Identity - Security - Privacy

Perhaps we are not fully conscious of the transformation that has taken place from a very physical world where our interactions were direct and tactile. Speaking, catching the train to visit friends, sending a letter through the post and so on.

Not very long ago, this started to change. Today, there is still only one physical implementation of me, but I have spawned hundreds of virtual replicas, avatars, aliases, proxies, whatever. Do I control these? No, absolutely not. Even my own government is sloppy in the extreme in protecting my virtual integrity. The Norwegian Parliament is in animated discussions about the Data Storage Directive. In fact, they are conducting entirely the wrong debate.

Whilst there is clearly a need to ensure that my privacy and integrity is protected, we do need countermeasures against cynical, asocial persons who exploit vulnerable children, build drug empires that are becoming bigger than the legal economy, and misguided fanatics who believe tearing innocent civilians to shreds brings salvation.

Some simple principles may help the debate. Since there is just one of me, I need to establish a biometric connection between me and my virtual alter ego; my cyber-me. If I can fully control and manage my cyber-me, then I can permit others to access it for agreed purposes. I can opt them in to my cyber world. My government will have certain rights, but since in a democratic society I am the Master and the government and civil service just that - servants, I can require them to conform to certain rules of the game.

If the way in which I allow my cyber-me to be used is called a context, then one such could be my tax affairs, another my dealings with the social services and so on. On another plane, I could permit Amazon, eBay, Facebook or others to access my cyber-me in an agreed fashion.

Many-to-many relationships are doomed to über-complexity and potential failure. One-to-many is a good start. Since there is just one of each of us, perhaps that is the best point of departure. So, in order to build a sound identity infrastructure, say in Norway, let us start by creating an unbreakable bond between me and my cyber-me - a biometric bond. After that we can start having some fun with organisational and technical architecture!