On Aug.19, 2007, Tara says: I’ve interupted this conversation until I get my personal blog running, which I think will a more appropriate platform for it. Comments are still open though.

I recently came across Carsten Pötter’s post OpenID for all Estonians wherein he writes about a nationwide implementation of OpenID in Estonia. Citizens and foreign residents alike will all have a national OpenID, tied to their national identity card and health care system.

Mark Wilcox over at Oracle did a good job of listing off some potential security problems.

But Carsten mentions another concern, almost as a side note, that grabbed my attention: Privacy.

More than anything else, privacy and free will would be my biggest concerns.

I’m a US citizen living in Italy. I remember the odd feeling I got when the Italians first handed my my National ID card. On one hand I was thrilled (years of paperwork have finally paid off – I’m IN!). On the other hand, it was just … ick.

That was just a piece of paper, without even a bar code attached, signed by a real government official with – holy cow – a PEN. Just think what kind of chill up the spine an all-encompassing-online-offline-single-identity-smart-card could produce. Brrrrr…

So what’s the problem?

Now, before folks get their feathers ruffled – I like OpenID. I use it. I play around on Jyte. It’s fun. What I don’t like is being assigned an OpenID (or anything else for that matter).

What’s fabulous about OpenID, is the choice to have and use one.

Personally, I was a bit peeved when WordPress turned this blog into an OpenID without ever asking me. Am I saying I don’t want OpenID? No, I’m saying I want to exercise free will and choose my own provider.

AOL is also guilty of imposing OpenID on all it’s users. Now, even my mum back in NY has an OpenID. The problem is, she doesn’t know what OpenID is, how to use it, how to protect it or even why should would need to protect it. Compound that with recent exposure of AOL’s bad password habits, and … well, it just can’t be good.

I can easily see AOL OpenIDs becoming a hotbed for posers and spammers – it’s an easy target… not to mention big and hard to miss too.

Now, let’s take that to another level: an entire nation requiring citizens to use OpenID. The thought sets butterflies on a wild ride through my belly.

I hope there will at least be a program to inform citizens about the power, and risks of power, they’ll soon hold between their fingers in the form of a National ID smart card tying their real lives to their virtual ones.

Would an official from Estonia please, please, please reassure me on this point?

UPDATE: Thanks to Martin for assuring me that OpenIDs will NOT be issued forcebly to the Estonian people. Great news! Here’s the link.

Whatever happened to free will?

If OpenID is “user centric”, it shouldn’t be imposed on people.

The problem here isn’t with the technology, it’s with the implementation of that technology.

So, while I find eID fascinating, I’m also sure that I would never want to live in Estonia. I’m also pretty sure that I’ll continue to request that WordPress deactivate the use of my blog as an OpenID (in all fairness, I only asked once, but I’ll give it another go).

It’s about choice. It’s about free will. It’s about a right to privacy.

Technorati Tags: , , , , , , ,

7 Comments

  1. Hello!

    It is nice and interesting to see how the word goes around on the internet really fast and how stories transform as people interpret the news and make their own stories.

    Please watch my blog space http://martin.paljak.pri.ee (what also happens to be my OpenID) – I’ll write an answer about your concerns really soon (latest tomorrow morning). Also – be sure to read and ask any further questions about the security issues mentioned by Mark Wilcox from my blog @ http://martin.paljak.pri.ee/2007/05/25/openid-smart-cards-and-security-risks/

    Martin – creator of open.id.ee service.

  2. Hello Martin,
    Thanks for stopping by and dropping off the link.

    This is a relief:
    “I’d like to make it absolutely clear that Estonia is not issueing OpenID-s…”

    Thanks,
    Tara

  3. The discussion continues here:
    http://blogs.oracle.com/mwilcox/2007/05/31#a151
    (click the comment link on that post to read my reply)

  4. I would like to post a comment to the oracle blog but unfortunately it only answers with 403 to me.

    There is another post (answering your post and the one on oracle.com): http://martin.paljak.pri.ee/2007/06/01/understanding-openid-who-assigns-who/

  5. Great post, I didn’t use openID though, but I think that I must try it…

Trackbacks for this post

  1. The Identity Corner » The problem(s) with OpenID
  2. The problem(s) with OpenID « The Identity Corner

Leave a Reply