Skip to content →

Author: cgerrish

Unemployed philosopher

Shared Secrets: You Bet Your Life

Published August 10, 2008 by cgerrish

Groucho Marx: You Bet Your Life

Randall Stross lets the cat out of the bag in today’s Digital Domain column in the NY Times. The internet’s identity infrastructure is based on the use of passwords– and passwords are broken. And OpenID doesn’t solve the problem because the problem of passwords isn’t solved, rather it is extended. The single sign-on that OpenID enables creates a single point of failure for the defense of personal identity. Are you willing to bet your life on a single shared secret?

Most of the current internet identity work has been done on low value information. The question is will the infrastructure we’re building extend to supporting high value information? At what point will medical, legal and financial information be part of the larger identity ecosystem? Do we really want a single, unified persistent internet identity, or will a two or three tiered system of identity and authentication be created:

  • Low value: quasi-anonymous information
  • Medium value: blogs, social media, sharable
  • High value: medical, financial, legal

What’s the right number of internet identities? Robert W. Anderson suggests that I need an OpenID for each health provider, for exclusive use with that provider. By using different uncorrelated username/password combinations across high value information/transaction accounts I can create the strongest possible position within the shared secret authentication ecosystem. Microsoft’s HealthVault will be accepting OpenIDs as a Relying Party from high trust Identity Providers Verisign and TrustBearer. But even as we start to venture into the area of medical information, we haven’t left the shared secret behind.

Authentication artifacts or factors are generally described as:

  • Something you know (shared secret)
  • Something you have (security token)
  • Something you are or do (biometrics)
  • Location (not in two places at once)
  • Time (limited allowable hours)

A new factor is emerging based on social networks– a lot of low-value validated social connections could add up to a very strong authentication factor. The relationship card is a similar idea that establishes the value of an identity by the relationships bound to it. Clearly there’s a tie in to Vendor Relationship Management here.

Multi-factor authentication will require more than a shared secret; the real question here is about the human factors. What do we know about human behavior and passwords? Here are the top ten passwords:

  1. password
  2. 123456
  3. qwerty
  4. abc123
  5. letmein
  6. monkey
  7. myspace1
  8. password1
  9. blink182
  10. (your first name)

I’m somewhat surprised that “swordfish” didn’t make the list. Passwords and the shared secret authentication ceremony are a high friction point for users of the Network. The easier it is for me to remember and use my password, in most cases, the less secure it is. Even though it’s possible with most authentication systems to create a highly secure password, if I can’t remember it, I can’t use it. We’re in the early stages of imagining and building new identity architectures. Information Cards have potential to move beyond the current ceremony while building on a the wallet and card metaphor– but adoption seems to reside on the other side of the event horizon.

Ultimately internet identity and authentication ceremonies will be a social, cultural and political challenge. Systems can be built and standards can be established, but getting humans to use them is another matter all together. Evangelizing new identity ceremonies will be as simple and complex as answering the question: what’s in it for me? The Internet Identity movement needs to start taking a hard look at the human factors of these new systems. Richard Thaler offers this mnemonic device to recall the most important six principles:

  • iNcentives
  • Understanding Mappings
  • Defaults
  • Give feedback
  • Expect Error
  • Structure complex choices

The concept of Choice Architecture and the Nudge could play a large role in the success or failure of these systems. In the end, it will be humans who will either find value in these new identity architectures, or will, with a shrug of their shoulders, ask the community to please try again.

One Comment

Infinity + Infinity = Infinity

Published August 8, 2008 by cgerrish

Meet the Beatles

I think the first album I ever bought as a kid was “Meet the Beatles.” It was a hit record and was featured at the checkout stand at the large market where my family did our shopping. Over the years I collected all of their records.

Stack-o-matic record player

The record player in our house was an all-in-one job, it was before stereo components were common. My favorite feature was that you could stack record albums and as one would finish, the next would automatically drop down and start to play. I particularly liked stacking ‘Rubber Soul,’ ‘Revolver‘ and ‘Sgt. Pepper.’ The spindle’s stacking limit was five records.

Much later I had a fondness for the mix tape. My music library had expanded by that time. The 90 minute tape allowed 45 minutes of music per side. Putting together a good mix tape was a badge of honor. Getting the perfect songs and sequence, and then making everything fit perfectly required a lot of effort — adding up song durations, pulling songs from multiple albums, starting and stopping the tape to create the perfect flow.

If we skip ahead to the present day, we have the playlist — a drag and drop affair. My iPod has a couple of playlists with well over 100 songs. Generally I use them for background music for dinner parties.

The digital removes all boundaries, the records can now be stacked all the way to the sky. We can collect so much more digital media than we can consume. In an era of human proportions, we could say a person’s eyes were bigger than their stomach. Now our our eyes can scan through thousands of pointers to digital files containing all kinds of media. Since we can’t actually experience it, we consume it through an abstraction layer only through our eyes.

Hugh McCloud once said, “Human attention doesn’t scale.” How do we bring human proportions to the limitlessness of the digital? What is the moral and mortal force that moderates the infinite?

5 Comments

Live Web’s Point of Contact: The 5th Guy in the Room

Published August 7, 2008 by cgerrish

Walter Benjamin

There’s a sense in which the digital is a copy at its origin. It has no uniqueness, no originality. The difference between the first copy and subsequent copies is just a time stamp in the file system.

In 1936, Walter Benjamin was thinking about the digital before it existed:

That which withers in the age of mechanical reproduction is the ‘aura’ of the work of art. The technique of reproduction detaches the reproduced object from the domain of tradition and substitutes plurality of copies for a unique existence.

Walter Benjamin

The digital seems like a black hole, a format that is non-auratic at its core. While digital files can be very amusing, can they ever have the ‘aura’ and unique presence of the original work of art? As we look at the digital objects surrounding us, it seems as though we could be having one of Phillip K. Dick’s nightmares.

Layering the digital on top of the digital, mashing up a new media venue reveals a real time moment that has an originality at the point of contact. Live radio broadcast over the real time web creates a moment of danger, imperfection and improvisation. I’m not talking about commercial radio stuffed down another channel, but the kind of stuff that is emerging from micro-communities within the social web. While these files can be consumed on a digital delay, at the present moment of their creation they show every sign of having an ‘aura.’ You can see it happen sometimes with live music, and in rare cases with comedy. The whole is greater than the sum of its parts. It’s a kind of spark or electricity that happens when you can actually hear people listening to each other. The members of the Firesign Theater are eloquent on this point:

“There was no leader,” Bergman says. “Everything was communally written, and if one person didn’t agree about something, no matter how strongly the other three felt about it, it didn’t go in.” This principle was to hold true with each subsequent Firesign effort because, as Bergman explains, “If one of us doesn’t get it then something’s wrong. But if we get it, then it doesn’t matter who else does.” All the Firesigns agree, however, that a mysterious synergy took place whenever the four of them got together. “It’s like, suddenly there is this fifth guy that actually does the writing,” Austin says. “We all vaguely sort of know him, and a lot of the time take credit for him.”

Phil Austin

The real time web has the potential to offer redemption to the digital, the return of the detached aura in that moment of creation. While the digital has proven itself as a bread winner, it’s only just now learning how to dance.

2 Comments

Bing Crosby created the Economy of the Simulacra

Published August 3, 2008 by cgerrish

Bing Crosby with Ampex Tape Recorder

The story of Bing Crosby’s role in creating the technology and business of the broadcasting of recorded performances is fascinating. Steve Schoenherr has written about it here:

He used his power to innovate new methods of reproducing himself. In 1946 he wanted to shift from live performance to recorded transcriptions for his weekly radio show on NBC sponsored by Kraft. But NBC refused to allow recorded radio programs (except for advertisements). The live production of radio shows was a deeply-established tradition reinforced by the ASCAP union. The new ABC network, formed out of the sale of the old NBC Blue network in 1943 to Edward Noble, the “Lifesaver King,” was willing to break the tradition. It would pay Crosby $30,000 per week to produce a recorded show every Wednesday sponsored by Philco. He would also get $40,000 from 400 independent stations for the rights to broadcast the 60-minute show that was sent to them every Monday on three 16-inch aluminum discs that played 10 minutes per side at 33-1/3 rpm. Crosby wanted to change to recorded production for several reasons. The legend that has been most often told is that it would give him more time for his golf game. And he did record his first Philco program in August 1947 so he could enter the Jasper National Park Invitational Gold Torunament in September when the new radio season was to start. But golf was not the most important reason. Crosby was always an early riser and hard worker. He sought better quality through recording, not more spare time. He could eliminate mistakes and control the timing of performances. Because his own Bing Crosby Enterprises produced the show, he could purchase the latest and best sound equipment and arrange the microphones his way (mic placement had long been a hotly-debated issue in every recording studio since the beginning of the electrical era). No longer would he have to wear the hated toupee on his head previously required by CBS and NBC for his live audience shows (Bing preferred a hat). He could also record short promotions for his latest investment, the world’s first frozen orange juice to be sold under the brand name Minute Maid. 

Recording tape was extended to the general consumer through the cassette tape. That era seems to have come to an end as even the Books on Tape folks have abandoned the format. The technology that Bing Crosby pioneered is fading now, but the economic ecosystem he envisioned is still going strong.

One Comment