As some of you know I am involved with biometrics at work. And it’s possible that some of you put two and two together when you saw my “Quote of the day” yesterday. One of the proposals I submitted for possible funding yesterday was to further develop a means of eliminating the need for passwords in computer security. It’s possible that the computer would, in essence, “just know” you when you sat down and started using the computer. And it could transmit your identity to other computers/websites that you interacted without the need for passwords. Kind of cool in some ways, huh? It’s possible that it would make it much harder for someone to get access to your bank account. It would reduce the ability of “bad guys“ being able to trick someone into giving up their password or mother’s maiden name, etc and making off with their life’s savings. Websites could be automagically restricted such that your children couldn’t access “adult“ sites even if they got a password from a friend or discovered or guessed yours. “Transparent security“ could be very cool in some ways.
Among the downsides is that in a totalitarian society it would make it much tougher to deny your involvement in the freedom movement. Another is that if the system were broken it would be harder to prove it wasn’t you that accessed that kiddy porn site.
From a technological standpoint I’m really excited about the prospect of providing a solution to this problem. The question is; Can it be made compatible with a free society and the individual fighting for freedom in a totalitarian society?
Compatible? Well …
At least in this country, as long as our govt. doesn’t crack down on free speech (and this is already arguable — see “raise the fist”) it isn’t too bad. Each individual has to make the decision about how visible to be to the authorities.
As a practical matter, should it become an issue, then online dissent will wither, as people turn to other methods.
But is it compatible with a free society? Biometric ID isn’t the issue. It’s how any ID/authentication is used. The question is when does monitoring turn into surveillance turns into a search? We’re already effectively tagged in many ways.
But if access to online resources required a much more positive authentication of identity? (Doesn’t necessarily have to be biometrics.) I think that resourceful people will always find a way around it. Of course, doing so will be a seperate offense by itself, a-la “computer trespass” or something like that.
The benefits you cite are indeed benefits, in some ways. But I’ve yet to hear of a good answer to the question of repudiating a well-done forgery of a biometric ID. I’m sure you’ve seen the big Slashdot discussion today (referring to some M$ guys blog posting on eliminating passwords). Biometrics plus something else then? Now we’re back to having to remember a passphrase or something like it. As an aside, I assume you’re familiar with pingidentity.com and digitalidworld.com.
Bottom line, the technology is almost never the problem. It’s how it’s used. When the govt. obtains, or has ready access to, all of the stuff gathered by ChoicePoint, LexisNexis, et. al. about where people are going, what they’re buying, etc., no I don’t think that’s compatible with a free society. In a free society, the govt. leaves me alone — and that includes not spying on me, regardless of the mechanism — unless it has good reason to stick its nose in my business.