A cunning plan…

I thought I should write a quick post explaining this afternoon’s possibly rather cryptic Twitter about Global Domination… (mwahhahaaa…)

The case study diabolically devised by Mary Rundle for the afternoon session split the OII-IDW workshop attendees into three groups, each of which was instructed to design an identity management system for the education sector of their repective communities. The first two communities were fairly straightforward: one was described as a society which strongly favoured personal privacy, regulation and governance over technical innovation, and the other as a society which had a more laissez faire approach to privacy, trusting in healthy market competition to expose and iron out any difficulties. So far so good.

The group I found myself in had a rather different remit. Rather than a nation-state, we were described as a group of entities with a common interest but no common geographic location. Our common interest was to take over the world by exploiting vulnerabilities in the identity management systems of the other two societies… again, through the design and implementation of our own education identity management system.

So, we had two problems to solve: the first was to work out what weaknesses we might exploit, and how to put the right pieces in place to exploit them; the second was how to convince the other two societies that our solution was not only benevolent, but the perfect interoperability partner for their own two systems, which we expected to evolve as quite dissimilar designs. It was a fascinatingly revealing exercise, and the results were somewhat chilling on a couple of levels.

First, about 20 minutes of thought and discussion suggested a range of goals and end-games, from ‘leaving the other societies intact and functional, but providing us with an almost unlimited revenue stream’ to ‘full information infrastructure warfare, laying the other societies waste’… with a couple of equally entertaining intermediate options. It also raised several opportunities for attack, ranging from network/DNS compromise, social engineering, rogue identity providers/attribute authorities, and insider attacks up to and including enrolment of children into ‘host’ societies’ education systems under false identities. It led us to imagine how creative someone could get if they devoted serious time to this problem with a specific gain in mind.

Second, and perhaps most worrying: the policies and strategies which we found ourselves then advocating to the other two societies were eminently plausible. In fact, they sounded exactly like the kind of thing policymakers tell their citizens every day around the globe. In other words, at the policy and presentational level, there may be no discernible difference between a perfectly benign identity management strategy and a wholly malevolent one.

Full marks, though, have to go to the participant (sorry, nameless to maintain Chatham House integrity) who torpedoed our attempt to get the societies to agree to use a new “.fedu” top-level domain for this identity management traffic, thus opening up the potential to channel network traffic through compromised nodes of our own devising. Foiled again! Drat, and double-drat…