Online authentication and identification is a hot topic. Just this week, Liberty Alliance released its first full set of specifications for its identification system. Its opposition, the Microsoft-controlled Passport services, has been around for well over a year, but has been growing exponentially if the publicity releases are to be believed.
Perhaps I`m a little paranoid, but centralising personal details in one database makes it a lot simpler to acquire the information.
Alastair Otter, journalist, ITWeb
As much as we are meant to feel more secure with these measures in place, in reality I feel more vulnerable than ever before. There are too many reasons for this to list in full, but here are a few that are top of mind.
Firstly, the idea that Microsoft is rapidly accumulating a database of Internet users` details is a concern. Who decides that a commercial corporation has any right to be the sole custodian of user information? I know users are "volunteering" their information, but it is purely because they have been duped into believing that it will offer them some sort of unprecedented ease of use. Which it may do, but at what cost?
Related to this is the idea that such a database becomes a natural target for just about every evil-minded script-kiddie and cracker in the world. Not to mention the attention among the organised crime world that it would draw. One flaw in the system and the entire edifice could come crumbling down, and your details could be floating free on the Internet and traded in chat rooms.
The usual argument thrown back in this instance is: "Who would want my details?" No one really knows and it is true that the odd piece of information is all but useless to a malicious mind. But your name, address, ID number and telephone number linked with details of your children`s school routine make for something that can be used with malicious intent (apart, of course, from all those pesky telesales people who will phone you at all hours). Perhaps I`m a little paranoid, but centralising personal details in one database makes it a lot simpler to acquire the information.
It is not just Microsoft`s project that is at fault. Take the Liberty Alliance`s argument that it is offering a system that will be able to tie together transactions with a single sign-on. So for example, you book a plane ticket, car-hire, hotel and restaurant for a business trip using a single sign-on. In theory, if you change your plans along the way all of the service providers in your "chain" will be informed and alter your reservations. Which appears great except that it also sounds like what is called a "single point of failure". Or in other words: compromise once and enjoy multiple benefits. A good example of the price one could pay for the sake of "convenience".
I suspect that eventually I am going to be forced into signing up for one or the other of these systems in the coming months, purely because one or other service provider will demand it before doing business with me. And at that point I will have to decide whether to opt in or to remain outside the fence. In the interests of controlling my own data, I may well choose the outcast route.
Share