London School of Economics, February 2010, Jerry Fishenden

1,270 views

Published on

Lecture by Jerry Fishenden to London School of Economics MSc students.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,270
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
2
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

London School of Economics, February 2010, Jerry Fishenden

  1. 1. IT perspectives Jerry Fishenden Director, Centre for Technology Policy Research Visiting Senior Fellow, LSE
  2. 2. • an underlying thesis outline • introduction • context • mind the GAP ... • ... the UK • privacy and security • what next? • conclusion
  3. 3. thesis: we lack a consensus on, and balance of: - public policy - technological aptness - user benefit
  4. 4. introduction
  5. 5. context
  6. 6. the myth of fast technology Source: “Sketching User Experiences”, Bill Buxton
  7. 7. The Everett Rogers Technology Adoption Lifecycle model
  8. 8. prediction horizons • 3-5 years: – highly predictable – products already in development • 5-10 Years: – relatively predictable – basic technologies identified • 10-15 years: – less predictable – new basic technologies will disrupt – trends are the only guide
  9. 9. the myth of fast technology • the mouse – invented c.1964 • the CD – c.1965 • the fax – c.1843 • LCDs – c.1888
  10. 10. mind the GAP ...
  11. 11. World Bank Experience • “Information system projects appear to have an alarmingly high failure rate, even in developed countries — half of large implementations fail, half suffer disputes.” • “It is estimated that more than 80 percent of World Bank projects have an informatics component. Many of these components meet essential development needs. It is vital therefore, that they are planned and implemented to bring lasting benefit.” World Bank, 2004
  12. 12. http://www.computerweekly.com/Articles/2007/05/21/223915/only-a-third-of-government-it-projects-succeed-says.htm
  13. 13. some challenges • governance • competing needs of many diverse stakeholders • more demands than capacity • everyone is an IT expert • architecture • rapidly increasing systems complexity • delivering new services increases complexity • operations and maintenance budget growing • procurement • severe budget and cost control pressures • procurement cycles not responsive to organisational need
  14. 14. why governments should lead in effective use of IT • IT is an important enabler of improved service delivery and effectiveness • government use of IT can drive private sector adoption and capacity building • effective use of IT drives local market for IT skills and service provision • in the UK, government accounts for around 55% of all IT expenditure ….
  15. 15. the GAP principles Governance • IT is a service provider to the business - business units and information technology organisations need to be intimately linked through managed engagement processes. • the Chief Information Officer (CIO) requires real authority - CIOs need effective authority to mandate architecture standards across organisational boundaries. Architecture • the future of business is networked – adoption of architectures based on XML and underlying internet standards maximise flexibility and improve speed of delivery of new services. Procurement • architecture is the foundation - a long term strategic model is required for core architecture procurement • service orientation in architecture enables flexibility – shorter term tactical models can be used to procure from smaller, local or specialized suppliers • Service Level Agreements alone do not guarantee success – good governance and architecture are required to enable effective operations outsourcing
  16. 16. IT governance IT governance is about assigning decision rights and creating an accountability framework that encourages desirable behaviour in the use of IT (Source: CISR (Center for information Systems Research) Sloan School of Management, MIT and Gartner EXP) CISR also states that IT governance should cover five IT domains: • IT ‘maxims’ or policies • IT infrastructure strategy • IT architecture • Business application portfolio management • IT investment and prioritisation. Source: CISR & Gartner EXP
  17. 17. assessing IT governance Your total score Status of your governance 00 to 08 Poor, needs serious attention 09 to 16 Good start, could be improved 17 to 24 Good, keep improving 25 to 32 Very good, little room for improvement Score yourself for 1 to 4 (1 = not at all, 4 = completely) for: – We follow a set of agreed IT policies – We follow an agreed IT infrastructure strategy – We enforce agreed architecture standards – Applications are managed to an agreed portfolio strategy – IT investment is prioritized according to a government policy framework – We follow an agreed procurement policy – We follow a standard project management methodology – We carry out post implementation benefits analysis and review
  18. 18. characteristics of effective governance • an agreed definition of architecture and its associated minimum standards adopted across the entire organisation • CIO and IT organisations empowered to enforce architecture and standards • government ministers and internal IT leaders must be co-stakeholders to collaborate and have voice on long term IT strategy • change management processes ensure rigour in operations • financial models and budgets adopted • opportunity to provide shared services and / or outsourced
  19. 19. “good” architecture...?
  20. 20. effective procurement • encourage a diverse supply-side marketplace – avoid over-dependency on a limited number of big suppliers • distinct architecture / procurement models: – core architecture services – operational infrastructure services – applications and application services • effective enterprise architecture creates: – new approach to supplier selection, time horizons and selection criteria for each – reduced dependence on the classic challenge of outsourcing the end to end infrastructure – lower complexity allowing for smaller, local suppliers, lower costs and improved flexibility and versatility.
  21. 21. applying the GAP principles in government • Governance – IT is a service provider to government and the citizen. – agencies and information technology organisations need to be intimately linked to national policy priorities through managed engagement processes. – the Chief Information Officer (CIO) requires real authority. A pan- government CIO role must exist and needs effective authority to mandate information and architecture standards across government. • architecture – the future of government is networked. Adoption of architectures based on XML and underlying internet standards maximise flexibility and improve speed of delivery of new government services. • procurement – architecture is the foundation. A long term strategic model is required for core architecture procurement – Service orientation in architecture enables flexibility. Shorter term tactical models enhance opportunities for local technology providers – Service Level Agreements alone do not guarantee success – good governance and architecture are required to enable effective shared service models
  22. 22. recommended changes • establish: – an IT investment council as a component of the government executive office – an applications committee, as a subset of the IT investment council, to prioritise and maintain applications portfolio – an architecture advisory group to ensure compliance – a technical advisory group to advise on technical matters, including infrastructure strategy compliance – a programme-project management office to ensure PPM compliance – a project review board for each major project
  23. 23. ... the UK
  24. 24. ... could do better? • The UK is “apparently a world leader in ineffective IT schemes for government” • Dunleavy et al observe that: – “.... a large number of projects have been scrapped in the last decade, with significant losses of complete investments or with partial write-offs of investment. This record is closely associated with a pattern of price rises in contracts over implementation periods and of significantly less functionality for implemented systems than initially expected.” (Source: Dunleavy, P., Margetts, H., Bastow, S., Tinkler, J. Digital Era Governance. Oxford University Press, 2008)
  25. 25. ... could do better? • “... the greater the power of the IT industry, the less effective the performance of government IT has been.” – (Source: Dunleavy, P., Margetts, H., Bastow, S., Tinkler, J. Digital Era Governance. Oxford University Press, 2008 (p130)) • just 11 companies provide 80% of public sector business in the ICT sector – (Source: House of Commons Public Accounts Committee, Twenty-Seventh Report, Session 2004-05, 6 April 2005) • 2010 … just 1 company with c. 60% of all public sector IT business …?
  26. 26. • in the digital age, you don't need to own or hold everything new yourself in order to provide an integrated service realities of – you can exploit each other's investments (across the public/private sectors – and the “personal sector”): the outcome, “intelligent for once, can be greater than the sum of the parts ... state” – ... and the citizen lives at the centre
  27. 27. http://www.cps.org.uk/cps_catalog/it %27s%20ours.pdf
  28. 28. ... a flashback to last century
  29. 29. the evolving Internet Personal Transactional Informational “Are social computing themes like user- generated content and communication fundamentally changing the rules of business? We think they are—in a big way.” Forrester Research
  30. 30. the Internet as grid • it’s not just the Web • the Internet drives services, not Web sites • the Internet as grid changes everything
  31. 31. enabled by Internet evolution Xbox Live evolution Web Services and APIs are evolving 1st party web sites into rich, serious development platforms for next generation Internet applications • shorter time to delivery • broader, more compelling experiences benefits • better reliability • support for multiple devices • wider syndication
  32. 32. public policy technology
  33. 33. the existing focus • server consolidation • the development of a common structure for servers and applications • automating the deployment of servers and applications within that common structure • improving overall security, data protection and privacy practices (including at the local, regional or branch office level) • improving security through improved identity management • virtualisation and rationalisation in the data centre • desktop and mobile platform optimisation • driving down the 76% of IT budget costs spent on IT services
  34. 34. Government (provider/producer centric view Education Tax Welfare Health ...etc citizen
  35. 35. Government (provider/producer centric view Education Tax Welfare Health ...etc citizen
  36. 36. From To • Function oriented • Process oriented • Build to last • Build to change • Prolonged • Incrementally built development cycles and deployed • Internal focus • External and internal focus • Application silos • Orchestrated solutions • Tightly coupled • Loosely coupled • Object oriented • Message oriented • Known implementation • Abstraction Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland Revenue and the Cabinet Office.
  37. 37. Current Focus Internal User Future Focus Business Business Business Business Function Function Function Function A B C X User Process A User External User Process B User Process C Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland Revenue and the Cabinet Office.
  38. 38. Local Government Central Government Government Gateway Businesses Voluntary Organisations
  39. 39. Local Government Central Government Government Gateway Businesses Voluntary Organisations
  40. 40. the architecture in 2004 ... applications aggregate the services into a presentation channel the GSI and the for specific business Users Internet provide processes presentation PC the common web site helpdesk layer application message bus a growing number of “headless” web services message bus (Internet/GSI) Gateway Gateway Gateway secure payments STS A&A TxE messaging the Gateway provides mediation for the non- Gateway Gateway Gateway web services world, via DIS DIS DIS the hub and spoke transactional model Dept Dept Dept Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland Revenue and the Cabinet Office.
  41. 41. ... the proposed next step new services are added into departments the pool directly Users expose their presentation PC own services web site helpdesk rules Dept layer application onto the bus message bus (Internet/GSI) Gateway Gateway Gateway secure payments Dept STS A&A TxE messaging the Gateway continues to provide mediation for Gateway Gateway the non-web services DIS DIS world, via the hub and spoke model Dept Dept Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland Revenue and the Cabinet Office.
  42. 42. ... the end goal? depts adopt busses internally message bus Users presentation PC web site helpdesk rules Dept layer application other trusted message bus (Internet/GSI) credentials are supported Gateway Gateway secure Trusted payments Dept STS A&A messaging STS message bus legacy hub and spoke is deprecated Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland Revenue and the Cabinet Office.
  43. 43. http://www.makeitbetter.org.uk/
  44. 44. http://www.makeitbetter.org.uk/?page_id=298
  45. 45. http://wiki.idealgovernment.com/IdealGovernmentITStrategy
  46. 46. http://wiki.idealgovernment.com/governance
  47. 47. key issues • how do we get public sector IT to where it needs to be? • how do we keep “lights on” while ensuring new projects are conceived and delivered in new ways? • how do we do things in new ways without risking failures in the transition period?
  48. 48. http://www.direct.gov.uk/en/index.htm
  49. 49. http://www.gateway.gov.uk/
  50. 50. http://www.hmrc.gov.uk/index.htm
  51. 51. ... come and contribute! http://wiki.idealgovernment.com/IdealGovernmentITStrategy
  52. 52. privacy and security
  53. 53. whatever happened to privacy anyway ...?
  54. 54. subscribes to shops at Vodaphone (source: mobile phone) Morrisons (source: loyalty card and credit card) overweight (source: connected bathroom scales) alcoholic (source: The Red Lion EPOS) iPod owner (source: RFID tag fashion victim (source: street CCTV)
  55. 55. we need trust in our digital lives • any systems – private or public sector – need to: – recognise the importance of the rule of law, security, and privacy and other core democratic freedoms in contributing to trustworthiness – honour European values such as privacy, freedom of expression, protection of minorities, freedom of association, and freedom of belief • the public sector has a key role in overall governance and compliance in support of these important values
  56. 56. https://trustworthyict.inteco.es/ http://www.think-trust.eu/general/news- events/riseptis-report-published.html
  57. 57. … not this …
  58. 58. … or this …
  59. 59. security • high public awareness of security issues • the Internet is a great medium for committing crime • global reach • anonymity • lack of traceability • profits for committing crimes are going up • time to exploit is decreasing
  60. 60. not a great model either … your name, bank account number, sort code number … (conveniently embossed for easy skimming) … your signature, 234 “security code” and “automated hacking magnetic strip”
  61. 61. improvements
  62. 62. http://www.bbc.co.uk/blogs/newsnight/susanwatts/ 2010/02/new_flaws_in_chip_and_pin_syst.html
  63. 63. technology vulnerabilities source: http://www.cenzic.com/
  64. 64. other vulnerabilities
  65. 65. time to exploit Most attacks occur here (why does this gap exist?) Product Vulnerability Vulnerability Fix Fix deployed ship discovered made public/ deployed at customer Component fixed site
  66. 66. an evolving threat Largest segment by $ spent on defence National Interest Spy Largest area by $ lost Personal Gain Thief Fastest growing Largest area segment by volume Trespasser Personal Fame Curiosity Vandal Author Script-Kiddy Undergraduate Expert Specialist
  67. 67. botnets • “botnets serve various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and the theft of application serial numbers, login IDs, and financial information such as credit card numbers. The botnet owner community features a constant and continuous struggle over who has the most bots, the highest overall bandwidth, and the largest amount of "high-quality" infected machines (commonly university, corporate, and even government machines).” Wikipedia
  68. 68. botnets http://www.thinq.co.uk/news/201 0/2/11/battle-of-the-botnets- breaks-out/
  69. 69. http://www.computerworld.com.au/index.php /id;481069848
  70. 70. forensics of a virus July 1 July 16 July 25 Aug 11 vulnerability bulletin & patch reported to us / available exploit code in public worm in the wild patch in progress no exploit Report Bulletin Exploit Worm  Vulnerability in  MS03-026 delivered  X-focus (Chinese  Blaster worm RPC/DDOM reported to customers group) published discovered –; variants  MS activated highest (7/16/03) exploit tool and other viruses hit level emergency  Continued outreach  MS heightened efforts simultaneously (i.e. response process to analysts, press, to get information to “SoBig”) community, partners, customers government agencies Blaster shows the complex interplay between security researchers, software companies, and hackers Source: Microsoft
  71. 71. honeypot projects • six computers attached to Internet – different versions of Windows, Linux and Mac OS • over the course of one week – machines were scanned 46,255 times – 4,892 direct attacks • no up-to-date, patched operating systems succumbed to a single attack • all down rev systems were compromised – Windows XP with no patches – infested in 18 minutes by Blaster and Sasser – within an hour it became a "bot" Source: StillSecure, see http://www.denverpost.com/Stories/0,1413,36~33~2735094,00.html
  72. 72. example security engineering response: the Security Development Lifecycle Requirements Design Implementation Verification Release Response Guidelines & Best Practices Coding Standards Testing based on threat Security models Final Security Review (FSR) Response Tool usage Review threat models Feedback loop Product Inception Penetration Testing - Tools/ Assign resource Threat Modeling Archiving of Compliance Info Processes Security plan Models created - Postmortems Mitigations in design Security Docs & - SRLs and functional specs Tools Security Push Customer deliverables Security push training RTM & for secure deployment Review threat models Deployment Design Design guidelines applied Review code Signoff Security architecture Attack testing Security design review Review against new threats Ship criteria agreed upon Meet signoff criteria
  73. 73. a technology framework • secure infrastructure – safeguards that protect against malware, intrusions and unauthorised access to personal information, and help protect systems from evolving threats • identity and access control – systems that help protect personal information from unauthorised access or use, and provide management controls for identity access and provisioning • data encryption – safeguards that protect sensitive personal information by converting data into incomprehensible code that requires a key held by an authorised recipient to decode • document protection – protection of personal information stored in documents throughout the entire life cycle of the document • auditing and reporting – monitoring to verify the integrity of systems and data in compliance with business policies
  74. 74. not citizen centric – password fatigue
  75. 75. phishing & phraud Source: http://www.antiphishing.org The number of unique phishing The number of unique phishing reports submitted in the third quarter websites detected during the of 2009 reached an all-time high of third quarter of 2009 reached a 40,621 new record in August with 56,362
  76. 76. the impact of phishing • most people are spoofed – over 60% have visited a fake or spoofed site • people are tricked – over 15% admit to having provided personal data • target for spoofing attacks – banks, credit card companies, Web retailers, online auctions (e-bay) and mortgage companies. • economic loss for a small number of people – slightly more than 2% – average cost of $115 dollars Source: TRUSTe
  77. 77. outcome of social engineering typical information posted on hacker forum First name: XXXXXXXXXX Lastname: XXXXXXXXXXX Address: XXXXXXXXXXX City: BALTIMORE State: MD Zipcode: 21211 Phone: 410-XXXX-XXXX SSN: XXX-XX-XXXX Driver's license: XXXXXXXXXXXXX DOB: X-XX-19XX Cardnumber: XXXXXXXXXXX Expiry Date: XX-XXXX CVV2: XXX ATM Pin: XXXX Paypal email: XXXXXX@yahoo.com Paypal Password :XXXXXXXXXXX IP address: XXX.XXX.XXX.XXX
  78. 78. some issues ... • the economics of computing makes the collection, storage, analysis and dissemination of data cost effective (e.g., spam) • there is often a tension between government and regulatory requirements, business strategies, and citizen/customer expectations – Security and Privacy can be both synergistic and antagonistic • new technologies raise important privacy concerns (e.g., biometrics, GPS) • what constitutes an “invasion of privacy” may be unclear and may be dependent on local laws and customs
  79. 79. privacy technologies • Anti-Spam and Anti-Spyware • Rights Management • Filtering Technologies • Authentication Technologies • Parental Controls, Pop Up Blockers, Phorm-blocker, Junk Email, Ad Blockers, etc.
  80. 80. today - commonplace • fingerprints – commonplace: from Disney to your PocketPC to US Visit to your home PC keyboard and mouse – increasingly a commodity item
  81. 81. today – less common • iris recognition – working in limited contexts: • airports • UAE
  82. 82. tomorrow? • commoditised biometrics– from our gait to our DNA ...?
  83. 83. source: fishenden.com
  84. 84. reminder - outcome of social engineering typical information posted on hacker forum First name: XXXXXXXXXX Lastname: XXXXXXXXXXX Address: XXXXXXXXXXX City: BALTIMORE State: MD Zipcode: 21211 Phone: 410-XXXX-XXXX SSN: XXX-XX-XXXX Driver's license: XXXXXXXXXXXXX DOB: X-XX-19XX Cardnumber: XXXXXXXXXXX Expiry Date: XX-XXXX CVV2: XXX ATM Pin: XXXX Paypal email: XXXXXX@yahoo.com Paypal Password :XXXXXXXXXXX IP address: XXX.XXX.XXX.XXX
  85. 85. • so will biometrics be any different from biographics… ? Internet hacker forum RH Index Finger Image (JPEG2000): XXXXXXXXXXX L Eye Iris Image (JPEG2000) : XXXXXXXXXXX L Eye Iris Image (RAW): XXXXXXXXXXX ….. • … if using our biometrics becomes routine, they become open to universal capture by third parties – not just technology – “protocols” too » who is entitled to take and store our biometrics? » what happens when “everyone” has them ?
  86. 86. criminalisation of the Internet • greater use and greater value attract professionalised international criminal fringe – dysfunctional, ad-hoc nature of identity patchwork – phishing and pharming (“phraud”) at 1000% CAGR • the ad hoc nature of internet identity cannot withstand the growing assault of professionalised attackers – we can predict a deepening public crisis
  87. 87. towards an identity metasystem • diverse needs of players mean integrating multiple constituent technologies • not the first time we’ve seen this in computing – think back to things as basic as abstract display services made possible through device drivers • we need a unifying “identity metasystem” – protect applications from complexities of systems – allow digital identity to be loosely coupled • avoid need to agree on dominant technologies a priori – they will emerge from the ecosystem
  88. 88. the Laws of Identity
  89. 89. the “laws” Directed Identity A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. User Control and Consent Pluralism of Operators and Technologies A universal identity metasystem must channel Digital identity systems must only reveal and enable the interworking of multiple identity information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use A unifying identity metasystem must define the The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine the most stable, long-term solution. communications. The Law of Fewest Parties Consistent Experience Across Contexts A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given operators and technologies. identity relationship.
  90. 90. the “laws” Directed Identity A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. User Control and Consentinformation Pluralism of Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use A unifying identity metasystem must define the The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine the most stable, long-term solution. communications. The Law of Fewest Parties Consistent Experience Across Contexts A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given operators and technologies. identity relationship.
  91. 91. the “laws” Directed Identity A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. User Control and Consentinformation Pluralism of Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of Fewest Parties Consistent Experience Across Contexts A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given operators and technologies. identity relationship.
  92. 92. the “laws” Directed Identity A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. User Control and Consentinformation Pluralism of Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of discloseParties data only Consistent Experience Across Contexts systems Fewest identity A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling to those with a necessary and identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given justifiable place in the relationship operators and technologies. identity relationship.
  93. 93. the “laws” Directed Identitybroadcast identifiers for supports both A universal identity metasystem must support public entities and “unidirectional” both “omnidirectional” identifiers for use by identifiers for private ones public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. User Control and Consentinformation Pluralism of Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of discloseParties data only Consistent Experience Across Contexts systems Fewest identity A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling to those with a necessary and identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given justifiable place in the relationship operators and technologies. identity relationship.
  94. 94. the “laws” Directed Identitybroadcast identifiers for supports both A universal identity metasystem must support public entities and “unidirectional” both “omnidirectional” identifiers for use by identifiers for private ones public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. works across multiple technologies run User Control and Consentinformation Pluralism ofdifferent identity providers, by Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal including government and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of discloseParties data only Consistent Experience Across Contexts systems Fewest identity A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling to those with a necessary and identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given justifiable place in the relationship operators and technologies. identity relationship.
  95. 95. the “laws” Directed Identitybroadcast identifiers for supports both A universal identity metasystem must support public entities and “unidirectional” both “omnidirectional” identifiers for use by identifiers for private ones public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. works across multiple technologies run User Control and Consentinformation Pluralism ofdifferent identity providers, by Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal including government and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component by real people works with and is usable integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of discloseParties data only Consistent Experience Across Contexts systems Fewest identity A unifying identity metasystem must provide a Digital identity systems must limit disclosure of simple consistent experience while enabling to those with a necessary and identifying information to parties having a separation of contexts through multiple necessary and justifiable place in a given justifiable place in the relationship operators and technologies. identity relationship.
  96. 96. the “laws” Directed Identitybroadcast identifiers for supports both A universal identity metasystem must support public entities and “unidirectional” both “omnidirectional” identifiers for use by identifiers for private ones public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. works across multiple technologies run User Control and Consentinformation Pluralism ofdifferent identity providers, by Operators and Technologies the user decides which A universal identity metasystem must channel Digital identity systems must only reveal including government and enable the interworking of multiple identity to reveal to another party information identifying a user with the user’s technologies run by multiple identity providers. consent. Human Integration Limited Disclosure for Limited Use systems don’t disclose more A unifying identity metasystem must define the information than is necessary in a The solution which discloses the least human user as a component by real people works with and is usable integrated through identifying information and best limits its use is protected and unambiguous human-machine given context the most stable, long-term solution. communications. The Law of discloseParties data only Consistent Experience Across Contexts systems Fewest identity A unifying identity metasystem must provide a Digital identity systems must limit disclosure of behaves the same way wherever and simple consistent experience while enabling to those with a necessary and identifying information to parties having a separation of contexts you use multiple however through it necessary and justifiable place in a given justifiable place in the relationship operators and technologies. identity relationship.
  97. 97. the 'laws' define a citizen-centric metasystem Applications Existing & New Technologies X509, Kerberos, x509 Governments Devices Me Organisations PCs, Mobile, Phone Individuals Work & Consumer Businesses
  98. 98. Mr Cameron suggests rethinking the whole issue ... ... the second principle, says Mr Cameron, should be to keep down the risk of a breach by using as little information as possible to achieve the task in hand. This approach, which he calls “information minimalism”, rules out keeping information “just in case”. Third, identity systems must be able to check who is asking for the information, not just Source: The Economist Feb 16th-22nd 2008 hand it over. ... the final principle is a thorough understanding of the human factor
  99. 99. minimal disclosure tokens / U-Prove
  100. 100. minimal disclosure tokens: basics Name: Alice Smith DOB: 03-25-1976 Name: Alice Smith Address: Address: 1234 Crypto, Seattle, WA 1234 Crypto, Seattle, Reputation: high Status: gold customer Status: gold customer Gender: female
  101. 101. minimal disclosure tokens: basics Which adult Prove that from WA is you are from this? WA and over 21 ? ? Name: Alice Smith Address: 1234 Crypto, Seattle, WA DOB: 03-25-1976 proof Over-21 Status: gold customer Reputation: high Gender: female
  102. 102. authenticated anonymity Prove that you are a gold customer Name: Alice Smith Address: 1234 Crypto, Seattle, WA Status: gold customer
  103. 103. unlinkable data sharing Name: Alice Smith Address: 1234 Crypto, Seattle, WA Status: gold customer ? UserID: City: Alice S. Seattle, WA ? No unwanted linkages Name: Alice Smith UserID: Alice S. Address: 1234 Crypto, Seattle, WA Status: gold customer
  104. 104. … and at the macro level • fundamental reform of the policymaking process: – ensure technological and scientific evidence is gathered and understood prior to legislation being brought forward • eg avoid ‘the Identity Cards Act’ model, where the mechanism/solution (cards) is fused with the objective and policy outcome • don’t plan based on what you can see in the rear-view mirror
  105. 105. intelligent environments • office, home and public buildings running embedded technologies: – controlling lighting, heating (energy efficiency) and security – entertainment (music/film etc following you around the house) – dynamically moving calls and content between desk/mobile phones, PCs other devices • public environments – knowing you’re there – telling you what’s available
  106. 106. re-thinking form factors & devices
  107. 107. MyLifeBits MyLifeStore Internet Gordon Bell, Microsoft Research, http://www.mylifebits.com
  108. 108. information security and privacy embedded in the systems lifecycle
  109. 109. the transition from basic to dynamic security Basic Standardized Rationalized Dynamic Patch status Multiple directories Automate identity Self provisioning Technology of desktops for authentication and access and quarantine is unknown Limited automated management capable systems No unified directory software Automated ensure compliance for access mgmt distribution system management and high availability IT processes Central SLAs are linked Self-assessing and undefined Admin and to business continuous Complexity due configuration objectives improvement Process to localized of security Clearly defined and Easy, secure access processes Standard desktop enforced images, to info from and minimal central images defined, security, best anywhere control not adopted by all practices on Internet IT staff taxed IT Staff trained in IT Staff manages an IT is a by operational best practices such efficient, strategic asset challenges as MOF, controlled Users look to IT ITIL, etc. environment Users come up with as a valued partner People their own Users expect basic Users have the right to enable new tools, IT solutions services from IT business initiatives availability, and access to info $1320/PC Cost $580/PC Cost $230/PC Cost < $100/PC Cost
  110. 110. “CardSpace” • enables users to use multiple identity systems • based on Web services • usable by any application
  111. 111. CardSpace features • strong 2-way authentication • enhanced privacy – at user’s discretion, store personal information on PC/Phone/Device or in “the cloud” – fully informed disclosure – multiple personas, a mirror of the real world
  112. 112. Web services and identity • WS-* family of open Web Services protocols • developed by Microsoft, IBM and others • designed to connect multiple identity systems • anyone can implement on any platform • CardSpace is one implementation – a Java implementation already exists, and others are committing to support it: – Novell and IBM have announced the Higgins project: an open source implementation – OpenID is being supported by many players
  113. 113. if we can get this right ...?
  114. 114. if we can get this right ...? privacy and security restored?
  115. 115. summary • privacy and security need to be designed in partnership • both are parts of an ecosystem • online digital identity and “The Laws” are making headway into online privacy and security • better design is required – especially as we enter the pervasive age
  116. 116. what next?
  117. 117. new modes of interaction, experience touch immersive visualisation speech handwriting
  118. 118. visualisation in the real world video
  119. 119. ... the future workstation?
  120. 120. surface computing • display-centric • multi user • direct Input • tangible objects blending of physical and virtual interaction
  121. 121. source: fishenden.com
  122. 122. Source: “Sketching User Experiences”, Bill Buxton
  123. 123. iCube
  124. 124. Virtual playground
  125. 125. mining
  126. 126. the virtual museum video
  127. 127. object recognition video Source: Microsoft Research
  128. 128. augmented bowl video Source: Microsoft Research
  129. 129. future healthcare ? video
  130. 130. “The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn” Rethinking the Future, Alvin Toffler
  131. 131. ... vision Source: Private Eye 7th Feb 1962
  132. 132. ... reality? Source: Private Eye 7th Feb 1962
  133. 133. conclusion
  134. 134. thesis: we lack a consensus on, and balance of: - public policy - technological aptness - citizen benefit
  135. 135. ... and what role will you play ...?
  136. 136. ... thank you. IT perspectives Jerry Fishenden Director, Centre for Technology Policy Research Visiting Senior Fellow, LSE j.fishenden@lse.ac.uk blog: ntouk.com

×