Ming the Mechanic:
Friends, Identity and Security

The NewsLog of Flemming Funch
 Friends, Identity and Security2003-10-16 17:46
by Flemming Funch

Robert Cringely has thought about better ways of proving one's identity, so people don't steal your stuff. Exerpts from the article:
"Knowing a Social Security number and a mother's maiden name is pretty much all it takes to loot a U.S. bank account, often without even knowing the number of that account. Yet the real question ought not to be, "Does this person know the right identifying information?" but, "Is this person really who they say they are?" ...

"What works against us is that we have a million years of societal and biological evolution based on the concept of small tribal groups, yet only a few centuries of urban life and less than two centuries of mass transit. One characteristic of tribes is that the members know each other. So when the lady at the bank recognizes you -- really recognizes you -- it decreases to almost zero percent the likelihood that somebody can come in the bank claiming to be you and steal all your money. This isn't some clever security design, but an artifact of tribal life. You don't resent the lady at the bank for knowing you. You are flattered that she does. You don't fear that because she knows you that you are more likely to be a crime victim. Just the opposite -- we feel safer because we are known. ...

"My system is based on a registry of friends because we all participate in virtual tribes that are geographically dispersed. Every person who wants to have credit, to make a big purchase, or to board a 747 has to have a list of 10 friends -- people who can vouch for their identity and know how to test it if needed. That takes us out of the realm of the mother's maiden name, replacing it with, "What was the nickname I called you in the fourth grade?"

I am Bob, and these are my 10 friends.

They don't even have to be friends -- just people who know you. You don't have to tell them they are on your list and you can change your list as often as you like.

Imagine an aerial view of this network of friends. It is so large it could only be analyzed by a big honking computer, but there is a great deal to be learned from that analysis. People could disappear and be noticed, perhaps to be found. Deadbeat dads could be tracked, as could sexual predators. Epidemics would ripple across the surface of the model, perhaps leading to targeted anticipatory preventive care, saving lives. Guys who buy enough fertilizer to blow up a Federal office building would stand out.

Now before you can say the words "Big Brother," remember that YOU choose your list of friends so they can be people from work, from school, from the tennis club, but perhaps not from your Communist cell or from your swingers club. You can keep private what you want to keep private because the big picture is what matters here.

The system would be tied together by phone, e-mail, and Internet messaging. Ultimately, it would come to function like a much larger version of eBay's feedback system which would result in subtle pressure toward more civil behavior -- something we don't have in any practical sense today.

Maybe this system wouldn't work. You tell me. But I know that what we have right now isn't working, and I am not sure it can be made to work. The only answer that makes sense to me is to hearken back to a simpler time when these crimes just didn't' happen. And it is only through clever application of technology that this can be done.
But when we try to scale this inherent security up to urban, regional, national, and international levels, it doesn't work. We either have to accept less security or impose an artificial system intended to emulate that lady at the bank. This emulation is at the heart of every security system everywhere, yet we don't think of it in these terms."
OK, he hasn't thought it all the way through, but he's got a big point.

And, as Britt and Doc note, it sounds a whole lot like what Xpertweb is addressing.

Really, most crime in the world can exist only because we're largely all strangers to each other, and we rely for security on numbers, keys, passwords, and similar abstract tokens, and on symbolic barriers, such as closed doors and windows. We rely on disjointed pieces of *data*, and on flimsy walls around things that need protection, instead of relying on people and the relations between them. We need to somehow bring back the security system of a tribe, while retaining the mobility of the modern world, and without inheriting the limiting social norms of a tribe. In a modern city burglars could come and empty one's appartment, even though the neighbors that one doesn't know are only a few meters away. In an oldfashioned tribe in a village, the burglars would not even have gotten past the city limits. Or everybody would know who they are.

[< Back] [Ming the Mechanic]



17 Oct 2003 @ 00:13 by waalstraat : Novel Thinking
I like the way you bring anthropological and sociological observations and ideas into you think an understanding, for me that's a plus. But I fear the question I'm about to ask is kind of naive, but you raised it so forgive me for asking it.
The question is: Wouldn't it be much easier and more parsomonious to have the person who wishes to be identified chose his own somewhat complex question like,
"Who were your favorite Super Heroes when you were a kid and in what order did you like them?" And then provide the answer, "1.Captain Marvel, 2.Superman, 3.Batman...
Most of my friends know I was enamored by old Cap "The Big Red Cheese" but few I believe know the order of my 3 preferences--I'm not even sure my brother does and we are very close.
Moreover, I am now 67 years old and for the most part I stopped reading Superhero comic books 'regularly'at 20 years of age but I have never forgotten my order of preference.
And sample question might be, "When you were a kid you love a dinner consisting of three items, Sunnyside up eggs, cream spinich and --------? Also what did you prefer drinking with it -------?"
I am sure no one in my life knows or remember the answer to that question but me, and by the way it was mash potatoes, and chocolate milk made with Hershey Syrup.
So my question is why would your more elaborate system be more secure than this? Perhaps "Beginners Mind" is a keyword for solving a complex problem sometimes...PS I love the idea that Social Familiarity yields greater security...not less...and I am going to send that to the officers of my bank who rotate their employees from branch office to branch office every few month so that no one recognizes the client...the reasoning behind that beats me...  

17 Oct 2003 @ 05:27 by ming : Questions
Well, actually I don't think the question thing is the key there. So I think that he either got that a little wrong, or didn't explain his whole idea in the article. ANY fixed question/answer thing is a security problem, no matter how obscure the answer is. I mean, after reading your comment above, I now know your favorite super heroes, in the right order, so that is no longer good security. So, I think part of the idea with the friend thing is that somebody who really knows you will quickly figure out whether it is you or not. If they can communicate with you. If they can see you, they'll know right away. If you can only type to each other, they would probably want to come up with several more new questions than that. Like, "you remember that girl who ... that you ... and, now, what was that tatoo she had on her lower back?" Well, kind of cumbersome, if you just need to use your ATM card. But there's a key in here somewhere.  

17 Oct 2003 @ 16:52 by magical_melody : Very Good Ming!
Yes, in small tribes the bit about theft: We hear from our Polynesian friends, that in the Cook Islands, that is exactly how it is. You cannot get away with anything because everyone knows everyone and the intuitive connection is strong there too. Communist Cell or Swingers?, Ming you devil you! LOL You are so funny!! Max and I love reading your log from time to time for a good belly laugh, and your entertaining - yet informing writings.  

Other stories in
2010-07-10 13:01: Strong Elastic Links
2010-07-08 02:27: Truth: superconductivity for scalable networks
2010-06-27 02:28: Be afraid, be very afraid
2008-07-06 23:20: Laws of social networks
2008-06-20 15:40: Peer material production
2008-05-06 13:57: Why can't we stick to our goals?
2008-02-21 21:16: Open social networks
2007-11-08 01:49: The value of connections
2007-11-07 00:51: Diversity counterproductive to social capital?
2007-07-13 23:42: Plan vs Reality

[< Back] [Ming the Mechanic] [PermaLink]? 

Link to this article as: http://ming.tv/flemming2.php/__show_article/_a000010-000907.htm
Main Page: ming.tv