World-Citizenship
World-Citizenship copied to clipboard
MrChrisJ
Discussion: Means of guaranteeing one identity per individual?
This post builds on #21 in particular.
This might be out of line with how some imagine this system working, but my hope is that it's a step toward creating a non-governmental system that can effectively guarantee one unique identity per person, and no more.
Most obvious safeguard: Photos
If the goal is making sure that this passport confers one identity per person, then in the future, I can imagine part of the protocol of issuance should involve a search of passport photos for possible duplicates.
This cannot be done unless the system and its photos are open, just as bitcoin can't be a ledger and avoid "double-spends" unless all the important data is open. A double identity strikes me as a failure analog of bitcoin's double-spend.
Alternative: DNA fingerprinting
Note: My background, although a bit rusty, is in biochemistry.
It's understandable that people would be uncomfortable with their faces in a public database, so perhaps we can eventually find a better solution. I can imagine a future where photos might not be necessary. This could arrive once a simple and cheap genetic fingerprinting can be carried out at one of these events. If we know to a high degree of certainty that each fingerprinting will be unique among the world, then we can carry that out as part of the process, and store that as the record to prevent double identities.
To make it clear, a genetic test does not necessarily give away any relevant health information. Nor does it give more information away (in bits) than it is strictly designed to for purposing of unique identification. So in other words, we can design something that only reveals enough bits of info about your DNA to uniquely identify you in the world, which is a surprisingly infinitesimal amount compared to your whole genome. A set of tests can be designed to cut DNA at random places where a short genetic sequence takes place. Since everyone has different genetic code, the snips happen at different places, and so the fragments are different sizes for different people. Running these DNA fragments through a gel, separates them out by size, and creates a characteristic banding pattern. Use several different DNA-cutting enzymes, that recognize and cut at different short sequences of DNA, and you can get different banding patterns from the same person. Put of few of these "banding patterns" together for each person, and you get a unique fingerprint that when digitized (unlike photos), they won't reveal something as personal as a face.
Phewf. That was a brain dump. Sorry, been thinking about non-governmental ID system for awhile, so this project was perfectly timed :)
cc: @bitcoinsSG as I noticed your field was Computational Genetics & Proteomics :)
Mostly just a lurker here, but I wanted to say I really like your idea of using DNA encoding. The "double spend/identity" issue seems very difficult to address using facial recognition and in terms of both reliability and processing cost to the network, seems like a much more effective solution. Though my understanding of genetics is relatively elementary, your banding solution seems to solve both the issue of health information privacy and the potential of generating the same key twice in special cases such as identical twins, if we were to use the entirety of the raw genome sequence.
Correct me if I've misunderstood somewhere, but this solution seems very elegant and has great potential.
If I'm not mistaken the primary obstacle now becomes implementing a simple user friendly process for genomic analysis and key generation?
** some people have two DNA. will try to find link. Woman nearly lost her kids - accused of benefit fraud. Eventually they took samples from different parts of body... she had 2 DNA. Kept her kids. Can't recall all details but may have been connected with twin birth. DNA is not infallible.
@dharmocracy I think you are talking about human chimera and this case https://en.wikipedia.org/wiki/Lydia_Fairchild
@patcon @dharmocracy @jgsn If the keygen protocol specifies a specific area of the body to retrieve a sample from, a finger prick or cheek swab for example, then it shouldn't actually matter if we encounter a chimera type of scenario, should it? If an identity comes under scrutiny such that it has to be confirmed, say for a court case, a new sample could be retrieved to confirm a persons ID. Perhaps this is a simplistic view, but after reading the wiki on that woman, it seems that the only time the DNA retrieved differs is when samples are taken from different areas of the body.
Agreed @ZeroCool2u.
I suppose passport/ID issuance would probably need to be a two-part event if it were actually use genetic fingerprinting. One for collecting, and another for generating the ID. If we want any hope of even proof-of-concepting this in the near future, then we'd need a very very reproducible fingerprint. I guess I can't imagine that happening in some sort of DIYbio protocol in the near future :)
Speaking of diybio, there's a fairly active diybio community in toronto. I've cc one of the organizers on Twitter and hopefully he can bring this up with the right people if he thinks it's of interest:
https://twitter.com/patconnolly/status/530859645435674624
Interesting thoughts from @jpahara: https://twitter.com/jpahara/status/530982852427792385
quick thougths:
- DNA will be a photograph: a picture is currently more "personal" than ones DNA code or some representation of it.
IMO, this will change as public understanding of Genomics increases. We are concerned about our pictures or biometrics being broadly available because they are unique to us. If you create a system with well defined genomics metrics that pertain only to a single person, the trend will continue from photograph to DNA code.
"Realtime-sequencing: [assuming there is one more paradigm shift in DNA sequencing] 10-15 years from now, complete human genome sequecncing will be almost free and will happen on the scale of seconds/minutes. This suggests that even if there was a system to only provide a particular fingerprint for a person, any government or corporation would still cease the moment, grab all the DNA present and sequence the entire genome (and learn all things genetic about that person). If this isnt' available in mobile phones in 15 years, @patconnolly, I'll buy you a beer. I predict that within 15 years, just like in Gattaca, It will be quite easy for the public to request GBase DNA information in minutes.
Be Open-Source: It is so easy to get DNA from people or from the environment that long term planning of any encrypted/identifcation system is pretty much obsolete. Maybe something created in the 3-5 year period will work, but once "real-time" DNA sequencing is available, we're all open source - and so why not adopt the open source mentality starting now?
Government: The only thing that will help the individual here is government legislation (which of course will not work because technological change always out-paces government [which of course is an assumption i've just made ;P).
Conclusion: It is definitely possibilty for each being to have a unique handle, but for that to also be encrypted and freely move through society is a biocheimcal impossibility. But really, I don't know very much about this stuff - just some thoughts.
Still thinking on it. Definitely a surprising analysis, but not sure it changes anything as far as we're operating
@MrChrisJ I was listening to your Let's Talk Bitcoin episode on "Philosophy of Identity" today. (Awesome stuff, btw) Anyhow, I've realized that the premise of this thread, provably unique decentralized identity, may be counter to your goals.
The whole episode is obviously worth a listen, but I'll post the deeplinks to the relevant bits once the episode is up on youtube (where deeplinks are possible :)
Before I personally comment any further, in case I misunderstood, I'd love to hear where you stand on this discussion Chris! Also, I'm on IRC if that's simpler. If I'm online, you can find what rooms I'm in on freenode with the command /whois patcon
Hey @patcon yes I have some ideas on how I want the biometric stuff to be handled. Your idea of breaking up the DNA sequence will be useful. I just don't want biometrics being stored in public databases, as it could provide incentives to take control of people's bodies. I would rather the biometric was used as a nonce or some kind of salt to a key.
I like ideas around voice sampling and ECG heart rhythms, brain wave patters. Things that are more voluntary.
Stuff like face recognition and DNA not so much because you leave your DNA everywhere and it's hard to stop someone from looking at your face without covering it.
I will sort out the IRC. Any OSX client you can recommend. Might be good to do a voice chat on GTalk actually.
OK, good to know. Does it make sense when I draw the comparison between Bitcoin's public ledger (required to prevent double spending between unique addresses), and this project's public portion including some universal unique identifier (required to prevent double-identity)? I don't think I see the potential in the project if it's not trying to prove singular personhood in a decentralized way. This requires making some uuid (photo or genetic) available in a ledger
Anyhow, I have some counterpoints to some of the thoughtful things Andreas and yourself brought up in the podcast, and would love to speak about them via video chat if you have time :)
And limechat is an amazing, simple IRC client on osx: http://limechat.net/mac/
I am not sure my thoughts will come across well - i will try,
- we have a human identity that can act in different capacities (father/employee/driver etc) and then we have our online accounts/avatars/identities etc. I think Pirate bay guys used AFK to differentiate
my analogy would be a train track junction.. the junction points where trains cross tracks and travel on different lines is how i see the card/passport. (maybe you tech guys can find better analogy ie camera lens as crossover point for external and internal image)
The human can use the card to verify his online identities/ work / authenticity The card can be used to verify the human identity by accessing the digital information or data
Unique Verification Identity Card - Human / Digital Interface -- i am not sure of the tech terminology but i am sure an acronym can be made to suit the needs of the card. In future the card could be used in many different ways.. as another track is added to the junction point.
There is only ever one starting point - HUMAN birth..(like the rail yard where the train was created). This is important, for me anyway, as card would entitle everyone to Human Rights, something often denied to stateless people. This card would allow every human to have a unique "engine serial number".. i think that is the card hash key but pls correct if i have misunderstood.
I hope i am not derailing the intended use of card or project .. i just think the starting point is very important. Multiple identities are not a concern if we look at it from a logical point of view.. one human acting in different capacity.. or wearing different hats. Some people have more than others. I myself have 3 different identities with official documents in different names (even birth certs!)..But i am only ever one human being.. and i should have one key that reflects this.
I am sorry if my explanation is not very well explained, not good at thinking and typing..lol. I really want this tech to be used by the individual. Using Human Verification will stop companies and corps etc Moolah will not be issued a card. It would also help in suing people who hide behind a corp or a state... because we could locate the human behind those actions.. this would also make it very dangerous for people like Manning/ Snowden etc so double edged tech
Using the inet digital info to identify the human and the human to identify or claim his digital work and identity is a good thing. Its almost like 2D and 3D worlds meeting point, like a mirror that you can walk through.. now if i was the only person who could walk through my mirror that would be great.. how to stop others using mine instead of their own is something i have no idea.. i will leave that to Chris and others who understand hashes & merkles etc.
Apologies for long winded post.
Multiple identities are not a concern if we look at it from a logical point of view.
Maybe I'm misunderstanding, but this seems where we differ. I was hoping this project was solving the basic problem of finding (voting) consensus in a digital arena. Consensus is a fundamental social concern, as it's how communities make collective decisions. As soon as someone can create 2+ identities and get 2+ votes, then unfortunately everything breaks, as far as I'm concerned. I can't imagine how this project could work without exposing something unique about the physical person that prevents a second digital identity from being created elsewhere.
I understand that in some countries, there might be punishment for subscribing to an alternative system. That unfortunately seems incompatible with a system that is trying to create a path to digital consensus :(
I am one human - i have one vote
i can vote in USA under one name and in UK under another.. in my monastery i have one vote
i have two identities online dharmocracy (Acharn) and Citta Dhammo I use acharn for non secular / crypto etc and use citta dhammo for Buddhist work
sometimes these identities cross over.. my family use both to contact me
but i could put all this info on the card .. back to the train enginge-- i can haul coal or passengers, i could travel as an engine on its own or bring carriages with me .. but my capacity ie train cars cannot go anywhere without the engine... and i only have one engine.
This is what i was trying to get across -- the human birth is unique. everything that happens is done through that.. i could put on many uniforms but i am still the person i was at birth.. and can only ever be identified as such.. all other identities are impossible to create without that birth. THIS is the problem for many people who dont have a birth cert.. proving you exist and who you are.
Thank you, but it's not that I don't understand what you desire this to be. To be honest, I even think that's fair and wish you could have it both ways :)
I just can't imagine how the system could work that way for you (preserving anonymity) and also work for what I was aspiring (consensus). And I mean that on purely technical merit. The reason the examples you gave allow multiple identities, is because each has internal consistency, but you are unique within each.
And that uniqueness is provided either:
- by direct government assurance. Ex: when you get a gov ID
- by indirectly government assurance. Ex: when an org checks your gov ID
- without any assurance whatsoever. Ex: when your monastary trusts you and simply assigns ID
And we don't have those options if we want to use the project for finding consensus, when the system is audited by an ad-hoc network of trusted ID issuers.
Genetic fingerprinting, to be clear, can prove birth and personhood while allowing you anonymity today, but as @jpahara alluded to, that is a temporary advantage that will disappear. And even if we went with that, a genetic test today would mean a very expensive ID into the foreseeable future. Assuming high price is a deal-breaker, that's not something that can act as part of the UUID portion of the ID for at least a few years. I was hoping to work on this immediately.
I don't know how I can explain it any other way, but I'm confident our desires are in conflict, which is a total bummer. For what it's worth, I get the impression @MrChrisJ would rather develop the project aligned with your considerations :)
You explained it very well. I apologise for interfering in thread issue. I am not really interested in voting rights and have nothing to add on that topic. The anonymity is an issue that is very important. I am here to learn from you tech guys and try to implement your tech in my own projects or concepts. Thanks for taking the time to give a fully detailed answer (in language i understand). The time stamping and hash keys are important tools but my tech level too low at present to fully understand the system.
I think Chris wants a system / method that can be used (forked?) by others. It has certainly created discussion and interest.. which is great. ( i will be lifting some of your terminology used here, i am sure you wont mind). Perhaps this is where the card carrier decides which info he/she wishes to include. PS monastery checks gov ID also. it seems all ID is based on gov issue and if Chris can change that then i will be 100% behind that in whatever form or direction the project goes.
Oh hey, no problem at all! I guess we just wait for others to chime in at this point (if we haven't scared everyone away :)
I don't think I see the potential in the project if it's not trying to prove singular personhood in a decentralized way
I most certainly do see a role for biometrics and the value for a single UID is clear and worth striving for. I just don't know what form it will take yet. Remember that I am treating this as a gradual learning exercise, I just want to try and do one thing really well, one step at a time. I think this needs more pacing up and down with coffee and lots of these chats :)
I am on Skype btw. Sorting out Limechat too.
:+1: I'm visiting family today, but will try to jump on later. Username? There are a lot of Chris Ellis'
I'm visiting family today, but will try to jump on later. Username? There are a lot of Chris Ellis'
Just how I like it.
I DM'd you on Twitter
I have to go to bed soon but this is what I am looking at re biometric: Nymi ECG Band with proximity meter could be used with an air gapped Yubi Neo for added security, you could turn this stuff in to jewellery. I do prefer ECG for now as it is more in theme with the voluntary ethos I was going for. If it was used in conjunction with Something You Know and Something You Have, as well as Someone You Who Knows You then it could be the knockout blow we are looking for in terms of Single Signup.
Then there is this CheapID by Vinay Gupta (whom I know by complete coincidence). It's a long read so skim through it but I like this idea of hashing and salting the biometric data and hiding it in a giant database so that it can only be retrieved under certain conditions.
I will sleep on this and talk more tomorrow.
If I'm not mistaken the primary obstacle now becomes implementing a simple user friendly process for genomic analysis and key generation?
Oh hey, missed that question @ZeroCool2u, but yep, although I worry that cheap genetic fingerprinting won't happen for a few years, even if we concede to doing it off-site.
And thanks @MrChrisJ -- I'll read up on cheapID. Came across it after seeing one of Vinay's interviews, but the length forced it onto the backburner :)
I remain uncertain how Nymi helps us, given its apparently poor reputation for authentication. Especially considering its cost.
But hey, a public database is the only difference between a protocol that would satisfy you and one that would satify me. So it still totally makes sense to work together :)
Just saw the notification for this in my e-mail, thanks @patcon for the inclusion. Yes this does fall into my specialty. Will give a detailed response later after I read the entire thread, but so far I can provide some a preliminary response.
Canonical DNA finger printing is a fairly trivial exercise that segments the entire genome into smaller pieces, which, as a collection(permutation) provide enough uniqueness for a person.
@dharmocracy I wouldn't worry about the scenario you proposed as @jgsn correctly pointed out that this is an extreme case.
@MrChrisJ DNA fingerprinting allows for a special case where an attacker wouldn't need to "take control" of one's body in violent manner as it is readily available in any part of the human body, including hair, skin etc.
Whole genome sequences, unlike DNA fingerprinting, reveal deep private clinical information about the person and probably should be avoided at this point.
I think someone also mentioned acquiring DNA form specific parts of the body; this is a non-issue as DNA from any part of the body will result in the same DNA finger printing regardless of origin. Interestingly enough, DNA does differ in different parts of the body specifically in the telomeric regions that specify the age and damage to the tissue/organ etc. Yes, parts of your body age differently. Biologically speaking, the correct age of a person is the median age of all the vital organs of the body. However, DNA fingerprinting accommodates for this.
Ofcourse, as most of you can imagine, unlike a photograph, verification of a DNA fingerprint does take longer and may not be as feasible from a pragmatic stand point if real-time verification is desired.
What would be interesting is if teleomeric regions, including flanking regions of a certain tissue type could be sequenced for a person. This would be an indication of biological age that encompasses uniqueness, not unlike Bitcoin block chain merklee root. At any point in time in the future one could take a another sample from the same person and tissue, such that the one could verify whether it is the same person and how much biological time has surpassed. The teleomeric region varies in a semi predictable manner, and can serve as a good indication of delta time. Changes in these regions would also incorporate lifestyle habits, including for example, how much a person smoked etc. There is something here and I will get back to it, but I am very busy at the moment and will be for the next 3 weeks. ttyl.
Ah this may be of value to us:
Private Biometrics A field of study already dedicated to the obscuring of Biometric data so that it cannot be misused.
Biometric identification requires that a verifier searches for matches in a data base that contains data about the entire population. This introduces the security and privacy threat that the verifier who steals biometric templates from some (or even all) persons in the data base can perform impersonation attacks. When a private verification system is used on a large scale, the reference data base has to be made available to many different verifiers, who, in general, cannot be trusted. Information stolen from a data base can be misused to construct artificial biometrics to impersonate people. Creation of artificial biometrics is possible even if only part of the template is available.
Please read the references at the bottom. I found out that the new UK passports use face recognition though apparently it is still possible to fake a UK passport if you are able to get hold of the original because they don't use a blockchain and the data is not encrypted on the chip!
I think to get around the violent takeover of someone's body you're going to have to include other factors in to the signing process. So we don't just allow something you are but we also need something you know (password) and someone who knows you (nominated people from your social network) before we let you perform any important tasks like the creation of a new key.
I also met with a friend last night (before I spoke with you @patcon) who told me that it is standard practice in his company to boot a Virtual Machine (VM) create a certificate on it and generate a handful of subkeys all with different rights for different tasks. Then to encrypt the VM and put it in cold storage like a safe or something.
Having done some DuckDuckGo (It means 'to google') today I found out that many of the issues we are facing are also being faced by the industry at large. Except we have something they don't, which is open source affordable tools and a strong self motivated community willing to educate anyone who is willing to learn.
I am going to talk to Vinay Gupta and get his thoughts on it because he came up with the CheapID project back in 2007.
Thanks so much for everyone's enthusiasm and commitment to this project. I am going to be doing a talk on it next week in Rennes, France! Keep the ideas coming.
What would be interesting is if teleomeric regions, including flanking regions of a certain tissue type could be sequenced for a person. This would be an indication of biological age that encompasses uniqueness, not unlike Bitcoin block chain merklee root. At any point in time in the future one could take a another sample from the same person and tissue, such that the one could verify whether it is the same person and how much biological time has surpassed. The teleomeric region varies in a semi predictable manner, and can serve as a good indication of delta time.
@bitcoinsSG this has to be an area worth exploring, it sounds like a lamport signature for the human body (a one time password).
@MrChrisJ V true, there r parallels here with Lamport sigs, what's also interesting is that we may be able 2 use this for invalidating an old BlockhainID(stolen/lost etc) and issuance of a new one that may not require all of the original parties to be present or even participate. I think I would need to gather my thoughts in a more organized fashion possibly a whitepaper or just separate enhancement proposal here, as I have a feeling it may resolve errors in canonical DNA fingerprinting associated to identical twins & genetically close relatives as well.
This is very promising but I fear that while fruitful in the long run won't meet our criteria of being affordable now. I have however just spoken with Vinay who has told me to get in touch with someone about Iris scans (note not retina) that can create a cryptographic digest using a mobile phone! I have sent him a link to this thread. So let's see what that yields.
Thanks for the energy everyone.
Ding dong!
Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex random patterns are unique, stable, and can be seen from some distance.
Not to be confused with other, less prevalent, ocular-based biometric technologies such as retina scanning, iris recognition uses video camera technology with subtle near infrared illumination to acquire images of the detail-rich, intricate structures of the iris which are visible externally. http://en.wikipedia.org/wiki/Iris_recognition
But the tech didn't make it on to the Galaxy S5 by the looks of it.
My proposed methodology which is an augmentation of DNA fingerprinting is not pragmatic, I think I made a point that even DNA fingerprinting is not pragmatic for real time verification. Hence, the intention to separate it out as a white paper or a new enhancement proposal that can be filled at some later point in the future. Although the implications of my methodology may even surpass those of this project, I agree that we should use something readily available & affordable; this tech needs to mature from alpha to production soon if not now. Iris scans may actually be a better fit; ease of verification, biological uniqueness, affordability, and deployable.
Thanks for chiming in @bitcoinsSG! Reassuring to know someone else with background is vetting the ideas :)
In our skype conversation the other day @patcon you said that one of the benefits to using single signup with biometric was to enable fair voting systems for democracy. I hadn't thought about that use case but you're right, that would be powerful. Also it could help with ideas like Universal Basic Income and other 'air drop' like scenarios where you need to guarantee that each participant is one person and not subjected to Sybil attacks. If you can get the error rate down to <1% then I would say that is a massive departure from what we have at the moment.