understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

Main | February 2005 »


posted by:Ian Kerr // 12:55 PM // January 31, 2005 // Walking On the Identity Trail

many readers interested in authentication systems will know about the challenges of ensuring electronic privacy while, at the same time, maintaining adequate system security. for example, electronic voting systems need to be capable of ensuring the relative anonymity of each voter while also ensuring that a given individual is eligible to vote, casts no more votes than s/he is entitled, etc.

one of my colleagues, cryptographer david chaum, has been thinking about these sorts of problems for many years.

more recently, he has become involved in ensuring uniform standards for electronic voting through an organization dedicated to Voting System Performance Rating (VSPR) this group is focused on defining objective ways to measure performance of voting systems. VSPR comprises experts from a wide range of voting-related fields, including election officials, social scientists, technologists, vendors, advocates and standards body members.

one crucial aspect of VSPR is that it operates openly: anyone is free to sign up as a recipient to any of the Council Group or Working Group mailing lists, anyone can become a member-at-large of the VSPR Council, and all records of discussions are publicly available.

for a description of the issues to which VSPR is dedicated, read this interesting newsweek article

| Comments (0) |

An article about Google and employee blogs

posted by:Jennifer Manning // 05:46 PM // January 30, 2005 // Digital Democracy: law, policy and politics

CNET.news recently posted a short article about Mark Jen (Google employee's) blog, ninetyninezeros. The article discusses some of the issues surrounding employee blogs, and why Jen took down his post that offered some "mild criticisms" of Google. Click here for the article

| Comments (0) |

Homes are private places, even if the public has "visual access"

posted by:Alex Cameron // 10:12 AM // January 28, 2005 // Digital Democracy: law, policy and politics

The Supreme Court of Canada has just released reasons in an interesting privacy case. The the accused was charged with committing an indecent act in a public place - masturbation in this case - under the Criminal Code. However, the accused had engaged in this act in his own home. The question the Court has to answer was whether the man's home was a "public" place because his activities were in view of the "public" through his windows - his neighbours were the ones who saw him and reported him to the police.

In a short unanimous judgement, the Court held that the man's home was private and that it did not become "public" merely because others could peek in. Citing the language of the Criminal Code, Justice Fish wrote the following for the Court: "The living room of his private home was not a place 'to which the public (had) access as of right or by invitation, express or implied'." The Court held that "access" in this provision of the Criminal Code meant physical access, not "visual access". Because the public did not have physical access to the accused's home, it was not a public place for the purpose of this offence.

This ruling turned on the particular wording of the Criminal Code. However, it will be interesting to see whether this case influences more broadly the interpretation of public vs. private spaces in future cases.

Full decision here

Media report here

| Comments (3) |

Trusted Computing: An Introduction

posted by:Jason Millar // 02:40 PM // January 27, 2005 // TechLife

Trusted Computing (TC) is one of the hottest and most controversial topics in computer hardware and software design today. The thrust of this initiative is being spearheaded by the largest and most influential software and hardware companies in the world (see the Trusted Computing Web Site for a complete list).

This is a link to an introductory article that describes the basics of TC, and provides an overview of some of the controversial issues related to TC. EPIC also produced a piece on TC (they have some good links too) that can be found here.

I found this article very informative and relatively balanced. I'm sure it will spark some interest in the group.

I've also included a general TC FAQ. More radical TC interpretations can also be found including this one at NewsForge.

Trusted Computing is also closely linked to the Digital Rights Management technologies outlined by Alex Cameron, as it is a strong enabling and enhancing technology for anyone interested in implementing a DRM scheme.

| Comments (0) |

Privacy and New Technology

posted by:Alison Gardner Biggs // 11:02 AM // January 26, 2005 // Surveillance and social sorting

Sometimes the impact of the Internet can catch us all by surprise. Policies which are perfectly appropriate for the offline world have different implications and consequences when translated to the online environment.

An example of this recently came to CIPPIC’s attention when an individual notified us that her personal contact information had been posted on the CRTC’s website. The CRTC's policy is to directly reproduce all comments received, including personal information. In this case, however, the individual in question did not know her information would be posted and only became aware of the posting when contacted by a complete stranger, three years later.

The CRTC has always made comments to Public Notices available in print format for inspection. This policy does not, however, translate well to the online world. An easy example is that of spammers and e-mail harvesting programs which troll the Internet for e-mail addresses. As well, information is harder to pull from the Internet - pages are often still available through tools such as Google's cache.

CIPPIC has written to the CRTC explaining our concerns and to ask them to reconsider their policy and move to a more privacy-respectful approach. The text of that letter can be found here.

| Comments (2) |

your first taste of the id trail mix!

posted by:Ian Kerr // 11:46 PM // January 25, 2005 // ID TRAIL MIX | Walking On the Identity Trail

welcome to blog*on*nymity, a collaborative discussion led by the members of the On the Identity Trail research project, sponsored by the Social Sciences and Humanities Research Council of Canada.

as principle investigator for the project, i volunteered to author the first of our weekly id trail mix series. although part of the aim of our blog is to catalyze further discussion among team members, we hope that the blog also fosters a broader, more inclusive and public discussion, one that transcends various social sectors and transfers some of the knowledge products generated by the project and its research through less formal, alternative channels.

id trail mix is a weekly feature of our blog*on*nymity. these weekly articles are meant to be longer and slightly more rigorous than the typical posts found on our blog and across the blogosphere. they are more like a feature length news item but, hopefully, with a bit more bite!

contributions to id trail mix will generally come from members of on the identity trail and invited guest bloggers with subject matter expertise or interest. if you are interested in guest blogging, send an email to blog*on*nymity's editor marty.

| Comments (0) |

my way, or the spyway?

posted by:Ian Kerr // 11:39 PM // // ID TRAIL MIX

i feel like i am standing in the middle of yesterday.

ten years ago, information studies guru phil agre wrote a series of interesting articles about intelligent transportation systems (ITS) in an online journal called the network observer. the focus of these articles was on privacy. agre wanted to avoid utopian and dystopian extremes, steering readers instead towards what he called "medium-sized concepts that let us make theories about the interaction between technologies and institutions..."

agre warned of transponder disks that would be placed inside vehicles as part of automated toll collection systems on highways. agre worried that these transponders could be used not just to collect tolls but also to track who was traveling where and when. he predicted that automated tolls would commence on a voluntary basis but would become involuntary as toll roads multiply in number alongside public-private sector cost-recovery partnerships. the central aim would be to find an efficient and convenient way to collect tolls automatically, without asking drivers to slow down or pay cash at a gated highway entrance or exit.

ITS, agre noted, threatened the possibility of driving anonymously. in collaboration with world leading privacy expert marc rotenberg, agre raised a number of policy issues essential to ensuring adequate privacy protection on tomorrow's semi-public highways. agre also commended a company called amtech systems for developing a vehicle identification process system that would allow people to pay tolls automatically but with complete privacy, based on the digital cash methods developed by internationally renowned cryptographer david chaum.

the brilliance of chaum's system was its ability to authenticate the driver for the purposes of tracking payments without the need to reveal, collect or disclose personal identifiers that would indicate who was traveling where and when, etc. using crypto to render untraceable the link between drivers' identities and their means of payment, such technologies offered (and indeed continue to offer) the promise of a middle ground in cases where there is a clash between privacy and the public interest.

flash forward ten years.

it turns out that agre was dead right. automation and ITS have indeed come to rule the road on many of the better roadways in north america and europe. for example, in the province where i live, highway 407, is a fully automated toll road which runs east and west for108 kilometres just north of toronto - canada's largest city. like many other automated highways around the world, the 407 is the result of a public-private partnership. many large companies investing in this project are also investing in similar partnerships for other automated roads around the world. it is said that the automated toll for the 407 is for cost recovery purposes only - about a billion dollars - and that 407 international inc. will cease to collect tolls just as soon as the costs have been fully recovered (i.e., in approximately 30 years!).

when entering or exiting the highway, there is no need to stop, slow or otherwise interact with anyone. the payment system is completely automated; the technologies it employs can be used to determine the time of day you travel, how often, the locations where you enter and exit the highway, your vehicle class, the distance you traveled and whether your transponder (if you have one) is correctly mounted and used in accordance with the prescribed rules.

if you don't set-up a pre-existing transponder account, the default payment mechanism is a license plate recognition system which boast of a 99.999% accuracy rate. this allows the 407 international inc. to take photos of license plates and send motorists a bill in the mail for using the toll road. 407 international inc. has authorized access to drivers' home and/or business addresses through an arrangement with the ministry of transportation ontario (MTO), which shares government collected information with the corporation from the MTO vehicle registration plate database.

from a privacy perspective, this creates a kind of catch-22. setting up a pre-existing account usually requires motorists to identify themselves in order to become account holders. alternatively, billing drivers after the fact requires that toll road operators are able to locate them post-trip in order to collect toll fees.

recognizing this, the ontario information and privacy commissioner worked diligently with MTO and 407 international inc. to develop an anonymous payment scheme, ultimately publishing a report on the subject in 1998.

while this may have been so at the time, it turns out that the anonymous account option described in the report, no longer exists. it is no longer an available option.

this is news.

in a memorandum drafted by on the identity trail student researcher, catherine thompson, it has been determined that the 407 no longer offers drivers the option of anonymous payment:

Highway 407 motorists can not sign up for an account without providing personal information of some kind, whether it is in the form their name and address in an application or personal information in the form of a credit card number which 407 International Inc. charges if payments are not made. Motorists can not pay towards their numbered account through a chartered bank; instead they must send payment through the mail in the form of a cheque or money order.

despite the ontario privacy commissioner's clear recommendations in the mid 1990's and despite the fact that truly anonymous transponders based on chaum's cryptographic techniques where developed and marketed more than a decade ago, no such systems are or have been utilized in ontario.


the reason offered by 407 international inc. appears to be quite straightforward - they say that the anonymous payment option is not popular and therefore does not justify the cost of making it available.

following up on catherine's memo, i was told in a recent phone interview that there are only four so-called anonymous accounts still in existence (i.e., accounts that, according to 407 international inc., do not to link identity with payment, even though such accounts required for their initiation personally identifying information of some kind).

but isn't it possible that the popularity of the anonymous payment option is to some extent dependent on its practical availability and the administrative burden imposed on those who might otherwise wish to use it? this point was astutely raised a few years back by colin bennett, charles raab and pricilla regan.

in the case of the 407, such burdens used to include: (i) an initial in-person visit to 6300 field avenue west, corner Highway 27, during business hours to set up the account (one could not initiate an account at any other MTO office, nor could one sign up by phone, fax, post or the internet); (ii) sending in a payment exclusively by post.

however, what was once a chore is no longer an option. even if one where willing to visit 6300 field ave west and send a cheque in by mail, one can no longer set up an anonymous transponder account!

what ought we to do about it?

blogging and other means of sharing information about the fact that it is no longer possible to drive anonymously on the 407 is certainly a start.

however, on the identity trail thinks that there is more that can be done. we will be pursuing the legality of the failure to provide an accessible, anonymous payment option for 407 motorists in ontario.

we will do so in conjunction with graham greenfleaf and the baker & mckenzie cyberspace law and policy centre in australia, who will undertake a parallel inquiry in connection with a recent proposal in new south wales involving some of the same investoring companies, who wish to initiate a toll system that would result in a similar loss of anonymity.

working together on developing parallel test cases in both jurisdictions, our aim is to create strategies about how to reclaim the anonymous payment option by making privacy laws work. in canada, part of our aim will be to test the scope of the "limited collection" provision of canada's federal privacy legislation as my colleague stephanie perrin so often reminds us - "use it or lose it."

some people's reaction to all of this is sure to be - what is the big deal? why should I care about the fact that i cannot drive anonymously?

a proper answer to these questions requires more attention than i can offer in this already excessive blog. but consider the following.

ITS technical standards are currently being set in the US. ITS canada is not an active participant in the standard setting initiative taking place between the american transportation department and the ITS community. according to recent discussions with the general manager of ITS canada, it is likely that US standards will be adopted in canada even without our participation in their development. canada will end up adopting the US standards for the sake of convenience, compatibility and interoperability.

at the same time, transport canada is attempting to stimulate the growth of ITS north of the 49th through various funding initiatives. such initiatives have been commenced as part of a broader response to terrorism and the perceived need to ease trans-border flows by allowing identifiable and approved vehicles to pass through without having to stop at customs.

so … where is all this heading?

while it is hard to tell for sure, it is worth considering the content of a recently released report for ITS America [link to http://www.itsa.org], titled "Homeland Security and ITS: Using Intelligent Transportation Systems to Improve and Support Homeland Security [link to: http://www.itsa.org/resources.nsf/Files/PPRA_Security_Final/$file/PPRA_Security_Final.pdf] among other things, the report outlines the potential for ITS to prevent, detect and respond to terrorist attacks. this includes "[p]roviding surveillance and analysis for public transportation, including identification of and effective rapid response to threatening or high risk passenger behavior."

looking back to agre's predictions a decade ago - written during the inception of the 407 project in ontario - it is interesting to note that the then information and privacy commissioner of ontario, tom wright, proclaimed that "people want to drive on highways, not spyways."

here we are, once again, standing in the middle of yesterday.

* many thanks to catherine thompson for her outstanding work on this project

| Comments (3) |

UK's New Freedom of Information Law

posted by:Catherine Thompson // 07:12 AM // // Surveillance and social sorting

The UK has a new freedom of information law. Access to information academic Alasdair Roberts has some advice for the British in his essay "Spin Control and Freedom of Information: Lessons for the United Kingdom from Canada."

| Comments (0) |

The information commons and the free software movement

posted by:Chris Young // 01:43 PM // January 24, 2005 // Digital Democracy: law, policy and politics

This article by David M. Berry (doctoral candidate at the University of Sussex) is a bit of an opinion piece on trends in increasing privatization of information, and warns of a possible new "feudal order" based on renting of information owned exclusively by private corporations.

I post it because I want to draw attention to the increasing politicization of the free software movement. This article is published in FreeSoftwareMagazine.com, a new online and print publication dedicated to the Free software/Open source movement. Fully half the articles are at least partly political in tone, rather than dealing exclusively with technical aspects of open source software, as might be expected. The free software movement is an important front in the private vs. common information debate. Many of the articles in this magazine are published under the Creative Commons framework.

| Comments (2) |

Metaphors of Privacy and Security

posted by:Hilary Young // 11:54 AM // // Core Concepts: language and labels

I stumbled upon a paper by Colin Potts of the Georgia Institute of Technology on metaphors of intent which (briefly) discusses metaphors related to privacy and security. Given my background in linguistics, this piqued my interest and I thought some of you might enjoy thinking about how these metaphors can lead to assumptions about the nature of security and/or privacy. For example, Potts points out that the term 'identity theft' "suggests not just that one's identifier may be misused but that in a real sense it may be stolen and therefore no longer be yours".

Potts observations are just teasers (he says almost nothing more about the metaphor of theft in identity theft), but are interesting nonetheless.

(See section 3.3 [page 6])

| Comments (0) |

No Place to Hide??

posted by:Michelle Gordon // 07:01 PM // January 22, 2005 // Surveillance and social sorting

ABC News broadcasted a special on a new book by Robert O'Harrow, a Washington Post Journalist. The book and program address the intersection of the data revolution and national security, and asks the scary question of whether we really do have anywhere to hide. For those who missed the program, check out ABC's website, as well as http://www.noplacetohide.net/. Or, of course, you could read the book!

| Comments (0) |

Border security reports leaked

posted by:Valerie Steeves // 04:36 PM // // Surveillance and social sorting

An insecure link on the US Energy Department's website provided access to border security reports on various people denied entry into the US from Canada because they're on the Tipoff watch list. Tipoff contains the names of more than 100,000 "terrorist risks". cryptome.org published a mirror before the US government severed the link, so you can still read the reports at http://cryptome.org/hsomb/hsomb.htm . Interesting reading, especially if you're looking for evidence of possible discrimination on the basis of ethnicity/religion.

| Comments (0) |


posted by:Ian Kerr // 04:15 PM // January 21, 2005 // Digital Activism and Advocacy | Digital Identity Management | TechLife

just before the winter break, a few of us from on the identity trial and cippic were contacted by folks at ciphire labs about a new crypto product that sounded too good to be true.

ciphire mail, "a new and soon-to-be-open-source application," promises strong and user-friendly e-mail authentication and encryption.

in addition to promising to release the source code, ciphire is free for individual users, nonprofit organizations and the press. it is used in conjunction with standard e-mail programs and operates almost invisibly in the background, encrypting and decrypting e-mail and digitally signing each message to confirm its source.

i have been using it, seamlessly, for about a month now and like it very much! the folks at ciphire have been very generous with us and have provided excellent service and support (though there really isn't much to support, once up and running!!)

for those who might be interested in reading further on this, check out this interesting story on ciphire in wired from yesterday.

| Comments (0) |

Kids for Sale - Privacy in Canadian Schools

posted by:Valerie Steeves // 01:55 PM // // Digital Democracy: law, policy and politics

Earlier this week, my daughter in grade 9 came home from school with a iFlurtz survey form. The survey asks for the student’s full name and birthdate, before delving into a range of questions like:

A 'Double iced mocha frappuccino' is:
a) one of life's necessities
b) a chance to free your inner spaz
c) overpriced designer coffee
d) a funny thing to say

Your fave t.v. shows are:
a) comedies
b) dramas
c) reality shows
d) sports
e) music videos
f) sci-fi
g) talk shows
h) news

Apparently the survey is a fund raiser – kids fill it out to find out the names of 10 other students in their school they should date. Trouble is, their personal data – full name and date of birth, as well as preferences – is sent to the US where it’s collated and matched against data from other students in their school. A marketer’s gold mine, n’est-ce pas?

When my daughter asked her teacher what was up with the survey, she was told (and I quote) "If you’re an obedient kid, you’ll fill it out." Friends of hers were told they had to fill it out before their teacher would "allow" them to do their class work. No notification of purpose, no consent, just one big mandatory opt in.

The teacher organizing the survey clarified after the event – the survey is a way for school clubs to raise money, it’s supposed to be completely optional, and the data isn’t resold – but there’s more here than bad administration. As schools are being increasingly commodified, students are often what’s up for sale. My house is deluged with marketing material handed out to my kids in school – including offers to join clubs or fill out "surveys", almost all of which collect their personal information - in spite of the fact our local school has a "no commercial promotion" policy in place. And getting your kid’s name off the commercial lists if they do join a club or buy something is next to impossible.

If we’re going to take privacy and anonymity seriously, it’s about time we took privacy education seriously too. Students need to know more than their informational rights – they need to know the reasons why, in a democracy, people exercise their right to privacy. To me, the most troubling part of the story is that my kid was the only one of her friends that refused to fill out the survey, even though a number of them were uncomfortable or didn’t want to do it. They felt they "had to" because they were "told to".

On the other hand, the schools need some educating too. I had another child enrolled in a medical research project and interviewed before she came home to tell me what she did at school that day. When I confronted the researcher (who was working with a well respected medical institution in Ottawa), she told me my school board had consented to my child’s participation on my behalf. I don’t think so… They destroyed my kid’s data, but what about the 20 other 5 year olds in her kindergarten class? Do you think that when they’re told to fill out their iFlurtz survey in grade 9 they’ll even think about resisting?

| Comments (3) |


posted by:Ian Kerr // 08:54 AM // // TechLife

since sometime around the middle of july -- when attorney general of mexico verichiped himself and 160 of his staff -- the idea of implanting microchips in human beings has been creeping into the mainstream.

since then, applied digital solutions, maker of the verichip, has received approval from the federal food and drug administration to market the chip for medical applications in the US. applied digital has, more recently, signed major distribution agreements in US and ASIA that promise to make the implantable human microchip standard medical fare.

there are, of course, several layers of privacy implications stemming from all of this. in a recent presentation before a committee of the Department of Health and Human Services, on the identity trail partner EPIC offered a Four Tier Framework for RFID Regulation for medical information

some of these issues and others related to the verichip will be further discussed at a conference in ottawa on march 4/5 called The Concealed "I": Anonymity, Identity and the Prospect of Privacy.

stay tuned for more on this interesting and important subject !!

| Comments (1) |

"Brave New Era for Privacy Fight"

posted by:Alex Cameron // 01:10 PM // January 20, 2005 // Digital Democracy: law, policy and politics

Wired News has an excellent article on important privacy issues for 2005 and beyond. Issues covered include the Patriot Act enhancements, data mining, national ID, federal vs. state control over privacy, DNA databases, and RFID. Marc Rotenberg of EPIC and 'On the Identity Trail' is quoted a number of times in the article.

Click here for the Wired article.

| Comments (2) |

Review of Anti-Terrorism Act begins... submissions sought

posted by:Alex Cameron // 12:58 PM // // Digital Democracy: law, policy and politics

The House of Commons Subcommittee on Public Safety and National Security has begun a review of the Anti-Terrorism Act passed in the wake of 9/11.

The subcommittee is accepting written submissions until February 28, 2005.

Requests to appear at hearings scheduled for winter and spring 2005 must be submitted by February 11, 2005.

The subcommittee plans to table its report to the House of Commons in autumn 2005.

Click here for the official announcement and further details.

| Comments (0) |

The dollars and cents of fingerprints

posted by:Marty // 09:54 AM // January 19, 2005 // TechLife

TechNewsWorld has an interesting article on the use of fingerprints, and their value to the business of biometrics.

In 2004, fingerprinting accounted for US$367 million of the $1.2 billion biometric companies generated in worldwide revenue, according to market research firm International Biometric Group. This time-tested technique has gained popularity because it is the most mature biometric system. As use has expanded beyond law enforcement, pricing has dropped. "A fingerprint scanner costs only $50 to $100," according to David Ostlund, a consultant with International Biometric Group.

The article can be found here: http://www.technewsworld.com/story/39467.html

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada