Recognition is seen by many as the future of authentication. Are we finally there?
The recent launch of the Facebook Moments application and a look into the sophisticated facial recognition technology deployed to enable it, brought to mind three separate topics and conversations:
A comment by a friend who manages a population scale identity program that "... identity, when it comes to digital service delivery, is a problem you have to solve only once—everything that follows is a matching problem"
A note from another friend who is a really deep thinker on these topics that "... trusted intermediaries are needed for initial registration, but they are not needed (or to be desired) for subsequent transactions"
Gartner's Maverick research on "The Death of Authentication" (Paywall), by Bob Blakley from 2011 when he was at Gartner, about how "... authentication will disappear over time and be replaced by recognition technologies"
All three of the perspectives above, in one way or the other, speak to the the need for authentication simply as a means of trusted introduction, and having little to no utility in subsequent interactions between the two parties.
In the current state of the art, the "matching problem" is handled using attributes and identity resolution techniques. But is that the only, or even the best, way to do that?
The data that Facebook has released about its research indicates that it "... can recognize faces with a 98% accuracy, and it can do so quickly—the company says it can identify you in one picture out of 800 million in less than 5 seconds".
What I find fascinating about that particular number (98% accuracy) is that, it is as good or better than the identity resolution study results that were conducted by NASPO.
And that opens up some really interesting avenues for innovation and implementation. However, if not done with a clear focus for the dignity of an individual, it is also a path fraught with some serious privacy consequences.
A widening breach
Lots of ink about the scope of the OPM data breach. As someone who is directly affected, I am not all that happy about this.
Brian Krebs, as usual, has one of the best analysis on the topic.
Are you worried about identity theft? Credit monitoring services ring the alarm bell after the fact. If you want to be proactive about protecting your identity - embrace the security freeze!
cyberforge: random and relevant
The paper "Toward Mending Two Nation-Scale Brokered Identification Systems (PDF)" analyzes the privacy aspects of the U.S. FCCX/Connect.gov and the GOV.UK Verify broker infrastructures. GOV.UK Verify review and response
New Zealand has set up a Privacy Good Research fund to applicants intending to undertake privacy-relevant research projects
Let's Encrypt, the first free and automated certificate authority, will launch to the public in September of this year.
Canada's Senate Committee on Banking, Trade and Commerce has just concluded its review on digital currency and released its final report.