When I think about emerging internet trends, I think that as a society we are beginning to see changes that can improve how we manage our identities online. In large part, these changes are necessary because to reduce online crime, we must significantly improve how we authenticate ourselves on various computer systems.
The range of criminal activity that the internet supports is broad, including consumer threats (such as compromised computers being used for unauthorized activities, identity theft, financial fraud and child endangerment), enterprise threats (such as the theft of financial information, loss of personally identifiable information, economic espionage and extortion via threats of denial-of-service attacks), and threats to government. These crimes are pervasive in part because the internet has four attributes that make it attractive to criminals: global connectivity, anonymity, a lack of traceability and valuable targets. Those who commit crimes on the internet have little concern about being identified and captured, and therefore there is little to deter them. I believe it's possible to create online identity systems that can help combat these underlying problems while protecting privacy.
Microsoft's End to End Trust vision, which I spoke about during my keynote at this year's RSA Conference, looks to help solve some of the underlying issues with the current system by creating a framework for a claim-based identity metasystem. The basic concept is to apply solutions from the physical world to identity problems on the internet.
Today, in most situations people authenticate themselves by going to a website and entering “secret” data (such as a birth date or mother's maiden name). The website then verifies this data with a third party and identity is established. The problem with this approach is that this “secret” data is not secret at all. Secrets can be relatively easy to obtain through interception, deception or theft by cybercriminals through social engineering and other malicious activity. By reducing the use of shared secrets, cybercriminals would no longer have access to the key pieces of information they need to consummate a fraudulent transaction.
The identity claims we typically use in sensitive situations in the offline world are verfified by credentials, such as a passport, driver's license or government IDs issued after in-person proofing. For example, hospitals issue birth certificates based on eyewitness evidence that a newborn just entered the world. Later, when we're older, we might use that birth certificate to get a driver's license or passport from a government agency, although again we must be physically present (at least for the first issuance). We might then take these documents to a bank to open an account or to an airline counter to check in for a flight.
Likewise, the issuing of digital identities will be most reliable if they are rooted in this type of in-person proofing. The idea is to issue digital versions of the physical world identity documents that can then be used to establish identity online, doing away with the need for shared secrets. For example, a public institution – such as a post office, which proofs identities for passports – could issue a digital version of the document. These digital versions could take many formats, such as a smart card, USB dongle, or credential on a smart phone.
With these tools in place, people can assert identity or, even better, identity attributes (such as age or residency), enabling other people and organizations to more safely trust that information. The more secure the transaction, the more important it is that claims be rooted in in-person proofed identity. This is especially true in areas such as e-commerce, online banking and online government services.
Not surprisingly, mentioning the words “identity” and “the internet” in the same sentence gives many people pause, in large part because the internet has so transformed the areas of free speech and communication — areas where anonymity plays an important part in ensuring the free flow of ideas. Nothing in this identity metasystem is meant to suggest that anonymity on the internet be abolished. To the contrary, anonymity should be preserved and enhanced through both technology and social policy. More important, in the right situations, people should be able to choose whether they want to be anonymous or identified (in whole or in part), and for what purpose.
This system has the added privacy benefit of allowing people to choose what identity claims to pass along in a given situation, as well as the ability to share the minimum amount of information needed to complete a transaction. For example, if one wants to visit sites with content not appropriate for children, individuals should be able to prove age without necessarily providing other information about identity.
If we want the internet to reach its full potential, we need a safer, more trusted online environment. To achieve this, we at Microsoft Corp. have proposed a vision outlining the reasons for End to End Trust. However, creating a safer, more trusted internet will require more than just the participation of Microsoft and the technology industry. For this to happen, the industry must not only innovate, but also work with customers, partners, governments and security and privacy experts worldwide to help take trustworthy computing to the internet.
