And another thing 57
by Jon Honeyball
Jon Honeyball challenges the powers that be to tackle issues around trust.
HardCopy Issue: 57 | Published: September 1, 2012
I confess I am becoming increasingly uncomfortable with the relationship between the user (that’s you and me) and big business (that’s Microsoft, Facebook, Twitter and Google, amongst others). And I can see a train crash in our future which will be ugly beyond belief. Fortunately, much could be done today to alleviate the problem, but so far I see little interest in doing so. Let me describe the nature of the problem – actually, there are two problems, quite distinct from each other, but I’ll take them one at a time. Firstly, there is the problem of authentication. Things here are just not getting better. We still live in a world where anyone can pretend to be most anyone, from anywhere. We suffer under a landslide of spam, malware and untrusted code. When I receive an email from you, how do I know it’s you? Who can I ask? Let’s just consider the fake SMTP headers before we even get onto the issue of whether it’s really you who set up that email account on that service in the first place.
And just how many John Smiths are there out there anyway? How can I tell you are the John Smith I know and not some other John Smith? Or Johns Smiths? There is one fairly straightforward answer — in order to authenticate someone, we need to have something which is trusted from them. This might be a digital public/private key pair. It might be a trusted token from a trusted vendor or site. I might want to trust someone at Twitter if they have been vetted, but how do I know this in the stream of stuff I receive every day? I could lock down users by their IP address, but what happens if they log in from home, or a friend’s computer? Or an Internet cafe? You might wonder why services like Facebook don’t offer to authenticate people. Well, the answer is simple — it costs money to do this, and Facebook undoubtedly takes the view that it doesn’t care if you are really Mary Contrary or your name is actually Fred Bloggs. Of course, it might do something about it if Fred Bloggs is found to be stalking nine year old girls in the guise of Mary Contrary. But otherwise, it doesn’t give a damn. Why should it? You agree to the terms and conditions, and if you are a deliberate liar, how is Facebook going to police this? Readers with long memories will recall that Microsoft once offered to “authenticate the Internet” using its Passport service. Like most Microsoft initiates, it was naïve, not thought through properly, and before its time. Strangely enough, the world decided it didn’t trust a singular authenticator in the shape of Microsoft which, at the time (if memory serves me well) was undergoing a rather extensive Department of Justice investigation. What we need is a new independent authenticator. One which I can decide to add a number of authenticators to, to create a new composite authenticator. In fact, let’s have a number of these, so I can decide which one to subscribe to. Let’s take the idea a bit further. Let’s say there was an authenticator company, rather like OpenDNS for DNS services, which allowed me to decide which authenticator services I want to ‘plug in’ to, creating a level of trustworthiness which can be transmitted to a destination when queried. For example I might send an email to you, you check my credentials with my authenticator, and they say “this is Jon to a probability of 81 per cent.” If I plugged in a few un-trusted sources, my percentage figure might be low – plug in Facebook, Hotmail and RussianBabes.com, and it might be in the low teens. Have Barclays authenticate me, and Amex, and my eBay account, and let’s throw in Amazon too, and my authentication percentage might be in the 90s. You could then decide how much trust you wanted to put in place depending on the type of transaction. Receiving an email might only require 20 per cent. Doing a payment transaction on eBay might require 75 per cent. There are plenty of places out there which hold a reasonable amount of information about me, but probably not a truly trustable amount. I buy from Amazon, for example, so they have a credit card, a billing address and a delivery address. I bank with Barclays, so they have a pretty strong idea of who I am (or at least I hope they do). And so forth. The problem here is that each of these companies are sitting on their own little islands of our data and won’t talk to one another, even if I want them to. They will scream and shout and say it’s insecure and resort to Data Protection Act issues. Despite the fact it’s my data about me. We really need someone to step up to the mark and pull everyone together and give them an ultimatum. Make this work, or someone big, like Visa or Apple, will start to offer this service globally. When that happens, and if there is enough take up, then the others would have to fall into line. Maybe it is time for Microsoft to recognise that its earlier effort and good intentions with Passport needs reviving. Maybe Mr Gates could do something through his foundation. It certainly needs to be non-profit making and independent of any of the data holders. And preferably working in a way such that I can decide who I will use. A quasi-DNS structure would be ideal for this. How about a new T record for ‘trust’?
Step up to the plate
Once we have the trust issue licked, it’s time for an even bigger problem. If I have a Google account, I might end up pouring a huge amount of my digital life into that account. They might delete my account for whatever reason, and my ‘digital life’ disappears at the click of a button. This has happened with Twitter accounts, Microsoft accounts and Google accounts, and it is time that something far more robust is put in place. I accept that no service provider wants to increase its costs, but the service providers must also accept that they are gathering a huge amount of ‘stuff’ about us into their services. It is simply not acceptable for this to be deleted by the click of a mouse. We need an external arbitration service for these sorts of account disputes. Somewhere where the user can go to make a case, even if it is to demand the right to download and remove their stuff from a service before the account is closed. There has to be a 30-day window in which this can be done, and where the arbitrators can compel the service provider to handle the matter in a responsible way, even to the extent of forcing the account open again. An ‘infringing’ account could be checked for content – do those pictures of a cute four-year old girl represent something deeply unpleasant, or are they honest and decent shots of the account holder’s daughter? We cannot be in a position whereby a genuine error, or misapplied misunderstanding of a badly worded ‘acceptable use policy’, results in loss of user data. Irrespective of the cost/benefit analysis to each of these large data islands, there must be a clearer, simpler and more open and transparent way in which account use disputes are handled. Again, it can fold into the trust model. If you are person with a low trust rating, then maybe a more decisive response can be applied by the data holder. If you are a 90 per cent trust level holder, then it is agreed that there is an arbitration process in place. I’m not suggesting this as the only solution, but if we are to continue to pour information into these services, then at some point they will have to be accountable for their handling of that data, and to have a proper process in place to deal with disputes. Best if this is done now, on a pan-industry non-profit basis with a set of clear rules that all the suppliers sign up to, and which then offers us, the customers, a model for the future. Now who is going to step up to the plate on this one? Microsoft? Apple? Facebook?