February 12, 2019

4 Types of Identity

In the video I did a few years ago, I explored 4 notions of Identity. These have seemed to survive some scrutiny, a little test of time. It appears a bit easier to call them by labels, but words can be too political. How about numbers:

There are four Types of Identity. They are:

Type 1 - your State ID

The state is the one that started the concept of identity as a national system. Reputedly all the way back to Napolean who invented the passport for young men to show they had done their national service.

Napolean's design was meant to stop nationals from leaving the country. These days it is the reverse in both meanings - the modern day passport is meant to stop foreigners entering the country.

A definition of Type I would be a document that was issued to a single person to uniquely identify that person and grant a limited number of rights. For a passport, entry to home country. For a driver licence, right to drive on public roads. For those countries with state IDs, these tend to be required for a much larger range of services.

The state's ID goes a bit beyond just the passport. It starts at registration of birth, and a certificate for that event. This makes the birth certificate a 'breeder document', which sounds like an unfortunate choice of words. As many of us have lost our birth certificates, we have to revert to "transcripts" or "copies" when some other document is needed, and so the modern paperchase is begun.

Other than travelling, the primary use case for state ID is to restrict services. Without, you cannot have them. This has the unfortunate side effect of casting a lesser or larger number of people into the zone of exclusion, such that their rights are taken away from them for absence of the appropriate Type I Identity.

Note that ID stands for Identification Document, not for Identity. But the two are commonly and ignorantly commingled, and to use them in the same sentence is a sign that the author is short of full understanding.

Type 2 - I am who I think I am

Normally when we talk about identity, we talk about what's in our heads - our consciousness, our personality, our secret fears and desires.

Psychologists view identity as starting at birth - with the baby as basically an empty vessel. Baby finds Mother, but it is only the appearance of other persons such as Farther that causes baby to question what these persons really are; and by a process of triangulation to realise that baby is someone too.

Baby becomes child becomes adult - through 20 odd years of experiences. Layered, simultaneous, emotional and boring.

The result is the new adult's Identity. Which has nothing to do with the above, the state's "Identity." Which in part explains why the state and others like the corporation have so much difficulty. What they call "my identity" is in complete denial of what I call my Identity, and while they keep doing that, I'm resistant.

Type 3 - Corporate Records

Unlike the state, the corporation has more limits on defining who you are, and has to make do with collecting information from other sources. To make up for this disadvantage corporations have collected more and more data, to the point where they might have challenged and overtaken the state's erstwhile monopoly.

From school to employment to Facebook, the collection of data that each call their copy of your identity has grown. How big? The number of bytes do not matter, what does matter is that no one person in the corporation knows what it all is, nor what it means.

Nor would you if you were given it or asked to control it. But no matter how much we dislike it, we are captured. None of us could turn off our job, resign from Facebook, search for the end of google, decline to be Amazon Premium. As Pam Dixon hints, we're owned by someone, just not sure who:

"The issue of who owns identity is particularly contentious, and we will not delve into that topic here. Suffice it to note that there is much disagreement about who owns identity. Each stakeholder — individuals, governments, corporations, and so forth, have a different answer."

It is fair to say that this type of Identity is out of control. It's certainly out of our control. And states have no effective control given the paucity of effect their laws have had, with the exception that proves the rule being the EU's recent GDPR. One might like to think that at least the corporations are in control of the collection, but that is hard to see as there is simply too much of it for one person to understand.

Imagine there was a data controller at Facebook who handled Your Identity. You know, appointed under GDPR. A person you could have a chat with, much like a therapist or a priest or a grandmother. She could delve into the collection of you and answer all your questions, because she's got them, right there. Make you feel at ease. Make you feel like you belong. You're a treasured member of the family.

Not really. People can't do that. People can't delve so deeply into the lives of others and still retain their own humanity. Type 3 Identity is therefore out of control of even the corporations that collect it.

Type 4 - I am who you think I am

Who I think I am started off with me as new born baby discovering there was Mother and Father. This neat destruction of the simple unity of Mother-me-milk-everything triggered the challenge of my lifetime - finding out who I am.

Yet, each discovery of who I am came not from me in isolation but from an interaction with another: parents, siblings, relatives, friends, school-mates, university chums... etc and etc for ever. These people play a part - it isn't just me.

My self isn't just in my head. In some bifurcated sense, my self is in my head and in the heads of everyone I interact with on a frequent basis. My peer group has one consensus on who I am. My family another. My school, yet another. Manyfold, intersectional, overlaid and rather complicated, every defined group of people has "me" within them.

This is like the social graph, but it is more than that. It is the you within you that includes a slice of me.

So what?

The primary point of the taxonomy of you, as it were, is that there are 4 strikingly different views. There is some cross-over but the contrast exceeds it in my opinion. And the clear & present danger is that, due to the very distinct foundations of each form of the word, commingling the Types is a trap.

So much so that when routinely one group talks habitually of one type, a second group is confused by assuming another form. When the state pushes its control over identity (Type 1), people get scared (Type 2). The same contradiction happens when the bank tells you that you've become victim to "identity theft" (Type 3). In some sense, we know that a bungling of identification or records with personality are a fallacious uses of the term, but we remain powerless to object to the deception.

"That's not me!"

When the CAs sell you an identity certificate, everyone ignores it, in part because it's not what it says on the tin. When Whatsapp reports back your identity (Type 4) to you, that it purchased from Amazon without your permission, likewise there is concern.

"Identity" such as it is, is a morass, doomed to failure until we clear up the terms.

The secondary point is that these terms are entirely discordant with someone's expectations. I'll go further - the clash of world views is leading us to one of the great wars of this new century, up there with pensions, financial restructuring and global warming. The silver lining is that if we lose this war for our identity, we won't have to worry about global warming because animals don't care about the weather, that's the farmer's job.

The tertiary point is that Type 4 somewhat survives the devastating critique of modern abuse. What my friend thinks of me is so far unabused territory, albeit with some knocks from the mostly superficial efforts of social media farmers. It's also digitally sane, assuming the concept of reliable statements, which can only be done with real and intentional consent. So it's actually protected from abuse, because Facebook and google and Amazon cannot touch real. But it's also possible to implement in the worst possible ways, taking us back grim visions of 1984 and Stazi-run East Germany.

Nobody's really finished the book on this as yet, but we're working on it. Watch this space.

Posted by iang at 06:08 PM | Comments (0)

January 29, 2019

None of us love terrorists

None of us love terrorists. A few of us study and admire warfare and revolutionary spirit and history and daring battles, but that doesn't match actual facts on the ground. War is 1% heroism and 99% death, destruction, scorched earth for causes nobody can remember. Terrorists are 100% ruthless killers that will stop at nothing.

This however does not mean that we as a society should change our lives to suit the agenda of the terrorist. The theory of terrorism clearly aims to achieve maximum media blitz, because the terrorist wishes to recruit at home. More blitz, more willing immatures to the cause.

If you are reporting on terrorism, as I am today, you are part of the problem not the solution. Slice the lifeline of international media attention, kill the thrill. Cut the media buzz, there will be no global endorsement of the worthiness of the terrorist's pathetic message.

No worthy cause, no local hillbilly to take up arms.

The response of an intelligent society is to suppress that media blitz and get on with our life.

In particular I refer to the Londoners in 7/7 who walked home. Without fuss. Without complaint. Without media demands for war, vengance, invasion of some random country. Without caring that nobody much remembers that day.

I was in London that day, due to meet someone near Tavistock square. But I slept in.

Which was how it was: we did not respond.

Londoners have their memories. Many died. But we did not respond. The English have seen it all before and no amount of terrorism was going to cause a response from the people. Much the same all across the continent, Europeans understand the balance - it's a police business, and for the rest of us, we do not respond.

First day I was in Madrid back in 1991 or so, there were three ETA bombings. I saw the smoke from my 4 star hotel window and wondered. The Spanish have seen it all and they did not respond.

I do not refer to the British authorities who bought into the whole USA control-by-fear-of-terrorism agenda. It was you that the Brexiters voted against. And, for all the controls, costs, spying, economic exclusion, false positives, what do you have to show?

I was at the infamous JFK airport terrorist incident in New York, in the height of terromania in USA. In our thousands, we ran out of terminals onto the tarmac and camped under planes. To panicked people, I explained why we were totally safe - "no they can't shoot us because we just run further out to the airfield." Stay here, and do not respond. You are safe.

The Kenyan people aren't going to be effected by the Dusit attack. Nairobi as a people weren't effected by the Westgate attack, that I saw, and I was there in Nairobi at the time.

The Kenyans did not respond.

Not because Kenyans are insensitive or dumb or unaware. To the contrary - what Kenyans were effected by was political disaster of 2007, in which 2000 or more people died. Kenyas were marked by 2007, deeply. If there is anything that Kenyans remember of Westgate, it was the political backstory of Westgate - the army's response. The cynicism runs deep in Kenya, and it seems that the army did not shoot the police in this new Dusit event. Progress.

Do not respond.

The smarter society analyses the risks. Nairobi is a city of 3 million people or so, which means about 100 die on a given day. The people of Nairobi, and any large city, can only be effected by much larger numbers dying, OR by mainstream media spruiking a panic.

The smarter society does not respond to mainstream media.

Authorities everywhere would be smart to recognise that the agenda of fear only goes so far before they create their own revolution.

We, society are watching. Don't make us respond, because we will respond to something closer to the truth than you want.

Posted by iang at 02:18 AM | Comments (0)

How does the theory of terrorism stack up against AML? Badly - finally a case in Kenya: Dusit

Finally, an actual financial system & terrorism case lands before the courts, relating to the Dusit attack. Is this a world first? I don't know because this conjunction is so rare, nobody's tracking it.

The essential gripe is that since 9/11 the financial world decided to slap the terrorism label on their compliance process. Yet to no avail. Very few cases, so small that they fall between bayesian cracks. So misdirected because terrorists have options, and they can adjust their approach to slip under they radar. Backfiring because the terrorists are already outside norms and will do as much damage as needed, thus further harming the financial system.

And so hopeless because your true terrorist doesn't care about being caught afterwards - he's either dead or sacrificed.

Anyway, that's the theory - anti-terrorism applied to the financial system simply won't work. Let's see how the theory stacks against the evidence.

A suspect linked to the Dusit terror attack received Sh9 million from South Africa in three months and sent it to Somalia, the Anti-Terror Police Unit have said. Twenty one people, including a GSU officer, were killed in the January 15 attack. The cash was received through M-Pesa.

So far so good. We have about $90,000 (100 Kenya shillings is 1 USD) sent through M-Pesa, a mobile money system in Kenya, allegedly related to the Dusit attack.

Hassan Abdi Nur has 52 M-Pesa agent accounts. Fourty seven were registered between October and December last year, each with a SIM card. He used different IDs to register the SIM cards.

So (1), the theory of terrorism predicts that the money will be moved safely, whatever the cost. We have a match. In order to move the money, 52 accounts were opened, at the cost of different IDs.

One curiosity here is the cost. In my long running series on the Cost of your Identity Theft we see (or I suggest) an average cost of an Identity set of around $1000. Which would amount to a cost of $52k for 50 odd sets. But this is high for a washed amount of $90k.

Either the terrorists don't care of the cost, or cost of dodgy ID is lower in Kenya, or the alleged middleman amortised the cost over other deals. Interesting for further investigation but not germane to this case.

Then (2), the theory of bayesian statistics and the "base rate fallacy" predict that no terrorists will ever be caught before the fact based on AML/KYC controls.

Clearly this is a match - the evidence is being compiled from after-the-fact forensics. Now, in this the Kenyan authorities are to be applauded for coming out and actually revealing what's going on. In the western world, there is too much of a tendency to hide behind "national secrets" and thus render outside scrutiny, the democratic imperative, an impossibility. One up for the Kenyans, let's keep this investigation transparent and before the courts.

Next (3). The theory predicts that follow the money is a useless tool.

Ambitham was in constant communication with slain lead attacker Ali Salim Gichunge, who died during the attack and his spouse Violent Kemunto Omwoyo.

[Inspector] Githaiga yesterday said Ambitham’s phone led to his arrest on Tuesday after detectives established his communication with the Gichunges.

The police are following the social graph and arresting anyone involved. Having traced the phones, they then investigated the M-Pesa evidence, which provided many additional and interesting confirmatory facts.

Which is what they should do. But it was the contact information that cracked this case, not the financial flows. The contact information has always been available to them. And, where there is a credible case of terrorism as is in this case, the financial information has never been withheld. Again, the theory matches the evidence: follow the money is useless before the event, only confirmatory after the event.

Finally (4), the theory of unforeseen consequences says that the damage done by unintelligent responses will haunt the future of anti-terrorism efforts.

These are the agents that received the money, which was later withdrawn at the Diamond Trust Bank, Eastleigh branch, before it was wired to Somalia. ... The manager of the bank where Nur was withdrawing the money,, Sophia Mbogo, was arrested for failing to report Nur’s suspicious transactions. Nur is said to have made huge withdrawals in short intervals, which Mbogo ought to have reported to relevant authorities, but there is no indication she did so.

Without wishing to compromise the investigation - this looks inept. Eastleigh is the Somali district of Nairobi. It's a bustling centre of trade. In some respects the Somalis are better traders than the Kenyans, and a lot of trade is done. And a lot of that is in cash, because the Kenyan banking system is ... not responsive. Lots of legitimate cash would move in and out of that bank branch.

Given the alleged fact that the money man had 52 M-Pesa accounts, he was certainly aware enough to run under the radar of the branch. Thresholds and actions by banks are no secret, especially by those motivated by terrorism to conduct any crime to find out - bribery, extortion, kidnapping are options.

Maybe there is evidence that the branch or the manager is "in" on the deal. Or maybe there is not, and the Kenyan police have just confirmed the theory that FATF anti-terrorism will do more damage. They've sent a message to all branches to drown their customers in pointless compliance, and to not cooperate with the police.

The Kenyan police had better get a clear and undeniable conviction against the branch manager, or they are going to rue the day. The next terrorist attack will surely be harder.

Posted by iang at 01:33 AM | Comments (0)