This idea that arose from a meeting at the Aspen Institute is apparently starting to take off. In this “birds of a feather” meeting, Lori Fena (Aspen Institute) says that the Accountable Net addresses problems like security and spam. The solution is to build accountability into the applications. E.g., an identity system and reputation system would let you know who’s sending you a msg and what that person’s reputation is. With regard to security, if there were identity and reputation attached to a packet, you could decide which packets to trust. [Ack! Scary!] It has to come with transparency and user choice as well. Communities can make their own rules. (The other forum leader, Tara Lemmey (Markle Foundation) talks about a federal security project.)

Government agencies don’t trust other government agencies, someone says. The CIA wants to be sure that the data it shares with another agency is treated with the same level of security.

Q: What does an “authenticated user” mean? It seems to imply that a user only has one identity. Digital certificates never took off because you couldn’t link them to other attributes of the person such as bank account.

A: (Jon Callas) There are identities, not identity. I have at least four as I sit here: the PGP employee, the home-owner, etc. Authenticated means authenticated to another agency.

A: (Tara) You have soft identifiers like name and social security number. You have hard identifiers like biometrics. You have your wake, which is all the place you’ve been. And you have your creative output. All of these are part of identity.

Q: How can this be kept ahead of the people who would develope evil tools (evil from a privacy point of view)?

[Lori cites John Walker’s Digital Imprimatur]

Q: (Me) Where can I find out more about this proposal that scares the daylights out of me? I don’t want to talk about it here because that’s not the point of this meeting.

A: There may be regional forums.

Someone in the group says that we’re moving to a decentralized system where everyone gets to make his own decision. [But what will happen in a world in which large interests can make demands of us?]

Q: (Keith Teare) We’re moving into an assumption of distrust. We shouldn’t. I prefer to assume good and deal with evil rather than building big systems to prevent evil.

A: (John Patrick) Maybe working with academia would be a good way to bridge the theoretical and the practical. Maybe we should break it down into bite-sized prototypes.

Lori: Almost a research agenda that breaks it down into the key ideas.

Tara: We are already building an alpha for the national security components.

John Patrick: Authentication would be a real good place to start.

Elliot Noss (Tucows) says we could focus on the large mail server folks and get a win there.

Jon Callas: SPF [Sender Policy Framework] is an accountability system because it says that if mail came from this set of servers, it’s from me, and if it didn’t it’s not.

Someone: Accountable for what? What are you doing to define that? Are you putting together a priority list of what are the behaviors that our society is defining as unacceptable on the Net?

Lori: It’s accountable to one another within groups and applications. We don’t want to be the central authority. We want to move our principles for rule-making and enforcement; we don’t want to say that you should make the following rules.

Someone: In a perfect world, we’d all have perfect authentication, identity, etc. [Not in my perfect world.] Can’t be done centrally. It should be driven to the edges.

Bob: The free market won’t do this. Databases didn’t talk with one another until the federal government said it wouldn’t buy your DB unless it supported the spec. [More terrifying. It should be decentralized but accomplished through government intervention?]

Michael Miller: What about in societies where you can’t express yourself?

Lori: Maybe we should have checklists for people designing applications. E.g., “Have you thought about how your product can maintain anonymity in societies where there isn’t free speech?”

Tara: Many of these systems are being designed for or by the government. They will be influential.

[I remain nervous about this initiative. The intentions are good, of course; two of its leaders are former heads of the EFF, a great credential. Esther is enthusiastic about it. Damn fine reputation system. But I have deep doubts about how well its voluntary nature will be maintained. The large entities that are highly motivated to support it — government, corporations — will require that we participate. We won’t be able to say no without walling ourselves off from much of the Net. Social networks, not social fences! On the other hand, this meeting assumed we already know what the Accountable Net is, which I don’t. I can’t even tell if it’s a lobbying effort or an attempt to come up with standards/protocols. So I am, once again, speaking out my ass. I am undoubtedly wrong about it and look forward to understanding it.]

Whitepaper

Categories: Uncategorized dw