Security, Democracy and Digital Identity
We are facing several grave threats, some real and imminent, some theoretical or imaginary. At the top of the imminent threats list is probably the climate change, which is also viewed as an existential risk.
We could be somewhat hopeful on this threat; thousands of professionals and politicians debating how to avert the catastrophe, millions of volunteers endeavoring to awaken the population about its gravity and billions of people already aware of this problem to some extent, say, things moving apparently in the correct direction if not as fast as it should, despite a pocket of infamously noisy opponents and sceptics
If not an existential threat like the global warming, the subject of this article, the absence of a valid digital identity platform, could be one of the most grave threats, since it could force our descendants to experience erosions of democracy and chaotic social life, if left unsolved,
A valid digital identity platform is indispensable for sustaining democratic societies and human rights in the cyber era, perhaps until our descendants get to live a safe and democratic life without depending on anything like digital identity. Its absence will certainly have a huge destructive impact,
On this front we are less optimistic; too few people are taking the correct course towards the correct objectives. Too many people, with professionals, researchers, politicians and journalists included, are badly distracted and straying off the course.
Our observation can be summarized as follows.
- Our descendants would be deprived of the necessary level of security where the digital identity platform were built without the secret credentials made from our memory, say, what we remember as the likes of passwords.
- Our descendants would experience erosions of the democracy our ancestors have won through heavy sacrifices where the secret credentials, for which our will/volition is indispensable, are removed from the digital identity platform.
Threat to Security
The biggest headache of the digital identity is ‘Password’, more accurately, ‘Text Password’, which is so hard to manage that some people are urging the removal of the ‘Password’ from digital identity altogether.
It is too narrow-sighted, however. We should consider what would actually happen if the password is removed from the digital identity altogether.
Where the password is removed, designers of the digital identity platform would be given only a physical token and a biometric sensing as authentication factors.
Biometrics requires a fallback measure against false rejection. Then, with the password removed, nothing but the token could be the fallback measure for the biometrics. System designer could have only the following two choices.
(1) authentication by a physical token alone, with an option of adding another token, security effect of which is highlighted in this cartoon we published 14 years ago.
(2) authentication by a biometric sensing deployed in ‘multi-entrance’ method with a physical token as a fallback measure, security of which is lower than (1) , with an option of adding another token, as quantitatively explained here.
What a barren desert!
Incidentally, we are certain that quite a few professionals of security and identity management are well aware of these facts but something prevents them from speaking out, perhaps in view of the huge weights of the vested interests. Once they had sold those ‘password-free’ solutions and recommendations to millions of clients, it might well be just embarrassing to talk the opposite.
By the way, it may be worth referring to biometrics in view of the issue of ‘Security vs Privacy OR Security & Privacy’.
It appears that both biometrics promoters and the civil-rights activists are exchanging debates on the same (wrong) assumption that biometrics are good for security and no good for privacy, with the former stressing that biometrics may be bad for privacy but it is very good for security while the latter emphasizing that biometrics may be good for security but very bad for privacy, irrespective of whether in physical space or in cyber space.
We could contribute to the constructive discussion by reasoning that biometrics is no good for both security and privacy in cyberspace.
Threat to Democracy
It should not be difficult to comprehend that the password-less (will/volition-less authentication) is not compatible with the value of democracy; it would be a 1984-like Dystopia if our identity is authenticated without our knowledge or against our will.
We are being driven by the acute notion that we might well be one of the very few who are willing to freely discuss the digital identity issue with respect to democracy, i.e., the role that the valid digital identity will play for sustaining security and democracy in the cyber age.
Biggest Issue of Digital Identity – What will be a Successor to Seals, Autographs and Text Passwords?
‘Achieving higher-security by removing the password’ and ‘Killing the password by biometrics and physical tokens’ are both no more than the hyped myths.
‘Text passwords’ are not loved but ‘the password’ is absolutely necessary. Then, what else can we look to as a valid solution to the predicament of digital identity?
Our answer is expanding the password system to accept credentials made from our non-text memories as well as the text memories. When expanding the password, we could consider making use of our autobiographic memories, episodic memory in particular.
Well, we could take one basic requirement into account – It’s the obligation of democratic societies to provide citizens with the identity authentication measures that are practicable in disaster recovery and other emergencies.
When injured and panicked with empty hands in emergencies, how can we get authenticated securely and reliably?
Authenticating empty-handed and injured people cannot be done without involving ‘secret credentials made from our memory’. Physical tokens and biometrics do not help.
Getting empty-handed, injured and panicked people authenticated cannot be achieved without involving ‘Panic-proof secret credentials’. Images of episodic memories are panic-proof.
And it should be emphasized that what is practicable in panicky situations is easily practicable in everyday life – the reverse is not true.
We call this proposition ‘Expanded Password System’
Expanded Password System that drastically alleviates the password fatigue is supportive of
– Biometrics that require passwords as a fallback means against false rejection
– Two/multi-factor authentications that require passwords as one of the factors
– ID federations such as password managers and single-sign-on services that require passwords as the master-password
– Simple pictorial/emoji-passwords and patterns-on-grid that can all be deployed on our platform
* All with the effects that handling memorable images makes us feel pleasant and relaxed
– Nothing would be lost for the people who want to keep using textual passwords
– It enables us to turn a low-entropy password into a high-entropy authentication data
– It is easy to manage the relation between accounts and the corresponding passwords
– It helps deter various phishing attacks
– It helps to build practicable Brain-Machine/Computer-Interface
– It helps with Self-Sovereign Identity and Bring Your Own Identity
Lastly but not the least, it is democracy-compatible by way of providing the chances and means to get our own volition confirmed in our identity assurance.
Expanded Password System is now at the stage of Draft Proposal’ for OASIS Open Projects.