What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Ralf Bendrath

thoughts and observations of a privacy, security and internet researcher and activist


The Digital Identity SuperheroNovember 24 2008
Patrick Harding somehow managed to convince some talented friends that the digital identity community needs a superhero. Now, the first episode of the "Golden Guardian" is ready for prime-time.

I only wonder what will be the next and more interesting dangers the Golden Guardian will protect us from. The "Russian Internet Mafia" is understandable for the first chapter, but too much of a cliché and too easy to be an interesting enemy. What about Google, the OpenID Foundation, the Department of Homeland Security or maybe the "Electronic Health Records Mafia"? A superhero like this could be a great way of explaining the dangers of linkable profiles and bidirectional identity tokens, and also illustrate the magic of zero-knowledge proofs, identity rights agreements, and more.

This was the Founding Moment of a Social Movement on PrivacyOctober 13 2008
The international privacy action day on Saturday was a total blast. I was speaking at the demonstration in Berlin, and you just can not imagine how it feels when 100 000 people are shouting "we are here, we are loud, because they steal our data!".

I don't have time for an exhaustive report right now, so I just quote the press release of the "Freedom not Fear" network from Sunday:

Yesterday, the first worldwide protests against surveillance measures such as the collection of all telecommunications data, the surveillance of air travellers and the biometric registration of citizens were held under the motto "Freedom not Fear - Stop the surveillance mania!". In at least 15 countries citizens demanded a cutback on surveillance, a moratorium on new surveillance powers and an independent evaluation of existing surveillance powers. "A free and open society cannot exist without unconditionally private spaces and communications", explains an international memorandum.

In Berlin the greatest protest march against surveillance in Germany's history took place: Participants in the 2 km long, peaceful protest march carried signs reading "You are Germany, you are a suspect", "No Stasi 2.0 - Constitution applicable here", "Fear of Freedom?" and "Glass citizens, brittle democracy".


Apart from related music tracks, loud chants of "Belittle it today, be under surveillanc







Expect the Sarah Palin E-Mail Privacy Act of 2009September 18 2008
As you probably all have read, U.S. vice-presidential candidate Sarah Palin's private email account has been broken into and some of the contents posted at wikileaks (the server seems to be over capacity at the moment, so I save you the link). I won't get into the content of this personal communication, because I agree with Lauren Weinstein that

"we shouldn't be doing to others that which we wouldn't want done to ourselves. Palin's truly personal e-mail and photos have no bearing on the political situation, yet they've been posted along with everything else. There's simply no justifying this from an ethical standpoint."

Of course, for persons running for an important public office, we have different expectations of privacy than for the everage John Doe, but what is going too far is just going too far.

But apart from these ethical considerations, there will be practical consequences of this event, Here, the opinions are very diverse even among the liberal crowd. Lauren Weinstein fears that "this chain of events plays into the hands of the Palin/McCain campaign". I tend to agree more with Paul Ohm that this event may trigger the preparations of a federal email privacy act in the United States. Ohm



Conference "Privacy in Social Network Sites"September 15 2008
Onother interesting conference here at TU Delft which I am looking forward to: "Privacy in Social Network Sites" on 23 and 24 October 2008. Registration and participation is free, and Delft (right between The Hague and Rotterdam) is always worth a visit. The conference is organized by David Riphagen, who is affiliated with the Electronic Privacy Information Center (EPIC) and currently is finishing his M.A. thesis at our department on the same topic. His blog on the same theme is also worth a look.
Laws of Identity Iterations - or: The Nexus Between Morality, Subjectivity, and Empirical KnowledgeAugust 27 2008
Kim Cameron has recently tried to shorten his "Laws of Identity". This started an interesting semantic process, which I will address at the end. But first, let's have a look at the iterations.

Here are Kim's original laws:
  1. User Control and Consent: Digital identity systems must only reveal information identifying a user with the user’s consent.
  2. Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
  3. The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
  4. Directed Identity: A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
  5. Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
  6. Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
  7. Consistent Experience Across Contexts: