The Washington Post labeled Copyright issues the top tech industry concern of 2002. For an article written for the non-technical world, this is a remarkably good one, and it does a good job of providing perspective about where this issue has gone, and where it is today.

With regards to the 500,000 stolen health care records story, it shows that identity theft can be literal. In this case, the hard drives themselves were physically stolen.

This highlights the point I keep trying to make, that data security can no longer be based on physical location. If those drives had been written using trusted computing techniques, that data would be worthless to the thieves and the current fear that 500,000 people have their identity information stolen would not exist.

Eric Norlin's Blog
I'm posting this with some hesitation, but posting it anyway.

There is a world of weblogs -- one that I've tried to maintain some distance from in these spaces. Main difference: in that world, the unbridled personality reigns, and its not so much about *reporting and commentary* as it is about conversation and persuasion.

In any case, I've been having a 4-weblog conversation about digital identity with a bunch of webloggers (bloggers), and I thought that some of you might find it interesting.

But you have fair warning: Foul-mouthed, off-the-cuff, conversational, about anything at all content is just as likely as what you might be looking for in regards to digital identity information.

Happy New Year to all.

NJ.com: NewsFlash -- Thieves nab personal information of 500,000 members of military and families

White House Scrambles to Defuse Privacy Concerns

It looks like the White House is doing a duck and cover on their Internet Surveillance plans released last week. Sounds like they've heard the message that they have to take both sides into account. So the question is, what will they now do?

ZDNet |UK| - News - Story - Privacy in the UK: Where next?
a whole bunch of stories regarding privacy in the UK...

A Surmountable Identity Crisis
...an editorial from eWeek about the Liberty Alliance....though after their badly done piece a few weeks ago, its hard to place a ton of credence in their "opinions."

The Sacramento Bee -- sacbee.com -- The signs have ears

Starting next month, two freeway billboards will be able to tell which radio stations passing cars are tuned to and then change the image on the sign to fit listeners' profiles.

Bush to sign e-government bill

MasterCard is in the 2nd week of a test of an RFID payment program in Orlando, FL. As to the status of the test, currently you can "wave your MasterCard" to pay at Boaters' World, Chevron, City of Orlando Parking, Friendly's, Loews Universal Cineplex, Ritz, and Wolf Camera. Fast-food restaurants and additional retailers will be added in January.

This will be an interesting test to watch, as I get email all the time from folks who swear people won't accept the privacy implications of RFID credit cards. I think they will easily, and now we'll see...

Since Eric opened the topic in his EFRTD, here's an update on TIA reflecting a couple of public presentations in the past week. For those who like things pre-chewed and digested a key quote:

"Despite the need for new tactics in the near-term, Aldridge said the TIA 'experiment' would be demonstrated using test data resembling real-life events, but that the 'feasibility' of actually using the system is 'several years away, based upon the ability to understand the technology.'"

When an issue has scary elements and is as easily demagogued as this one is, you need solid information about it to developed a reasoned response. As Eric said, this is a DARPA research project to develop concepts, determine feasibility, and run tests on a manufactured test database, funded with not much money (the TIA project is funded in the fiscal 2003 budget at $10 million.)

For those who want more "flavor" on the project, here is a link to the 25 page "proposer information pamphlet".

TIA is pursuing many separate but related research sub-projects - nine at present - and would require new legislation to ever move beyond the research phase and be deployed. In short, TIA should be understood, and watched, but its too early to even say what it would actually be if it existed...

According to this Infoworld article Microsoft is releasing the WSE 1.0 enhancement pack for its Visual Studio.Net which will implement its version of WS-Security.

WS-Security allows identity to be embodied in the Web services "plumbing" and is a major step towards allowing Web Services to become fully identity-centric as they must to deploy beyond the firewall.

It looks like basic WS-Security is either being released, or soon to be released, by several software companies. The next step is to work on making these various versions interoperable, and feeding the results into the OASIS standards process. We hope the vendors will not keep things incompatible for too long.

Perspective: Tech's answer to Big Brother - Tech News - CNET.com

A second approach was invented by Stefan Brands, previously a scientist at Zero Knowledge Systems, who outlined it in a book titled "Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy."

Brands describes a remarkable technology called limited disclosure certificates. It's a preemptive response to current trends in authentication, where you might end up using one digital ID certificate for everything from driving to shopping to health care--and all your information and transactions would instantly appear in Poindexter's database.

Just ran across this article on TI's RFID wrist watch and how it is being integrated into everything from Speedpass to buying hamburgers.

It's a reminder that device identity will ultimately converge with human identity over time, because it's all part of the same transition of computing from centralized and physical location based to distributed and identity based. As parts of this problem get solved, new applications will become feasible that seem like science fiction today.

Ready - log on to your wristwatch - Go!

Privacy Organization Updates License Version

VeriSign throws its hat into the ring for consumer identity with its Consumer Authentication Service (CAS).

The "value add" here is the addition of consumer scoring, intended to better rate the likelyhood the consumer is who they say they are, and fight identity theft. This is done through access to "over 50 best of breed data sources (personal, credit, demographic and black list information) to cross verify and risk rank consumers real time." Does this old deal with Equifax mean they are one of the partners that will provide some of the qualification data?

This will bear close watching as it's a step into the shared liability swamp where many want (but fear) to go.

It will also be interesting to see if the press picks up on the first real challenge to Passport and whether or not there will be a Liberty Alliance response...

Looks like Novell is is seeing the first payoff of their Destiny project roadmap with a UDDI server release.

Novell is betting that they can capture a lead position in the Secure Identity Management marketplace, building on thier directory serve market position. Given that they understand the space in a way few others do, I wouldn't bet against them.

SUPERNOVA 2002 - by pulver.com
Wish I was gonna be here as well (so many conferences, so little time ;-)....of course, they left one BIG topic off the schedule (one of those unifying trends) -- you guessed it, digital identity. Kevin originally had it on there, but I guess he ran outta room, or something. Anyway, no matter...

Also, I'd be taking a computer to SFO if I had that Apple G4Titanium Powerbook -- anyone know someone high up at Apple? I'll gladly be a convert in exchange for the laptop...

Building a Web Services Foundation
Phil and I are headed to this conference (if you're there, look for us) to check out what the world of web services has to say....kind of throwing ourselves into differing vocabularies to see what happens....

In any case, I'm not bringing a computer (though i'm sure Phil is), so don't expect to hear from me until Thursday...

Intel, IBM Team With AT&T To Push Nationwide Wi-Fi

"Cometa's vision and plan for this is to offer a single sign-on, single authentication, seamless-roaming nationwide network," said Michael Mass, vice president of marketing for the Communications Sector at IBM.

That vision would allow every Internet user in the U.S. to access their existing accounts wirelessly, anywhere in the United States, without changing their accounts or service providers. End-users will be able to keep existing sign-on procedures, e-mail addresses, IDs, passwords and payment methods regardless of the access point, whether its an ISP, corporate VPN, telecommunications provider or cable operator.

Governing: Technology column/December 2002

And as the states begin to assume even greater responsibility for homeland security, state CIOs are in the vanguard of state leaders taking the steps necessary to make certain that critical infrastructure is protected. Now that states routinely rely on technology for service delivery, CIOs play an essential role in ensuring continuity of services.

Jon's Radio
Herein Jon talks about an email filtering system that requires "registration." Now, sure, its a good idea (an identity based one ;-), but he's right -- it eliminates the chance for spontaneous interaction....which, for me personally, is one of my loves -- and (frankly) how i do business.

One bit of pushback to Jon: I don't think this is really an "assault" on the end-to-end nature of the internet's architecture.....sure, the way this service runs may be (in its centralization), but the idea of the service (bringing identity to the end to end structure) isn't. Just a thought....

As I've been saying, we're gonna need to bring a helluva lot more subtlety to this discussion...

Howard Rheingold writes an interesting article for Technology Review on the advance of wearable computers and personal area networks.

If, as seems inevitable, the network grows to include nearly everything and everyone, conected all the time everywhere -- digital identity will be the only way to survive within it.

In this article about a Gartner report on ecommerce fraud, it is noted that such fraud is rising. While in terms of dollars, the amount is still about 1% of sales ($500 million), nearly 6% of transactions are rejected due to being "suspicious."

Growing friction in the gears of ecommerce that only better identity systems can address...

As this article on the theft of trade secrets from Sun and Transmeta shows again, the biggest treat is from an inside job.

But I'm prompted to ask: If the documents had been electronically sealed with digital identity and digital signatures, wouldn't it have been harder for this to happen, and easier to prosecute if it did?

Identiscape -- from Stanford.edu

New everyday uses for GPS
...not exactly "hard-hitting" journalism, but some interesting examples of how GPS is coming to be used...

The President signed the "Dot Kids" law and it makes us wonder if there is a "digital group identity" concept that is being groped for here. The goal is to protect kids from certain Internet "experiences" while not outlawing those things in any general way. Needless to say, this is a goal that no one really quite knows how to acheive today, but identity will clearly be part of any solution.

It's too easy to make the cheap joke here, and vacuously simulate profundity. But the truth is that there are many difficult identity problems that fall into this same pattern. What will the real solutions end up looking like?

ID theft is frequently an inside job

Liberty Alliance Waves White Flag at Passport
I simply don't believe that Liberty will give in that easily...

Wired News: Total Info System Totally Touchy

Despite widespread use of Social Security numbers in medical and financial records, there is still no "unique identifier" that would allow the new system to track individuals with total accuracy.

Wired News: Lax Security: ID Theft Made Easy
I've been making this argument for a while now -- the one that goes "digital identity is the technology that reignites growth in business spending." I get some flak for it -- people asking why. Here's an example of why:

"I've had a hellish time fixing their screwup, and have lost a job and been turned down by a landlord due to my wrecked credit," Pastore said. "Shouldn't the credit report companies have notified me before they released my data? Shouldn't they bear the cost of fixing the problems they caused?"

"Consumer privacy and corporate accountability are the major issues here," said Harvey Jacobs, a Washington, D.C., attorney. "The credit bureaus have to reevaluate how they release information, and they have to be held financially and legally accountable if the information is misused."

Federal Trade Commission Investigating Rite Aid for Privacy Violations
"The Federal Trade Commission is hot on the trail of Rite Aid Corp. for alleged advertising and privacy violations..."

Vision Series 3: Howard Schmidt - Tech News - CNET.com

What are going to be the most important developments in the areas of Internet and network security over the next three years?
We will see the widely accepted use of two-factor authentication (which requires people to identify themselves using two unique factors, such as a password and a digital certificate) or smart cards. What most of us use now is a user ID and password. That's traditionally been a weak point in authentication systems.