MONDAY, JUNE 01, 2009
qik & sousveillance
Sousveillance is about us all ‘at the bottom’ observing what goes on around and above us in an intentional way. Missteps by those in power (censorship, abuse, illegal moves of other kinds) can be recorded and cataloged just as well as the illegal moves of those ‘below’ — us — can be recorded and cataloged by those in power.
Qik may be a tool that takes sousveillance where it really needs to go — live feed. It’s got some kind of Facebook app too that I haven’t explored yet. Camera phones can be confiscated — but if the video is streaming live, then you can imagine that security may become reticent even to take said phone away, as long as doing so is an illegal act (or an embarrassment for the org or polis they may represent).
This could hold feet to fire. This could be a real tool for The People to document grievances against their states. “Equiveillance” is the term, I think.
They’re watching, and we’re watching too.
Sphere: Related Content
POSTED BY WE AT 11:00 AM
Qik… so friendly, so cute. Will be a political force.
Working on a project now about making the 2.0 stuff work for libraries — advanced tools, qr code, smart xml schemes, social books, wanding w/ arphids. Trying to gather all the thoughts together, lay them down in one spot with some order. Will be making some notes to myself here and there.
There goes Vinay being brilliant again… and this time a little scary, too.
You should be reading The Gupta Option often.
“Technology becomes policy.”
I believe we have less than 10 years of legal anonymous free speech on the Internet. People confuse the “Wild West” style properties of a new frontier with fundamental aspects of the digital space and, as court houses and law get built on the Internet, much of the current wildness is inevitably going away.
However, correctly leveraging PKI and the ISA creates the possibility of preserving the politically critical support of free speech with a reasonable expectation of anonymity, except when criminal acts are being performed.
The benefit in this case is the convenience of single sign on across all Internet (and perhaps other) electronic services.
How is this to be achieved? Consider the OpenID standard, a distributed (or, more correctly, federated) ID system which hangs off the Domain Name System namespace. An OpenID identity provider gives out URLs, each one of which has a username and a password. The URL is given out to third parties as the “identity” and back-channel communication occurs between the third party and the OpenID provider to enable log in.
OpenID has about 10 million operational accounts and is being integrated into projects like Wikipedia. It is likely to succeed widely. If not, something else like it is going to take its place, in all probability. The email address has the same basic properties (of hanging off the DNS namespace) and has been used as a default ID namespace up to this point, with much the same properties Ð for most web sites, if I can read the email associated with Account X, then I am that person.
Hanging off the DNS namespace is an interesting thing, because it basically makes personal identities part of the DNS hierarchy. Part of the freedom people feel on the Internet is that, on the Internet, you are a “citizen” of the DNS Government Ð DNS creates the political unit of your email account provider or, if you operate your own domain, yourself. In the event of an investigation, queries follow the DNS chain of command: first WHOIS to identify the domain owner, then an enquiry to the domain owner about the conduct or identity of a given user.
This usually results in either a real name, or an IP address, which is then mapped back to service providers, then billing records, then an actual hard physical identity. Internet users typically feel rather violated by having their online actions tracked back to their physical location because it is a cross-namespace violation, rather like having a foreign nation state come and enforce its laws on you. These illusions have built up through common custom and the largely privileged academic communication which was the initial environment of the internet. That separateness is largely collapsing as the Internet becomes a part of the “real world” and the new privileged spaces are massively multi-player online roleplaying games like Warcraft, Second Life and Everquest.
Authentication for these systems is extremely problematic. Computer security is very ineffective for most home users, and falsely authorized emails generated by viruses, for example, are a common problem. Online banking security is constantly under attack from criminals compromising home computer security over unaccountable emails. This situation cannot go on indefinitely.
The solution is simple: a special, privileged class of Single Sign On Identity Providers who require an ISA-style blind contract before they will provide you single sign-on services. An identity with these groups is indicated by a cryptographic signature from the vendor attesting that they have a CheapID contract on file and will reveal it under a specified set of conditions, usually a court order in their native jurisdiction.
Ideally, this move would be coupled with a definitive upgrade in authentication. Pseudo-random number generators, when used for security applications like as the common SecureID tag are subject to man in the middle attacks, so probably we are going to wind up with an additional PKI level, perhaps small USB-type tokens. In any case it would be nice to indicate the level of authentication in the account so that third parties could judge for themselves how much trust they want to put into a log in from a particular SSO provider.
Upon display of proof that a given account has engaged in an activity which requires an identity to be revealed (i.e. presentation of a court order) the sign on service returns the original ISA-style blind contract, with associated CheapID Identity Card to the court to decrypt.
With sufficiently secure SSO services, including perhaps specially created government-backed SSO accounts along the lines of the Estonian system, it should be possible to do secure electronic voting over a variety of devices including cell phones. Challenges pertaining specifically to this project will be the subject of another paper. In essence, this discussion is about extending the reach of the Professional Witness to transactions at a remote site like your home, using the media of a cell phone or other computing device as the intermediary. This is non-trivial and may involve windows of revocation in which coercion can be reported, for instance.
There are no difficult technical challenges specifically related to the ISA aspects of this system.
Heavy D sends:
Using image-matching algorithms the researchers have found a way to adorn the real world with digital content.
The technology has already been used to create a guide of Edinburgh that allows people to find virtual artworks placed around the city using their mobile.
Another related project uses the technology to automatically update a person’s blog with their location.
“It’s about using a camera phone as a magic wand,” said Dr Mark Wright of the Division of Informatics at the University of Edinburgh who came up with the idea.
At the heart of Spellbinder, as the project is known, is a database of all the places that participants have added data to. People query it by taking a snap of a location with their phone then using multimedia text messages to send it to Spellbinder.
Well hell, this isn’t taking long at all, is it?