W3C home > Mailing lists > Public > www-tag@w3.org > November 2006

Reconciling Society's Concern's for Privacy with the imperative of Authentication: The Costume Party Model

From: Shiva <shiva.madras@gmail.com>
Date: Wed, 15 Nov 2006 19:35:10 +0530
Message-ID: <626a25740611150605r29473b7bo6389ed564e38511@mail.gmail.com>
To: www-tag@w3.org
Cc: timbl@w3.org, "Thomas Roessler" <tlr@w3.org>, "Daniel Weitzner" <djweitzner@w3.org>, steve@w3.org
 Reconciling Society's Concern's for Privacy with the imperative of
Authentication: The Costume Party Model

This part of the paper deals with the issue of reconciling Privacy
considerations with a need for authentication. To propose a solution the
Costume Party model is examined:

What happens in a costume party ? People take part in costume parties to be
there free and uninhibitted, unnoticed, for whatever reason.

Even in a perfectly anonymous costume party, shut out from law and order
agencies, free of all rules.... there are some UNDERLYING SAFEGUARDS AND
RULES.

1. As the hostess of a costume party Jane from SmallTown is not in a
position to match each of the costumed guest with the real people she had
INVITED, but she knows who she had invited. She knows that everyone present,
beneath their masks is legitimate. If there are 100 costumed guests, all 100
costumed guests were pre-approved by Jane at some point in the past, she
knew them all, so invited all those whom she knew or those whom she knew
knew to the costume party.

2. The real people changed into their costumes at the parlour at Jane's
Doorway. The trusted parlour maid attended to the guests, she knows that
Cynthia went into the changing room and came out costumed as an white
rabbit. Like wise she knows what costumes each of the guests took up.
Parlour is isolated from Jane's house and the parlour maid is not part of
the costume party. Guests know that the Parlour maid wouldn't come to the
party to interfere in their anonymous adventures.

3. No guest present will know the real identifies of the other guests unless
they mutually chose to disclose their identities to each other. This is a
rule that is always honoured in all of Jane's costume parties.

4. If someone had spilt wine on the table by accident Jane barely noticed
it. If someone deliberately broke a wine bottle and splashed wine on the
carpet Jane gently warned them in-costume. If any one of the costumed guest
behaved in a manner that was not even tolerated in a costume party, Jane
sent that person out, in-costme. No costumed guest is unmasked, almost
never, ALMOST, unless it is noticed that one of the guests, say, the White
Rabbit was wearing a concealed weapon and that the person's movements were
perceptibly malicious.... Then Jane calls the parlour maid and finds out
that the white rabbit is sylvia.....Her Security staff makes some further
enquiries on Sylvia and discover a criminal background and suddenly Jane is
alert and the White Rabbit is turned over to the police.

This RARE EXCEPTION of a call to the parlour maid is understood by all
costumed guests who are otherwise secure that Jane would never unmask a
person unless the person becomes a dangereous threat or has committed a
dangerous act. All guests endorse this exception which is essential for
their security.
*

On the internet:
*

1. Gateway Master Authentication: A CENTRAL gateway level authentication
storehouse where a person authenticates with his real identiry on entry, and
on authentication he or she gets connected to the internet. This gateway
authentication is a process to permit / deny internet access for the
session. The only way to get on the internet is at this gateway. The
internet infrastructure is so modified of all side doors. If Jane from
SmallTown connects to her local ISP, the ISP communicates the LIMITED
INFORMATION Jane has provided with the Internet Gateway master
Authentication Server (IGMAS) or its authenitcation mirrors.  IGMAS stores
in its info vault a MORE ELABORATE AUTHENTICATION RECORD of everyone who
wants to be on the Internet. IGMAS is perhaps owned by an internet governing
authority, or owned and operated by the people of the world represented by
Internet Security Groups and Internet Privacy rights groups. IGMAS server
stores such data as Jane's age, sex, permanent physical address,
nationality, employment data, biometrics, passport number, social security
number and all other particulars that may be necessary. The local ISP stores
merely Jane's user name, password and if implemented biometrics.

( Jane signed up for the internet account with the ISP by first logging on
to IGMAS with her IGMAS internet master identity and on the IGMAS web
interface Jane navigates to find the ISP named SmallT ISP, IGMAS gives Jane
a session through its web interface with the SmallT ISP and by this token
the SmallT ISP knows that the person attempting to sign up is a IGMAS
authenticated person. SmallT ISP asks no further questions. Jane says she is
Jane, doesn't disclose age or sex or physical address, chooses a bandwidth
plan, chooses a password and presents her biometrics. This is how she signed
up for the internet account. IGMAS in this earlier case acted like a
one time internet account sign up gateway )

2. IGMAS authenticates Jane without disclosing any further details about
Jane to SmallT ISP and SmallT ISP connects Jane to the Internet. Jane enters
the internet gateway for her internet session. She goes into the chat room
as Amidilla , logs into her email account as Cityboy_123@anomail.com , logs
into her employer's website LegitimateCorporation.com. as Jane.William,
connects to an anonymous proxy server, masks her IP address and NIC address
and browses shopping sites or other sites that she chooses to. She interacts
with groups with an altogether different id, says she is from Midcity in
South America and she maintains this identity with the groups. She does
whatever she pleases. Anomail requied some quasi-authentication on the part
of Jane before allowing her an email account, Jane authenticated by
identifying herself as the same person as the person with the email account
Jane.William@LegitimateCorporation.com. The chat room required very basic
authentication, so Jane said she is Cityboy_123@anomail.com. Jane trusted
the chat room administrator not to reveal her cityboy email address and
trusted anomail not to reveal her legitimatecorporation identity. The
anonymous proxy server knows that Jane is Jane from SmallT ISP and beyond
this it is unnecessary to narrate how anonymous proxy servers work or can be
made to work.

3. SmallT ISP prompts for reauthenication if Jane's session is too long or
if timed out and midsession reauthentication between SmallT ISP and IGMAS
happens at the background and does not take the 10 seconds it took at the
beginning of the session.

Jane's multiple identies are legitimate, her concerns for privacy is
legitimate, all the masks that she chose to wear are agreeable. Jane might
do a bit of mischief here and there and IGMAS would ignore such minor
mischief if reported by SmallT ISP or anomail. But if Jane becomes a serious
threat to the internet infrastructure or to humanity in general, Law and
Order Agents with escalated responsibilites may approach IGMAs with an
unmask request. The Authentication server has a right to reject even those
requests and when inclined to grant a request, requires a veto like internal
directive for release of authentication records. IGMAS server respects
privacy rights and it would take an incident of very dangerous imlications
for IGMAS to pull up her records by a process that would require
simultaneous multiple approvals within IGMAS.

Law and Order agencies, commercial establishments may be tempted to approach
IGMAS with an unmask request on minor crimes, but the IGMAS data storage and
retrieval system is to be so designed to be almost permanently locked up,
unless in specific incidents of extra ordinary significance, and even in
those circumstances would require veto like procedures within IGMAS
administration.

IGMAS would in a sense work like a Global Proxy Server or as a gateway level
compulsive router.
Shiva India.

---------- Forwarded message ----------
From: Shiva <shiva.madras@gmail.com>
Date: Sep 4, 2006 12:15 PM
Subject: First of a possible series of Papers on Internet NeXt: Unforeseen
and unseen Ogre in today's Internet Architecture viewed from 500,000 feet
above:
To: Daniel Weitzner < djweitzner@w3.org>, steve@w3.org, timbl@w3.org
Cc: Shiva Muthusamy <shiva.madras@gmail.com>, " shiva@india.name" <
shiva@india.name>


Dear Daniel Weitzner,

*First, this is written with tremendous respect for Tim Berners-Lee who
created the world wide web and all those brilliant scientists and IT and
non-IT Professionals who have and continue to cause this amazing wonder
called world wide web happen. The subject heading of this email, as also a
part of what follows, hides all this wonder and admiration, because there is
a large purpose  Please suspend your judgements about the tone, style of
expression and workability of the ideas expressed until a complete picture
emerges after a few more email messages in this series. *

*This is the first of a series of a non-technical conceptual treatise on
Internet NeXt ( if the name is not already taken ), that would go on to
point technical directions, so as to emerge as a blue print for a far more
advanced, but far less dangerous Internet. *

>From 50, 000 feet above the complex architecture that has emerged in such a
short time as 10 years amazes anyone. This amazement is suspended with the
purpose of telescoping on the unintended and uncontrollable critical flaws
in the foundation, structure, facade and interiors.

*Sky way without air routes and ground control*

>From far higher above, from 500, 000 feet above, it looks like a million
aeroplanes, all piloted by those who assert their right to fly, no pilot's
licence, no air traffic control, no air routes, aeroplanes not only made by
Boeing, Airbus and Mc Donald Douglas, but made by anyone, even by garage
mechanics, not under legislation to mark the planes with an ID, no air speed
limits, no ground clearance, no navigation laws, no ground crew, no X ray
machines to enter or leave the aircraft.... total and complete freedom to
fly.

*Or, is this New York city as an absolutely free port with no traffic lights
?*

Or it looks like New York city without an immigration authority, no FBI, no
NYPD, citizens drive their unmarked cars on the right, left, center, across,
on pavements and lawns and sometimes inside the buildings, their own and
every one's, no traffic police, no traffic lights, no toll gates, no road
blocks, no speed limits, no driving licence, no name plates, no driver's age
limits....Freedom to live in a house without a door number.  Someone unknown
pings ceaselessly on the door, someone scans the windows and pipe lines for
gaps and holes. Seconds later a heap of garbage gets pumped up the water
pipe, clogs not only the water pipe but floods the entire house, spills over
onto the streets, and still continues to flow across the city... Who is
doing this ?  It looks like a school girl... no it is a boy.... No, no,  it
is a grown up adult.... Or is it a robot ?  He, She or It is here... Oh NO,
gone, gone away without leaving a trace..

*Privacy and Anonymity are not Synonymous*

The West understands and values Freedom but not the concept of obligations
as an essence of such freedom. ( There is a Declaration of Human Rights, but
is there a Declaration of Human Obligations to balance the rights ? )
Privacy can not exist in complete anonymity. There can be no freedom when
essential controls are non-existent.

*Rights can not exist without Obligations*

Concerns for excessive freedom and privacy on the worldwide web caused the
exact opposites to happen - a freeman does not have to hide, but on the
Internet most people hide. Amidst all the clamour for privacy anything that
anyone says on the Internet today is open for theft and abuse by anyone with
advanced search skills or basic hacking skills. So much for the results of
the universal cries for freedom and privacy, flawed by the inherent narrow
thinking that stops short of the concept of obligations..

*Life 30 years later is a millenium apart*

Before the Internet, before Windows and Mac, people invited people to their
homes; people trusted people. The bus driver, door man, schoolmate,
workplace colleague and neighbours recognized a person, knew his or her name
and he or she had no concerns about socializing. There was enough privacy
when he or she chose to. But on the Internet today everyone hides sometime,
and some people hide all the time. It is not too abnormal to come across
someone who refuses to say if he is man or daemon. Often it is because the
open Internet is becoming unworthy of openness.

*Spam, Filters, More spam*

Spam, Filters, more spam, Virus, antivirus and more virus, intrusions,
firewalls and stealthier intrusions.... it is a never ending battle on the
Internet and the world is not winning on this battle within.

*Worldwide web is not free as long as it is free, is not private as long as
it permits total and complete anonymity (which is sometimes desirable and
sometimes necessary) and it is not productive enough unless there are some
basic safeguards. *

*Split Second Shut Down to Reboot*

Newer standards and greater technical advances are emerging. But what needs
to be done when new hardware and software are installed on a PC ?  Reboot
the machine otherwise the new hardware and software does not work or cause
more chaos.

Is there a way or rebooting  the world wide web ? (this is a notional
expression, explained in the papers to follow)  Can we explore the
possibility of an *master re-design and concerted implementation *of newer
hardware, newer software, newer protocols, a split second shut down,
universal log off and an instant reboot ?

There is a definite way, the world will like it, it can be smooth, can
happen fast if not in a split second, it will make not only the cyberspace
less dangerous but also the  physical space and the effort can find its own
funds, its results can be commercially prolific, if so desired for common
good...That would be Internet NeXt. ( if the name is not already taken ).

The focus on this first email paper has been largely on one of the
fundamental aspects, namely authenticity. A lot more to be written,
( perhaps to be based on basic and advanced technical guidance from
W3C, possible online and offline interaction with W3C and later by
interaction with experts from everywhere, on so many other aspects ) before
a complete picture of a possible blueprint emerges.
Shiva.
India.

*P,S.*
**
*( some of the ) Conceptual Outlines to follow* *before a complete picture
emerges*:

   - Costume Party Gateway.
   - URIs (Digital id)  in two levels, visible and invisible
   - Harmless Graphics
   - A re look at the NeXt browser for NeXt
   - Real Revenues from Virtual Space for the good of the people in
   general and for the Internet in particular.

Please allow me to write more to eventually present a workable blueprint for
a safer and more functional Internet.


-- Muthusamy Sivasubramanian (Shiva)
Director
Madras Foreign Trade Company Private Limited /
Whitefield Cottons P Limited
389/1 Perundurai Road
Erode 638 011  India ++91 424 325 3470 ++91 93641  00639
shiva@india.name
www.whitefieldcotton.net
Received on Wednesday, 15 November 2006 18:15:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:43 GMT