At the beginning of the last day of the ACM conference on Computers, Freedom, and Privacy I thought I knew who I was. Now, after a couple of panels on identity management, I'm less sure. Web 2.0 (rounded corners and all) brings a new twist to an old problem: more IDs, more passwords, more economic transactions, and many more …
We Need Identity Escrow Not Identity Providers
With identity escrow, you will use anonymous keys, validated by a Key Exchange Server(KES) and uploaded by the trusted third party (T3P). However, neither the KES nor the T3P will have the faintest idea what you have used your keys for (and you use a different one each time, so anyone with access to the KES data can't track you either). The only route to your real identity is an audited process from the KES back to the T3P and if you're sufficiently paranoid not to trust a handpicked T3P (which could include bodies like "Liberty" or ACLU) there is no reason why you couldn't use "distributed Key Escrow" (where a majority of T3Ps must agree to collaborate to reconstruct the Key) or "chained escrow" (where the first T3P only holds the identity of a second T3P who may hold your real id - or another T3P and so on)
There is also nothing stopping us vesting final control of disputes about whether a prima facie case has been made to justify disclosure - in a Jury selected from the T3P's user population. Of course, this requires that we get together and tell Politicians what we're doing and how the agencies they control (?) will be allow to access our data - rather than the usual passive response where we let them dictate to us what they're going to do.
The difficulties are not technical they are political (with a small p) in the sense that we can't even motivate activists to wrap their heads around these possibilities, let alone the ordinary users.
This is discussed in some detail in my id card paper