The Debate Has Started … Proof of Age “and/or” Proof of Identity?
The Debate Has Started … Proof of Age “and/or” Proof of Identity?
For 40-odd years, politicians have generally avoided doing anything with the Internet, apart from knowing that they needed to make it faster. They often only saw the Internet as a fast way of communicating, and where we replaced the postal system with electronic mail, and books with digital versions. It was a world that just converted our analogue world into digital.
But government have often completely missed the new worlds being built, and which have reduced their power to monitor, regulate and control their citizens. For them, physical borders are power, and the laws of the land start and end at these borders. The Internet, though, has little respect for physical borders, and technology often has little respect for the laws of each country. For most, the rise of cybercrime has resulted from a flawed digital world and where we can trust little. Without regulation, technology has thus often focused on the rights of citizens to privacy and consent, and not on the specific laws of countries.
But now, they have finalised realised its potential, and in the way that we all live our lives on-line, and where physical borders have little in the way of control. Few things happen these days, too, without the Internet touching it, and where we leave behind our digital footprint. In our Google-driven world, we are observed for virtually everything that we do on-line. But now governments are looking to be part of this world, and try and control within their powers. Their weapons are not at the border any more or in controlling firewalls — as these have little impact — but are threats of fines and in putting CEOs of cloud service providers in prison.
So now the debate is truly happening, and the UK are one of the first countries to test the boundaries of governments controlling our digital world. For this the UK wants to control the access to adult sites by proving that the person is 18 or over. But, here is where the debate really happens, and it affects virtually all of our on-line activities. Does the government want to just know that someone is 18 or over, or actually know the identity of the person, and log their accesses? Every time the person goes to an adult site, their accesses are checked against a database and logged. This is the equivalent of someone going into a shop, and having their name written down when they buy a magazine.
Just think of court proceedings of the future … “and here is the defendants record of on-line accesses …”
As a cryptography Professor, the solutions for this are there already. If it is just a proof of identity, it is possible to use the Camenisch anonymous credential system and with zero-knowledge proof, and where we can have signed proof of identity. But do we trust our governments to create a system that protects the rights of our citizens to privacy? The answer is probably no, especially as our governments could see the regulation of the Internet as a way to monitor our activities — just in case we turn bad.
We have several problems on the Internet. The first is that we have our identity harvested by companies such as…medium.com
The debate has started … be part of it. It is a fundamental part of building a new world, and this is just the start of the tensions between the control of your governments, and our rights to privacy within an on-line world. When we identity ourselves on-line, we give away so much of our data. Cookies track us, our logins give our identity away, our IP addresses … so many things, and so many opportunities to match you, to both the virtual and the real world.
For me, our research team can provide the tools and methods that can build more trusted worlds, but it is up to our society to find the best way to use these things. We do need to understand how best to implement our laws, and use technology to do this in the best way possible, and protect the rights of citizens to privacy and consent. The UK currently does not actually have a proper digital ID scheme, as it has shown in the past that its citizens haven’t trusted the government to enact something that they can trust.
I strongly believe that cryptography and software engineering need to provide the foundation elements of building our new digital worlds, and without these we just open up a whole lot of new opportunities for cyber criminals and data breaches. We live in a 1980s digital world, but think we are living in the 21st Century. We are a long way off properly building a new foundation for a trusted digital world.
Be part of the debate. Society has a right to protect itself and its citizens, but each citizen has fundamental rights too. Every part of our on-line world needs to be looked at, and carefully defining as where this boundary lies.
This is the start of the debate, and not the end.