Every year, I’m getting an invitation to an automotive-related conference organized by VDI, the main engineering organization in Germany. It’s written in English; well, it is written in something that probably wants to be English, but every year, its English is so bad that one immediately think that it must be a parody. Sadly, it is not. I simply can’t resist quoting the following highlights (quoting verbatim, and all spelling errors appear in the original):

• A member of the state legislature will speak on the subject of "Fright traffic and passanger services between different interests". I knew they were trafficking in all sorts of things, but not that they get scarier all the time. In particular now that those interests are involved…
• On the subject of visiting a Mercedes plant, the brochure recommends: "Please register for the visitation in the registration from attached." I assume it will be court-supervised while you are tied to the plant.
• And "As you would like to arrive individual, we will send you a route discreption with your documents." I’d rather not get that discreption while I’m in the process of liking my arriving individual.

Amazingly, it’s on the same level every year, and this is not a high school club, but an important conference held by the largest engineering organization in a G7 country in which it is virtually impossible to go through the school system without having to take a few years of English. Even the Word spell checker would catch most of those (I tried), and the English version does come with the German version of Word…

… is on Flickr here. Rafe Needleman, our moderator would be here.

I’m sitting in the audience on this day 2 of PC Forum. Lots of people are blogging it, so I’m only blogging what I find remarkable.

Yesterday, we heard from Andrew Stern, the president of the the Service Employees International Union, who is most certainly an unusual speaker for a capitalist conference such as PC Forum. But it was highly interesting, because it was an incredible re-interpretation of what "union" means. If unions have a future in this 21st century, Andrew Stern is the guy to watch.

This morning, Jeff Hawkins was talking about his work on understanding the brain. What he says makes a lot of sense to me: the brain is a big memory system, not a computer, and it matches and predicts. I did not know that the brain is actually organized hierarchically on a neural level. But what I wonder about most is how the brain research establishment take it that an entrepreneur of Palms, of all things, essentially takes over and revolutionizes the field.

It’s amazing how different, in presentation skills, the entrepreneurs are who are pitching their companies. As are the seasoned executives on the various panels. The best speaker, in rhetoric terms, so far is clearly Andrew Stern (not counting Esther herself who is moderating rather than speaking, mostly).

[There may be better names, but I can't think of any right now.]

If we assume for a second that a digital identity comprises, at the least:

• An identifier for the subject (eg my driver’s license number)
• A set of assertions (or claims) about the subject (eg my name, address and photo)

then there are two ways of implementing this:

• one can come up with a "package" for them, such as a file, or a card, that contains both the identifier and the assertions, which means that all information is sent around as a package. (Traditional driver’s licenses do that, where serial number and address and so forth are part of the same physical card)
• one can send only the identifier, and provide an on-line query capability to determine the assertions. (In such a scenario, I would memorize my driver’s license serial number, and, when asked by the cop, they would on-line query the DMV server somewhere for my address and photo using the serial number as the query etc.) [For non-Californians: the DMV is the government entity that issues driver's licenses around here.]

I have the distinct impression that many people talking about digital identity today implicitly assume it is the former and not the latter: everything gets packaged and sent around for processing when the processor is ready ("batch"), rather than providing information on demand ("on-line"). Note that I do not intend this as a criticism, just as an observation; making it explicit might help us all think through the issues more clearly.

Of course, LID is very much in the "on-line" camp.

Which is better? Of course that depends. For example, in an environment where on-line connectivity is not available, just having an identifier does nobody any good (analogy: the cop in the desert without mobile data services can’t check who I am). However, where on-line connectivity is available, the on-line alternative has many advantages, such as:

• The information obtained on-line is much more likely up-to-date (analogy: if I have moved since my driver’s license was issued, chances are much higher that the on-line information is up-to-date than that I have an up-to-date "batch" driver’s license. How many times have you been asked: "is this address on your license still correct?").
• Every on-line access can be logged, or can be subject to real-time approval. Imagine your driver’s license is stolen by somebody who looks similar to you. They can wreck lots of havoc with your life before you can stop them. Even after you have stopped them, you can’t even identify which havoc they wrecked because you don’t know what they used your driver’s license for. The on-line version can stop the digital identity’s misuse the minute you realize it has been stolen. And after the fact, you know exactly what it was used for by examining the log.
• All the information on the "batch" package can potentially be falsified, as soon as the mechanism for packaging it is cracked (the fake-your-passport of so many movies etc.). What isn’t there for anybody to falsify and crack can’t be cracked, and in the on-line version, nothing is there… In my view, things like driver’s licenses and signed digital messages being sent around are inherently simpler to falsify than the same information held on a server that can employ all the same techniques for protection, and also rely on physical access control etc.
• One can deploy the digital identity (well, the identifier part but that’s all that is needed to be deployed in the on-line case) before one needs to decide on the entirety of information that needs to be available to users of this digital identity. Or, one can make more information available to new classes of users that weren’t even foreseen at the time the digital identity was first issued. For example, if somebody decided that they needed to not only know my current address, but the three addresses before that, the on-line alternative can add those three addresses after the first use of the digital identity without impacting anybody. The batch alternative is far more complex in these cases as it would require the re-issue of a new driver’s license, for example. Which then would expose my past three addresses to everybody, even those 99% of people who do not need to and should not know. (This is why we support the return of different information to different people in LID.)

Of course there is nothing to prevent systems from implementing both at the same time. We do that, to an extent, in LID already with our VCard export. And I think that is what is happening in the real world:

In the past, the cops may have been satisfied when you showed your driver’s license, but today, they also do a query on you, on-line, to identify you as a mass murderer, say. Same with passports at the borders. Personally, I don’t know which one is trusted more: the "batch" information you present (e.g. your passport) or the "on-line" information (e.g. the INS database). But there is a trend towards on-line, just like it is anywhere.

The fact that you are in possession of the passport adds an element of security over just memorizing your passport serial number. But note that putting information such as address and name on it, when on-line connectivity is available, adds nothing. (Side note: I have a very hard time understanding those people who want to put all sorts of biometrics on identity cards. They assume a high-tech environment for reading it, but somehow don’t assume that basic internet connectivity is available in the same place)

Within LID, we tend to think on-line first, and serialize into something that can be batch-processed if needed. I like this philosophy …

According to InformationWeek’s print edition:

48% of American adults believe the benefits to patients and society of a digital patient-record system outweigh risks to privacy. However, nearly the same percentage — 47% — say privacy risks outweigh expected benefits.

These numbers come from a phone survey by Harris Interactive, and were quoted in testimony before the National Committee on Vital and Health Statistics of the US Department of Health and Human Services.

Further:

the survey also found that two-thirds of adults are worried that sensitive health information could leak out because of weak data security, that there could be more sharing of patients’ medical information without their knowledge, and that computerized records could increase rather than decrease medical errors.

I think this is one of the cases where the right technology — well, the right technology architecture — will make all the difference. Let’s hope we have people in charge who are smart enough to understand what will be a good architecture for this, and smart enough to be able to maneuver the political currents to get it into place…