DT, April 2017
April 1, 2017
The identity crisis in cyberspace is not like the weather, which we all complain about and accept as a shared fate. It is not a force of nature. It is a product of our construction, and therefore within our power to solve.
The first step is to define it properly. Identity issues are neither a case of consumer negligence nor of clerical inattention. They are not a nuisance but rather are at the heart of cybersecurity. In fact, they relate to the very idea of life in cyberspace. It’s remarkable that, no matter how multifaceted, complex, and alive you are in the physical space, in cyberspace you are a string of ones and zeros. And if I guess, steal, or rob your bit string, I become indistinguishable from you.
So how will an unguarded small merchant be sure that it transacts with Susan, and not with her identity thief? Imagine the most sophisticated cybervault possible. If a hacker steals the identity (and credentials) of a proper user, then this vault is compromised.
Identity theft is booming because it is a lucrative business for both identity thieves and identity protectors. The media is bombarded with scare tactics and costly solutions carefully designed not to change the balance. We are led to believe that the risk is inevitable, the cost for countermeasures is acceptable, and that we should learn to factor it into our lives. A huge arsenal of “security patches” is aimed at patching yesterday’s leaks while remaining vulnerable to today’s breaches. A host of identity-monitoring services have become a way of life for the growing community of identity victims. Just read the investment literature of the many startups picking the pockets of identity-theft victims.
Cyber identity is a national challenge, requiring a federal reply, something like a Cyber Identity Protection and Restoration Agency (CiPRA). No national agency per se is focused on protecting and restoring the identity of Americans in cyberspace. In this magazine, we are concerned with the financial impact, but the problem of ID theft is much broader and includes medical privacy, reputation, credibility, social connection, the job market, and even romance. So much can be destroyed and damaged when bad actors can become us. We are at an annual rate of 7% of U.S. adults becoming victims of identity theft. How many more wakeup calls do we need?
CiPRA would first provide immediate national identity-restoration solutions so that victimhood would not be a lifetime fate. Last June and July, this column proposed the Cyber Passport initiative. Five young men organized for it, but the doors they knocked on were not opened. Since then, the problem has only grown worse.
CiPRA would also develop the “Science of Identities in CyberSpace.” We need to realize that a static bit string, however long, is a stationary target for hackers to aim at time and again until they hit it. We therefore need to emulate real life, where who we are is evolving day by day. How often do we need to change our CV or update our LinkedIn and Facebook page? So why let our cybersecurity remain tied to a fixed-size password, PIN, email, or phone number? Peer-to-peer networks, like the one popularized by bitcoin, offer the means to create an evolving identity string that is constantly gaining in trust and credibility. This is based on peer-authentication and a stream of new identity facets creating an identity canvas that is increasingly more difficult to compromise and defraud.
Surprisingly, once we properly establish cyber identities, we will be able to use them to build masked identities, so we can visit, shop, and explore cyberspace using a pseudonym, which will always be linked to an established cyber identity. This link will be protected by law, like the sanctity of our homes, its integrity subject only to court orders.
Leaving the cyber-identity issue unsolved will undermine any efforts to win the cyberwar. Allowing victims of identity theft to be re-victimized time and again will undermine any sense of government protection claimed by the citizenry. We have built the amazing cyber reality that transforms our lives, but it requires creative governance ideas like the ones that prevailed in this country in the late 18th century. It’s time for a “Cyber Constitution,” beginning with these words: “We the People of the United States, in Order to form a more perfect Cyber Space...”
—Gideon Samid • Gideon@BitMint.com
SPECIAL FEATURERead Digital Transactions Online