Saturday, January 01, 2011

Why the United States Postal Service should manage our primary digital identity

For a non-expert, I do a fair bit of ruminating about the relationships between identities, credentials, and avatars/facets. Today a bug related to Google's (covert) Identity Integration initiatives, a recent flurry of stories on the endtimes of password based security, and the earth's orbit have got me chewing again.

I'll deal with the earth's orbit by making my solitary 2011 tech prediction. 2011 will be the year of two factor authentication and the gradual realization that management of digital identities is too important to be left to Google, Amazon and especially Citicorp, Facebook, and AT&T/Verizon.

So if we can't rely on Google (or Facebook) or Citicorp to manage our digital identity, including claim resolution and identity control, who can we rely on? What are the other alternatives, assuming that almost none of us will run an identity service out of our homes?

Obviously, government is an option. The (US) Federal government, for example, makes a robust claim on my identity. That claim, however, is so robust I would prefer to separate my obligatory IRS identities from all other identity related services. In any event direct US government identity management is a political non-starter. The right wing will start ranting about beastly numbers and rationalists will fret about the day Bush/Cheney II takes power.

That leaves business entities with strong governmental relationships, extensive regulation, and a pre-existing legal framework support that could be extended to support identity management.

An entity like, for example, the United States Postal Service (USPS).

You laugh. Ok, but consider the advantages:

  1. The USPS has been in the business of managing confidential transactions for centuries.
  2. There are post offices in every community that could support the person-present aspects of identity claims.
  3. It's a regulated quasi-governmental agency that already exists.
  4. The USPS manages passports
  5. Much of the legal framework used to manage mail and address information could be extended to manage digital identities.
  6. The USPS is dying and is desperate for a new mission.

I admit, it sounds crazy.

Except ... I'm far from the first person to think of this. It was proposed by (cough, choke, gag) Michael Chertoff ...

... former Department of Homeland Security Secretary Michael Chertoff ... mused that the USPS was ideally situated to take part in the evolution of the government’s role in validating identity. He points out that the Post office is already the primary issuer of passports – an extremely important piece of personal identity. In the speech he expands on that model as follows: “one of the things I hope to see is, as the Post Office re-engineers itself over the next, you know, few years, they increasingly look at whether they can be in the business of servicing identity management. They can – because every town has a post office.”....  DHS: Remarks by Homeland Security Secretary Michael Chertoff at University of Southern California National Center for Risk and Economic Analysis of Terrorism Events

I can't believe I find myself agreeing with Chertoff, but there you go. What a way to start 2011.

See also (Gordon's notes unless otherwise noted);

[1] Incidentally, now that my Google Apps users have Blogger privileges, and since Blogger is supposedly an OpenID provider, I'm thinking of implementing this using Blogger/Google Apps/

Update 1/8/11: A few days after I wrote this news emerged of a federal identity and certificate management initiative. Maybe I'm psychic.

No comments: