Comments: Identity Theft: Why Hollywood has to take one for the team.

Nym Secure the Centralized Repository of Nyms on the fly allowing all nyms used for commerce to be held in trust with full payment details. Its not enough to hold cash and buy things with in online but use a name one on the fly but sign it with something that makes sense. The Nym Sig Secure will issue cash to payments based on instructions from the nym holder and the reciever of the dosh will only have the Nym Sig Secure Dosh to worry about. Damm the DRM of it all if all the balances are cash they need no other information. Complaints about purchases will be strongly supported because the collective (borg style) will hold sway over vast enterprises of commerce stating quickly and clearly that this merchant is a rip off and why or this product sucks large canine testicles. If Nym Sig Secure can state it has 20 million customers and is considered the nasty enemy of poor commercial offerings then people may flock to its offering.

Posted by James Lawrence Eden-Nesfield at January 9, 2005 05:33 PM

That's close to what Dave Birch was leading to... there is one link above to a guardian article and another article somewhere else that puts it more in focus (but I lack the URL for that one).

Posted by Iang at January 9, 2005 05:39 PM

That's where strong data privacy and data protection laws come into play: as long as agencies and/or people and/or companies only are allowed access to data they need, the collected set of data may not be that bad.

It's a common misconception of citizens of countries like the US or the UK that a National Identity Card is Evil (with a capital E), as is mandatory address registration etc. The main thing is the way this data is going to be used.

You are right that the concept of networked databases is highly dubious, especially with the political climate all over the world being like it is at the moment, but I still believe it's all a matter of controls and checks and balances.

Posted by Axel at January 10, 2005 10:20 AM

You are correct in that the thinking in Britain and the US is only slowly moving across to the notion of the database as the core issue. But what should then become apparent is that those checks and balances should become the priority. This is obvious to those on the Continent. But, it's not obvious to those in Britain and the US, and to be frank, it wasn't until I attended Hyperion's Digital Identity conference last year that I realised this was a missing link.

I predict the spread of realisation of this flaw beyond the Internet FC and privacy communities will be way way too late. The system will be built without controls, checks and balances. That's the working assumption I am making.

Honestly, I would not be offended in the slightest if somone could prove me wrong!

Posted by Iang at January 10, 2005 10:38 AM

Ironically, the much-despised TCG (aka TCPA) has the first proposal I've seen for cryptographic anonymity/pseudonymity which actually has a chance at mainstream success. This is Direct Anonymous Attestation (DAA), http://www.zurich.ibm.com/security/daa/, which uses a sort of blind group signature to allow a remote server to verify that a system has a valid Trusted Platform Module (TPM) chip (what Ross Anderson calls a "Fritz" chip). It performs this verification while using crypto anonymity to limit the amount of information that leaks about the user's identity.

Trusted Computing technology also offers a solution for phishing, allowing people to use credentials to access sites rather than passwords, where the credentials are locked using a hardware chip so they can't be stolen by trojans or viruses. Unfortunately all this is years away at best and my guess is that we will have adequate solutions to these problems of phishing and identity theft long before TCG can be deployed on a large enough scale. Of course this delay is due in large part to the efforts of online privacy advocates and conspiracy theorists.

Posted by Cypherpunk at January 10, 2005 02:29 PM

Hi Cypherpunk,

The trusted platform stuff had a fatal flaw as far as I could see. It was only trusted by the suppliers of the platform and their designated agents, not by the nominal owner of the machine. Now, it may be that in a bygone age, this could have been impressed on the consumer; after all this is what a cell phone is, a trusted platform that is trusted by the supplier, not necessarily by the consumer.

But PC consumers have had 2 decades of their own trust being the norm. That makes for a fairly high barrier to cross. That barrier is not insurmountable, but it would have to involve a pretty nice deal for the consumer. The alternate that was offered was a crock: you get to pay for it and we get to charge you for using it.

So it's no surprise it bombed. That's just the laws of economics and the practice of marketing at work there. It would be a complete and utter surprise if it had worked, and would cause us to re-evaluate our notions of the market as one without searching for some sort of value.

Posted by Iang at January 16, 2005 07:51 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55d94152b008) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.