I've been thinking a lot about the ripples of the recent Grokster ruling -- like wake up in the middle of the night thinking....

here's the thing: the blogosphere is now largely in the "gnashing of teeth stage" - with folks like Marc Canter going so far as to call the Supreme Court the "Supreme Joke." And I think that most folks that are really against this ruling are framing it as a "hollywood vs. innovation" argument. The thought being that "hollywood" (i.e., old media producers/distributers) needs to get with the ways of the digital age and realize that their entire business model has been disintermediated by the age of participation innovation.

In this framing, this ruling "stifles innovation" -- but i'm thinking that this framing may not be the right one. In other words, what if a different framing brought us a moment of balance and perspective - not black and white, good guys and bad guys, this town's not big enough for both hollywood and innovation, but a real "we can both win" situation.

From my perspective, this "grokster moment" is really something that is resulting from the fact that all of these file swapping networks are based upon an underlying network without real identity (what i have, for lack of a better term, called a "network of anonymity" - i.e., the internet). A network without identity has no ability for fine-grained distinctions around access, control, etc. It has blunt instruments.

Trying to wade through the marsh of re-making the distribution of media in the digital age using the blunt instruments of our current internet is like performing open heart surgey with a chainsaw....i.e., bloody and largely ineffective.

However, a network of identity (i'm talking futures now) is a place where we actually have the ability for fine-grained distinctions around access, control and distribution. It would allow us to balance the equation and rid ourselves of the false dichotomy of "hollywood vs. innovation." A network of identity would give us the infrastructure that might just allow us to see the grey in the subtleties of copyright law.

The Grokster decision isn't about the evil hollywood shutting down the cool kids that are just wanting to share their music. Its about the failure of technologists and innovators to deal with the sticky problem of digital identity.

Grokster is the call for us to get our identity act together. Until *we* solve this problem by means other than court appeals, or a James Dean-like Swapper without a cause mentality, we have no right to complain.

If this really is about innovation, then technologists should prove it by stepping up and innovating.

A statement in this MSNBC article caught my eye:

"Consumers are really getting scared, and they don't think their government is protecting them," said Litan, who authored a similar study one year ago. This year's study was conducted before the announcement of recent data loss incidents affecting millions of consumers by CitiCorp and MasterCard. "I think it would be even worse now," she said.

Can you smell the legislation? *sniff*

Believe it or not, this Grokster ruling really does involve Digital Identity -- in that, P2P networks, DRM and file-sharing/piracy/whatever of all kinds is actually really about networks of anonymity and networks of identity.

Some interesting links (and points):

Grokster and Open Source:
"In addition, the intent to violate copyright must be shown by the clear expression or other affirmative steps taken to foster infringement, according to Justice Souter's opinion. That's not a low hurdle. If open source developers keep their mouths shut all the RIAA can do is go after every user of the resulting software."

Grokking Grokster:
"On the other head, Chris Nolan sees the whole thing as a wake-up call for the techies: If you invent it and sell it, you can't completely avoid responsibility for what you’ve done. Particularly if your marketing campaign relies very heavily on the 'screw the man' thinking that passes for macho street cred in the Geek community."

Sinking Pirates:
"In the most recent survey of the Pew Internet & American Life Project, 49% of all Americans and 53% of Internet users believe that the firms that own and operate file-sharing networks should be responsible for the pirating of music and movie files. An additional 12% say both companies and individuals should shoulder responsibility--meaning a solid majority sides with the Supreme Court. Among Internet users, the majority is slightly greater."

...the Xbox 360 has a very large thread of digital identity running through it....

Read more here:
Xbox 360 Fact

Maybe we can get the team at Xbox to give away some Xbox 360's at upcoming DIDWs....

Some of the biggest news of the day was surely the Grokster ruling. Via Technorati, I found this DRM weblog that makes a good point about how the ruling can lead to more DRM....and, of course, more identity:

DRM-related Effects of the Grokster Ruling

Talk about a strange comparison....

I give you Microsoft's Original Press Pass Article about Hailstorm.

For Comparison - Kim's Laws of Identity.

Just a small reminder that we have actually made some progress...

In case you haven't noticed, Digital ID World is branching out. This November, we'll be launching the first vertically focused, Digital ID World summitt - Digital ID World - FS.

Digital ID World - FS is a summitt focused especially on the application of identity technologies in the financial services vertical. As such the format and setup is a bit different from the larger, more horizontal Digital ID World conference.

Essentially, this summitt will be held in one room (one track) with very in-depth interviews with leaders in the financial services sector -- think C-level individuals talking about their identity deployments in depth. Besides that, we'll have 3 or 4 panesl of financial services folks addressing the hot topics of the day: strong authentication, federated identity, Phishing & ID fraud, etc.

In addition, we won't have the traditional "show floor" associated with an expo. Rather, we're focused on 4 high level sponsors that are truly involved in delivering *high-quality* content, and some spaces for smaller vendors to show their wares. We realize we don't have enough space for all of the vendors that will want to be there -- but like I said, we're aiming for a summitt, not an expo.

Things are selling fast (on the vendor side) - in fact, some things are already sold out; and we've got lots of interest on the attendee side (we haven't even opened registration). In short, we're excited....

SenderID, the controversial (somewhat) spam-filtering initiative from Microsoft, is now being moved into Hotmail and MSN.

This is an interesting move if only because Microsoft got into a standards battle over SenderID - and now they're moving it into one of the largerst hosted email providers out there -- one they own.

The immediate *reaction* from the rest of the industry, as one would expect, is that Microsoft is "strong armming" the industry into SenderID. Quoting the ZDNet article:

"We think Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard," said Dave Rand, chief technologist for Internet content security at security software company Trend Micro.

This is an interesting weblog for our true techie-readers out there: A weblog written by a Microsoft employee that is devoted (apparently) to the technical implementation of weblogs.

Quoting:
Ready, set, go…

3. You will see the InfoCard Management UI. I’m going to warn you that this is a ‘wire frame’ UI, it is enough get basic ideas across, but it is no where close to the final UI, and it will be radically different in a subsequent beta release, so please don’t read too much into this.

I'm sorry, but reading the first paragraph of this story made me think that maybe I was reading the Onion, or watching Saturday Night Live:

"Credit card users, don't fret. Only a small fraction of the 13.9 million credit cards accounts at MasterCard exposed to possible fraud were considered at high risk, the company said Saturday."

Only a "small fraction" of the 13.9 million accounts were at "high risk"? Were the rest at "medium risk"? And what - *exactly* - is "medium risk" in Mastercard terms? Is "medium" risk equivalent to Defcon 3? If so, is "high" risk equivalent to mutally assured destruction?

The equivocation in this opening paragraph is a wonderful example of a huge PR budget at work. Congratulations to Mastercard. Of course, with the frequency of data loss these days, this all just seems commonplace now ("OOPS! we lost 13.9 *million* account numbers - sorry - hehehehe").

This CNet story about a federal proposal to have ISPs log all online activities is nothing more than a brute force solution to the Net's identity problem.

One thing that Phil and I have been discussing for (literally) years now is the worry that we (by "we" i mean "the industry") won't come up with viable solutions fast enough and it will lead us down some horrible, brute force legislative road that we'll end up course-correcting over a longer period of time.

That worry is why proposal like the Identity Metasystem are good for technology as a whole -- not only do they focus the discussion, but they keep the industry moving forward toward a solution.

And all of this begs the question: who will crack the nut to true end-user identity? That is a billion-dollar answer.

An interesting use of ID tracking technology is being reported in this story in Guardian Unlimited...

It appears that babies in the UK's Medway NHS Trust maternity ward now receive electronic id tags that attach to their ankles. The tags are meant to keep abducters from being able to remove the babies from a physical location. If the tag leaves the maternity ward, sirens, etc. ensue.

Quoting:
"Everyone that I've spoken to was really impressed. My worry was that we would find some mothers who thought it was peculiar to have electronic equipment fitted on their babies. But we presented it as routine. They all agreed and we have had no negative feedback."

Objections anyone?

This is an excellent article that summarizes what Digital ID World has been saying about Identity and SOX compliance for quite some time -- the article's value lies in its summary.

Quoting:

"An identity-focused solution, however, takes the role of identity to the next level and provides a more feasible long-term solution. In such a solution, identity becomes the foundation for IT operations, representing the actual link to business initiatives and processes. By attaching identity to every interaction and making it pervasive, risk is brought under control and the system is continuously monitored for compliance. Such capabilities are currently available from innovative vendors who offer IdM technology in the form of a software and appliance solution. "

Dave Steeves of Microsoft is out and about touting ideas around how smart cards and USB tokens could help to secure online transactions.

Theoretically, yes.

Realistically, the first thing I think of is Amex's failed Blue card (which had readers you could hook up to your computer for OTP-like transaction securing).

Yes, I know that the buying public is in a different place. Yes, I know that Bank of America is launching a huge 2-factor auth plan. But it still feels to me like we are a ways off from the day when Joe Sixpack in Ogallala, Nebraska whips out his USB token to encrypt and secure his online banking transaction....

Is that just me?

Phil and I were actually speaking about this the other day -- specifically, how the Citibank loss will result in the financial institutions looking for the *next* minimum bar that they should meet.

The point being that IT departments tend toward incremental protections (they're cheaper and tend to have quantifiable ROI) versus complete overhauls. Case in point, all of the "compliance software" being sold for SOX - and the accompanying "it costs us a ton and is worth a dollar" stories that CIOs are now telling.

Whether you're talking about ERP, CRM or even IdM systems -- the incremental improvement is always easier and more quantifiable than the system overhaul.

And the response to data loss/ID theft will be just that -- incremental. That's not necessarily bad or good - it just is.

MSNBC is running a story about a convenience store in Virginia where you can use your fingerprint to pay...

It contains the usual EFF concern about huge databases of personal information being compromised. My question is - isn't that already happening? And doesn't this actually provide some strong auth to a badly broken payment system (cards)?

Remember this: the "card" payment system was originally devised in the 1960s. Computers that were devised back then had *vacumn* tubes or were *analog*. Isn't it time the credit card industry catch up?

There have been piles of links that have come out of Digital ID World 2005 (which was in may)....

If you've missed them, you can find a bunch here:

DIDW retrospectives
Questions about the Identity Metasystem
Identity Blog