< Day Day Up > |
Today's Internet consists mostly of computers, web sites, and email systems. Tomorrow's Net will be crammed full of devices from cell phones to toasters, all of them with the ability to share information about you. The possibilities are both extremely cool and a little creepy. UCLA computer scientist Len Kleinrock sees a future where Net-connected "smart spaces" can instantly identify you, using RFID chips in the walls, floors, and even under your skin. "When you walk into a room, the room will know you walked into it," says Kleinrock, whose seminal research on computer networks provided the theoretical basis for the Internet. "It will call up your profile and know your privileges and preferences. You'll be able to ask the room questions, and it will display the answers on a screen or as a holograph." That's the cool part. The creepy part is when the room tries to sell you a time-share, pulls up your outstanding warrants and calls the cops, or simply records everything you say and do there. So researchers are working on schemes to minimize the flow of personal data across the Net. At the Internet2's Shibboleth Project, computer scientists have created Internet middleware that negotiates transactions between individuals and web sites using the bare minimum of data needed. So if you want to access a school's online library, its web site could use Shibboleth to verify that you're a student without needing to know your name or address. If you're applying for a loan, your bank could find out your identity and your credit score, but not what school you attended or the name of your employer. "It's based on the usual way we exchange information with strangers," says Ken Klingenstein, director of Internet2's Middleware Initiative. "Say we're on the phone and you tell me that you're an albino hermaphrodite. I might say, 'hey, I'm an albino hermaphrodite too.' When you reveal some information, I'm inclined to reveal more. It's called 'progressive disclosure.' We're trying to find ways to do that electronically."
So far, Shibboleth has been employed largely by universities. For example, students at Penn State use it to log onto the school-supplied Napster music service. The system verifies that users are enrolled and eligible to use the service, but doesn't identify them by name. Klingenstein admits a huge amount of work still needs to be done before systems like Shibboleth become a standard way to negotiate online transactions. A big chunk of that work will be convincing corporations and government agencies that hoarding information can hurt them in the long run. "The best way for companies to reduce their liability for privacy exposures is to avoid collecting the information in the first place," he says. "They don't necessarily need to know who you are, they just need to know that you have an attribute that's relevant to the service they're offering." Peter Wayner, programmer and author of Translucent Databases (Flyzone Press), has proposed another way web sites could confirm your identity, but without storing information about you that could be sold to marketers, stolen by hackers, or confiscated by the FBI. Wayner's solution is to build databases using a Secure Hash Algorithm, a one-way encryption scheme that turns information like your name or email address into a randomly generated string of characters. Unlike some encryption schemes, with SHA there's no way to go back and figure out what information was encrypted. When you log in to your Amazon account, an SHA converts that information into the same character string each time; Amazon knows you're the same customer, but they can't unscramble the string to get at your name and neither can anyone who hacks into Amazon's database. The site can then use your encrypted identity to customize the web site to your liking, send you email offers, or unlock your credit card and shipping information when you purchase something. Wayner claims the same technology can be used to secure databases for libraries, travel agencies, gambling sites, stock exchanges virtually any place private transactions are at a premium. Today, however, translucent databases are largely used to secure password files, though Wayner says he knows of one company that uses it to protect its mailing lists from being stolen by clients.
|
< Day Day Up > |