Snippings

xxx

On 26 October, someone stored a link to the video in a transaction of the cryptocurrency ZCoin. Cryptocurrencies use blockchain technology, which is essentially an online system of recording transactions simultaneously on multiple computers using what’s called “blocks”. Because it’s recoded in many places, it can never be entirely removed – even by the person who initiated the transaction. Through block number 111089, the Thai rap video is now visible to anyone, anywhere.

Marc Rocas, a board member of the non-profit association Blockchain Catalunya, said that information in the blockchain cannot be deleted while the network is running: “In order to shut down a blockchain network, you have to shut down all the devices, all the servers, all the computers that are running this blockchain.”

Block number 111089 carries only a link to the video, which is actually stored on the InterPlanetary File System (IPFS). IPFS acts as a type of alternate internet where content is not centrally stored, just as blockchain is stored on many computers. This means that, in order to fully remove the video, authorities would need to shut down all servers containing the blockchain as well as all servers containing the IPFS.

From How blockchain could undermine censorship – forever.

xxx

xxx

Similar to how Go shoppers can’t get beyond the lobby without an app and an Amazon account, cashless stores, Torres says, create public spaces that all but bar low-income people from entry.

From Why Cashless Stores Hurt Poor Shoppers – The Atlantic.

xxx

M-PESA, as a post on the Harvard Business School blog says, is “the protagonist in a tale of global prosperity to which we all can look for lessons on the impact of market-creating innovations”, going on to say that its “roots are far more humble”. They are indeed, and if you are interested in learning more about them, I wrote a detailed post about the origins of M-PESA (and Consult Hyperion’s role in the shaping of this amazing scheme) and the success factors. The most important of these was the role of regulator: the Central Bank of Kenya (CBK) didn’t ban it.

One of the reason for the slow take-up of mobile payments (and the related slow improvement in financial inclusion) in other countries was the regulators’ insistence that banks be involved in the development and delivery of mobile payment schemes. The results were predictable.

(Here’s a post from a few years ago looking the situation in India, for example).

xxx

The need for secure online identities will become more urgent as the world digitises further. Connected devices are steadily infiltrating homes.

From Establishing identity is a vital, risky and changing business – Making you you.

xxx

xxx

Halifax says: “The account to which she authorised the payment to be sent was opened using industry-wide acceptable documentation.

From Uncovered: cruel scam so slick even the vigilant can be duped | Money | The Guardian.

xxx

xxx

AAMVA Director of Identity Management Geoff Slagle said he does not believe there will be wide scale adoption of the digital licenses by either states or citizens anytime soon because:

·    No standards are currently in place for the actual DDL and how it will be used on the smartphone.

·    Equipment capability for law enforcement to use during traffic stops needs to be standardized.

·    Consumer apprehension over technology and privacy concerns will continue.

From Is a Digital Driver’s License in your Future?: NMA Weekly E-Newsletter #476 – National Motorists Association.

xxx

xxx

Ahead of the launch of its first self-lacing basketball shoes this week, Nike just posted a major tease to get people hyped. And while we can’t see what the sneakers actually look like, it does appear you’ll be able to adjust their power laces using your smartphone,

From Nike teases self-lacing shoes you can control from your phone.

xxx

XXX

What are we going to do about the continuous stream of data breaches, identity thefts, bot wars on social media and varied privacy catastrophes that characterise our days? I’ve already said many times that we need an identity infrastructure for the world in which we now live. We need an identity infrastructure that deals with the realities of the modern world, the world of the Nth industrial revolution (where N is 4, or 5, or something similar). But why should this infrastructure be a government priority? Well, it’s because of the nature of that environment. It’s not simply about making life easier when you log in to your bank or to do your taxes. Identity is far more important than that.

I see identity as vital national infrastructure, which is why I want the British government to do something about it. In recent times they have failed in both the physical nation (with the identity card system abandoned by the Conservative government in 2010 after £300m had been spent on it) and in the virtual national (with the gov.verify scheme). It is important that they do not walk away from their responsibility here, although it is just as important that they facilitate national identity infrastructure that is for the future, not the past.

The need is urgent. The UK has no tradition of identity cards or national identification systems, or anything like it. To the British, national identification is “papers, please”: something associated with authoritarian tyrannies, France and wartime. Even in wartime, the idea of requiring people to hold some form of identification was regarded as so fundamentally incompatible with the customs and practices of Her Majesty’s subjects that the last British identity cards (from the first and second world wars, essentially) drew what Jon Agar calls parasitic vitality (a phrase that I love) from other systems such as conscription and food rationing. Identity cards were not an end in themselves, but a means to effect activities in support of a a war effort. Identity infrastructure was created as a form of mobilisation against the enemies of the Realm.

(This dislike of identification as a State function is hardly unique to the United Kingdom today. In America there are similarly strong opinions on the topic and the failure of the Australia card in 2007 stems, I think, from the same common law roots. These views of course stand in stark contrast to the views of almost all other nations of the world. The majority of all people on Earth have some form of state identification and would find it impossible to navigate daily life without it. That doesn’t make the need to be identified at all times either right or proper, as I will hope to demonstrate.)

If a national identification is only possible as part of a war effort…  well, we are in a war again and we need an identity infrastructure to support mobilisation in defence of ourselves and our communities. It’s just that this time we’re in a cyberwar and our identity infrastructure needs to support mobilisation across virtual and mundane realms. There was no specific date when this war broke out and there is no conceivable Armistice Day on which it will end. Rather, as Bruce Schneier puts it in his new book “Click here to kill everybody“, cyberwar is the new normal. Or to put it another way, World War 3.0 has already started, but a lot of people haven’t noticed because it’s in the matrix.

(This will, unfortunately, make the war movies of the future rather dull. No more “Dunkirk” or “Saving Private Ryan”, no more “The Dambusters” or “Enemy at Gate”. Instead movies will be about solitary individuals sitting in dimly-lit bedsits typing lines of Perl or Solidity while eating tuna out of a can.)

This isn’t because computers and communications technologies have only just reached the Armed Forces. Far from it: the very first computers were developed to compute ballistic trajectories and part of my young life was spent trying to work out how to use radio and satellite technologies to keep NATO computers connected after a nuclear first strike against its command and control infrastructure. But in those far-off days, the reason for knocking out the enemy’s IT infrastructure was so that you could then send in your tank columns or paratroopers. There were cyber aspects to war, but it wasn’t a cyberwar. Now it’s a cyberwar and in historian Niall Ferguson’s terms, it’s war between networks.

The British response to this new state of affairs has been comfortingly backward-looking. Back in 2013 there was a plan for the creation of a Digital Dad’s Army of well-meaning volunteers to stand on the cyber-beaches to repel invasion. I’m sure behind the scenes they have been working around the clock to defend our electricity grid and water supplies against foreign hackers but I do wonder if the insidious threat from the intersection of post-modernism and social media had as a high a priority? XXX Explicit XXX

(I should explain for foreign readers that “Dad’s Army” was a popular television comedy a good few years ago. It was based on the hilarious antics of a bungling unit of the “Home Guard”, which was the amateur domestic defence force created during the Second World War, or Great Patriotic War, whichever you prefer.)

Marshall McLuhan saw this coming, just as he saw everything else coming. Way back in 1970, when the same Cold War that I fought in was well under way, he observed that “World War III is a guerrilla information war with no division between military and civilian participation”. Indeed. And as we are beginning to understand, it is a war where quite often the control of the enemy’s assets is more important than their destruction. 

These enemies may not be foreign, but domestic. Smart cyberrebels will want to XXX take Facebook over, just as rebel forces set off to capture the radio and TV stations first: not to shut them down, but to control them. The lack of identity infrastructure makes this easy for them. While writing these words I read of (yet another) complaint about social media companies doing nothing to control co-ordinated bot attacks. But how are they supposed to know who is a bot and who isn’t? Whether a troll army is controlled by enemies of the state or commercial interests? If an account is really that of a first-hand witness to some event or a spy manufacturing an event that never happened?

Social media are creating entirely new opportunities for what The Economist referred to as “influence operations” (IO) and the manipulation of public opinion. We all understand why! In the future, “fake news” put together with the aid of artificial intelligence will be so realistic that even the best-resourced and most professional news organisation will be hard pressed to tell the difference between the real and the made-up sort.

The need to tell “us” from “them”, real from fake, insiders from outsiders, attackers from defenders is critical and the lack of an identity infrastructure as well as the creation of identity infrastructures that are too easy to subvert XXX manipulation XXX stronger and border XXX are both roads to chaos

Philip K. Dick

We need to create an effective infrastructure as a matter of urgency but it should not be framed in the context of a 20th-century bureaucracy responding to the urban anonymity of the industrial revolution by conceiving of people as index cards, but in a 21st-century context based on relationships where both security and privacy are strengthened, twin foundations for structures we need to protect and survive. 

If this all sounds over-dramatic: it isn’t. I think it is perfectly reasonable to interpret the current state of cyberspace in these terms because the foreseeable future is one of continuous cyberattack from both state and non-state actors and digital identity is a necessary building block of our  key defences.

 

We may or may not need a Space Force, but we most certainly need a Cyberspace Force.

xxx

Social media was actually developed for very positive reasons and we don’t want it to become a platform which certain people can’t go near because of some of the bile that is spat out with a cloak of anonymity.”

From Government considering creating an online safety commissioner, minister reveals.

xxx

 

 

Some time ago the UK Government’s new online age verification (AV) law was supposed to come into effect. The Department for Culture, Media and Sport (DCMS), the section of the British government “in charge” of the web decided to stop children from watching porn online (which I’m sure we would all agree with) by bringing in a new law. The excludes websites on which less than a third of content is pornographic material and where it is provided free of charge. So web sites that have more than one-third pornographic content (I know, I know, it depends on what you mean by one-third and it depends what you mean by pornographic and it won’t make the slightest difference, but whatever) will have to implement age verification. 

But how?

When this legislation was originally introduced, OFCOM put forward the idea of using credit cards or the electoral register, both of which are bad ideas and certain to lead to disaster. Hence I was surprised to see at the time, in the voice of middle England “The Daily Mail”, that one of the “suggested methods” to verify the age of viewers is to require browsers to input bank card details to all pornographic websites they visit.

Suggested by whom, I wondered? It could not be anyone who knows how anything actually works, which made me suspect it must have come from someone in government. A bit of ducking* and the BBC indeed confirmed that “ministers have suggested” the idiotic, backward-looking and life-threatening approach to the problem.

It was idiotic because making people provide personal details in order to access web sites could lead to their data being compromised and there is an extreme risk of privacy loss for any person using the service.

It was backward-looking because it bends a fifty year old technology to a purpose it was never designed for. Indeed, the idea that people have one identity is fundamentally outdated.

It was life-threatening because, as I have pointed out before, when the adult sites get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny.

The parasitic vitality that adult services offer to digital identity is too good to waste, but it looks as if the UK was going to waste it. What actually happened was that the government decided to abandon the plan completely rather than think through a better solution and the whole idea was kicked into the long grass, as we say in Merry England. This led some of the companies who had spent considerable amounts developing age verification services – AgeChecked, AVSecure, AVYourself and VeriMe – deciding to sue the government to force it to implement its own law to protect children online (and they won the first step in the High Court, as it happens).

The introduction of age verification for adult services should have been the perfect opportunity to create a national infrastructure for digital identity designed for the future rather than the past. In a sane world, the government, the banks, the mobile operators, the service providers and big retailers would be working together to develop a secure and privacy-enhancing platform based on cryptography and connectivity. Instead, Sky News reported at the time, “thanks to its ill-conceived porn block, the government has quietly blundered into the creation of a digital passport – then outsourced its development to private firms”.

I think we should stop being squeamish about discussing adult services and have a proper discussion about we (ie, society) can solve the problem of age verification online in a constructive way that will benefit the rest of society as well. I gave a speech at an event last year where I said that there were worse ideas than putting the porn industry in charge of the UK national digital industry infrastructure given the mess that the government has made of it.

This is not a crazy idea. Sam Lessin wrote about the site OnlyFans in The Information, observing that when it comes to the validation of social media accounts in the real world, OnlyFans creators are “some of the most trusted verified accounts on the internet” and some of them make pretty serious money (including at least one woman who earns more than a million dollars per annum). The Economist reckons it has 12m+ subscribers and has “disrupted existing adult publishing models”.

(OnlyFans is something like Patreon but for adult performers. Fans subscribe  in order to gain the ability to request performances, buy merchandise and generally interact with their favourite creators.)

The creators are required to provide their identity with bank details, an address and a driving license, all of which are verified. So why aren’t the fans verified in the same way? In fact, why aren’t all social media mavens verified the same way? Sam identifies three key barriers:

• The friction of going through the validation process for new accounts prevents people from signing up.
• It is expensive and time-consuming for services to validate identities.
• Requiring proof of real-world identity is quite exclusionary, as many people can’t easily make that proof.

The performers will overcome these barriers because they want to get paid, but no-one else will. This link between identity and payment is clear. Indeed, in my 2014 book “Identity is the New Money” I wrote up a case study on adult services where I discovered people using digital gift certificates to give two-way conditional anonymity to performers and customers and I am not the only person to have observed that

So. What should British government do? The banks, who would be the obvious service providers, do not want to offer “access to porn age verification as a service”, so we must go with the grain and capitalise on their know-your-customer imperatives in a more intelligent away. This is the time to make the bold step of forcing the banks to offer a cryptographically-blinded, tokenised authorisation platform using standard credentials (ie, W3c VC). 

 

*I use DuckDuckGo for searching.