Microsoft lines up with the good guys on identity tech
Brands and Cameron pitch the fix for government's Big ID problem
Early last month Jacqui Smith unveiled the latest revision of the ID card roadmap. On the same day, by happy coincidence, Microsoft bought Credentica's U-Prove assets and hired Dr Stefan Brands. On the one hand, a discredited and failing strategy staggers on under its fourth Home Secretary, while on the other...?
In recent years Microsoft has shown every sign of knowing which way is up when it comes to identity management. The company already has on board Kim Cameron, its chief architect of identity and one of the key thinkers in the field, and with the arrival of Dr Brands - who joins Cameron in the company's Connected Systems Division - it adds a second. Cameron cleared up the mess and set the new rules after Microsoft's monolithic, centralised and panoptical Hailstorm ID management policy collapsed under its own weight. Dr Brands is author of the seminal Rethinking public key infrastructures and digital certificates, and the developer of 'blind' or 'minimum disclosure' credentials.
Together, these support a privacy-friendly and user-centric view of identity management - the antithesis, effectively, of the controlled, centralised vision that's currently crashing and burning at the Home Office.
The ID problem
Dr Brands' not entirely happy experiences as senior cryptographer and chief scientist at David Chaum's pioneering DigiCash and later at Zero Knowledge Systems underlined the key problem faced by Credentica. This ambitious work has no business model for a small company. Clients often don't know and don't care that they have this vast, global problem.
Many intelligent and powerful people fail to appreciate the large, growing and interlinked problems of Internet privacy and security. The problem has no real analogue in the tangible world, so it's hard to grasp that a solution is even possible, let alone one that is full of delightful counter-intuitive properties.
We lack analogies and illustrations. You can't talk in terms of castles, safes, guns, bullets, locks or keys. But there's a serious and real problem of privacy and security on the net.
We now routinely and irrevocably leave our details all over the place as we transact on line. We're increasingly open to exploitation, fraud, impersonation, discrimination and wrongful service denial.
Yet some of the best minds in government and law enforcement are all in favour of this level of transparency, hopeful it will make their job of keeping tabs on troubled souls whose religious anger or drug business causes social problems.
The quality of global surveillance offered by the digital certificates we use in transacting seems to them providential; a welcome aspect of the natural unfolding of our technological era. At a stretch, you can see why they might think like that.
But the state isn't perfect, nor will it ever be. The unsuspected characteristics lurking in what Dr Brands calls "the most pervasive electronic surveillance tool ever built" will appeal to baser instincts in officials and politicians with corrosive effect.
Furthermore, irrefutable evidence of our transactions and behaviour is increasingly available to nitwits and crooks in every organisation with which or through which we transact - banks, ISPs, search-engine companies and telcos.
Today's Internet is an electronic El Dorado for the professional criminal, and it gets better all the time. As we destroy everyone's privacy in the on line world we make it unsafe for all. Government itself supports this dangerous trend, when it should be protecting us from it.
Now the Tory and LibDem UK political opposition have spotted that centralised “panoptical” (all-seeing) systems such as centralised health records, childrens' databases, and the centralised ID System now present a visible threat to human welfare.
The solutions you can't understand
But as with global warming or plastic waste, no-one seems to own the problem of the pollution of cyberspace with personal data. It's very hard for an entrepreneur – whose assets essentially reside in his own head – to say "Here's a solution I've invented and patented which solves the problem you don't know you have, in ways you'll never understand. It gives you other benefits you never expected or sought and frankly wouldn't believe possible until you do the maths, which you won't be able to."
That's not an easy sell to banks, supermarkets, or telcos. It's hardly a political "open goal" for the Home Secretary. There's no easy way for a start-up to generate cash with something so fundamental and large scale. It's a wonder that Dr Brands maintained his composure, humour, grace and sanity in the last 15 years.
His proposition only works for a market leader – a Visa, Google or Microsoft – that stands to gain from boosting confidence in the overall market.
Dr Brands is evidently delighted about the U-Prove sale, which had been under discussion for two years. "There is no industry player around I believe in as much as Microsoft with regard to its commitment to build security and privacy into IT systems and applications," he says. He points to Microsoft's existing presence throughout the target markets for ID and access management, and its influence both on the client and server side of the application. "It is easy to say why this is a perfect match."
Mr Cameron sees U-Prove's minimal disclosure tokens as base features of emerging identity platforms which will lead to the safest possible Internet: "I don't think the point here is ultimately to make a dollar. It's about building a system of identity that can withstand the ravages that the Internet will unleash. That will be worth billions." He looks forward to good privacy practice becoming one of the norms of e-commerce.
The prospect is that Brands' minimal disclosure tokens, with their properties of selective disclosure, unlinkability, and powerful revocation capabilities, will be built with half a dozen man-years' development effort into the Windows Cardspace user interface arising from Mr Cameron's work, and also into the underlying Windows Communication Foundation.
If U-Prove is available in WCF that makes it available to any applications on the Windows platform. U-Prove is also covered by Microsoft's (not wholly uncontroversial) Open Specification Promise.
MS as ID standards hero?
Now that the world knows it is Microsoft – instead of a Nokia, Google or IBM – that has acquired Dr Brands' patents there is concern on just how U-Prove will be used competitively. A statesmanlike market leader can afford the view that a safe online world for all is prerequisite for the health of their future market. But Microsoft has a history as an inveterate playground bully that rivals don't easily forget.
Mr Cameron protests that times have changed: "I can guarantee everyone that I have zero intention of hoarding minimal disclosure tokens or turning U-Prove into a proprietary Microsoft technology silo. Like, it's 2008, right? Give me a break, guys!" Dr Brands echoes the point: "It's very clear to me that's not why the people who pushed for the deal wanted to do this."
The outstanding question is how well the undoubted intentions and integrity of both men will stand up to the residual primitive and exploitative tendencies that still reside in large parts of Microsoft.
So, why is this acquisition so important for us in the UK?
It's not just about general cybercrime and data losses, although the UK suffers from that as much as anywhere. It's about the broad thrust of government IT plans. The UK's "Transformational Government" public-sector IT strategy is written and implemented by people who have yet to take a privacy-friendly approach to single sign-on and data sharing. And they've managed to marginalise the very small number of people inside government who appreciate Dr Brands' work.
To say the acquisition is important to UK government is not to say that Whitehall should now buy more Microsoft products – indeed part of the problem was that Tony Blair was seduced by Bill Gates, and Whitehall was locked by Microsoft into a Hailstorm-era way of thinking with its central authentication and health services. When Scott McNealy pointed out the dangers of Hailstorm UK e-Envoy Andrew Pinder scornfully and publicly retorted that the Sun boss was simply jealous that Bill Gates' firm was bigger and more successful than his.
Even now the Microsoft-using UK government gateway service wants to offer single sign-on for all public services, and to extend this to private sector partners – a gargantuan authentication service which would surely become the mother of all 'computers that say no'.
People who think this way remain, as Dr Brands puts it, "in a state of sin".
Whitehall needs to understand why Microsoft had to move on from Hailstorm. It has to demand, on all our behalves, that Microsoft, IBM, Oracle, Google and all our service providers design and deliver systems which protect our privacy and in doing so maintain our collective security. This also reduces the vulnerability to data losses and simplifies obligations under data protection law. Minimal disclosure means we can transact safely with organisations that hold far less personal data.
Would we be able to put this persuasively to Jacqui Smith? Not in an elevator pitch. Probably not in a one-hour meeting. But she's a very smart woman. If we who read and write for The Reg can understand it then I'm sure she and her colleagues can. Those who advised her and predecessors need to consider that they may have been mistaken. They've undervalued the security benefits of privacy.
We all have a very long way to go before we transact and interoperate in a secure online space in a world that conforms to Cameron's seven laws and works in keeping with Dr Brands' enlightened vision. But ensuring a secure future for U-Prove and the mass rollout of U-Prove based products and wide availability across different platforms is a huge step forward.
Far bigger news, as we say, than an ID System rollout plan. ®
William Heath moderates the Ideal Government blog, and serves on the Open Rights Group board and the FIPR Advisory Council. He founded and chaired the government IT research group Kable, now part of The Guardian. A Fellow of the Young Foundation, he is now starting a new venture to help business adapt faster and better to the arrival of customer-centric Vendor Relationship Management.