Aadhaar: digital identity writ large in India

India has forged new ground in digital infrastructure with its IndiaStack [1] initiative and Aadhaar, the biometric identity system at its core. Aadhaar is the largest state-sponsored digital identity system in the world. With over 1.1 billion Indian residents enrolled, it is transforming the world’s second most populous nation from an underdeveloped state into an advanced digital society. It isn’t perfect, but its successes and failures offer important lessons in the opportunities and the pitfalls of national identity systems.

Architecturally, Aadhaar is a voluntary, biometric-based identity proofing layer upon which additional services can be built. By design, it is as minimal as possible, enabling a single function: state-endorsed biometric authentication of individual Indian residents. It is one of five core IndiaStack applications, which together provide foundational digital services throughout India. The other four are

eKYC – Digitize your KYC (Know Your Customer for bank account creation).

UPI – Transfer money between bank accounts in India.

Digilocker – Retrieve, Store & Share verified digital documents.

eSign – Sign any document electronically.

In addition to these government provided applications, registered companies can build apps on top of IndiaStack. In the words of its chief architect:

Large scale social problems require “unbundling of the problem”
and creation of “shared digital infra” as “public good” on top of which
“innovative solutions” can be “assembled” to meet diverse contextual needs.

–Pramod Varma, Chief Architect, Aadhaar

At the 2017 ID2020 [2] summit, Pramod Varma put it this way: Aadhaar provides robust de-duplication so services can know definitively that people aren’t lying about their identity, such as filing double claims for benefits or other advantages. A set of open APIs, IndiaStack provides “digital infrastructure platforms as public good to allow solutions to be assembled by the ecosystem.” In other words, the five IndiaStack services are a public good that enables applications that better serve the people of India.

Aadhaar’s separation of identity from the services which depend on it is a profound shift towards a human-centered Internet. No longer is an individual’s identity tracked on an ad-hoc basis by private, corporate interests like Google and Facebook. Instead, identity proofing is provided as a fundamental utility of the state, just like roads, water, and the courts. Or a passport.

Many contend the opposite: that the functional result of a system like Aadhaar is the subjugation of the individual to the state. That by creating a national system to track everyone’s digital actions, India has, in fact, reduced the humanity of its residents to mere digital ones and zeros. While traveling abroad may deserve additional credentialing, like passports, makes sense, within one’s own country, a free state has no legitimate cause for persistent tracking of individuals’ digital transactions.

In short, Aadhaar is at least as controversial as it is enabling. To understand the conversation about Aadhaar, let’s examine it through the lens of Functional Identity, introduced in my two previous articles. Speaking of Identity [3] and How Identity Can Enable A People-Centered Internet [4].

The experience

It starts with enrollment.

Individuals in India establish an Aadhaar number by visiting a registrar or enrolling agency. Enrollees provide proof of identity and address through documentation, assertion by a head of family, or specially authorized “Introducers”. Biometrics are captured by certified devices: retina scan and fingerprints. Individual’s demographics are also recorded: name, birthdate, physical address, and an optional mobile number or email address. These are associated in a central government database with a unique identifier, the enrollee’s new 12 digit Aadhaar number.

When individuals use Aadhaar for authentication to various services, they provide their Aadhaar number and at least two of three authentication mechanisms (biometrics, demographics, and a One Time PIN sent by email or mobile). This request is encrypted and sent to a central verification service, which returns a simple Yes or No, indicating successful authentication or not. Services are then provided or denied.

Let’s put this in terms of Functional Identity. Here are the nouns and verbs of Functional Identity in Aadhaar.

The nouns

subjects

Individuals in India, both citizens and otherwise.

subjects

Unique, 12 digit Aadhaar numbers are created in the centralized Aadhaar database for each enrolled individual.

subjects

Biometric templates (retina, fingerprint), demographic data (name, date of birth, address, gender), and optional contact info (email or mobile). Plus, any attributes stored by service providers and associated with an individual’s Aadhaar number. While these are not within the Aadhaar system, they are a functional part of the identity enabled by Aadhaar.

subjects

Sensor readings from authentication devices. Meta-data associated with each authentication request: timestamp, source of authentication request, etc.

subjects

The only derived attributes I discovered are One Time PINs which can be sent to the registered email or mobile number for immediate use at the point of authentication. Please email me if you know of any Aadhaar analytics creating new attributes based on raw data and attributes.

The verbs

subjects

Attributes are acquired at enrollment, which takes place at authorized enrollment centers, some of which are privately owned and operated. Biometric scans and demographics are acquired at the point of authentication throughout active use of the system.

subjects

Biometric and demographic attributes are correlated with the Aadhaar number during enrollment.
At the point of authentication, at least two of the following three are submitted to a centralized registry for verification:

  • biometric scans from sensor readings,
  • demographic data matching registered attributes, and/or a
  • One Time PiIN (OTP) sent via mobile text or email

On a successful match, the individual is correlated with their Aadhaar number.
Services relying on Aadhaar correlate the physical person and their own records with that identifier.

subjects

Based on the internal records associated with a given Aadhaar number, various services may be provided or denied. For example, the national welfare system uses Aadhaar to ensure no one is paid twice for the same welfare benefit. Services may also accumulate records that can be securely and reliably associated with the authenticated individual, restricting future access to that individual or someone with their explicit consent.

subjects

At the point of authentication, the central verification service analyzes the sensor data, demographics, and One Time PIN to find a matching profile.
Presumably anomaly detection monitors authentication requests to help detect possible cyberattacks. Other data mining may occur, but legally it needs to face the test of national security. Details of any such mining are not public at this time.

subjects

Data is secured by cryptography, process, and regulation. Resident data and raw biometrics are always kept encrypted, even within registry data centers. Individuals can freeze their Aadhaar number so nobody can use it, even them. By law the biometric and demographic data used for authentication cannot be stored. In practice, not all systems adhere to the requirements.

The controversy

Aadhaar is a transformative experiment, designed to leapfrog India’s infrastructure from an underfunded, underdeveloped bureaucracy struggling to reach all of its citizens to an efficient digital society where cost-effective electronic services can be reliably provided more quickly, more broadly, and with greater impact at lower cost and waste.

At the same time, the open approach raises fundamental questions about privacy in a digital world. As “voluntary” use of Aadhaar for services effectively becomes mandatory due to the hassle of alternatives, IndiaStack becomes a compulsory architecture of surveillance covering nearly all digital life, requiring neither probable cause nor search warrants. As IndiaStack enables even more services and touches on even more aspects of individuals’ lives, the surveillance coverage and privacy risks only increase. Shouldn’t it be possible for a person to buy a cup of coffee without the government knowing about it? Is it really appropriate to embed government tracking into the majority of transactions in an Indian person’s life?

Several court cases have charged Aadhaar, IndiaStack, and related services with violating the rights of Indians to “life and liberty” as protected under Article 21 of the Indian constitution. In August of this year (2017), the Indian Supreme Court ruled that privacy is more than just a common law right, subject to legislative override. Rather, it is a fundamental right that cannot be denied without appropriate cause and due process.

“The State must ensure that information is not used without the consent of users and that it is used for the purpose and to the extent it was disclosed,” said Justice S K Kaul. He added that … “automated processing of personal data… to analyse or predict… performance at work, economic situation, health, personal preferences… can result in discrimination based on religion, ethnicity and caste.”

Justice Chandrachud ruled that creating regimes for data protection “requires a careful and sensitive balance between individual interests and legitimate concerns of the state”. [5]

The court’s ruling sends several cases back to lower courts for judgment in light of a more stringent constitutional, rather than common law, test of legality.

The controversy is far from settled. As the details are considered, the benefits must be weighed against the harms. Ultimately, India must decide whether the good outweighs the bad as well as what can and should be done to reduce those harms without losing this promising new digital infrastructure.

In my next column, I’ll dive into that debate: The benefits and the harms, the options for improvement and lessons learned.

It’s clear that Aadhaar is an unprecedented success by many measures. The rest of the world has much to learn from both its victories and its failures. Perhaps, through Aadhaar, we can better understand the true opportunity for a people-centered Internet.

This article also appears at https://peoplecentered.net/2017/11/16/aadhaar-digital-identity-writ-large-in-india/

[1] The IndiaStack website. http://indiastack.org

[2] ID2020 http://id2020summit.org

[3] https://peoplecentered.net/2017/06/11/speaking-of-identity/

[4] https://peoplecentered.net/2017/07/26/how-identity-can-enable-a-people-centered-internet/

[5] Kaushik, Krishin, “Right to Privacy: After Supreme Court judgment, all eyes now on Aadhaar case” The Indian Express. August 25, 2017. Accessed online October 17, 2017, http://indianexpress.com/article/india/right-to-privacy-verdict-what-next-all-eyes-now-on-aadhaar-case-4812352/

Posted in Functional Identity, Identity | Tagged , , , | Leave a comment

How Identity Can Enable A People-Centered Internet

Understanding Identity through Function
This is the second of a regular column on Identity for the People Centered Internet. In the first column, I introduced the idea of Functional Identity as a way for ordinary people to discuss identity, with this definition:

Identity is how we keep track of people and things, and in turn, how they keep track of us.

This article describes how we do that.

An identity system is a collection of tools and techniques used to keep track of people and things.

As individuals, we do this naturally, in our minds. We name things, then use names and distinguishing features to remember what we learn. We treat people differently based on their identity: treating our friends and family differently from strangers and known threats.

Organizations create processes, software, and services to achieve similar ends. These identity systems are best understood in terms of how they function, which is the same way that identity has worked since the dawn of civilization.

The goal of Functional Identity is to bridge the communication gap so business people, community leaders, and parents can talk with engineers and regulators, and together and we can make identity systems that work better for us all.

Definitions

In the diagrams below, the blue boxes are nouns and the red ovals are verbs – the building blocks for describing identity systems.

We start with the simplest identity system, using three nouns and a verb:

  • Subjects are entities—people or things—under consideration.
  • Identifiers are labels which refer to entities. They are used to keep track of what we know about those entities.
  • Attributes are what we know about people and things. They describe the state, appearance, or other qualities of an entity.
  • Correlate means to associate attributes with particular entities, to associate what we know about someone with either an identifier in the system or a subject in question.
Subjects, Identifiers, Attributes, Correlate

Identity systems correlate subjects with attributes in two ways. First, attributes are associated with identifiers referring to specific subjects, thus building a body of knowledge. Then, when we recognize a subject, we associate them with one or more identifiers and everything we know about those identifiers.

For example, consider visiting a local restaurant where your brother, Mike, has suggested you ask for his friend, Su, the chef, who went to the same school you did. The name “Su” is the identifier, and the fact that (1) she is a friend of Mike’s, (2) the chef of the restaurant, and (3) a schoolmate, are attributes you associate with “Su”. When you visit the restaurant and ask for “Su”, you mention to the person who comes out that your brother Mike sent you. Su’s reaction confirms that she knows Mike and that she is “Su”. Now you also know that this person, Su is the chef at this restaurant and that she went to your school. By correlating attributes (chef, friend, schoolmate) with the identifier (Su), you were able to establish a relationship with a person you just met (the subject).

This is the essence of how identity systems work.

These terms apply equally to things other than people, such as organizations, pets, or places. We correlate new attributes with identifiers and vice-versa as we learn about subjects. When we recognize a person or thing we can apply everything we learned about them. In digital systems, this set of related attributes is sometimes referred as a digital identity or profile.

Input and Effect

We learn or acquire identity information over time, then apply what we’ve learned to various interactions, usually elsewhere.

Acquire & Apply
  • Acquire means to gather identity information for use by the system.
  • Apply means to use identity information to affect change outside the identity system, typically to moderate an interaction of the subject with a related system.

Identity information might be acquired by observation or by importing from elsewhere. We may learn about someone by watching them, or we may learn through references, rumors, and reputation. Identity systems acquire new information throughout their operational life, just as we continue to learn about people throughout our lives.

Once acquired, identity information must be applied in a specific situation to have impact. If we know something about someone and no one ever acts on, nor shares, that information, it doesn’t affect the world. The way that identity information is applied tells us how an identity system affects our world.

For example, a website might apply the email associated with my account to allow me to reset my password or it may send me unwanted advertisements. The U.S. Transportation Security Administration (TSA) applies the information on its no-fly list to prevent those identified as potential threats from flying.

Making New Ideas

We gain new insights by considering both existing identity information and previously unrelated observations. Identity is more than just what we know about people and apply to our interactions. It’s also how we make judgments based on what we know, gaining insights into character, capabilities, and proclivities.

Raw data, Derived attributes, and Reason
  • Raw data are data which may or may not contain information relatable to a person or thing.
  • Derived attributes are conclusions reached by reasoning over identity information. They are what we learn when we consider what we know about people and things.
  • Reason means to evaluate existing identity information to generate new derived attributes.

Derived attributes are created by reasoning using raw data and known attributes. By applying reasoning on existing observations and related knowledge, we can gain insights that neither the subject nor the original author anticipated. Raw data such as search history, web browsing, and the time & location information captured by our phones, may contain identity-related information, even when that was neither the purpose nor the intention at the time of capture.

We reason using known attributes to derive new ones. For example, we calculate a person’s age based on the birthdate on their driver’s license to determine if they are old enough to drink legally. Credit companies evaluate recent income, past transactions, and projections of future income to set interest rates and make loan approvals. We remember how people treated us and alter our behavior in future interactions. If someone repeatedly breaks their word, we may stop depending on them.

Securing Identity Information
We go to great lengths to keep identity information secure.

Secure
  • Secure means to restrict the creation and flow of identity information to the right people at the right time.

Sometimes we keep secrets to prevent information from reaching certain people. We do this with tools like encryption, access control, and minimal disclosure. Legal agreements between people, businesses, institutions, and governments specify appropriate use of certain information while laws, regulations, and the courts allow governments and institutions to oversee, monitor, and intervene in the capture and use of identity information. How identity systems secure certain information, and not others, defines how they preserve and respect privacy.

The right to keep private information private is often referred to as the right of privacy. Many people feel their privacy is threatened because so much information is shared over the Internet, in our workplaces, and through our devices. Information we share in different contexts (business, family, community, etc.) can leak unexpectedly and undesirably into other contexts. For example, the sick day we took for a medical procedure might lead to the human resources department learning about a life-threatening medical condition, resulting in reduced consideration for promotions and new opportunities. Preventing human resources from learning the nature of the procedure (a private matter) is one form of securing identity information to protect our future at the company.

It is very difficult as individuals to track of all the ways we are publicly or privately tracked. Information is shared on social media, tracked in Internet searches, monitored when using navigation software, and captured as we use our phones. The sheer magnitude and complexity of the information tracked and used means the average person is essentially incapable of making informed decisions to consent to appropriate use. Some people give up, divulging personal information without regard to consequences. Others opt-out, participating as little as possible in our digitally connected world.

We can learn—and teach others—how the concept of identity matters in our lives and the options we have for protecting ourselves, our families, and our businesses. For example, parents can learn how publicly shared photos of their children—and their friends’ children—can unwittingly expose them to pedophiles and human traffickers. Teachers and coaches can learn techniques for limiting the exposure of students’ and players’ information to inappropriate eyes. Small and large businesses can learn how indiscrete requests for simple information like phone numbers or addresses can lead to social engineering attacks and identity theft. A better understanding of identity can help all of us protect ourselves through better identity hygiene.

Bridging the Gap

The nouns and verbs above are grounded in the world of technology and may be unfamiliar for the average individual. More conversational synonyms are presented in the table below. Feel free to use either, depending on the audience.

People, places and things
This is the point of identity: those people, places, and things we recognize.

Technologists Laypeople Common meaning
Subject Person Someone under consideration. The subject of inquiry.

Identity Information

These are the nouns of identity.

Technologists Laypeople Common meaning
Identifiers Names Refer to entities. Used to keep track of people and things.
Attributes Statements What we know about people and things. They describe the state, appearance, or other qualities of an entity.
Raw data Observations Data which may or may not contain correlatable information.
Derived attributes Beliefs Conclusions reached by reasoning over identity information. These are what we learn when we consider what we know about people and things.

Identity Actions

These are the verbs of identity.

Technologists Laypeople Common meaning
Acquire Collect Intake or generate identity information for use by the system.
Correlate Relate Associate attributes or observations with particular entities. We associate what we know about someone with either an identifier in the system or with a subject in question.
Reason Reason Evaluate existing identity information to generate new beliefs, expressed in attributes, captured in statements.
Apply Apply Use identity information in a system, typically to moderate interactions with known entities.
Secure Protect Restrict the creation and flow of identity information to the right people at the right time.

For technologists:
technologist
We assign identifiers to subjects. We collect raw data and correlate attributes to the subjects we track. We reason over raw data and attributes, to derive new attributes. We then apply this information to current and future interactions with subjects. We secure identity information to preserve privacy.

In more ordinary language:
layperson

We give names to people. We collect observations and record statements relating those observations to people we know. We reason over these observations, statements, and beliefs to generate new beliefs. We then apply what we know and believe when dealing with those we recognize. We protect identity information to preserve privacy.

This is the vocabulary of Functional Identity, a way to discuss identity in terms of functionality: how it works and what it does for us.

Summary

Functional Identity focuses on how identity works. We avoid the psychological, cultural, political, and philosophical notions of identity. These notions are important, but they can also distract us from understanding the technical choices involved in building and using identity in today’s Internet-enabled world.

This focus on functionality may help clarify and improve your own conversations about identity.

How we keep track of people and things is not just a technical matter, it affects our lives. For many, identity is not a conceptual issue, it can literally be a matter of life and death.

In future articles, we’ll use this language of Functional Identity to describe how real-world identity systems are being built and how they enable a people-centered Internet.

Please take a moment and share this with your colleagues and friends, and let us know what you think. Comment below, or email me at mailto:joe@legreq.com.

This article also appears at https://peoplecentered.net/2017/07/26/how-identity-can-enable-a-people-centered-internet/

Posted in Uncategorized | Leave a comment

Ten Years Later

Ten years ago I wrote a blog post that captured a key architectural insight at the core of VRM: putting the user at the center of integration not only improves the quality of services, it simplifies our systems.

When we put the user at the center, and make them the point of integration, the entire system becomes simpler, more robust, more scalable, and more useful.

The article captured the gestalt of VRM and helped catalyze a range of conversations that still shape the VRM approach.

Since then, we have seen a lot of progress. Sometimes we proceeded in fits and starts and there were certainly failures along the way, including my own venture, SwitchBook. When I started pulling together my notes for this anniversary post, I was mildly surprised and delighted at how much real work got done and the real-world impact we’ve had. Here are a few VRMy developments in the last decade worth noting.

Please chime in with a comment if you know of a good one to add to the list.

Coming in December of that same year, OAuth kicked off a series of standard protocols for identity, attribute sharing, and permissions, including OAuth 2.0, OpenID Connect, and User Managed Access (now at 2.0). These efforts brought together the leading technology companies to collaboratively develop new standards that give individuals greater flexibility and control over data exchange between online services.

Companies like Personal.com. (now TeamData), Digi.me, and Cozy Cloud shipped user-driven personal data stores. Software project HIE of One offers a personal data store that lets individuals manage our own healthcare data.

In Europe, GDPR has ushered in a new wave of regulatory requirements and penalties driving companies and organizations to give individuals easier access to, greater control of, and more security in our personal data. JLINC Labs offers a provenance service layer that allows companies to quickly attain GDPR compliance for the right to erasure and data provenance by giving individuals direct control over which data is used for what purposes.

Kantara Initiatives’ Consent & Information Sharing Work Group (CISWG) has published its Consent Receipt Specification to help both individuals and organization keep track of data provenance and terms of use.

Working with the CISWG, Customer Commons has picked up the challenge of developing customer-driven terms of use called “first party terms”. Asserted by individuals when interacting with websites, they are designed to provide a balance to the ubiquitous company-asserted terms of use we all are forced to accept when we interact online.

Perhaps the biggest recent splash has been made by self-sovereign technology, which provides distributed identity services completely independent of any centralized authority. Using distributed ledger technology, firms like Evernym, Blockstream, Digital Bazaar, Microsoft, and IBM are enabling a wide range of robust identity services that put individual users in the driver’s seat.

Collaborative initiatives like Sovrin, Hyperledger, the Decentralized Identity Foundation (DIF), Rebooting Web of Trust, W3C Verifiable Claims Working Group, and ID2020 bring technologists together to develop open source and open standards solutions that realize secure, privacy enhancing, self-sovereign architectures.

ID2020 brought the self-sovereign technology conversation to the UN, convening technologists, UN staff, representatives from sovereign states, and NGOs to explore how block-chain based approaches might enable cost-effective, scalable solutions for U.N. Sustainable Development Goal 16.9 https://sustainabledevelopment.un.org/sdg16: to give everyone on the planet a legal identity by 2030, including birth registration.

International non-profit technology solutions organization iRespond has agreements in place and is seeking funding for a self-sovereign identity layer to bootstrap identification credentials for tribal people in the border region of Myanmar and Thailand. These self-sovereign credentials will the recognized and used by local governments to provide work permits, health care, and other services.

There is still a long way to go, and there probably always will be room to improve whatever systems we build. The conversations continue at the Internet Identity Workshop (IIW), the People Centered Internet, and of course, on the Project VRM mailing list as well as the collaborative initiatives mentioned above.

Do you know a VRMy project that’s made a difference? Share with us in the comments.

Posted in Identity, ProjectVRM, Vendor Relationship Management | Tagged , , , , , , | Leave a comment

Speaking of Identity

Identity is one of the most important constructs of society. It’s also one of the hardest to discuss.

I’ve been in perhaps hundreds of conversations in over a dozen years about user-centric and digital identity. I’ve realized that many of our challenges in digital identity stem from two problems in these conversations. First, miscommunication; we often use the same words with different meanings. Second, we get distracted by compelling but unproductive discussions about different aspects of identity. In response, I’ve begun a conversation about how to talk about identity in a way that is both accessible and rigorous.

I want to find a way to discuss identity that laypeople understand, without alienating technologists. Digital identity—like the rest of our Internet-enabled world—is scaling faster than society knows how to handle. If we don’t develop a simple way for experts to talk with regular people about both identity and its realization in digital identity, it will be nearly impossible to build an Internet identity layer that fully addresses the needs of a modern global society. One way or another, that identity layer is being built. I believe a better conversation will make a difference.

Consider for a moment a slightly different way to think about identity: Functional Identity. If the approach feels off or triggers a reaction, please drop me a line at joe@legreq.com. If we are to discover how to talk about this simply and effectively, your response is a valuable part of the discourse.

Reframing Identity

Our framing of identity determines how we talk about it. The facets of identity are so rich that we each bring our own hot buttons and agendas to any discussion. Some engage from a philosophical perspective, others cultural. Some dive into political issues and others get meta-physical and spiritual. These different frames are valid aspects identity’s impact on our lives. Not just valid. Vital. They help answer the question of “Why?” Why it matters, why we should care. Unfortunately, they also inflame passions. We often talk past each other to make points that have minimal relevance in other frames, leaving everyone frustrated and unheard.

As an engineer, I’m concerned with how things work. I want to learn how to fix what’s broken and how to build new things. In short, I want to know how things function. With identity, this functional perspective sidesteps the inflammatory rabbit holes, without dismissing them. Once we understand how Identity works and how we use it, we can explore how different identity choices affect individuals and society. Functional Identity lets us investigate the HOW without prejudice to WHY, viewing identity systems based on how they work and then, in turn, how they affect individuals and society.

A Functional Definition

Identity is how we keep track of people and things and, in turn, how they keep track of us.
That’s it. We learn people’s names, we observe them and hear gossip and consume media. We then apply that sense of who they are to our dealings with them. Others do the same in return.

In computational systems, we assign identifiers, we accumulate observations, we correlate those observations with entities, we make conclusions based on those observations and we apply those conclusions in interactions with those same entities.
In other contexts, we give people name tags, we share business cards, and we wear bracelets. All to facilitate keeping track of each other.

This simple definition is provocative. It triggers associations with Big Brother and the surveillance state. It brings up ideas about embedded chips and tattooed serial numbers. It conjures fears of government or corporations constantly tracking what we do.
Which is ok, because, in fact, those are the most feared abuses of identity. It’s important to realize when we talk about identity that we are always talking about how we keep track of people.

There are also a number of wonderful uses of identity that are worth remembering. The joy of a child saying “Momma” or a lover calling out your name. The pride in your name on a diploma. The simple benefit of seeing another’s name tag at a workshop and better remembering that fascinating conversation. Identity enables so much good stuff *because* it helps us keep track of people and things.

Like white space in visual design or writing, identity systems are also defined by how they prevent or minimize tracking. While identity is useful, too much tracking is untenable. Every identity system makes choices about efficiency and privacy, enabling specific means of tracking while limiting others. Realizing that the good consequences of identity inevitably enable the bad is fundamental to understanding how to build systems that appropriately balance the two.

The functional approach reaches beyond digital systems to understand how identity works throughout society. By better understanding how identity functions, we will be able to build systems that enhance privacy and human dignity, while improving identity assurance and security.

Why?

Engineers, entrepreneurs, and financiers sometimes ask “Why?” Why are we spending so much time with navel-gazing conversations about identity? Why not just build something and fix it if it is broken? To be fair, I get why “Identity” with a capital “I” is banned in certain working groups. Those distracting conversations can derail productive efforts to build good systems and ship working code. And yet, there is a vitally important and simple reason to better understand identity: human dignity.

When we build identity systems without a core understanding of identity, we risk inadvertently compromising human dignity.

There are times when security concerns demand compromise. Fine. It’s the job of our political systems—local, national, and international—to moderate the worst abuses and to establish boundaries and practices that serve basic human rights.

But when engineers unwittingly compromise the ability of individuals to self-express their identity, when our systems subject individuals to unreasonable restrictions and deny basic services because of a flawed understanding of identity, that’s an avoidable tragedy. What might seem minor today could lead to the loss of privacy, liberty, or even life for an individual whose identity is unintentionally compromised. That’s why it pays to understand identity, so the systems we build intentionally enable human dignity instead of accidentally destroy it.

In a future column, we’ll discuss the elements of Functional Identity, with the eventual goal of defining the fundamental objects and methods that comprise any identity system, digital or otherwise. From there we can start to explore the impact on privacy and freedom and human dignity that different identity systems afford.

In the meantime, I’m off to ID2020, a UN Summit about the potential for blockchain technology to help with UN Sustainable Development Goal (SDG) 16.9. We’ll be exploring how self-sovereign identity might enable us to create a legal identity for everyone on the planet by 2030, including birth registration. Not a small task.

I hope you’ll join me as we continue the conversation.

This article also appears at https://peoplecentered.net/2017/06/11/speaking-of-identity/

Posted in Identity, Technology | Tagged , | 1 Comment

Detail is the enemy

Rigor is your friend.

When defining the requirements for a system, its best to avoid detail and focus on rigor instead.

Endless prescriptive details are the bane of good requirements. What to do or not do. Features. Capabilities. Constraints. So many things you can say that its hard to tell what to focus on. Too much detail prevents understanding rather than enabling it.

I had a client once who believe their 250+ “user stories”, diligently and exhaustively captured in Jira, perfectly described the system we were to build. Unfortunately, no one else could see through the muddle to understand what we were supposed to do. Not her boss. Not the engineers. Not her peers in the organization.

Understandably, she was frustrated when others said they don’t understand our priorities or even what the MVP (minimal viable product) actually is supposed to be. She had doubtless put hundreds, perhaps thousands of hours into capturing every detail that should be addressed as we built out the product. Her intention, diligence, and technical skill were all exemplary, and yet, the extensive Jira entries failed to do what she most needed them to do: help her collaborators understand the requirements of the product we were going to build together.

In my experience, this is a common pattern, a perfectly natural result of product managers and engineers focusing on quantity and detail rather than rigor, clarity, and focus.

Working together, we were able to build a consensus with the founder of the company (and our boss) about the #1 focal use case. That use case not only provided clarity about how engineers might choose between tradeoff in early development, it cemented understanding between the technical team and the founder about what capabilities and what work are most important to the near term success of the company.

When we were able to focus on a single use case, we were able to answer–even as a temporary conclusion–questions that were preventing software development from moving ahead. The rigor needed to understand, gain consensus, then implement that single use case proved to be far more practical, actionable, and valuable than the year’s worth of accumulated “user stories” in Jira.

Don’t get me wrong, the background work in fleshing out the full range of requirements was useful. It provided the foundation for distilling that single focus use case and served as an indelible record of the research and experimentation performed in the early days of the company. It was, on its own merits, solid work.

Yet it wasn’t until we stepped back from the cacophony of requirements in that seemingly endless Jira database of “user stories” that we were able to execute on the vision. When we rigorously worked through how just one single use case would work it required a system architecture–even as a strawman for discussion. It also required acknowledging and sandboxing additional capabilities that while important and interesting long term, simply didn’t apply to the one single use case. When we let the focal use case filter the endless possibility of the product into a single interaction, the system requirements solidified into a proposed design and working code in short order.

Yes, the code was incomplete. No, it didn’t do everything the ultimate product would. But it ran. It was demonstratable. It created the ground for the next phase of the conversation between product management and the company’s executive team.

In short, the rigor of understanding a single, limited, focal use case proved to be immeasurably move valuable than the exhaustive detail of hundreds of user stories.

So the next time you’re collaborating on a new system, right the urge to specify every last detail, to exhaustively list all the things it could do, and instead rigorously figure out how the product will do the one most important thing it needs to.

Do that and you’ll create a real product, capable of becoming that amazing vision rather than creating an unattainable vision that no product could encompass.

Posted in Development, Requirements Modeling | Tagged , , , , , | Leave a comment

The Moral Burden of the State

There are times when it is appropriate for the state to restrict our liberties. To detain us. To imprison us. Even to take human life.

The constitution and the institutions of our republic imbue the state with the moral authority to restrict our liberties, subject to checks and balances that work to keep inevitable errors and excesses to a minimum.

There is no time when it is appropriate to abrogate the moral obligation of the state and give corporations the role of restricting our liberties. Not because it is convenient. Not because it is cheaper.

Corporations are not only free from the constitutional framework of the state, they are legally required to maximize shareholder value. They are structurally unable to place the moral needs of the state–or the individual or society–ahead of corporate interests.

Institutions designed for profit cannot credibly wield the moral authority of the state.

The moral burden of the state cannot be separated from it.

Please consider signing Bernie Sander’s petition to end corporate prisons. It’s time to stop profiting from incarceration.

https://go.berniesanders.com/page/s/private_prisons

Posted in regulatory | Tagged , , | Leave a comment

Open all files in separate emacs windows

How to open everything in a directory with emacs, each in their own window:

find . -type f -exec $SHELL -c '"$0" "$@" &' emacs {} \;

Many thanks to ephemient at StackOverflow for the inspiration: http://stackoverflow.com/questions/853451/can-the-find-commands-exec-feature-start-a-program-in-the-background

Posted in coding | Tagged , , , | Leave a comment

Beware the Plan of Sauron

The “Master App” can’t magically make it all work.
The all seeing Eye of Sauron

On the project VRM blog, Doc Searls recently suggested that the killer app for VRM is the “Master App”. In response, on the Project VRM email list, Jim Pasquale suggested it’s more of a mixing board than a master app. Jim’s right.

The “master app” reminds me of what I call “The Sauron business model,” a term I coined after watching over one hundred and twenty 60 second pitches at two different Startup Weekend Santa Barbara events in the last two years. With all of those pitches in rapid succession, the pattern popped right out.

For those of you who might not be Lord of the Rings fans, Sauron was the bad guy hell-bent on unifying everything in Middle Earth under his brutal rule, and wanted that hobbit’s ring to do it:

Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.

[quoted from http://en.wikipedia.org/wiki/One_Ring]

What I saw repeated again and again and again in those pitches at Startup Weekend were hopeful entrepreneurs who earnestly believed that if they could just unify all of a person’s [insert unique idea here], they could provide a ground breaking new service that would transform the world. Just like Sauron, all they needed was that One Thing to make it all work…

  • Creating the only singular view of an individuals financials, MyFinances.com will make it easy for people to instantly waste less–and make more–money!
  • Bringing together all of a user’s vendors into one coherent dashboard, people will finally be able to make smart choices that both save money and create more value, while vendors get better access to the right customers at the right time!
  • Giving users control of their identity across all online services will make their online lives simpler and more secure.

Sound familiar?

The problem with the Sauron business model is that it depends on first unifying All the Things before it generates any unique value.

Unless you can provide value FIRST, you’ll never get a chance to unify all the things. Trying to convince or coerce users into doing so makes you look a little like Sauron: delusional, power hungry, and more value destroying than value-creating.

What Doc wants sounds great, but starting with a dependency on unification is the wrong framing of the opportunity.

As I see it, there are two ways forward for the ambitious market changer: sharpshooting your way into a revolution or teaching a gorilla to dance.

crossing the chasm by Geoffrey Mooreries and trout positioningFor most entrepreneurs, with limited ammunition and time, finding a way to make every shot counts isn’t just important, it’s vital. Find a niche, nail it. That mantra isn’t new, both Geoffrey Moore and Ries & Trout built business strategy movements on the idea. Focus is everything to the early startup. Do that and you might just be able to become a unifying tool for end-users… you just won’t start out as one.

firefox browser On the other hand, if you’re a player in a big company, with an already ubiquitous presence, then perhaps the opportunity is to make your over-sized gorilla dance like Fred Astaire. Bill Gates orchestrated the myth of Microsoft turning on a dime to take on the Internet. Steve Jobs created entire new categories of devices when he returned to Apple after a forced hiatus. Unfortunately, while most of us don’t have Steve Jobs or Bill Gates levels of genius, even fewer of us are in a position to change existing players as they did. Fighting for VRM, we are rooting for Sean Bohan over at Mozilla, who is fighting the good fight at the organization that makes Firefox, the worlds 3rd most popular web browser. If you are lucky enough to be in a position like Sean’s, go for it. We need visionary change from the top in as many large companies and organizations as we can get. But there are far more hopeful entrepreneurs than change agents positioned at industry giants…

In short, beware of the Sauron plan. If you’re imagining your startup unifying all of anything before you produce unique value for your users and customers… you’re probably doing it wrong.

Posted in ProjectVRM, Uncategorized, Vendor Relationship Management | Tagged , , , , | Leave a comment

How to conditionally display variables with EJS

Short version: <%= user.name ? user.name : '' %>

When using EJS as a template language, it can be a bit of a mystery how to concisely display variables if and only if they are defined.

For example, if you have a form field that is pre-filled with data from the database, you usually don’t want to pre-fill with the string “undefined”. Rather, you’d like those fields left blank. This is a common situation when using Node.js with MongoDB and Mongoose, which can be friendly to missing fields, if only there were an easy way to avoid the “undefined” value when rendering your EJS template.

Typical solutions have something awkward like

<% if(user.name) { %> <%= user.name %> <% } %>

That’s got all those extra %> terms.

You might try something like

<%= if(user.name) { user.name }%>

But that doesn’t like the “if”, because <%= is expecting a value, not a statement. So you might try this:

<% if(user.name) { user.name }%>

Which probably evaluates user.name rather than displaying it. Not only is that an ugly security risk (going straight from user data in your DB to code), it doesn’t actually output anything to the web page.

Fortunately, the ternary operator is magic. It can perform a conditional anywhere a value is needed.

Here’s the ternary for displaying EJS values only when defined:

<%= user.name ? user.name : '' %>

Yes, you need the final ”, but that’s a small price to pay.

Now, whenever you want to drop in a field value if–and only if–it is defined, use this trick.

For those sticklers out there, user.name could be defined but null or an empty string. The “technical” way to check for undefined would give us something like

<%= typeof user.name!='undefined' ? user.name : '' %>

But functionally, both approaches give you what you want for the form field use case. So, I’ll stick with the simpler, shorter one.

Posted in coding, Development | Tagged , , , , | Leave a comment

Destroying contract law: CISPA violates more than privacy

Don’t let Congress undermine our best free market tool for fixing our relationships with companies.

The US House of Representatives just passed a bill (CISPA, aka HR264) that explicitly allows companies to ignore their privacy agreements in the name of cybersecurity.

Here’s the Huffington Post report:

http://www.huffingtonpost.com/2013/04/18/cispa-vote-house-approves_n_3109504.html

SOPA. The Monsanto Protection Act. CISPA. Regulatory capture of the worst kind.

Please get the word out. Fight this thing.

If we can’t even depend on the blatantly one-sided Terms of Service and Privacy Policies of our service providers, entire fields of solutions evaporate.  Efforts to improve, fix, clarify, negotiate or automate the privacy and service agreements will be essentially worthless if Congress is willing to give corporations a free pass.

“Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes … share such cyber threat information with any other entity, including the Federal Government.”

Enshrining corporate protections like this in law isn’t just a privacy problem. It undermines the very notion of contract as a mechanism for constructing agreements in a free society.

This is unaccepatble.

Fight CISPA. Call your senator. Call the white house. Blog it. Tweet it. Repost this.

Tell everyone.

Posted in Information Sharing, privacy, ProjectVRM, regulatory, Shared Information | 2 Comments