People get protected from Big Brother database threats

STEFAN BRANDS is used to the fact that most people don't understand what he or his company does. "User-centric identity management", says its first product announcement last month.

"Our focus," he explains, "is on technology that allows you to do identity management on a large scale society-wide, without privacy dangers." They are trying to protect people against the worst invasiveness of massive database systems. National ID cards. Online government services. Health systems. Passports.

But, "What is missing from these discussions is who is trying to achieve what," he says. ""What kind of benefits, and to whom? The government says one use - to fight terrorism. Well, how?" With precise specifications, you could design to the criteria without granting more rights than necessary. "There are three fundamentally different architectures for building these society-wide infrastructures, and they have profound repercussions on the privacy and security of organisations and individuals."

First: the centralised database with a unique identifier beloved of Humphrey Applebys everywhere. Second: the data stays in local repositories and the ID card creates an electronic pipeline between them. Third: user-centric ID, where a smart card stores "protective snapshots" of the information held by different organisations, like a minidatabse. "All three are feasible, and all can achieve the same objectives, but you can only achieve the third approach by involving the individual."

In fact, he says, you don't have to choose; build a national infrastructure and implement whichever is best for each application. "What's scary is that all the thinking is about building inflexible national ID infrastructures that do not involve users but give tremendous power to governments and organisations to do anything they want." Fuelled, he thinks, by their all hearing the same pitches from the same big vendors. "We are building a critical component that removes a lot of the problems." Brands is the only person on the planet who has worked for both previous attempts to commercialise privacy: Digicash and Zero Knowledge Systems.

The ideas behind all three companies are traceable to David Chaum, whose 1992 Scientific American article outlined using cryptography to create anonymous digital cash. The same principles for authenticating a transaction without revealing identity can work in many other applications, such as government ID systems or email or electronic voting.

"Digicash was very focused on its business model and it did a lot of the right things, but unfortunately made the assumption that big banks would be interested because it was so much better for customers - without recognising that that was exactly why banks didn't want it," Brands says. "It's sad for me, looking back at the 1990s, when I was heavily involved in electronic payment developments - Mondex, Visa cash, Digicash - and the only thing that made it was Paypal, because it matches the banks' business model." And Paypal removes much of the more innovative systems' promised security and anonymity.

Brands grew up in the Netherlands. After working with Chaum, he emigrated to Canada to work at Zero Knowledge, which attempted to create privacy software aimed at end users. "ZKS crashed because it had no business model," says Brands, who founded Credentica with former colleagues. Credentica, by contrast, aims its products at larger companies who can integrate them into the systems they sell to governments and other large organisations. "It's like Dolby noise reduction. We don't build the amplifier."

It is, he thinks, a more sensible approach - but it still involves fighting against a security thinking stuck in the 1970s. "There has been an assumption in the past decade that if you want to build an identity management infrastructure on a wide scale that those security token mechanisms [like X509] are kind of simple and they've all been done, and you just need to plug them into the infrastructure in some way. It's the wrong assumption."

Besides,"Typical organisational thinking is, 'we need to protect ourselves against attacks by our clients'. They are not thinking, 'we need to protect individuals against misuse by us'." Instead, "what we really want is multi-party security. We know how to do it. It's actually fairly trivial." µ