefor failure.)
  20. 20. Just because it’s built doesn’tmean they’ll use it.The IE was an empty room. No critical massformed. There was an imbalance of supplyand demand.(Anchor tenants didn’t sign on. Institutionsdidn’t enroll millions of users or pull inindustry ecosystems.)
  21. 21. Just because it’s built doesn’tmean they’ll use it.Citizens didn’t want trusted identity.(Poor market fit; lack of perceived benefitover alternatives.)
  22. 22. We didn’t build the right thingsthe right way.
  23. 23. We didn’t build the right thingsthe right way.A local failure took down the whole identityecosystem.(Failures of ecosystem trust, architecture,integration testing, and risk analysis.)
  24. 24. We didn’t build the right thingsthe right way.The IdP/RP/Trust identity model was inferiorto newer models.(Technology risk.)
  25. 25. We didn’t build the right thingsthe right way.The IdP/RP/Trust identity model broke atscale or broke in diverse contexts.(Project design risk.)
  26. 26. We didn’t build the right thingsthe right way.Miscommunication within the IdentityEcosystem contributed to its death.(Poor cooperation, weak community, highself-interest, low trust.)
  27. 27. Failed User Experience.
  28. 28. Failed User Experience.UX was too hard.
  29. 29. Failed User Experience.Everything went wrong that could go wrong.
  30. 30. We Built-In Structural Instability.
  31. 31. We Built-In Structural Instability.Along with user experience, structuralinstability was the big issue, according tothe group…
  32. 32. We Built-In Structural Instability.•  Four pillars of the ecosystem must be strong •  Technology •  Economics •  Policy •  Culture•  Each relationship among them was imbalanced.
  33. 33. We Built-In Structural Instability.Each of these pillars were operating ondifferent tempos.•  It was fast to iterate improved user experiences but slow to socialize each round among public policy and enterprise lawyers, for example.
  34. 34. We Built-In Structural Instability.Motivations were misaligned.•  Some companies, for example, engineered tariffs for data sharing into their terms of service, cutting off public sector and NPOs from their customers.
  35. 35. We Built-In Structural Instability.Core ideas didn’t survive translation.•  Several large Internet engineering companies backed out of supporting IE infrastructure because the “Easy ID” brand became a running joke on sitcoms, SNL, and a biting meme on YouTube.
  36. 36. We Built-In Structural Instability.Liability was broken.•  Tragic risks were taken with some technologies and contracts by pushing exposure from those who enabled risk to those who didn’t.
  37. 37. This session was in October 2012.•  But wait, there’s more…
  38. 38. We did a similar exercise 18months earlier in May 2011with a similar group.https://secure.flickr.com/photos/philwolff/5713880402/ cc-by Phil Wolff2. EIGHTEEN MONTHS EARLIER...
  39. 39. Key Risks (via 2011):
  40. 40. Key Risks (via 2011):Lack of adoption.
  41. 41. Key Risks (via 2011):Impatience for long learning curve.
  42. 42. Key Risks (via 2011):Usability failures. (early concern)
  43. 43. Key Risks (via 2011):Interop failures.
  44. 44. Key Risks (via 2011):Overscope.
  45. 45. Key Risks (via 2011):Security problems like phishing andmalware drawn by money.
  46. 46. Key Risks (via 2011):Perversion of principles.
  47. 47. Key Risks (via 2011):Chicken vs. Egg problems.
  48. 48. Key Risks (via 2011):Short Attention Span andthe Hype Cycle
  49. 49. Key Risks (via 2011):Regulatory blocks privacy laws antitrust concerns uncertainty about liability
  50. 50. Key Risks (via 2011):Waiting for Winners
  51. 51. Key Risks (via 2011):Dystopian Fear
  52. 52. Key Risks (via 2011):Over-promising by tech communities topolicy communities
  53. 53. Key Risks (via 2011):•  Lack of adoption. •  Chicken vs. Egg problems.•  Impatience for long •  Short Attention Span and learning curve. the Hype Cycle•  Usability failures. •  Regulatory blocks•  Interop failures. including privacy laws,•  Overscope. antitrust concerns and uncertainty about liability•  Security problems like phishing and malware •  Waiting for Winners drawn by money. •  Dystopian Fear•  Perversion of principles. •  Over-promising by tech to policy communities
  54. 54. We had time, in the 2011 session, tobrainstorm what might avoid ormitigate these threats.
  55. 55. Action:Small successes Build confidence
  56. 56. Action:Industry marketing, PR, Media/Voice Build public understanding
  57. 57. Action:Community user experience sharing (KM) Accelerate design
  58. 58. Action:Cultivate Engineering Focus Developer relations
  59. 59. Action:Governance driving Interop Testing Interop is a leadership challenge
  60. 60. Action:Clear/Graded Roadmap Short term plans, long term visions
  61. 61. Action:Electronic Authentication Guideline,NIST SP 800-63, and other threat comment Connect to existing NIST processes
  62. 62. Action:Security Council / Antiphishing WorkingGroup Make security an explicit IESG activity
  63. 63. Action:Government Affairs activity Engage US and other governments
  64. 64. Action:OIX Risk Wiki Engage the OIX community
  65. 65. The fear of “failure todeliver” was still there.WHAT CHANGEDBETWEEN THE TWOSESSIONS?
  66. 66. What changed between the twosessions?1.  Outside forces like dystopian fear among users, security failures, and regulatory challenges were less prominent or not mentioned. "2.  Drivers of failure expanded almost exclusively to internal ones. "
  67. 67. What changed between the twosessions?The primary concern: leadershipOnce funding, staffing, and collaborationstarted: the identity ecosystem did nottake charge and master the challengesas they emerged.
  68. 68. 3. Last minute update...Arbroath Cliffs Warning Notice CC-BY-NC Alan Parkinson
  69. 69. Cuts are coming•  US federal government is cutting spending in 2013 as we prepare this paper in December 2012.•  By cleaver if a “fiscal cliff avoiding” budget is passed•  By chainsaw if Congress and the President fall over the “cliff.”
  70. 70. Direct effects.Nobody knows if this will directly affect NISTand the NIST staff managing the NSTICproject.
  71. 71. Direct effects.Could the stream of funding for NSTICinnovation grants dry up and will existingprojects be halted?
  72. 72. Direct effects.Will NIST’s funding for the IdentityEcosystem’s Secretariat, that coordinatesand supports the work of the IE, besustained or cut?
  73. 73. Direct effects.In a trillion dollar budget, today’s spendingon NSTIC is a rounding error.
  74. 74. Indirect effects.We don’t know how cuts in federalspending will affect the programindirectlyParticipating organizations changebehavior as they•  lose government contracts,•  experience greater risk, or•  enjoy new opportunities.
  75. 75. eGovernment as customer.We also don’t know if the largestgovernment agencies that would be amongthe first implementers of these open, user-centric, trust networks will stay in the game.
  76. 76. eGovernment as customer.Having huge customers as “anchor tenants”provides strong incentives for the privatesector to invest and make the identityecosystem work.
  77. 77. eGovernment as customer.Will spending cuts interfere with projectcontinuity?
  78. 78. eGovernment as customer.Will key personnel stay engaged?
  79. 79. Lots of unknowns.•  And no strategy to respond to these risks from the Identity Ecosystem Steering Group.•  Yet.
  80. 80. Our findings, in short:The two most serious threats:A user experience Imbalance amongthat doesn’t work the forces that hold an identity ecosystem together.
  81. 81. What do you think is the biggest threat to making the dreamof an international user-centric digital identity system that works acrossindustries, technologies, governments, and regulatory schemes come true?
  82. 82. Further Reading and Resources•  https://pensivepeter.wordpress.com/2012/10/23/death- to-nstic-long-live-nstic/•  https://skydrive.live.com/? cid=9a70d9142ec4cc44&id=9A70D9142EC4CC44! 827&sff=1•  PDEC White paper: What Could NSTIC?
  83. 83. A word from our sponsors…•  PDEC is a not-for-profit education, advocacy, and research association, promoting the emergence of a user-centric personal data ecosystem where personal control of personal data is good for business and society.•  Our consortium’s Startup Circle and individual members are in North America, across Europe, Australia and New Zealand•  We meet at local meetups and conferences and hold seminars.
  84. 84. ThanksPhil Wolff PDEC, the Personal Data –  phil@pde.cc Ecosystem Consortium, is a –  @evanwolf “small data” NGO –  +001.510-444.8234 representing startups, individuals and others who believe personal control of personal data is good for people, business, and society

×