Wednesday 31 December 2014

Big Brother's Protection

We all know that only bad people need to fear the “Big Brother” state described so vividly in George Orwell's ‘1984’; if we don’t do anything wrong then what's wrong with the Government knowing about it?  And while we offer resigned acceptance that the Government knows everything about us and how we live our lives, even as good people who live our lives as saints, we wouldn't choose to have Big Brother watching over us.

The truth is though, that even 30 years after Orwell's vision of the world, Governments don't know everything about us; bad people do bad things every day without being caught – even those who the Government know are bad aren't always monitored sufficiently to prevent them from committing the most horrendous of acts.  So if the bad people can hide under the radar then why should the good people stand up and wave?  Privacy to conduct your legitimate, legal, saintly business is a basic human right.

We go around believing that Big Brother is watching us, are outraged when bad people do bad things without being seen and demand privacy because we're good.  So how do we create an Identity Infrastructure that supports this dichotomy?

Taking our identity as our name, address and date of birth, – a combination of details that makes us unique in the world – when we want to watch a movie the only thing that the cinema attendant needs to know about our identity is whether we are above the age restriction; a binary yes or no answer based on our date of birth.  So for a binary decision the Identity Infrastructure shouldn't need to share all our details.  Though there is also need to establish Entitlement; and while Identity and Privacy can co-exist quite easily, by adding Entitlement we muddy the waters.

At the cinema, our entitlement to watch the movie is met by having a valid ticket and receiving the binary yes from our identity regarding our age.  The ticket provides the unique attribute that allows the cinema to grant us access to their service so we don’t need to provide the unique attributes of our identity.  The cinema attendant doesn't care if we’re John Doe or Fred Bloggs or if we live at an address in the same town or not.

Governments don't sell tickets, so they need another unique attribute to establish entitlement.  To be able to access local services they can ask the same binary style questions of your identity – is your address within this area?  This is fine for a service you’re entitled to access as many times as you like, though for singular services – voting, social payments, etc. – they need to also establish uniqueness.  The common way of doing this is for them to hold your name, address and date of birth in their systems and run a matching service against the Identity Infrastructure.  Entitlement has just ripped a hole straight through your Privacy principles.

In India, their Identity Infrastructure is underpinned by the world's largest biometric database, with the aim that the entire 1 billion population will be issued with a random unique number; the ultimate Big Brother solution, or perhaps more appropriately “The Prisoner” solution.  By having such a solution though they can balance Identity, Entitlement and Privacy.  Being allocated a number could enable our ambition of being a free man.

If at the top of the Identity Infrastructure sits a single “Big Brother” database with a unique record for all citizens, supported by a layer of commercial sector Identity Providers providing a facility in which citizens establish and record their Legal Identity and associated attributes, this would enable any number of pseudonymous asserted identities that we’re free to transact our lives in effective privacy.



In this environment we can operate with relative anonymity any number of different transactions backed by a Trust Chain that only needs to be concerned with bad people; leaving the good people to go about their lives as they wish.

In 2084, Big Brother is the trusted single version of identity yet knows nothing of our Legal Identity, the movies we've been to see, the way we vote, the money we receive from the state, where we work or the blogs we post on the internet.  We may establish our Legal Identity with any number of approved Identity Providers and we may publish as many pseudonyms as we like; while ever we remain good people doing legitimate and legal things we can chose what attributes we share with service providers; service providers can happily ask binary questions about us and trust the assertion that they receive.

And when good people turn bad?  Their assigned unique randomly allocated number - the thread that underpins their identity, establishes their entitlement and protects their privacy – enables Big Brother to lay bare their every movement, every interaction that they've made – within a legal framework of course.

The Orwellian vision of Big Brother becomes like a real life big brother – one who will protect us, help us and look after us – but who is prone to snitch on us when we do something bad.


Read my other posts
Just in Case - From early adoption to maturity
I have control - Can we truly own our identity
Tipping the balance - Getting the right balance between security and user experience
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Unblocking Digital Identity - Identity on the Blockchain as the next big thing
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Defining the Business Analyst - Better job descriptions for Business Analysis
Unexpected Customer Behaviour -  The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business 
In pursuit of mediocrity - Why performance management systems drive mediocrity

About me

Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture.  Bryn has near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.

Follow Bryn on Twitter: @No1_BA


Connect with Bryn on Linked In: Bryn Robinson-Morgan