-
So I thought I'd talk about identity.
-
That's sort of an
interesting enough topic to me.
-
And the reason was,
because when I was asked to do this,
-
I'd just read, in one of the papers,
I can't remember,
-
something from someone at Facebook
saying, well,
-
we need to make everybody
use their real names
-
and then that's basically
all the problems solved.
-
And that's so wrong,
-
that's such a fundamentally,
reactionary view of identity,
-
and it's going to get us
into all sorts of trouble.
-
And so what I thought I'd do
-
is I'll explain four
sort of problems about it,
-
and then I'll suggest a solution,
-
which hopefully you
might find interesting.
-
So just to frame the problem,
-
what does authenticity mean?
-
That's me, that's
a camera phone picture of me
-
looking at a painting.
-
[What's the Problem?]
-
That's a painting that was painted
-
by a very famous forger,
-
and because I'm not very good
at presentations,
-
I already can't remember the name
that I wrote on my card.
-
And he was incarcerated
in, I think, Wakefield Prison
-
for forging masterpieces by,
I think, French Impressionists.
-
And he's so good at it,
that when he was in prison,
-
everybody in prison,
the governor and whatever,
-
wanted him to paint masterpieces
to put on the walls,
-
because they were so good.
-
And so that's a masterpiece,
-
which is a fake of a masterpiece,
-
and bonded into the canvas is a chip
which identifies that as a real fake,
-
if you see what I mean.
-
(Laughter)
-
So when we're talking about authenticity,
-
it's a little more fractal than it appears
and that's a good example to show it.
-
I tried to pick four problems
that will frame the issue properly.
-
So the first problem, I thought,
-
Chip and PIN, right?
-
[Banking legacies
Bringing down the system from within]
-
[Offline solutions
do not work online]
-
I'm guessing everyone's got
a chip and PIN card, right?
-
So why is that a good example?
-
That's the example of how
legacy thinking about identity
-
subverts the security
of a well-constructed system.
-
That chip and PIN card
that's in your pocket
-
has a little chip on it
that cost millions of pounds to develop,
-
is extremely secure,
-
you can put scanning
electron microscopes on it,
-
you can try and grind it down,
blah blah blah.
-
Those chips have never been broken,
whatever you read in the paper.
-
And for a joke,
we take that super-secure chip
-
and we bond it to a trivially
counterfeitable magnetic stripe
-
and for very lazy criminals,
we still emboss the card.
-
So if you're a criminal in a hurry,
and you need to copy someone's card,
-
you can just stick a piece of paper on it
and rub a pencil over it
-
just to sort of speed things up.
-
And even more amusingly,
and on my debit card too,
-
we print the name and the SALT code
and everything else on the front too.
-
Why?
-
There is no earthly reason why your name
is printed on a chip and PIN card.
-
And if you think about it,
-
it's even more insidious and perverse
than it seems at first.
-
Because the only people that benefit
-
from having the name
on the card are criminals.
-
You know what your name is, right?
-
(Laughter)
-
And when you go into
a shop and buy something,
-
It's a PIN, he doesn't care
what the name is.
-
The only place where you ever have
to write your name on the back
-
is in America at the moment.
-
And whenever I go to America,
-
and I have to pay with a mag stripe
on the back of the card,
-
I always sign it Carlos Tethers anyway,
-
just as a security mechanism,
-
because if a transaction
ever gets disputed,
-
and it comes back and it says Dave Birch,
-
I know it must have been a criminal,
-
because I would never sign it Dave Birch.
-
(Laughter)
-
So if you drop your card in the street,
-
it means a criminal
can pick it up and read it.
-
They know the name,
-
from the name they can find the address,
-
and then they can go off
and buy stuff online.
-
Why do we put the name on the card?
-
Because we think identity
is something to do with names,
-
and because we're rooted
in the idea of the identity card,
-
which obsesses us.
-
And I know it crashed and burned
a couple of years ago,
-
but if you're someone in politics
or the home office or whatever,
-
and you think about identity,
-
you can only think of identity
in terms of cards with names on them.
-
And that's very subversive
in a modern world.
-
So the second example I thought I'd use
-
is chatrooms.
-
[Chatrooms and Children]
-
I'm very proud of that picture,
that's my son
-
playing in his band with his friends
for the first-ever gig,
-
I believe you call it, where he got paid.
-
(Laughter)
-
And I love that picture.
-
I like the picture of him
getting into medical school a lot better,
-
(Laughter)
-
I like that picture for the moment.
-
Why do I use that picture?
-
Because that was very interesting,
watching that experience as an old person.
-
So him and his friends,
-
they get together, they booked a room,
like a church hall,
-
and they got all their friends
who had bands,
-
and they got them together,
-
and they do it all on Facebook,
-
and then they sell tickets,
and the first band on the -
-
I was going to say "menu,"
-
that's probably
the wrong word for it, isn't it?
-
The first band on the list of bands
-
that appears at some
public music performance of some kind
-
gets the sales from the first 20 tickets,
-
then the next band gets the next 20,
-
and so on.
-
They were at the bottom of the menu,
-
they were like fifth,
I thought they had no chance.
-
He actually got 20 quid.
Fantastic, right?
-
But my point is, that all worked perfectly
-
except on the web.
-
So they're sitting on Facebook,
-
and they're sending these messages
and arranging things
-
and they don't know who anybody is.
-
That's the big problem
we're trying to solve.
-
If only they were using the real names,
-
Then you wouldn't be worried
about them on the internet.
-
And so when he says to me,
-
oh, I want to go to a chatroom
to talk about guitars or something,
-
I'm like, oh, well,
I don't want you to go into a chatroom
-
to talk about guitars, because
they might not all be your friends,
-
and some of the people
that are in the chatroom
-
might be perverts and teachers
and vicars.
-
(Laughter)
-
I mean, they generally are,
when you look in the paper, right?
-
So I want to know who
all the people in the chatroom are.
-
So okay, you can go in the chatroom,
-
but only if everybody in the chatroom
is using their real names,
-
and they submit full copies
of their police report.
-
But of course, if anybody
in the chatroom asked for his real name,
-
I'd say no.
You can't give them your real name.
-
Because what happens
if they turn out to be perverts,
-
and teachers and whatever,
-
So you have this odd sort of paradox,
-
where I'm happy for him
to go into this space
-
if I know who everybody else is,
-
but I don't want anybody else
to know who he is.
-
And so you get
this sort of logjam around identity
-
where you want full disclosure
from everybody else,
-
but not from yourself.
-
And there's no progress, we get stuck.
-
And so the chatroom thing
doesn't work properly,
-
and it's a very bad way
of thinking about identity.
-
So on my RSS feed,
I saw this thing about -
-
I just said something bad
about my RSS feed, didn't I?
-
I should stop saying it like that.
-
For some random reason
I can't imagine,
-
something about cheerleaders
turned up in my inbox.
-
And I read this story about cheerleaders,
-
and it's a fascinating story.
-
This happened a couple of years ago
in the U.S.
-
There were some cheerleaders
in a team at a high school
-
in the U.S., and they said mean things
-
about their cheerleading coach,
-
as I'm sure kids do
about all of their teachers
-
all of the time,
-
and somehow the cheerleading coach
found out about this.
-
She was very upset.
-
And so she went to one of the girls,
and said,
-
you have to give me
your Facebook password.
-
I read this all the time,
where even at some universities,
-
and places of education,
-
kids are forced to hand over
their Facebook passwords.
-
So you've got to give them
your Facebook password.
-
She was a kid!
-
What she should have said
-
is my lawyer will be calling you
-
first thing in the morning.
-
It's an outrageous imposition
-
on my 4th Amendment right
to privacy,
-
and you're going to be sued
-
for all the money you've got.
-
That's what she should have said.
-
But she's a kid,
-
so she hands over the password.
-
The teacher can't log into Facebook,
-
because the school
has blocked access to Facebook.
-
So the teacher can't log into Facebook
until she gets home.
-
So the girl tells her friends,
-
guess what happened,
-
the teacher logged in, she knows.
-
So the girls just all logged into Facebook
on their phones,
-
and deleted their profiles.
-
And so when the teacher logged in,
there was nothing there.
-
My point is, those identities,
they don't think about them the same way.
-
Identity is, especially when
you're a teenager, a fluid thing.
-
You have lots of identities.
-
And you can have an identity,
you don't like it,
-
because it's subverted in some way,
or it's insecure, or it's inappropriate,
-
you just delete it and get another one.
-
The idea that you have an identity
that's given to you by someone,
-
the government or whatever,
-
and you have to stick with that identity
and use it in all places,
-
that's absolutely wrong.
-
Why would you want to really know
who someone was on Facebook,
-
unless you wanted to abuse them
and harass them in some way?
-
And it just doesn't work properly.
-
And my fourth example is
there are some cases
-
where you really want to be -
-
In case you're wondering,
that's me at the G20 protest.
-
I wasn't actually at the G20 protest,
but I had a meeting at a bank,
-
on the day of the G20 protest,
and I got an email from the bank
-
saying please don't wear a suit,
because it'll inflame the protestors.
-
I look pretty good in a suit, frankly,
-
so you can see why
it would drive them
-
into an anti-capitalist frenzy.
-
(Laughter)
-
So I thought, well, look.
-
If I don't want to inflame the protestors,
-
the obvious thing to do
-
is go dressed as a protestor.
-
So I went dressed completely in black,
-
You know, with a black balaclava,
-
I had black gloves on,
-
but I've taken them off
to sign the visitor's book.
-
(Laughter)
-
I'm wearing black trousers,
black boots,
-
I'm dressed completely in black.
-
I go into the bank at 10 o'clock,
-
go hi, I'm Dave Birch,
-
I've got a 3 o'clock
with so and so there.
-
Sure. They sign me in.
-
There's my visitor's badge.
-
(Laughter)
-
So this nonsense
-
about you've got to have real names
on Facebook and whatever,
-
that gets you that kind of security.
-
That gets you security theater,
where there's no actual security,
-
but people are sort of playing parts
in a play about security.
-
And as long as
everybody learns their lines,
-
everyone's happy.
-
But it's not real security.
-
Especially because I hate banks
more than the G20 protestors do,
-
because I work for them.
-
I know that things are actually worse
than these guys think.
-
(Laughter)
-
But suppose I worked
next to somebody in a bank
-
who was doing something.
-
Suppose I was sitting
next to a rogue trader,
-
and I want to report it
to the boss of the bank.
-
So I log on to do
a little bit of whistleblowing.
-
I send a message,
this guy's a rogue trader.
-
That message is meaningless
-
if you don't know
that I'm a trader at the bank.
-
If that message just comes from anybody,
-
it has zero information value.
-
There's no point in sending that message.
-
But if I have to prove who I am,
-
I'll never send that message.
-
It's just like the nurse in the hospital
reporting the drunk surgeon.
-
That message will only happen
if I'm anonymous.
-
So the system has to have ways
of providing anonymity there,
-
otherwise we don't get
where we want to get to.
-
So four issues.
So what are we going to do about it?
-
Well, what we tend to do about it
-
is we think about Orwell space.
-
And we try to make electronic versions
-
of the identity card
that we got rid of in 1953.
-
So we think if we had a card,
-
call it a Facebook login,
-
which proves who you are,
-
and I make you carry it all the time,
-
that solves the problem.
-
And of course, for all those reasons
I've just outlined,
-
it doesn't, and it might, actually,
-
make some problems worse.
-
The more times you're forced
to use your real identity,
-
certainly in transactional terms,
-
the more likely that identity
is to get stolen and subverted.
-
The goal is to stop people
from using identity
-
in transactions which don't need identity,
-
which is actually almost all transactions.
-
Almost all of the transactions you do
-
are not, who are you?
-
They're, are you allowed
to drive the car,
-
are you allowed in the building,
-
are you over 18,
-
etcetera, etcetera.
-
So my suggestion- I, like James,
-
think that there should be
a resurgence of interest in R & D.
-
I think this is a solvable problem.
-
It's something we can do about.
-
Naturally, in these circumstances,
-
I turn to Doctor Who.
-
Because in this,
-
as in so many other walks of life,
-
Doctor Who has already shown
us the answer.
-
So I should say,
-
for some of our foreign visitors,
-
Doctor Who is the greatest
living scientist in England,
-
(Laughter)
-
and a beacon of truth and enlightenment
to all of us.
-
And this is Doctor Who
with his psychic paper.
-
Come on, you guys must have seen
Doctor Who's psychic paper.
-
You're not nerds if you say yes.
-
Who's seen Doctor Who's psychic paper?
-
Oh right, you were in the library
the whole time studying I guess.
-
Is that what you're going to tell us?
-
Doctor Who's psychic paper
-
is when you hold up the psychic paper,
-
the person, in their brain,
-
sees the thing that they need to see.
-
So I want to show you a British passport,
-
I hold up the psychic paper,
-
you see a British passport.
-
I want to get into a party,
-
I hold up the psychic paper,
-
I show you a party invitation.
-
You see what you want to see.
-
So what I'm saying is we need
to make an electronic version of that,
-
but with one tiny, tiny change,
-
which is that it'll only show you
the British passport
-
if I've actually got one.
-
It'll only show you the party invitation
-
if I actually have one.
-
It will only show you that I'm over 18
if I actually am over 18.
-
But nothing else.
-
So you're the bouncer at the pub,
you need to know that I'm over 18,
-
instead of showing you my driving license,
-
which shows you I know how to drive,
-
what my name is, my address,
all these kind of things,
-
I show you my psychic paper,
-
and all it tells you is
am I over 18 or not.
-
Right.
-
Is that just a pipe dream?
-
Of course not, otherwise
I wouldn't be here talking to you.
-
So in order to build that
and make it work,
-
I'm only going to name these things,
I'll not go into them,
-
we need a plan,
-
which is we're going to build this
-
as an infrastructure
for everybody to use,
-
to solve all of these problems.
-
We're going to make a utility,
-
the utility has to be universal,
-
you can use it everywhere,
-
I'm just giving you little flashes
of the technology as we go along.
-
That's a Japanese ATM,
-
the fingerprint template
is stored inside the mobile phone.
-
So when you want to draw money out,
-
you put the mobile phone on the ATM,
-
and touch your finger,
-
your fingerprint goes through
to the phone,
-
the phone says yes, that's whoever,
-
and the ATM then gives you some money.
-
It has to be a utility
that you can use everywhere.
-
It has to be absolutely convenient,
-
that's me going into the pub.
-
All the device on the door
of the pub is allowed is,
-
is this person over 18
and not barred from the pub?
-
And so the idea is,
you touch your ID card to the door,
-
and if I am allowed in,
it shows my picture,
-
if I'm not allowed in,
it shows a red cross.
-
It doesn't disclose any other information.
-
It has to have no special gadgets.
-
That can only mean one thing,
-
following on from Ross's statement,
-
which I agree with completely.
-
If it means no special gadgets,
-
it has to run on a mobile phone.
-
That's the only choice we have,
-
we have to make it work on mobile phones.
-
There are 6.6 billion
-
mobile phone subscriptions.
-
My favorite statistic of all time,
-
only 4 billion toothbrushes in the world.
-
That means something,
-
I don't know what.
-
(Laughter)
-
I rely on our futurologists to tell me.
-
It has to be a utility
which is extensible.
-
So it has to be something
-
that anybody could build on.
-
Anybody should be able
to use this infrastructure,
-
you don't need permissions,
licenses, whatever,
-
anyone should be able
to write some code to do this.
-
You know what symmetry is,
-
so you don't need a picture of it.
-
This is how we're going to do it.
-
We're going to do it using phones,
-
and we're going to do it
-
using mobile proximity.
-
I'm going to suggest to you
-
the technology to implement
-
Doctor Who's psychic paper
-
is already here, and if any of you
-
have got one of the new
Barclay's debit cards
-
with the contactless interface on it,
-
you've already got that technology.
-
If you've ever been up to the big city,
-
and used an Oyster card at all,
-
does that ring any bells to anybody?
-
The technology already exists.
-
The first phones
-
that have the technology built in,
-
the Google Nexus, the S2,
-
the Samsung Wifi 7.9,
-
the first phones that have
-
the technology built into them
-
are already in the shops.
-
So the idea that the gas man
-
can turn up at my mom's door
-
and he can show my mom his phone,
-
and she can tap it with her phone,
-
and it will come up with green
if he really is from British Gas
-
and allowed in,
-
and it'll come up with red if he isn't,
-
end of story.
-
We have the technology to do that.
-
And what's more,
-
although some of those things
sounded a bit counter-intuitive,
-
like proving I'm over 18
without proving who I am,
-
the cryptography to do that
not only exists,
-
it's extremely well-known
and well-understood.
-
Digital signatures, the blinding
of public key certificates,
-
these technologies have been around
for a while,
-
we've just had no way
of packaging them up.
-
So the technology already exists.
-
We know it works,
-
There are a few examples
of the technology being used
-
in experimental places.
-
That's London Fashion Week,
-
where we built a system with O2,
-
that's for the Wireless Festival
in Hyde Park,
-
you can see the persons
-
walking in with their VIP band,
-
it's just being checked
-
by the Nokia phone
that's reading the band.
-
I'm only putting those up to show you
-
these things are prosaic,
-
this stuff works in these environments.
-
They don't need to be special.
-
So finally, I know that you can do this,
-
Because if you saw
the episode of Doctor Who,
-
the Easter special of Doctor Who,
-
where he went to Mars in a bus,
-
I should say again
for our foreign students,
-
that doesn't happen every episode.
-
This was a very special case.
-
So in the episode where
he goes to Mars in a London bus,
-
I can't show you the clip,
-
due to the outrageous restrictions
of Queen Anne-style copyright
-
by the BBC,
-
but in the episode
where he goes to Mars in a London bus,
-
Doctor Who is clearly shown
getting on to the bus
-
with the Oyster card reader
-
using his psychic paper.
-
Which proves that psychic paper
-
has an MSE interface.
-
Thank you very much.
Camille Martínez
Hello,
The English transcript was updated on 6/10/20. Please make a note of the following edits:
02:30 salt code ---> sort code
04:30 home office ---> Home Office
15:02 the Samsung Wifi 7.9 ---> the Samsung Wave 578
16:44 MSE ---> NSF
Thank you!