Impact of the Internet on our Identity and how Block Chain can help us get it back (Part 1):

One of the generation divides between the retiring population and the population that is entering their prime is the concept of privacy and our expectations of how privacy is handled in the internet age. As a millennial I had pretty early exposure to computers and growing with technology, but when I was younger the devices were simplistic and weren’t connected to each other. I had a PC before the internet started becoming a thing and slowly started getting more access to it as the price of it lowered.

To express myself I gradually forfeited more and more of my personal self to the internet without really a second thought through sites like Facebook and Myspace. As I developed professionally in the tech field I realized how much of myself I was giving to the internet of things.

Google has a pretty good idea where I’m going, what I’m thinking and how much I have to get where I’m going, probably before I do. I’m aware of it, slightly bothered by it, but I move on. The only way I can be 100% certain of what I can keep to myself is something that isn’t passed outside of my thoughts

My parents hold their privacy to a much higher part of the self identity. I remember going through the process of getting a home loan with them while I was growing up. I wasn’t involved with the details of everything, but I remember their comments about how intruded upon they felt and how exposed they felt to secure the loan. Even now after I had went through the process of it in the last couple of years on my own, they commented about asking how I felt about the whole process and if I felt a loss of myself to the system for that.

I didn’t really feel violated, but I did lay every thing out on the table to prove my reliability in being able to make my payments. I don’t doubt that my desensitization from the peak of my childhood/young adulthood that lessened the impact of the process.

Comparing these two mentalities and thinking through what privacy means to me I have big opinions on what acceptable use of my privacy and what is abuse of my privacy. The trend of data and ourselves is a losing battle as companies want more and more of our behaviors and use patterns of their specific interests. As more companies adopt this mindset, I don’t know that we will know ourselves as well as the conglomerate of internet companies.

As a race are in the middle of an identity change. Are we a species of individuals or are we now simply a cog in a new type of mental ecosystem. To an extent there are examples of arguing either way, but as automation and intelligent computing continues we are trending towards losing that individuality.

As we move forward it will be hard to protect ourselves from this kind of divulgence of information.  It is almost impossible for us to prevent companies from taking information from us because they provide the platforms that enable us to interact with the things we want or need to.  To get ahead A.I.s are predicting what we need before we need them.

This rate of technology is advancing much faster than we as humans are willing to change.  The ethics of what is happening is still being figured out, but in the meantime, it is a buffet of data that is getting passed to any observant eyes.  

We take the control of our data back where we can.

Block Chain and Personal Privacy:

In the current culture of the internet and content providers, the use of Personally Identifiable Information (PII) is easily abused because of the ease of transfer, ability to be copied, and can be securely[1] stored.   Content providers, healthcare professionals, and the government all lazily protects this information for the people it serves once an actor agrees with the following enforcement principals: Enforcement of Validity (2) and Enforcement of Separation of Duty (2). 

The mentality that once an entity evaluates the integrity and background of its actors of interaction there is an assumption of Trust.  This establishes the Enforcement of Validity (2) and naively maintains that as long as an entity can guarantee that all actors maintains this level of Trust, Risk can be eliminated.  By establishing a base metric of Trust passing an artifact between actors, with equivalent baselines, allows for a network to be established and maintain a Secure System.  So long as an artifact stays within the rules defining the Enforcement of Separation of Duty, that there is little to no Risk of violations or risk of to be committed in a Secure System by un-trusted actors. 

While great lengths have been made by agencies to maintain the integrity of PII and ensuring that the use of it maintains low risk, the core facets of a system measured by its ability to maintain Reliability, Availability, Maintainability, and Redundancy (3) can be violated when evaluating current implementations of PII as a system(4).  For the context of this post, PII will be thought of as a Secure System. 

An application of the Block Chain can serve as a Trusted System of Personally Identifiable Information, can establish a framework that minimizes risk and adds Reliability, Availability, and Maintainability to a system with its current implementation that cannot do so.

Here is what that application could look like:

The framwork enables the system to establish a Secure System for Personally Identifiable Information (PII).  There are three interactive roles for the system.

• Actors
• Requestors
• Source of Identity[JM1] 
• Transaction definitions are handled via contracts.

An actor is the lowest privileged of all the users that represents an individual or taxable identity.  This type of user can be used to login throughout the network against sites defined as requestors or request transactions between other actors or requestors.

Requestors have no login privileges.  Requestors can ask for validation against actors and/or requestors to verify their identities.  Requestors can only see information that they have contracted between the privacy application and the requestee.  Requestors must also establish a contract between the Source of Identity they are choosing to use.

Source of Identities(SOI) are the entities that are the true rule of authority.  These entities define what/who PII are and can define their own identifiers.  An example of these entities would be Governments.  New sources are needed but not yet defined.  This type of entity is useful for private networks or to gate access to certain parts of the digital world.  Source of Identities must maintain their contracts between them and the requestors.

Contracts set the rules between the communications.  At a basic level all requestors can use an alias of the privacy application as a method of authentication, but the Requestor cannot get any additional information for the Actor it is serving.  Contracts between requestors that need to use information from a Source of Identity

Requestors can ask for authentication requests between users and if they need to check details about a user, the Source of Identity must have already given them permission to be able to view that information as well as having an agreement between the user and the requestor.  If any link is broken a request is automatically denied.

When a requestor is created, they may choose a Source of Identity, doing so will give the Requestor and the Source of Identity to negotiate what information the Requestor will be able to see about a User or another Requestor.

The goals of this system is to:

Authentication and Verification:

•  Authenticate actors to actors or actors to requestors while never passing PII
• Be the Authority of validation to prove identity.
• Creation of unique links between actors and actors or actors and requestors.
• Ensure that enforcement of validity is maintained in the system between actors and/or requestors at all times
• Allow explicit control of actor’s permission of their information between other actors or requestors.

Communication:

• Allow for validation of information without passing identity revealing information
• Maintain channels of communication over insecure mediums
• Ensure transparency of the system and maintaining individual privacy
• State transitions of the system only act in consensus

Storage:

• Ledger of interactions between entities.
• Eliminate the need of PII to be stored externally on system (either the privacy application or by Sources of Identity). 
• Limit the ability of requestors to store PII.

Recoverability:

• Recover from PII breaches.
• Delete aliases between actors and requestors.

Redundancy:

• No single point of failure.  Distributed processing and storage.

1. Jøsang, Audun and Lo Presti, Stephane. Analysing the Relationship between Risk and Trust. Trust Management. Berlin, Heidelberg : Springer Berlin Heidelberg, 2004, pp. 135--145.

2. A Comparison of Commercial and Military Computer Security Policies. Clark, D. D and Wilson, D. R. s.l. : IEEE, 1987. 1987 IEEE Symposium on Security and Privacy. pp. 184-194.

3. Jackson, Yvonne, et al. The new Department of Defense (DoD) guide for achieving and assessing RAM. Reliability and Maintainability Symposium, 2005. Proceedings. Annual. s.l. : IEEE, 2005, pp. 1--7.

4. Corresponding Security Level with the Risk Factors of Personally Identifiable Information through the Analytic Hierarchy Process. Lin, Iuon-Chang, Lin, Yung-Wang and Wu, Yu-Syuan. 10.1770, s.l. : Journal of Computers, 2016, Vol. 11.