My presentation to the Technology in Government Conference, Canberra, August 8, 2018.
The metaphor of data as crude oil runs deep. It goes to the importance of data as a raw material, its profit potential, and its innate riskiness. The comparison also suggests that data can be organised into supply chains, as it moves through the data economy, being processed, refined and value-added along the way. This presentation aims to broadly scope out what sort of critical infrastructure is needed to protect the supply of data. We draw on lessons from the field of Identity Management where the provenance of identity attributes is a hot topic.
We’ve been obsessed with identity ever since the “Internet dog” appeared in The New Yorker in 1993. “Identity” and “trust” frameworks are put together as though identification is the only way we have to manage risk. The higher the risk of the transaction, the greater the emphasis on the identity of the parties. It’s a terrible habit. Every time there is an identity-related breach, our response is to pile on more identity, which creates more honeypots for identity thieves. It’s like the Marx Brothers movie where Groucho desperately calls room service for “more room”.
We need to move on from the Internet dog, and respond more carefully to cyber fraud.
The Identity Management (IdM) industry in recent years has gradually shifted focus from who you are to what you are. Concrete attributes (such as account numbers, credentials, memberships, licenses and so on) are more important in most transactions than personal identity. Concurrently, one of the hottest topics in IdM is provenance: where does an attribute of interest come from, and how do we know it’s true?
One of the hottest issues in IdM is provenance. With so much stolen data gushing around, how do we know what’s real?
Identity theft online is just like magnetic stripe skimming: both exploit the fact that it’s hard to tell copied data from the “original”. But we solved the problem of plastic card provenance; we now treat credit card numbers with care by presenting them to merchant terminals from chip cards (or chipped phones). Under the covers, transactions are digitally signed by keys unique to the cardholder’s chip and bound to the card details so they cannot be tampered with or cloned.
We should extend the technique to do the same thing with all personal data. It’s one of the things FIDO does well, with Attestation Certificates, and the Metadata Service.
By inoculating data against abuse, we could stem ID theft without changing the way businesses use data.
- We can extend the concept of provenance from identity data to all data. Across the digital economy, the quality of data is of paramount importance:
- What do you need to know?
- Where will you get the data?
- How do you know it’s true?
Look at the recent breach where Australian Medicare data was for sale on the Dark Web. The scale of the breach appeared small, with less than 100 cardholders affected, and the source was evidently a corrupt insider, not external hackers. But the systemic vulnerability should not be underestimated. Medicare numbers as they currently stand can be abused to impersonate a healthcare recipient. These data could be protected against abuse if we handled them in chip cards (or smartphones) just as we do now with payment card numbers.
Let’s now take the major digital identity trends of attributes and provenance, and consider the importance of data in the digital economy. If there is any truth at all in the crude oil metaphor, it points to the need for orderly data supply chains.
If we generalise from identity to data, then we see there are in fact no special “identity providers” (note that practical experience of big public-private identity frameworks where commercial IdPs have failed to materialise). Instead we can recognise an emerging ecosystem of data controllers, attribute providers, information brokers and value-adding data processors, all meeting the needs of “relying parties” or data consumers.
What’s to be done to protect these new data supply chains? We can draw on the experience of the payment card industry, which has moved away from the laissez faire handling of raw card numbers. Precious account data is now handled automatically in chip cards, encrypted, and/or “tokenised” to protect it in the event of breaches or theft. Similar techniques could be deployed to protect all data flows. We could avoid the spectre of single or centralised identity schemes, and yet leverage uniform tools and user experiences of personal data exchange.