If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

This morning’s news sees a call from Lord Justice Sedley for all people in the UK including visitors to be required to submit DNA to the national database that is currently being populated. Sedley’s reasons for saying this are not primarily political, but more about fairness and removing the bias that exists in these systems, but regardless, I think this marks a dangerous move for the judiciary.

There are a number of potential problems with a DNA database, which will start to become more apparent as the number of records increases and technology moves on. A comment from Sedley demonstrates my biggest concern with any such database

It also means that a great many people who are walking the streets and whose DNA would show them guilty of crimes, go free?

This displays the very real public opinion that DNA (along with fingerprints, for that matter) are infallible proof of guilt of a crime when, in fact, there can be errors made at any stage of the process. DNA gets around - look in my car, for example, there are DNA samples from me, my family, my girlfriend, my colleagues, the guy who changed a tyre recently and probably many more. If my car becomes a crime scene just how many people will be under suspicion?

Taking this a step further, it’s already possible to plant DNA evidence (it’s easy enough to collect, as my car demonstrates) and at some point in the future will be a trivial task to synthesise it and no doubt to mask it as well. What needs to happen is that the police perform robust investigation, collecting real evidence and determining motive; DNA samples can never be anything other than circumstantial and should certainly not be used as prima facie evidence of guilt.

One of the biggest issues with any biometric identifier is that it is impossible to change - once my DNA (or my fingerprint) has been used for some nefarious purpose then I can never change - there could be someone who (within the bounds of scanning accuracy) is my genetic “twin” to whom I am permanently linked. Every crime he commits would result in my arrest! We’ve seen this situation with the no-fly lists using names (which admittedly are certainly not as unique as DNA).

As with many of these discussions, it’s not the database itself that’s the problem, but the purposes to which it can be put. Unfortunately no legal restraints can be put in place that will guarantee such a system will not be abused and therefore I have little choice but to criticise the initial implementation - as I’ve done already with other systems in our “database state”. I do have nothing to hide, but there is still plenty to fear from this.

Again, another quiet spell, but things have been happening that have kept me away from blogging. I should be able to post on this very shortly…

I was recently re-reading Neal Stephenson’s “In the Beginning…Was the Command Line” (also available online for free) and I was struck by some of the comments that Stephenson makes during his essay and how they relate to the (even more) modern problems facing computer use, particularly in the Internet age.

The key point from the essay is about how the use of GUIs impacts on and impedes a lower level understanding of what’s really going on. Stephenson obviously deals with operating systems but makes an interesting point about how the metaphor of a GUI extends into other areas of the life; the levels of abstraction apply to television, books and other areas of culture. Stephenson uses the interesting story about Disney World as a pre-packaged interpretation of a real experience and it’s certainly one that rings true after a little thought.

“By using GUIs all the time we have insensibly bought into a premise that few people would have accepted if it were presented to them bluntly: namely, that hard things can be made easy, and complicated things simple, by putting the right interface on them.”

This particular quote struck with great resonance, thinking recently, as I had been about identity related issues from a non-technical angel and most interestingly from a psychology perspective. Twice in the past few weeks pub conversations have descended into questions of self image, presentation, reflection, multiple personae - questions, ultimately of “identity”. This was followed by a dinner conversation during which Erving Goffman’s theories on some of those matters were referenced (as you can tell I have a thrilling social life).

Ultimately, all our interactions are identity based - in a conversation the language, tone and vocabulary change according to the audience. The underlying identity doesn’t change, but the presentation of that will vary (there’s been some interesting research recently about how in fact, people do change according to who they surround themselves with however). One of the goals of digital identity management is? to make our online interactions as seamless and natural as our face to face ones.

This leaves me wondering - I do tend to agree with Stephenson’s quote above about how, when we abstract something with metaphors, the underlying concepts become more difficult to understand. There’s been discussion in the past about how impersonation and delegation fit into the identity model and I’m starting to question how we can best use such concepts within a solid identity system.

Identity federation systems provide a level of abstraction that reduces the amount of control that individual users have - the “user centric” model is there to redress that for the consumer space (in the enterprise space any identity is owned by the employer and not the employee), but even there the goal is to reduce the complexity that the user sees - providing a GUI over the command line of the underlying system.

Whilst making systems easier to use, providing metaphors and interoperability layers we need to ensure that the people at both ends of an identity transaction can determine what happens throughout.