From Jules Cohen, Director, Online Privacy and Safety, Microsoft:
This week I travelled to Washington, D.C. for the International Association of Privacy Professionals (IAPP) Global Privacy Summit. The event is a great opportunity for members of the global privacy community to connect, debate the pressing privacy issues of the day and look ahead to future challenges.
In the physical world, when you need to prove your identity to access a particular good or service, you typically pull out the appropriate ID from your wallet. Depending on the context, this might be a driver’s license, student ID, ATM card, employee ID or any other of the physical identity documents that people carry. The card is scrutinized and the recipient makes a trust decision whether or not to allow access to the requested good or service.
Today, we don’t have a similarly robust or interoperable identity verification system online. Instead, we rely on a patchwork of user names, passwords and other easily compromised pass-phrases to “prove” who we are online. Unfortunately, compromised usernames and passwords can typically be entered online by anyone, from anywhere on the Web, and don’t have anywhere near the fidelity of physical identity documents.
For online transactions that require a high level of information assurance and protection, we need a more secure and verifiable model — one where the level of trust and assurance much more closely resembles identity in the physical world.
Technology can help us develop a system of electronic identities that extends to the Web the type of trusted identity verification enabled by ordinary plastic ID cards. As we move down this path we’ll encounter a variety of challenges. One of the most critical ones will be building these new systems in such a way that they support data protection and privacy principles.
At Microsoft, we’re investing in technologies to address these challenges. We recently released a cryptographic-based technology called U-Prove under the Open Specification Promise. The U-Prove technology can enable people to prove their identity by disclosing only the minimum amount of information necessary to complete a transaction, and does so in such a way that one use of an ID is not linkable to any other use of that ID.
Read more on Microsoft on the Issues.
Thanks to the reader who sent this in.