Digital Identity Forum Blog - Details

Is there a way forward? Remember the"little sister"concept that I keep going on about. The difference between a big brother and a little sister is that a big brother stops you from doing things whereas a little sister doesn't. But if you do something wrong, little sister will tell on you.

If it is technically possible to find out who has done what - when a crime has been committed, for example - but economically prohibitive (because of cryptography) to monitor people continuously on a large scale, then a reasonable privacy settlement can be achieved. Lots of little sisters might be better than one Big Brother.

[FromDave Birch: Second sight | Technology | The Guardian]

Want we want, generally speaking, is a system that provides for individual privacy unless and until the user does something wrong. At this point, we want the system to rat them out at the earliest opportunity and deliver the audit trail needed to prove that they were misbehaving. This suggests to me that we want the connection layer to be pseudonymous, not anonymous. This means that your ISP should be providing your"real"IP address, but a pseudo address that only it can map to a real IP address. By selecting these at random, the ISP can prevent unscrupulous companies from tracking you around the web. If you do something you shouldn't, the police can then apply for a warrant and have the ISP give up your"real"IP address (which is of no interest or consequence) and your identity (which is, presumably, what the police are after).

Applying this same reasoning to mobile suggests that operators adopt the"iMode model", whereby the operator delivers a unique identifier to service providers that only the operator can map to your real mobile phone number.

Is there a way forward? Remember the"little sister"concept that I keep going on about. The difference between a big brother and a little sister is that a big brother stops you from doing things whereas a little sister doesn't. But if you do something wrong, little sister will tell on you.

If it is technically possible to find out who has done what - when a crime has been committed, for example - but economically prohibitive (because of cryptography) to monitor people continuously on a large scale, then a reasonable privacy settlement can be achieved. Lots of little sisters might be better than one Big Brother.

[FromDave Birch: Second sight | Technology | The Guardian]

Want we want, generally speaking, is a system that provides for individual privacy unless and until the user does something wrong. At this point, we want the system to rat them out at the earliest opportunity and deliver the audit trail needed to prove that they were misbehaving. This suggests to me that we want the connection layer to be pseudonymous, not anonymous. This means that your ISP should be providing your"real"IP address, but a pseudo address that only it can map to a real IP address. By selecting these at random, the ISP can prevent unscrupulous companies from tracking you around the web. If you do something you shouldn't, the police can then apply for a warrant and have the ISP give up your"real"IP address (which is of no interest or consequence) and your identity (which is, presumably, what the police are after).

Applying this same reasoning to mobile suggests that operators adopt the"iMode model", whereby the operator delivers a unique identifier to service providers that only the operator can map to your real mobile phone number.