David Birch A new way to stop identity theft
So I thought I’d talk about identity.
That’s sort of an interesting
enough topic to me.
And the reason was,
because when I was asked to do this,
I’d just read in one of the papers,
I can’t remember,
something from someone at Facebook saying,
“Well, we need to make everybody
use their real names,
and then that’s basically
all the problems solved.”
And that’s so wrong,
that’s such a fundamentally
reactionary view of identity,
and it’s going to get us
into all sorts of trouble.
And so what I thought I’d do is,
I’ll explain four sort of
problems about it,
and then I’ll suggest a solution,
which, hopefully,
you might find interesting.
So just to frame the problem:
What does “authenticity” mean?
That’s me,
that’s a camera phone picture
of me looking at a painting.
[What’s the Problem?]
That’s a painting that was painted
by a very famous forger,
and because I’m not very good
at presentations,
I already can’t remember the name
that I wrote on my card.
And he was incarcerated in,
I think, Wakefield Prison,
for forging masterpieces by,
I think, French Impressionists.
And he’s so good at it
that when he was in prison,
everybody in prison,
the governor and whatever,
wanted him to paint masterpieces
to put on the walls
because they were so good.
And so that’s a masterpiece,
which is a fake of a masterpiece,
and bonded into the canvas is a chip
which identifies that as a real fake,
if you see what I mean.
(Laughter)
So when we’re talking about authenticity,
it’s a little more fractal
than it appears,
and that’s a good example to show it.
I tried to pick four problems
that will frame the issue properly.
So the first problem, I thought,
chip and PIN, right?
[Banks and legacies
bringing down the system from within]
[Offline solutions do not work online]
Everyone’s got a chip and PIN card, right?
So why is that a good example?
That’s the example
of how legacy thinking about identity
subverts the security
of a well-constructed system.
That chip-and-PIN card
that’s in your pocket
has a little chip on it
that cost millions of pounds to develop,
is extremely secure,
you can put scanning
electron microscopes on it,
you can try and grind it down,
blah blah blah.
Those chips have never been broken,
whatever you read in the paper.
And for a joke,
we take that supersecure chip,
and we bond it to a trivially
counterfeitable magnetic stripe.
And for very lazy criminals,
we still emboss the card.
So if you’re a criminal in a hurry
and you need to copy someone’s card,
you can just stick a piece of paper on it
and rub a pencil over it
just to speed things up.
And even more amusingly,
and on my debit card, too,
we print the name and the sort code
and everything else on the front.
Why?
There is no earthly reason why your name
is printed on a chip-and-PIN card.
And if you think about it,
it’s even more insidious and perverse
than it seems at first.
Because the only people that benefit
from having the name on the card
are criminals.
You know what your name is, right?
(Laughter)
And when you go into a shop
and buy something,
it’s a PIN – he doesn’t care
what the name is.
The only place you ever have to write
your name on the back
is in America.
Whenever I go to America,
and I have to pay with a magstripe
on the back of the card,
I always sign it “Carlos Tethers” anyway,
just as a security mechanism,
because if a transaction
ever gets disputed,
and it comes back
and it says “Dave Birch,”
I know it must have been a criminal,
because I would never
sign it “Dave Birch.”
(Laughter)
So if you drop your card in the street,
it means a criminal
can pick it up and read it.
They know the name,
from the name, they can find the address,
and then they can go off
and buy stuff online.
Why do we put the name on the card?
Because we think identity
is something to do with names,
and because we’re rooted
in the idea of the identity card,
which obsesses us.
And I know it crashed and burned
a couple of years ago,
but if you’re someone in politics
or the Home Office or whatever,
and you think about identity,
you can only think of identity
in terms of cards with names on.
And that’s very subversive
in a modern world.
So the second example I thought I’d use
is chat rooms.
[Chatrooms and Children]
I’m very proud of that picture.
That’s my son playing
in his band with his friends
for the first-ever gig,
I believe you call it, where he got paid.
(Laughter)
And I love that picture.
I’ll like the picture of him
getting into medical school a lot better,
(Laughter)
I like that one for the moment.
Why do I use that picture?
Because that was very interesting,
watching that experience as an old person.
So him and his friends,
they get together, they booked a room,
like a church hall,
and they got all their friends
who had bands, got them together,
and they do it all on Facebook,
and then they sell tickets,
and the first band on the –
I was going to say “menu,” that’s
probably the wrong word for it, isn’t it?
The first band on the list of bands
that appears at some
public music performance of some kind
gets the sales from the first 20 tickets,
then the next band gets the next 20,
and so on.
They were at the bottom
of the menu, like, fifth,
I thought they had no chance.
He actually got 20 quid. Fantastic, right?
But my point is,
that all worked perfectly,
except on the web.
So they’re sitting on Facebook,
and they’re sending these messages
and arranging things,
and they don’t know who anybody is, right?
That’s the problem we’re trying to solve.
If only they were using real names,
then you wouldn’t be worried
about them on the internet.
So when he says to me,
“Oh, I want to go to a chat room
to talk about guitars” or something,
I’m like, “Oh, well,
I don’t want you to go into a chat room
to talk about guitars,
because they might
not all be your friends,
and some of the people
that are in the chat room
might be, you know, perverts
and teachers and vicars –”
(Laughter)
I mean, they generally are,
when you look in the paper, right?
“So I want to know who all the people
in the chat room are.
So, OK, you can go in the chat room,
but only if everybody in the chat room
is using their real names,
and they submit full copies
of their police report.”
(Laughter)
But of course, if anybody
in the chat room asked for his real name,
I’d say, “No. You can’t
give them your real name,
because what happens
if they turn out to be perverts
and teachers and whatever?”
So you have this odd sort of paradox
where I’m happy for him
to go into this space
if I know who everybody else is,
but I don’t want anybody else
to know who he is.
And so you get this sort of
logjam around identity,
where you want full disclosure
from everybody else,
but not from yourself.
And there’s no progress, we get stuck.
So the chat room thing
doesn’t work properly,
and it’s a very bad way
of thinking about identity.
Cheerleading … so, on my RSS feed,
I saw this thing about –
I just said something bad
about my RSS feed, didn’t I?
I should stop saying it like that.
For some random reason I can’t imagine,
something about cheerleaders
turned up in my in-box.
And I read this story about cheerleaders,
and it’s a fascinating story.
This happened a couple
of years ago in the US.
There were some cheerleaders
in a team at a high school in the US,
and they said mean things
about their cheerleading coach,
as I’m sure kids do about
all of their teachers all of the time,
and somehow, the cheerleading coach
found out about this.
She was very upset.
So she went to one of the girls and said,
“You have to give me
your Facebook password.”
I read this all the time,
where even at some universities
and places of education,
kids are forced to hand over
their Facebook passwords.
So you have to give them
your Facebook password.
So the kid – she was a kid! –
what she should have said is,
“My lawyer will be calling
you first thing in the morning.
It’s an outrageous imposition
on my Fourth Amendment right to privacy.
You’ll be sued
for all the money you’ve got!”
That’s what she should have said.
But she’s a kid,
so she hands over the password.
The teacher can’t log in,
because the school
has blocked access to Facebook.
So the teacher can’t log into Facebook
till she gets home.
So the girl tells her friends,
“Guess what happened?
The teacher logged in. She knows.”
So the girls all logged into Facebook
and deleted their profiles.
So when the teacher logged in,
there was nothing there.
My point is: those identities,
they don’t think about them the same way.
Identity is – especially when
you’re a teenager – a fluid thing.
You have lots of identities,
you experiment with them.
And if you have an identity you don’t
like because it’s subverted in some way
or it’s insecure or it’s inappropriate,
you just delete it and get another one.
The idea that you have an identity
that’s given to you by someone,
the government or whatever,
and you have to stick with that identity
and use it in all places
is absolutely wrong.
Why would you want to really know
who someone was on Facebook,
unless you wanted to abuse them
and harass them in some way?
It just doesn’t work properly.
And my fourth example is,
there are some cases
where you really want to be –
in case you’re wondering,
that’s me at the G20 protest.
I wasn’t actually at the G20 protest,
but I had a meeting at a bank
on the day of the G20 protest.
And I got an email from the bank, saying,
“Please don’t wear a suit,
because it’ll inflame the protesters.”
I look pretty good in a suit, frankly,
so you can see why it would drive them
into an anticapitalist frenzy.
(Laughter)
So I thought, “Well, if I don’t
want to inflame the protesters,
the obvious thing to do
is go dressed as a protester.”
So I went dressed completely in black,
you know, black balaclava …
I had black gloves on but took them off
to sign the visitors' book.
(Laughter)
I’m wearing black trousers and boots,
I’m dressed completely in black.
I go into the bank at 10am
and go, “Hi, I’m Dave Birch,
I’ve got a 3 o’clock with so-and-so.”
“Sure!” And they sign me in.
There’s my visitor’s badge.
(Laughter)
So this nonsense about “you’ve got to have
real names on Facebook” and whatever,
that gets you that kind of security.
That gets you “security theater,”
where there’s no actual security,
but people are sort of playing parts
in a play about security,
and as long as everybody
learns their lines,
everyone’s happy.
But it’s not real security, right?
Especially because I hate banks
more than the G20 protesters do,
because I work for them.
I know that things are actually worse
than these guys think.
(Laughter)
But suppose I worked
next to somebody in a bank
who was doing something –
you know, they were like people who take
the money from banks and don’t …
you know, they take the money …
Oh – “traders.”
That’s the word I was thinking of.
Suppose I was sitting
next to a rogue trader,
and I want to report it
to the boss of the bank.
So I log on to do a little whistleblowing.
I send a message,
“This guy’s a rogue trader.”
That message is meaningless
if you don’t know
that I’m a trader at the bank.
If that message just comes from anybody,
it has zero information value.
There’s no point in sending that message.
You have to know that I’m …
But if I have to prove who I am,
I’ll never send that message.
It’s just like the nurse in the hospital
reporting the drunk surgeon.
That message will only happen
if I’m anonymous.
So the system has to have ways
of providing anonymity in it,
otherwise, we don’t get
where we want to get to.
So, four issues.
So what are we going to do about it?
Well, what we tend to do about it
is we think about Orwell-space.
And we try to make electronic versions
of the identity card
that we got rid of in 1953.
So we think if we had a card –
call it a Facebook login –
which proves who you are,
and I make you carry it all the time,
that solves the problem.
And of course, for all those
reasons I’ve just outlined, it doesn’t,
and it might make some problems worse.
The more times you’re forced
to use your real identity,
certainly in transactional terms,
the more likely that identity
is to get stolen and subverted.
The goal is to stop people
from using identity
in transactions which don’t need identity,
which is actually almost all transactions.
Almost all of the transactions you do
are not “Who are you?”
They’re “Are you allowed
to drive the car?”
“Are you allowed in the building?”
“Are you over 18?”
etcetera, etcetera.
So my suggestion – I, like James,
think that there should be
a resurgence of interest in R and D.
I think this is a solvable problem.
It’s something we can do about.
Naturally, in these circumstances,
I turn to Doctor Who.
Because in this –
(Laughter)
as in so many other walks of life,
Doctor Who has already
shown us the answer.
So I should say,
for some of our foreign visitors:
Doctor Who is the greatest
living scientist in England –
(Laughter)
and a beacon of truth
and enlightenment to all of us.
And this is Doctor Who
with his “psychic paper.”
Come on, you guys must have seen
Doctor Who’s “psychic paper.”
You’re not nerds if you say yes.
Who’s seen Doctor Who’s psychic paper?
Oh right, you were in the library
the whole time studying, I guess.
Is that what you’re going to tell us?
Doctor Who’s psychic paper is:
when you hold up the psychic paper,
the person, in their brain,
sees the thing that they need to see.
So I want to show you a British passport,
I hold up the psychic paper,
you see a British passport.
I want to get into a party,
I hold up the psychic paper,
I show you a party invitation.
You see what you want to see.
So what I’m saying is, we need
to make an electronic version of that,
but with one tiny, tiny change,
which is that it’ll only show you
the British passport
if I’ve actually got one.
It’ll only show you the party invitation
if I actually have one.
It will only show you that I’m over 18
if I actually am over 18.
But nothing else.
So you’re the bouncer at the pub,
you need to know that I’m over 18.
Instead of showing you my driving license,
which shows you I know how to drive,
what my name is, my address,
all these kind of things,
I show you my psychic paper,
and all it tells you is,
am I over 18 or not.
Right.
Is that just a pipe dream?
Of course not, otherwise
I wouldn’t be here talking.
So, in order to build that
and make it work,
I’m only going to name these things,
I’ll not go into them:
we need a plan,
which is, we’re going to build
this as an infrastructure
for everybody to use
to solve all of these problems.
We’re going to make a utility.
The utility has to be universal,
you can use it everywhere.
I’m just giving you little flashes
of the technology as we go along.
That’s a Japanese ATM,
the fingerprint template
is stored inside the mobile phone.
So when you want to draw money out,
you put the phone on the ATM
and touch your finger,
your fingerprint
goes through to the phone,
the phone says, “Yes, that’s whoever,”
and the ATM then gives you some money.
It has to be a utility
that you can use everywhere.
It has to be absolutely convenient.
That’s me going into the pub.
All the device on the door
of the pub is allowed is:
Is this person over 18
and not barred from the pub?
And so the idea is,
you touch your ID card to the door,
and if I’m allowed in,
it shows my picture,
if I’m not, it shows a red cross.
It doesn’t disclose any other information.
It has to have no special gadgets.
That can only mean one thing,
following on from Ross’s statement,
which I agree with completely:
if it means no special gadgets,
it has to run on a mobile phone.
That’s the only choice we have,
to make it work on mobile phones.
There are 6.6 billion
mobile phone subscriptions.
My favorite statistic of all time:
only 4 billion toothbrushes in the world.
That means something. I don’t know what.
(Laughter)
I rely on our futurologists to tell me.
It has to be a utility
which is extensible.
So it has to be something
that anybody could build on.
Anybody should be able
to use this infrastructure;
you don’t need permissions,
licenses, whatever.
Anyone should be able
to write some code to do this.
Well, you know what symmetry is,
so you don’t need a picture of it.
This is how we’re going to do it.
We’re going to do it using phones
and mobile proximity.
I’m going to suggest to you
the technology to implement Doctor Who’s
psychic paper is already here,
and if any of you have got
one of the new Barclay’s debit cards
with the contactless interface on it,
you’ve already got that technology.
Have you ever been up to the big city
and used an Oyster card?
Does that ring a bell?
The technology already exists.
The first phones that have
the technology built in –
the Google Nexus, the S II,
the Samsung Wave 578 –
the first phones that have the technology
built into them are already in the shops.
So the idea that the gasman
can turn up at my mum’s door,
and he can show my mum his phone,
and she can tap it with her phone,
and it’ll come up with green
if he really is from British Gas
and allowed in,
and will come up with red
if he isn’t, end of story.
We have the technology to do that.
And what’s more,
although some of those things
sound a bit counterintuitive,
like proving I’m over 18
without proving who I am,
the cryptography to do that
not only exists,
it’s extremely well-known
and well-understood.
Digital signatures, the blinding
of public key certificates –
these technologies
have been around for a while,
we’ve just had no way
of packaging them up.
So the technology already exists.
We know it works.
There are a few examples
of the technology being used
in experimental places.
That’s London Fashion Week,
where we built a system with O2.
That’s for the Wireless
Festival in Hyde Park.
You can see the person’s
walking in with their VIP band,
it’s being checked by the Nokia phone
that’s reading the band.
I’m only putting those up to show you
these things are prosaic,
this stuff works in these environments.
They don’t need to be special.
So finally, I know that you can do this,
because if you saw
the Easter special of Doctor Who,
where he went to Mars in a bus –
I should say, again,
for our foreign students:
that doesn’t happen in every episode.
This was a very special case.
So in the episode where he goes
to Mars in a London bus –
I can’t show you the clip,
due to the outrageous restrictions
of Queen Anne-style copyright
by the BBC –
but in the episode where he goes
to Mars in a London bus,
Doctor Who is clearly shown
getting onto the bus
with the Oyster card reader
using his psychic paper.
Which proves that psychic paper
has an NFC interface.
Thank you very much.
(Applause)