overview
views
bodies
encryption
authentication
texts
spam
vandals
|
authentication and anonymity
This page
looks at authentication and anonymity.
frameworks
The OECD has recently released a report
on its Inventory of Approaches to Authentication & Certification in
a Global Networked Society and papers
from the June 1999 OECD-Private Sector Workshop on Electronic
Authentication.
The Internet Law & Policy Forum has published a
complementary Analysis of International Electronic
& Digital Signature Implementation Initiatives (IEDSII).
The Australian Electronic
Transactions Act 1999 (ETA)
is perhaps the major achievement of the national government's 'strategic
framework for the information economy' under the coordination of the
National Office for the Information Economy (NOIE),
giving electronic transactions involving Commonwealth government
agencies the same status as those using paper.
Because most
contract law is a state responsibility, the Act is to be 'mirrored' by
complementary state legislation. As yet, similar acts have come
into effect in Victoria and NSW; further progress is likely to be slow.
The ETA reflects the September 1999
issues paper
on the UNCITRAL Draft Uniform Rules on Electronic Signatures (Rules).
In the US the Electronic Signatures
In Global & National Commerce Act was signed by
President Clinton and will come into effect in October 2000.
In Australia the Government Public Key Authority (GPKA), established last year, deals with government
aspects of PKA.
The Commonwealth's Project
Gatekeeper, with the same name as the very bad computer in a
recent Hollywood dot com exploitation flick, resulted from the 1998
National Authentication Authority (NAA)
Discussion Paper and the Strategy
for an Australian National Electronic Authentication Framework,
the detailed report
by the National Public Key Infrastructure Working Party.
Clifford Lynch and others contributed
to a significant report (PDF)
by US libraries and archives on Authenticity in A Digital Environment
in January 2000 and to the Coalition for Networked Information's
earlier White
Paper on Authentication & Access Management
Issues in Cross-organizational Use of Networked Information Resources.
Stefan Brands' Rethinking Public Key
Infrastructures & Digital Certificates (Cambridge,
MIT Press 00) proposes technical solutions reflecting some
of the CNI questions about tradeoffs between privacy and
identification. There's a broader perspective in Joseph
Reagle's 1996 thesis on
Trust
in a Cryptographic Economy & Digital Security Deposits:
Protocols and Policies.
Gail Grant's
Understanding Digital Signatures: Establishing Trust
over the Internet & Other Networks
(New York, McGraw-Hill 99) is less substantial than L Jean
Camp's Trust & Risk In Internet Commerce
(Cambridge, MIT Press 00) and similar studies considered
later in this guide.
Steganography
Peter Wayner's Disappearing
Cryptography: Being & Nothingness on the Net (San Francisco,
Morgan Kaufmann 96) is a user-friendly introduction to steganography
(digital watermarking) by one of the gurus of the 'open source'
movement.
There's a more detailed and authoritative exploration of stego
in Information Hiding Techniques for Steganography & Digital
Watermarking (Norwood, Artech 00), a collection of papers edited by
Stefan Katzenbeisser & Fabien Petitcolas.
Petitcolas is the author
of an online bibliography,
up to mid 1999. Other bibliographies are on sites maintained by Saraju
Mohanty (SM)
and Erlangen University (EU).
Digimarc, one of several vendors of
watermarking products, includes a guide
to the technology on its site. Most commercial vendors offer some
background information, although the promo literature can be regarded
with a gain of salt. Digimarc (US)
and Signum Technologies (UK) are
the leading commercial specialists.
The NEC subsidiary Signafy
offers a watermark claimed to survive in images sent by fax, while
UK-based Datamark
offers software for image libraries, claimed to identify an image with a
unique watermark whenever it's downloaded.
We will shortly be offering more information.
In
the meantime why not check out pointers - in our Consumers
guide - to seals, indicators to whether ISPs and sites comply with
voluntary guidelines regarding privacy and so forth.
anonymity
We'll be adding information about
anonymity tools and issues in the near future.
Assessments of the impact of
anonymity and legal frameworks are contentious.
Michael Froomkin's 1996 introduction
to anonymity in Flood Control on the Information Ocean: Living With
Anonymity, Digital Cash & Distributed Databases is a useful
starting point. David Post's paper,
on Pooling
Intellectual Capital: Thoughts on Anonymity, Pseudonymity,
and Limited Liability in Cyberspace is also
interesting.
David Johnson's paper
The Unscrupulous Diner's Dilemma & Anonymity in Cyberspace argues
that
to achieve a civilized
form of cyberspace, we have to limit the use of anonymous
communications. Many early citizens of cyberspace will bitterly oppose
any such development, arguing that anonymous and pseudonymous
electronic communications are vital to preserve electronic freedoms
and allow free expression of human personality. ... we all collectively face the diners' dilemma
- we
must collaborate in groups to build a rich social fabric, and we know
that the ability to act anonymously, sporadically, in large groups
brings out the worst in human character."
Risk-Free Access Into The Global Information Infrastructure Via
Anonymous Re-Mailers, a paper
by information economist Paul Strassmann was strongly criticised by
the EFF and other libertarian organisations on publication in 1996.
Like Dorothy Denning he argued that
... information terrorism has ceased to be an amateur effort
and has migrated into the hands of well organized, highly trained
expert professionals. Attacks can be expected to
become a decisive element of any combined threat to the economic and
social integrity of the international community. Nations whose
life-line becomes increasingly dependent on information networks
should realize that there is no sanctuary from information-based
assaults. Commercial organizations, especially in telecommunications,
finance, transportation and power generation offer choice targets to
massive disruption. Information terrorism, as a particularly virulent
form of information warfare, is a unique phenomenon in the history of
warfare and crime
On the other hand Lorrie
Cranor, co-author with Reagle of the Beyond Concern: Understanding Net Users'
Attitudes About Online Privacy study
and co-developer of the Publius
"anonymous censorship-resistant online publishing" scheme,
argues that anonymity is a building block for legitimate attempts to
defeat internet censorship.
next
page (texts)
|
