Rituals Of Binding

So, five years ago, I wrote a short piece about “technological shamanism”. When I wrote it, I was one of a very small number of people I knew who had a wifi enabled PDA, or really any ability to get internet access while out and about. My recollection is that some of the more advanced phones of the time did it, badly.

Five years later, and I have an iPhone. As does of one of my more luddite friends, so obviously they’re here to stay. And OK, not every phone is internet capabale, and fewer still do it as well as the iPhone, but still, somewhere like London, you can be reasonable confident that a sizeable percentage of people in any bar will have the internet available to them. To use my metaphor from five years ago, the otherworldly shamen are becoming the tribe.

So what does this mean?

There’s a reason that the job of the shaman in pre-history was not one that most of the tribe wanted, and it’s because the otherworld was not entirely safe. And while I’m not one to get all Daily Mail about the dangers of the online world, the fact remains: there are the same horrors thereon as there are in the rest of the world. Stalkers, sex offenders, friends, co-workers, parents, angry strangers, idiot children, terrorists, criminals and so on and so forth. And while most people might know what to do about these things in the real world (get a restraining order, give them a good shoeing, buy them a pint, and so on) the techniques required to cope with these things in the digital ether are still a matter of fairly esoteric ritual – they must be, otherwise people wouldn’t still be getting their identities stolen, or fired from their jobs over their blogging.

And in the short term, this will probably get a bit worse before it gets better. And the problem and the cure are related.

Anyone bored enough to be tracking my Twitter stream will have seen me lay this notion out there, the other day, following a night’s drinking and idle chat. “RFID+OAuth+GPS/geodata+sensible filtering rules = online privacy solved.”

I’ll expand that at bit: it is reasonable to assume that within the next five years, at least the early adopters will have computers that are capable of identifying their users without requiring a username and password, or any other metric than their sitting down at the computer, any computer. Hell, being a Mac user means I can do this on my own computers now, provided one accepts the notion that the proximity of my iPhone is a decent measure of my location and that it is sufficiently unlikely that anyone else would be carrying it that it can operate as an authenticator or my identity. “RFID” there basically stands for “adequately secure form of near field communication”. Biometrics, bluetooth, wifi, RFID, or more likely some combination of them plus a few other things that aren’t in wide use yet. The point being: any machine someone sits down at will know who they are, log them in (if they’re allowed to use the machine), and call up their personal applications. Which will of course, be stored off in some external account, rather than on the machine itself.

We move on then, to OAuth short version: a means of porividing a single unified login to multiple unrelated websites, and authorising them to share your data among themselves). And like the RFID above, I’m not convinced that OAuth as it currently stands is up to the job, and that it’ll probably be a successor technology that does this, but essentially, what OAuth enables is the idea the act of visiting a site will be sufficient to identify you to that site, without requiring you to login. Your browser will be able to authenticate you to the site, in the background, invisibly. And your browser will know who you are just because you have sat down at the computer.

So far so Neuromancer.

The key step, though, is geodata, which is the key to binding all this ghostly data into place – tying it to the physical world is going to make us able to do a lot clever things. Within the next 18 months, I expect my phone to be quietly logging everywhere I go into an internet-accessible data cache, or at least, to have the option to do so, down to a matter of meters. I’ve got a shitty, cut-down ability to log my location whenever I want at the moment, but it requires me to take action every time I wish to do so, rather than happening automatically. I expect it to improve over time.

Yes, this is a cyber-stalker’s wet dream. Find out where anyone is at any time? Horrors, say the Daily Mail! It will almost certain make things worse in some way before it makes things better.

But bear with me. Five years time, and we’re all routinely letting our computers know where we are, using the successor to something like FireEagle as a basis. Not only that, but we’ll be doing things like setting up regularly-visited locations so that the various computers know that, say if you are within a mile and half of the location you have definied as “home”, then no-one who is not one of your more trusted friends should be allowed access to your precise location (FireEagle does this already, one of their finer ideas). Anyone else just gets “at home”. Ditto “at work”. “Down the pub” might allow more people to find you, depending on your preferences, and, perhaps the specific pub you’re in.

Further, you’ll be able to instruct your computer to at least make reasonable guesses about your relationships with people on this basis. Someone who has been to your home for more than twice for a combined total of at least 6 hours with no-one else present besides you and them, for example, has a high probability of being a reasonably close friend. Or a repairman, or similar. But the odd false positive is OK, because the point is not that the computer makes decisions about who you trust for you, just that it applies some sensible filters before allowing you to confirm or deny who you trust. It doesn’t need to bother you with everyone you pass in the street, or even everyone you are in the same building with. Just people who pass certain thresholds. (And of course, if a given person doesn’t pass a threshold, you could still dig them out of the wider log of people who were present at a given place and time, and bump them past it yourself, if you wish.)

And of course, because everyone’s browser will at least have the option to transparently identify them to the site they’re browsing, we’ll be able to say “on this site, people in my inner circle of trust can see everything, people a step further out can see everything this isn’t about these topics, people a step further can only see things I specifically mark as public, and work colleagues don’t get to see anything, because this about is my personal life” and so on.

Actually, we probably won’t be doing this on a per site basis. We’ll be identifying data we generate, marking it with appropriate access rights, and throwing it into a data cloud for our friends and families to pull down with the tools of their choice. We might well well use the interface of a given website to do that, but increasingly, it’ll be about the data, rather than the site. (Twitter is the obvious excellent example of a site that is all about this. Let’s just skirt past that whole economic-viability problem, shall we?)

I’ve got other lines of thought I want to continue to stretch this metaphor through, but I think they’re starting to veer away from the notion of digital identity management and privacy, so I’ll leave it there for now, and come back to them another time.