I’ve been reassessing my own motivations for writing about the subject of Identity Management and my desire to start a project that involves building a global identity management system. A strong motivation since beginning this series of articles has been, that I feel the internet is a phenomenal global communication system that could facilitate efficient communication between the people of Planet Earth. That’s a rather non-technical motivation for wanting to build something others would consider highly technical.
As I’m getting closer towards a full project description based on the articles I’ve written so far, it is time to take a step back and see what we’re heading in to. I have written on the subject of Privacy vs. Anonymity in a rather technical way but there are some big ethical issues at play here as well, as was evident from some of the examples given. I’ve also suggested in Pseudo Identity Management Protocols that contents could get their own identity as an identity is not limited by an entity being ‘alive’ by my first definition in Identity Management. However, when a non-living entity gets it’s own identity, who controls the changeable attributes of such an identity? I’ve scratched the surface on this in Identity Federation, proposing an object oriented approach for identities, but have not given any real attention to who ‘owns’ an identity yet and what it means to assign such ownership.
Cyber Genome
I just read an article titled ‘Cyber Genome project kicked off by DARPA‘. According to DARPA:
the “Cyber Genome Program” will “produce revolutionary cyber defense and investigatory technologies”.
It was on reading this quote that I realized I’m on to something here. The Cyber Genome project will allow any digital artifact – a document, a piece of malware – to be probed to its very origins. Not always being the greatest fan — nor adversary — of the military approach I immediately noticed this one important difference between the approach I’ve been writing about and the approach of DARPA. It is summed up by only one word — any. The DARPA approach in this case does not seem to leave any room for choice. There is no option for anonymity while I’ve already established a relation between monetary value and privacy value in “Privacy vs. Anonymity” and come to the conclusion that anonymity has a great value.
So the use of the word ‘any’ in this context worries me somewhat but even more so:
“There are to be workshops for interested industrial participants shortly, but it’s US citizens only. The wider world may not find out about the Cyber Genome effort unless and until it starts to produce results.”
That’s quite a statement right there. Realizing that this is The Register reporting while not quoting sources for this I decided to try and find a source for this news and on the fedbizzopps.gov site I found the Cyber Genome Program Proposers’ Day sollicitation initiated by DARPA. Indeed the project’s objective and description does not leave much room for interpretation:
The objective of the Cyber Genome Program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users to support DoD law enforcement, counter intelligence, and cyber defense teams. Digital artifacts may be collected from live systems (traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’), from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software – malware). The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.
It’s interesting to see that the announcement on fedbizzopps’ site was put up on Jan. 25th 2010 while the closing date for signing up for the conference is well behind us according to the proposers’ day website. Anyway, I’m not in the black helicopter business, but be that as it may, this is presented as a ‘Federal Business Opportunity’. It would be nice to actually have the ability to make use of this opportunity! However:
“Attendance is restricted to U.S. Citizens only. Attendees are required to submit a U.S. Citizenship Verification form in order to attend this conference.”
Looks like this is a U.S. only party so The Register wasn’t merely being sensationalist here. I’m somewhat intrigued that most major security sites do not seem to have picked up on this subject yet. I strongly advice readers of this article to comment on DARPA’s plans and to share this article to your social networks.
Update: embedded youtube video I found in an article about ‘Europe celebrates data protection day‘. Seems apropriate in this context.
