Ontario's privacy commissioner has thrown her support behind an on-line identity system that will be grafted onto the bare bones of the Internet to create a security layer that could kill off the nastiest forms of spam.
Ann Cavoukian says a new approach is needed to create a secure environment for businesses and web users who are now subject to fraudulent and deceptive practises, like spam, phishing and identity theft.
The principles were developed during a two-year collaboration of Internet experts and users led by Microsoft's chief identity architect Kim Cameron to create the Seven Laws of Identity.
Dr. Cavoukian's white paper released Wednesday deepens the scope of the Seven Laws concept to make privacy an integral layer in the project.
Ann Cavoukian, Ontario's Information and Privacy Commissioner
Related Articles
Internet Links
“The Internet is not in the hands of the people. It's in the hands of the fraudsters,” Ms. Cavoukian said following the paper's release.
“You do have people doing bad things, and they're taking over the Internet.”
If nothing is done, she warns, people will lose confidence in the Internet and stop using it. Her proposal takes the Seven Laws of Identity formulated by Microsoft for its new Vista operating system, and embeds personal privacy and security into the framework.
Vista, which is due out in January, will introduce the concept of infocards — a way for websites to verify a customer's identity without receiving or keeping personal or financial information. Infocards would allow a bank, for example, to act as a middle man in an on-line purchase, sending payment confirmation to a retailer without transmitting a credit card number.
Ms. Cavoukian wants such personal security measures built into the very bones of all security systems being created by companies around the world.
The key factor, Ms. Cavoukian says, is that Internet users will decide what is included on each identity card, as if they had a virtual wallet. Users would then decide who gets to see which card.
The move should wipe out phishing, one of the more insidious forms of spamming in which a fraudulent but often convincing-looking e-mail asks for personal information.
Such emails would not pass the two-way security verification requirements of the proposed system, Ms. Cavoukian says, and would be blocked because the sender's details would not match those of the body they're pretending to be.
Likewise, a person wishing to make an Internet purchase would not have to send their banking details. Instead, they would send a message to their bank requesting the purchase, and the vendor would receive a one-off permit number to enact the transaction.
That would reduce the trail of information left by Internet users and limit the ability for on-line surveillance.
“Over time it will replace the existing model of going to a site with a user-name and password. It will replace that with identity cards of your choice that you will control and you will decide who views it,” she said.
