Privacy, Government, Surveillance, and You.

The other problem with government-issued identities, as I noted to start, is either a lack of interoperability or requiring people outside of one country to be under the purview of wherever this ecosystem winds up. South Korea is actually an excellent example of this, as IIRC it's nigh impossible for non-citizens (or is it residents? I don't remember exactly) to do anything on Korean sites.

When insulated behind a language barrier this is far less obvious but consider international sites like this one. If it was a central government repository, either you're now either locked into e.g. the USA only or having to handle a different sign-in method per country. On top of that complexity, this makes it extra trivial for a government to block website access without even needing to go full China; it just needs to refuse authentication.

I'd assume this system would be international and multi-lingual; it would make no sense otherwise. @Ramidel, it could be commercial if all of the various existing systems coalesce around a single one. To prevent that company from wielding monopoly power we could force it to divest and just be an information broker while supporting it with fees from businesses and governments that use it.

The economics could be figured out. We can also use it as a bed for security R&D.

I envision the whole thing as "opt-in": people and organizations could choose to use their old systems or this new one, but those legacy systems would have to deal with the same privacy rules and it would just be too much hassle for most people. Consider credit cards. I remember in my youth when businesses refused to take them. Nowadays even individually-owned businesses have card readers. They're ubiquitous despite their annoyances because of the convenience to customers.

Obviously there would be some cases where nations refuse to participate, but we aren't trying to solve every geopolitical problem. North Korea will be North Korea. China might be able to block people from the Internet, but only in China. Shouting down every idea because "what about North Korea" is bad-faith argumentation.

Obviously there would be "have-nots" even in developed countries, but those exist already and it's irrational to hold back progress until the world is perfect. That's more whataboutism.

Edited by Fighteer on Mar 24th 2021 at 7:42:31 AM

Concerns about codifying the internet around a system that facilitates easy restriction of individuals or the entire public are entirely valid. Totally counteracting everything that anonymity tools do to allow free-speech advocates, journalists, and political opposition access to the internet and wider world is a valid concern.

Well, I do not believe that anonymity is a public right. You may call me privileged to believe so, and you may be correct, but since criminals and terrorists use the same shield, we are faced with a binary choice: allow the internet to be the Wild West with scammers and spammers and hackers running wild while honest people play defense, or sacrifice potential anonymity for people in social justice movements.

Anyway, I thought I'd made it clear that the point of this system is to guarantee maximum privacy. Even a government wouldn't be able to trace your identity to activity on, say, a forum, without a warrant, and if this system is international it won't be subject to the whim of any one nation. You aren't going to stop China from being China, but that's not the point anyway.

If China wants to block me from accessing anything in the country because I've said mean things about it, good riddance. I didn't need it anyway.

Frankly, I think there should be some kind of social punishment for misbehavior online. If someone wants to spout Nazi slogans on social media, I would like to be able to summarily ban them from all social media rather than let them hop around from site to site. It should affect their ability to get a job or run for office.

Edited by Fighteer on Mar 24th 2021 at 8:02:03 AM

I think one question is what we are doing this system for.

If it's to prevent Sock Puppetry on websites, for example, then all it needs to know is the Real Life identity. It doesn't need to know about where you live, how old you are or where you were born, your real name can be hidden behind a hash but it would still function to allow websites to enforce bans.

Yeah, it's becoming increasingly clear that the internet as Digital Wild West is increasingly untenable. 20 years ago you could still argue that all this anonymity and freedom was chiefly a Good Thing, but that time seems to have passed.

That's one use yes, but not the primary one. There are several purposes:

• It would allow each individual to maintain their personal data in a single location. Right now if I move I have to notify fifty thousand different businesses (not exactly, but it feels like it) of my change of address. It'd be much more convenient for that to go into a central system that those businesses can retrieve it from on a transactional basis. Further, it would all but eliminate errors. How many times have you found that a business misspelled your name in their records?
• It would remove the burden from businesses of storing and protecting most personal information, since they would only retrieve the minimum needed to conduct a transaction and then discard it.
• Individuals could track all their online activity: each commercial transaction, each login, each subscription or membership in a single place as well. Unsubscribing would be as simple as pushing a button and the sites wouldn't be able to keep lists against your will because they can't communicate with you at all without a valid token.
• If someone tried to access your personal information without your consent, you would be notified of it.
• You would not be able to pretend to be someone else. No impersonation, no scams based on identity fraud. First, you could turn off cold-calling entirely if you wanted, but more importantly that Indian scam group wouldn't be able to hide their identity from you when they contact you.

There's much, much more.

As far as anonymity, consider how much easier it would be to be a social activist online if everyone trying to harass you was publicly identified, shamed, and/or banned. You wouldn't need to hide your identity, but it would also be much harder to dox you because your PI would be protected in a single place. There wouldn't be any records to sort through to find your phone number, address, etc.

^note Phone numbers would mostly disappear too, since you'd call someone via a transaction token after they gave permission for you to reach them. If that token is revoked, there would be no way to contact them at all other than requesting a new one.

Edited by Fighteer on Mar 24th 2021 at 8:14:50 AM

Could a decentralized approach work, where for instance your OS provides this information, and the information is only stored locally? This would of course mean strict regulations for Microsoft, Apple, etc.

Edited by Redmess on Mar 24th 2021 at 1:13:34 PM

Maybe, but then each person would have to have a device storing their personal information, and that could be lost or stolen. Keeping it online removes a substantial element of personal risk. You would need a personal authentication key, though. Not a password, since those can be lost or stolen, but an unforgeable identity token.

This is the tricky part: getting every person such a token. We all have smartphones, so maybe that's the link, but there are problems with most forms of two-factor authentication. I haven't solved that one in my mind yet. Some kind of physical proof of identity would be necessary.

Edited by Fighteer on Mar 24th 2021 at 8:18:25 AM

True, but it would make it impossible to have a mass breach of data, because a thief could not just hack one database.

Yeah, but what would the thief do with that information? They can't pretend to be someone else even if they had access to that person's PI, since they'd lack the necessary identity token. They can't roll their own information brokerage. They can't access bank accounts. They can't call up a financial institution and pretend to be a customer because the system would identify them immediately as someone else.

I maintain that a singular data broker could invest in security to the point of making it virtually impossible to defeat: certainly it would be far more effective than a decentralized, "every database for itself" approach. When was the last time you heard about Microsoft suffering a data breach despite it being one of the world's largest data brokers? (I don't mean third-party systems running Microsoft software; I mean Microsoft itself.)

Edited by Fighteer on Mar 24th 2021 at 8:22:43 AM

January last year is the first one that comes up. This is ignoring the January this year one where they apparently managed to have security problems in Exchange, which means most of the enterprise services they provide.

Edited by RainehDaze on Mar 24th 2021 at 12:29:24 PM

Good point, but that was in a peripheral service, not a central repository. Those Exchange issues are not in Microsoft itself but in their customers, based on unpatched systems. Edit: Zero-day exploits aren't going to stop being a thing, unfortunately. I don't have a perfect answer to that one.

Anyway, in the system I have in mind, having your "phone number" or "email address" exposed won't be meaningful since those won't exist as discrete concepts. If you, in this system, want to call me or email me, you would also need a contact token that is unique to your relationship with me.

If a data breach were to expose a bunch of such tokens, they'd be useless to a third party because they wouldn't be able to use the tokens to contact me or even identify me if they aren't one of the parties involved in the conversation.

To put it another way, rather than your email address being a single identifier that anyone can use without your knowledge or permission, you would effectively be assigned a unique email address every time someone wanted to have a conversation with you and you could terminate it at any time. All that a third party would see in such a situation is an alphanumeric code that would be useless to them.

Obviously, some types of transactions wouldn't be terminatable at will: these might include debts, bank accounts, payment agreements, contracts, and the like. You can't welch on a contractual obligation by blocking the other party; you'd need to go through some form of arbitration or legal process.

Edited by Fighteer on Mar 24th 2021 at 8:45:42 AM

Your ability to expand every idea into an ever-more dystopian version in the name of convenience amazes me. The only way to contact anyone being through some monolithic supra-national organisation† that would probably still wind up under US jurisdiction regardless, and with no anonymity or ability to make any sort of fresh start as you will forever be stalked by your first online presence being recorded centrally. And everyone in any authoritarian leaning regime is even more screwed due to having now established a one-to-one correspondence between real life and online activity. But you'd be able to avoid spammers, so that's all worth it.

† And in the process having accidentally invalidated most forms of password recovery if you do forget.

Well, we might just do away with passwords entirely if your presence can be tied to something innate about you, like how I can log into my phone with FaceID. That's still an open subject of research.

But yeah, I would like someone's history to matter. If you can "reinvent yourself" with a new online identity, so can anyone, and that includes the people who are trying to harm you for who you are.

Online crime costs trillions of dollars and diminishes trust in technology. Investment in information storage and security is also a trillion dollar industry.

Edited by Fighteer on Mar 24th 2021 at 9:16:05 AM

Passwords are probably so tied into society and date back to the Roman era when people went into temples etc. but would we want to get rid of them?

My SQL and its forks are probably going to be used for years to come, even with SQ Lite and other means of storing passwords, and let's not forget... for those of us (like myself) who've used things like cPanel etc... you need passwords etc. (I used to in the 2010s check out free hosting forums).

A centralized repository, discussed on Page 176, has as much downsides as up; people need anonymity in certain cases; researchers, domestic violence victims, LGBT (as mentioned), obviously espionage.

I doubt your local Ford dealer franchise - as an example - would be harvesting information for sale to data brokers, as it'd be a mom-and-pop business, not company-run (well... technically, not quite, but not a national one... for example, Mullinax Ford is only in three states, but not a national dealer chain).

Edited by Merseyuser1 on Mar 24th 2021 at 10:40:33 AM

There is a way to do this using a de-centralized system based on blockchain technology. This is already being proposed by privacy advocates who want to prevent DOS attacks without compromising anyone's identity. However, it's open to many of the same criticisms of other uses of blockchain technology (ie, bitcoin): the immense amount of computing power this would require (and therefore the carbon footprint), it's not foolproof, web-based businesses can't be forced to accept it, etc. But it's possible.

I'm not opposed to Fighteer's scheme, although I don't see it as being practical at this time. The next best solution are laws that protect privacy and regulate the collection and sharing of private online data. The single most effective move would make data collection opt-in rather than opt-out as it is now—unless you specifically agree with the EULA, they can't keep your data. That, I think, would almost immediately result in users being offered financial renumeration for the collection of their data, which seems fair to me since they only collect it to make money in the first place. This would also have the benefit of increasing public interest in the subject, since people will need to know how their data is being shared and with whom to know if they are getting a fair price for it. Better public education on the topic can only be a good thing, but sometimes you have to create an incentive.

Government data collection is already subject to strict regulation (it's the reason why the CIA and the FBI couldn't share suspect data before 9/11 except on a case by case basis, and still can't), but of course we can always make that regulation even stricter. I'm against warrentless surveillance on principle, yet no presidential candidate has proposed such a policy AFAIK, which is exceptionally disappointing.

None of this would prevent, say, doxing people, because that's based on users not taking steps to protect their own privacy while online. Even Fighteer's plan wouldn't necessarily solve that problem, because people do stupid things like post their picture in front of their house while doing something scandalous. The best we can do to protect people from themselves is mandatory user training in public schools (why teenagers aren't taught how to protect themselves, in detail, is beyond me), and maybe a law saying that people can have their personal data erased from public servers on demand (doesn't the EU have a version of that law?). This would also help with the problem of employers monitoring their employees social media accounts.

So, it's a complex question, but one that has answers. The solution to this, as with many things, is better laws.

Edited by DeMarquis on Mar 24th 2021 at 8:18:39 AM

why teenagers aren't taught how to protect themselves, in detail, is beyond me

Frankly, my suspicion is that many adults don't know it themselves. Hard to properly gauge and handle a risk if you don't understand it yourself.

The problem with anything that requires agreeing with an EULA is that nobody reads them and even if anyone did, there's almost no chance of understanding them. IIRC, they're so impossible to understand—and often thrust upon people after they're already committed—that they're actually impossible to enforce.

So, anything like an EULA is probably not desirable.

Schools hire experts to teach subjects for them—few adults really remember Algebra, but we manage to get it taught anyway. Every school should have at least one IT guy maintaining the computers. No excuse, really.

Maybe instead of the EULA, a separate "User Data Agreement"? I don't really care what form it takes as long as it ends up being opt-in.

It would be easier if there were a single system providing personal identity data services. Then you would have one EULA that applies to all of your data everywhere and it would be much easier to teach that in schools.

I've read EULAs in their entirety before. Doing so doesn't really help. What are you going to do, not agree? Sure, I'll just return that iPhone I bought because I don't like the agreement. What, Android phones all have similar agreements? I guess I'll just do without a phone then, a vital tool in modern society.

Shrink-wrap contracts are predicated on there being equal power between the parties and that just isn't true. I can't negotiate on the terms or start my own phone manufacturing company, can I? This is an ideal place for governments to step in to standardize such agreements. It seems to work for things like real estate, where states mandate the conditions of sale and leasing contracts.

Edited by Fighteer on Mar 25th 2021 at 2:18:26 PM

Shrink-wrap contracts also regularly run into the problem where you're only presented with the terms after making a purchase, which violates basic contract law and keeps getting them thrown out.

I’m now reminded of the time I bothered to read the IOS EULA, turns out you can’t use IOS to run a nuclear reactor, or as a navigation system.

And yet security researchers around the globe tell us that passwords are really poor security features and cause enormous amounts of trouble. Think of the productivity lost to forgotten or stolen passwords.

As far as people who are being stalked or harassed or whatever, the "permanent identity" thing would allow individuals or companies to be blocked, whether by you or as part of a court order, from accessing any information about you. For example, you could completely prevent a harasser from ever contacting you or even viewing your online presence ever again. You couldn't stop them from knowing your physical address if they've been there before, but if you move, they would be unable to find you.

If you are a member of a minority, you could protect that part of your identity at a global level, choosing whom to allow to know that you are LGBTQ+ or of Asian descent or whatever.

It would make protecting oneself vastly easier.

Edited by Fighteer on Mar 25th 2021 at 2:42:01 PM

"It would make protecting oneself vastly easier."

It might, if there were a practical way to implement it, which unfortunately I don't think there is. Meanwhile, I stand by my program of legal reform.