Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

[BackChannel] Prediction for 2013: Keep an Eye on Identity

BY Gadi Ben-Yehuda | Friday, December 14 2012

BackChannel an ongoing series of guest posts from practitioners and close observers at the intersection of technology and politics that, taken in aggregate, form a running conversation about the future of campaigns and government.

Gadi Ben-Yehuda is Director of Innovation and Social Media for IBM The Center for the Business of Government.


In 2013, I’ll be keeping my eye on Identity; it’s going to be a big story.

Identity management is so intrinsically uninteresting that in the time it takes to say “identity management,” people may fall asleep—even though they are directly affected by it. And it’s a pretty safe bet to say that, because anyone who uses multiple computers (or a computer, a tablet, and their smartphone), online banking, a cloud-based email account, a credit card site, online retailers like Amazon, and/or a social networking site relies on some kind of identity management system. And right now, those systems are a mess.

The identity management system that most people encounter on most of the sites they visit is a straight-forward login/password page. Some organizations require strong passwords—some so strong they were spoofed in this McSweeney’s article from 2007. The problem is that people are not always so good at remembering strong passwords, so they end up either writing them down or constantly forgetting them. And I wouldn’t be the first person (or the second or the third) to argue that passwords are not enough.

Further, identity isn’t just something that should be getting us into our email accounts. There is so much more that a robust identity management system could streamline. How many times—at a doctor’s or dentist’s office, when registering for a new school, or buying a plane ticket—are we asked for information that is a part of our identity? Where we live, how old we are, primary email address, company name and our role?

Though many browsers now come with AutoFill functions, how many of us feel comfortable sharing our social security numbers, credit card details, or other sensitive information with a browser? And for those of us using multiple computers—one at work, one at home, a tablet, and a smartphone—do we fill out the same information on each system? The promise of persistent computing was that we could work seamlessly across many types of computers, but poor identity management thwarts that goal.

This is where we are: bad identity management can lead to catastrophic damage (think, losing hundreds of thousands of dollars, digital pictures and correspondence, and/or credit rating), while good identity management can reap huge rewards in recovered productivity (because time recovered from filling out forms can be rerouted into getting actual work done!).

The good news is that there are two fronts open in the battle for better identity management. The first is an offensive against the wasted time of filling out information over and over again. Companies like LastPass, Personal, and RoboForm offer applications that users can install on multiple machines and will store login and password information as well as all types of other identifying information—home address, credit card numbers, etc.

Offerings from these companies are helping here and now, and it’s safe to say that more people will be using these services, or ones like them, in 2013 and beyond.

But the more important action has been on a slow burn for at least a decade, has heated up in the last four years, and is going to begin to boil in 2013: the activities of the National Strategy for Trusted Identities in Cyberspace, or "NSTIC," and its constituent organizations to create a standard for identity management across platforms.

When I spoke with Dan Chenok, who has been involved with NSTIC since its inception and serves as the Interim Chair of its Policy Coordinating Committee, he used this metaphor to explain why a standards-based identity management system was the best approach. (Full disclosure: Dan is also the Executive Director of the IBM Center for The Business of Government, where I work.)

Imagine that you go to a market and you’re at the cash register. You can pay with cash, or with any number of credit cards; MasterCard, Visa, Discover, AmEx, or a debit card. You might have half a dozen different kinds of payment options in your wallet, or you could have only one, but it’s up to you. All of these payment methods are based on the same set of standards, and each can add to the basic requirement of paying for your purchase with different incentives at different costs. But the bottom line is, each one can be used to buy a pack of gum or a steak dinner.

The same thing should be true with identity. Whether you’re logging into your online banking or your social network or the DMV for your state, there should be a set of requirements that checks your identity while at the same time preserving your privacy. This is one of the seven requirements that NSTIC set for a standard identity management scheme. In total, those seven requirements are that the standards must be:

  • Privacy-enhancing: users relinquish as little privacy as possible when they opt into the system
  • Voluntary: users must not be required to opt into the system to manage their identity
  • Secure: identity administrators must fortify the system against breaches
  • Resilient: in the event of a breach, administrators must be able to recover quickly
  • Easy to use: users should not have to have a password like this: J8JΒΝzγΨfΛδ@6%vΤfShr57w/
  • Interoperable: the system should work on a tablet, a phone, or a computer running any major operating system and should work for any online tool that requires a login
  • Cost-effective: the system must not impose undue financial strain on businesses or consumers that use it

Mr. Chenok is quick to point out, however, that though the benefits of a standards-based identity management system are easy to grasp, there are still three major impediments to its adoption. The first is, ironically, convenience. Most people know how to navigate their current identity schemes, even if it is ungainly; switching would be a chore, at least initially. Second, is culture. Every company and organization has its own way of dealing with identity and most institutions would have to change their methods, at least a little. And riding on that is third, and perhaps strongest barrier: cost. Mr. Chenok estimates that the cost of switching to a new identity management scheme will be significant, though the accrued benefits would likely far outweigh those initial costs.

Ultimately, though, both he and I are bullish that NSTIC will succeed in drafting standards that meet the committee’s requirements and overcome these three barriers. The first to fall will likely be convenience as the current system begins to fail more often—meaning more breaches and greater hassle for users. The second, then, will be culture, as people become more accustomed to new ways to manage their identity. And the last to be surmounted will be cost, as it will become more expensive for companies not to comply than it will for them to adopt a new system.

There may not be an end-state in identity management, even as there is no “end-state” in developing an operating system for computers. We may simply experience upgrades throughout our entire lives. But I believe that we are on the cusp of a significant transformation in how we manage our identity both online and off, and I think that by this time next year, we will see the contours of the next version of identity management, and perhaps will have even begun to implement and benefit from some of the changes.

News Briefs

RSS Feed today >

The Rise and Fall of Iran's “Blogestan”

The robust community of Iranian bloggers—sometimes nicknamed “Blogestan”—has shrunk since its heyday between 2002 – 2010. “Whither Blogestan,” a recent report from the University of Pennsylvania's Iran Media Program sought to find out how and why. The researchers performed a web crawling analysis of Blogestan, survey 165 Persian blog users, and conducted 20 interviews with influential bloggers in the Persian community. They found multiple causes of the decline in blogging, including increased social media use and interference from authorities.

GO

tuesday >

Weekly Readings: What the Govt Wants to Know

A roundup of interesting reads and stories from around the web. GO

Russia to Treat Bloggers Like Mass Media Because "the F*cking Journalists Won't Stop Writing"

The worldwide debate over who is and who isn't a journalist has raged since digital media made it much easier for citizen journalists and other “amateurs” to compete with the big guys. In the United States, journalists are entitled to certain protections under the law, such as the right to confidential sources. As such, many argue that blogging should qualify as journalism because independent writers deserve the same legal protections as corporate employees. In Russia, however, earning a place equal to mass media means additional regulations and obligations, which some say will lead to the repression of free speech.

GO

Politics for People: Demanding Transparent and Ethical Lobbying in the EU

Today the Alliance for Lobbying Transparency and Ethics Regulation (ALTER-EU) launched a campaign called Politics for People that asks candidates for the European Parliament to pledge to stand up to secretive industry lobbyists and to advocate for transparency. The Politics for People website connects voters with information about their MEP candidates and encourages them to reach out on Facebook, Twitter or by email to ask them to sign the pledge.

GO

monday >

Security Agencies Given Full Access to Telecom Data Even Though "All Lebanese Can Not Be Suspects"

In late March, Lebanese government ministers granted security agencies unrestricted access to telecommunications data in spite of some ministers objections that it violates privacy rights. Global Voices reports that the policy violates Lebanon's existing surveillance and privacy law, Law 140, but has gotten little coverage from the country's mainstream media.

GO

friday >

In Google Hangout, NYC Mayor de Blasio Talks Tech and Outer Borough Potential

New York City Mayor Bill de Blasio followed the lead of President Obama and New York City Council member Ben Kallos Friday by participating in a Google Hangout to help mark his first 100 days in office, in which the conversation focused on expanding access to technology opportunities through education and ensuring that the needs of the so-called "outer boroughs" aren't overlooked. GO

thursday >

In Pakistan, A Hypocritical Gov't Ignores Calls To End YouTube Ban

YouTube has been blocked in Pakistan by executive order since September 2012, after the “blasphemous” video Innocence of Muslims started riots in the Middle East. Since then, civil society organizations and Internet rights advocacy groups like Bolo Bhi and Bytes for All have been working to lift the ban. Last August the return of YouTube seemed imminent—the then-new IT Minister Anusha Rehman spoke optimistically and her party, which had won the majority a few months before, was said to be “seriously contemplating” ending the ban. And yet since then, Rehman and her party, the conservative Pakistan Muslim League (PML-N), have done everything in their power to maintain the status quo.

GO

The #NotABugSplat Campaign Aims to Give Drone Operators Pause Before They Strike

In the #NotABugSplat campaign that launched this week, a group of American, French and Pakistani artists sought to raise awareness of the effects of drone strikes by placing a field-sized image of a young girl, orphaned when a drone strike killed her family, in a heavily targeted region of Pakistan’s Khyber-Pakhtunkhwa Province. Its giant size is visible to those who operate drone strikes as well as in satellite imagery. GO

Boston and Cambridge Move Towards More Open Data

The Boston City Council is now considering an ordinance which would require Boston city agencies and departments to make government data available online using open standards. Boston City Councilor At Large Michelle Wu, who introduced the legislation Wednesday, officially announced her proposal Monday, the same day Boston Mayor Martin Walsh issued an executive order establishing an open data policy under which all city departments are directed to publish appropriate data sets under established accessibility, API and format standards. GO

YouTube Still Blocked In Turkey, Even After Courts Rule It Violates Human Rights, Infringes on Free Speech

Reuters reports that even after a Turkish court ruled to lift the ban on YouTube, Turkey's telecommunications companies continue to block the video sharing site.

GO

wednesday >

Everything You Need to Know About Social Media and India's General Election

The biggest democratic election in the world to date is taking place in India from April 7 to May 14, and, for the first time in India, the results might hinge on who runs a better social media campaign. The Mumbai research firm Iris Knowledge Foundation has said that Facebook will “wield a tremendous influence” but Indian politicians are not limiting their attentions to India's most popular social media platform. In addition to virtual campaigning are initiatives to inform, educate and encourage Indians to participate in their democracy.

GO

More