Search This Blog

Wednesday 28 September 2011

Identity Is Dynamic, Not Static. Proof: Momentary.

On Tuesday we had a very revealing discussion on whether "banks and/or mobile operators should provide the identity infrastructure" at the CSFI's Sixth roundtable in the series on Identity and Financial Services.

Of course we began by discussing what identity actually is - not something that can be isolated or assumed, as was also apparent from the Fifth roundtable.

In this discussion, it was very clear that a bank or telco views identity as a static collection of data about an individual that can be stored or held, with varying degrees of subject access and control. In this entrenched view of the world, institutions - like banks and telcos - can compete for the privilege of 'holding' your identity and enabling you to prove who you are. In essence, those institutions are in control of your identity.

So what's stopping them providing an all-purpose identity infrastructure today?

The fact that identity is not a static concept. It's dynamic, contextual, and defined more by your various sets of activities or behaviours - "routes and routines", as Tony Fish put it - than by a picture, address and date of birth. That collection of behaviours and the data they generate are what makes us unique. Further, Dean Bubley made the point that we over-estimate the degree to which telcos (and banks), actually 'know' their customers in the sense of understanding their customers' end-to-end activities. And we over-estimate these institutions' technological ability to enable their customers to prove their identity at all, let alone conveniently in scenario's of their choosing.

A Finnish delegate also made the point that Finnish banks offer identity services, based on a government database, but make very little money out of them. Which suggests the services are not very useful or compelling.

In any event, static data repositories are vulnerable to attack; and the services that rely on them are apt to be 'gamed' by simply replicating the data held - as in the case of skimming card data or fabricating identity documents to gain control of a bank account. The fact that the individual consumer is ultimately compensated and therefore not 'harmed' in a direct financial sense is beside the point. We all pay for such inefficiencies in the form of higher interest rates, fees and retail prices.

So there are two key problems to be solved. As consumers, we need to be able to simply, conveniently and efficiently prove our identities in the course of any day-to-day activities.  And as a community, we need the source of that proof to be less vulnerable to being hacked or guessed, and to contain its cost.

Given those key problems, the solution cannot possibly comprise an "identity infrastructure" or 'service' that relies on a single, static set of data that is 'held' by some institution. Rather, the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by our own activity, on the fly, which is then useless and can be safely discarded.


Image from Young Lee.

Thursday 22 September 2011

Old Newzbinned

I see that Lexology carries a note on the decision in Motion Picture Association v BT [2011] EWHC 1981 (Ch) in July, ordering BT to block access to a revived "Newzbin2" web site that was enabling a large scale copyright infringement in films after an earlier site had been successfully restrained. 

The problem with services that post material on a delayed basis is that time-pressured senior lawyers can get over-excited about the 'latest' case, and miss all the discussion that occurred when it first hit the traditional and social media, none of which is summarised in the note. That's especially problematic in this particular context, given the vast lobbying effort by the 'majors' to gloss over some critical issues associated with alleged mass copyright infringement.

Specifically, the injunction was granted under section 97A of the Copyright, Designs and Patents Act 1988, which enacts the Information Society Directive (2001/29/EC) giving the High Court "power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright." 

The case shows that rightsholders have long had adequate protection for mass infringement, and underscores the waste and futility involved in passing the Digital Economy Act during the infamous Parliamentary 'wash-up' of 2010. The core provisions and site-blocking generally have been found by Ofcom to be unworkable; and the Liberal Democrats have joined the calls for the DEA to be largely repealed.

More productive efforts are focused on modernising our intellectual property rights, and it would be good to see more articles on that. 





Sunday 4 September 2011

Are 'Soaring' Mortgage Arrangement Fees Excessive?

Moneyfacts July 2007 warning
In a re-run of 2007, this time amidst persistent low interest rates, MoneySavingExpert has reported huge increases in mortgage arrangement fees. In 2007, the suggestion was that the high fees masked artificial reductions in headline interest rates. This year, the suggestion is that higher arrangement fees are being used to make up for low interest income:
"Typical mortgage rates are at a record low, and while this undoubtedly means reduced costs for consumers, lenders are partly offsetting that fall with a rise in costs to secure that deal."
Of course, that may be hard for lenders to justify in relation to regulated mortgages, on the basis of treating customers fairly, disclosure obligations or under the excessive fee provisions in the FSA's Mortgage Conduct of Business sourcebook (MCOB).

In particular:
"When determining whether a charge is excessive, a firm should consider:

(1) the amount of its charges for the services or products in question compared with charges for similar products or services on the market;

(2) the degree to which the charges are an abuse of the trust that the customer has placed in the firm; and

(3) the nature and extent of the disclosure of the charges to the customer."
But I'm sure each of the lenders has prepared some kind of explanation in case the FSA or the competition authorities inquire...