A post relating to this item from Finextra:
03 December 2009 | 10903 views | 2
The Global Trust Council is a non-profit organisation working with governments and businesses in a bid to create an international legal framework that will help protect digital identities.
As Finextra community members are well aware, digital security is a hot topic of debate and there's little consensus out there. Enter the
Global Trust Council, a non-profit that is proposing a serious shake-up of the way we conduct our digital lives.
It argues that we are forced to hand over far too much personal information when going about our digital day and this usually ends up on central databases that are expensive and unsafe.
The Council wants to replace this approach with one that sees the customer put in charge of their identities, using "relationships" for verification. The proposal would see each party choose the references (country you're from, mother's name, membership
of clubs etc.) which they need to gain the right level of trust to interact digitally with another.
When requested, references are provided instantly and automatically, enabling identities to be checked in real time. Crucially, the customer keeps and manages the data, not the government, bank etc. Want to make a payment? No need to hand over your card
details - just communicate with your bank, sharing information that identifies you that no other party can see.
When you enter into a transaction, an independent, blind, witness takes a snapshot of the moment the contract is agreed that can be stored and produced in the event of a legal dispute. The snapshot is an encrypted description of what the contract looks like
'digitally', not what the contract actually is, meaning it cannot be unencrypted to create a copy.
So, the promise is an interoperable system that improves security and privacy for the customer and removes the burden of cost and responsibility for governments and companies like banks.
The Council has already signed up the governments of Sweden and Switzerland to pilots and is talking to many more, including the UK's, while we're told news from some major banks can be expected fairly soon.
What do our security experts think of this approach?