Think of this as Volume 16, Number 32 of A-Clue.com, the online newsletter I've written since 1997. Enjoy.
The whole “cloud problem” FUD being sold by the media and Steve Wozniak over Apple's so-called iCloud service comes down to one word.
Identity.
It's a simple word, one we use every day. And it is a real problem.
But only because we choose to make it one.
Fact is, we have the technology to identify everyone. Just spend some money. Choose a set of biometrics and collect them from everyone. Put them on driver's licenses and government identity cards. Make the latter free, a government service, and then you can mandate their use in any way you like.
It is our refusal to make this small investment that is causing our problems. It is our refusal to mandate strong identity that enables identity theft. We have dumbed-down identity to four digits on a Social Security card and (maybe) your dog's name, given to someone on the phone. That's what is ridiculous.
Now there are many excuses for our refusal. We want to remain anonymous in some cases. We don't want to have to give “our papers” to the government every time a cop looks at us funny. (Well, we don't want to – we want you, you brown people, to.) We demand our privacy. We want to choose when we're to be found and when we're to be hidden.
I get that.
But when you choose to be hidden, you should accept the risks that come with anonymity. Lack of trust. Lack of support from government when you get into trouble. The end to the assumption that you're OK, on the part of businesses, government, and your fellow citizens. Show you're OK in some way that satisfies us, Mr. Anonymous, and then we'll deal with you, as an anonymous person. Not as the sane, stable Mr. or Ms. Whatever that you are from day-to-day, because we know that person, and they have identity we can check to prove they're who they say they are.
This is not just a cloud problem. This is a voting rights issue. This is an issue every time a cop stops someone. It's a huge commercial issue, both online and offline. I recently had an ATM card stolen, and the crook blazed a trail of small transactions all over town, using the debit card as a credit card (which the debit card people tell me to do). No one questioned the signature this hoser was scribbling. No one looked at the name and the face and questioned whether the two should go together.
Identity theft is so easy because identity is so weak. We're kludging things together, but we need to face this problem and deal with it, by mandating standards in both the public and private sector for identity that's secure, and real.
Right now, the U.S. government is engaged in a small program to address this. They're going to require you to show up, in person, to renew your drivers' license, and to prove there that you're who your license says you are. My wife's upset over this, because she used her maiden name when she got her first license, then her married name afterward. She's afraid she's going to have to dig up her 35 year old marriage license to keep driving. And then the driver's license is getting tied into voting, so there's that.
There's a hidden benefit to this new process, which I discovered last time I voted. The clerk read a complex bar code on the back of my license with a scanner, and that let her look up my voting record. First time that's happened. But it could be a huge boon, if the technology's use is broadened. At least for in-person transactions. You could go to your doctor, the nurse could read the back of your license with a scanner, and all your health records would appear to her, all validated. We'd need to make use of a phony license a felony, but it could actually work.
Online identity is something else. Right now merchants are depending on a 10-digit Social Security number they know they're not supposed to use, and some “trick” questions anyone can fake the answers to with a little Googling. That's bunk.
Computer professionals know it's bunk. They've been working on solutions for years. There are some great technology blogs about it, like this one.
But identity system integration always seems to get lost in commercial rivalry. Microsoft had a system, so Sun didn't like it. Oracle bought Sun, and suddenly no one trusted that system. We know what has to be done, we just can't trust one another to get it done.
This is precisely what kept the Internet from showing up in the 1980s. Back then the problem was the telcos, who refused to deal with one another on a level playing field. The peering arrangements pioneered by ARPANet, which was funded by the government so no one had to worry about money until later, were the solution to that problem. Layer a presentation protocol called HTTP on it and you have the Web.
Something like that has to happen here. The World Wide Web Consortium has supposedly been working on it for over a decade. But it seems unable to cut through the corporate clutter and get something done. The international nature of the Web makes it hard for the U.S. Government to get involved, either, since in the greater scheme of things it's distrusted alongside other governments, like China and Luxembourg.
But strong identity is the best hope we have of closing down the underground economy. Rich people routinely route transactions through “tax havens” to hide them from larger governments, and hide their identity. I'd say there's a strong motivation for governments to close down this loophole, and identity is the way to do it.
Unfortunately what I've described here is not a technical problem, but a political problem. The problem of identity is a political problem. Many people don't want strong identity, each for their own reason. Governments don't trust one another to mange a strong identity system honestly. There's no real international government.
And so the dragon chases its tail. But the problem here does not lie with the cloud, or with technology in general.
