Toward Mending Two Nation-Scale Brokered Identification Systems.

Available online public/governmental services requiring authentication by citizens have considerably expanded in recent years. This has hindered the usability and security associated with credential management by users and service providers. To address the problem, some countries have proposed nation-scale identification/authentication systems that intend to greatly reduce the burden of credential management, while seemingly offering desirable privacy benefits. In this paper we analyze two such systems: the Federal Cloud Credential Exchange (FCCX) in the United States and GOV.UK Verify in the United Kingdom, which altogether aim at serving more than a hundred million citizens. Both systems propose a brokered identification architecture, where an online central hub mediates user authentications between identity providers and service providers. We show that both FCCX and GOV.UK Verify suffer from serious privacy and security shortcomings, fail to comply with privacy-preserving guidelines they are meant to follow, and may actually degrade user privacy. Notably, the hub can link interactions of the same user across different service providers and has visibility over private identifiable information of citizens. In case of malicious compromise it is also able to undetectably impersonate users. Within the structural design constraints placed on these nation-scale brokered identification systems, we propose feasible technical solutions to the privacy and security issues we identified. We conclude with a strong recommendation that FCCX and GOV.UK Verify be subject to a more in-depth technical and public review, based on a defined and comprehensive threat model, and adopt adequate structural adjustments

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Building bridges - law and justice reform in Papua New Guinea

Introduction: Problems of lawlessness loom large in current accounts of Papua New Guinea. Concerns about these have induced high levels of personal insecurity, as well as providing a major disincentive to foreign investment. While such problems cannot be resolved by law and justice solutions alone, the continuing deterioration of PNG's ‘law and order’ situation raises questions about the adequacy of the formal regulatory system. Successive governments have been loud with ‘tough’ rhetoric, like many of their counterparts elsewhere. Practical responses have been essentially reactive and short-term. Australia, PNG’s largest aid donor, has claimed to concentrate on institutional-strengthening projects with individual law and justice agencies. While there have been achievements, it is clear that improving the performance of law and justice processes is a complex and long-term task and one that needs to be integrated with other areas of governance reform. Building a more effective law and justice sector requires strategies that go beyond the strengthening of particular institutions. Given the operational inter-dependence of law and justice agencies, a broader sectoral focus is needed. In addition, while the state is the central player, there is a need to recognise the contributions of other stakeholders to the management of conflict and maintenance of peace at local levels. PNG’s non-government sector, comprising ‘traditional’ structures of governance, community groups, churches, NGOs and the private sector, already plays a significant, if often unacknowledged, role. A sustainable law and justice framework needs to delineate responsibilities between different organisations and develop appropriate and mutually reinforcing linkages between government and non-government sectors. This paper examines the challenges facing PNG’s law and justice sector and identifies key directions for reform. Section one describes the broader context of PNG’s problems of order, including the acute fragility of the nation-state and the high levels of social and legal pluralism. Attention is drawn to the restorative character of many ‘traditional’ justice practices and the manner of their interactions with colonial institutions of social control. Section two examines the workings of the modern criminal justice system. Its shortcomings are attributed as much to a lack of legitimacy and strong social foundations as to its patent lack of institutional capacity. The final section looks at the recently endorsed National Law and Justice Policy (The National Law and Justice Policy and Plan of Action) and the prospects for building a more socially attuned and effective law and justice system.AusAI

Building bridges - law and justice reform in Papua New Guinea

This book comprises six informed contemporary narratives and historical commentary by a group of distinguished regional scholars writing in the context of growing concern about an emerging 'arc of instability' in the Southwest Pacific region. This collection of papers derives from a public seminar at the Australian National University in 2001, intended to provide some commentary and discussion on a number of significant events then taJcing place in Melanesia, and in the context of growing concern about an emerging 'arc of instability' to Australia's north. The collection has subsequently been expanded and updated

India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities

India\u27s Aadhaar is the largest biometric identity system in history, designed to help deliver subsidies, benefits, and services to India\u27s 1.4 billion residents. The Unique Identification Authority of India (UIDAI) is responsible for providing each resident (not each citizen) with a distinct identity - a 12-digit Aadhaar number - using their biometric and demographic details. We provide the first comprehensive description of the Aadhaar infrastructure, collating information across thousands of pages of public documents and releases, as well as direct discussions with Aadhaar developers. Critically, we describe the first known cryptographic issue within the system, and discuss how a workaround prevents it from being exploitable at scale. Further, we categorize and rate various security and privacy limitations and the corresponding threat actors, examine the legitimacy of alleged security breaches, and discuss improvements and mitigation strategies

Over the Line: Critical Media Technologies of the Trans-American Hyperborder

My project argues that the U.S.-Mexico border is an assemblage of medial forms that are communicated in multiple media without superseding one another. For example, the border is, at once, a graphic design on numerous maps; a symbolic construction in copious literary and legal textual media; a series of fences erected in various terrestrial media; a photographic icon in still and moving pictures; an architectural design; a painted figure; the list goes on. As an assortment of medial forms, The U.S.-Mexico border does not refer to the United States and Mexico as the subjects of its mediation, but rather produces the United States and Mexico as subjects, which thereon depend on the border for their subjectivity, as the border depends on the nations for its continued existence. The United States and Mexico cannot be articulated from or with one another without what media theorist Bernhard Siegert calls “concrete practices and symbolic operations” to process their articulation, operations which are ultimately expressed in medial forms, whether lines on maps, untranslatable proper nouns, legal writ, poetic verses, or fences. In drawing connections between the borders produced in different media, I am examining borders as media systems that correspond to different cultural techniques and produce distinct political subjectivities. To envision this network, I develop the concept of the hyperborder, which I define as a border that extends across media. The hyperborder is a framework that links together different mediated borders, and that proposes and examines epistemological connections between them. The hyperborder is a way of attaining a global and comparative view of borders, while at the same time accounting for their different and irreducible media forms. In this project, I examine border forms primarily in three media: literary media, including poetry and prose; cartographic media, with an attention to different cultural meanings of mapmaking; and infrastructural media, particularly types of fencing. My methodology for researching and comparing these different media forms combines archival and participatory research. In order to study textual borders—those found in literary and cartographic media—I have relied on archival research carried out at UC Berkeley’s Bancroft Library and in the Special Collections of UCSB’s Davidson Library. My desire to account for the location of media has also compelled me to research media forms in the field, so to speak. My analysis of Indigenous mapping in Chapter Two is informed by conversations that I have had with Jim Enote, director of the A:shiwi A:wan Museum and Heritage Center at Zuni Pueblo. My analysis of the U.S.-Mexico border fence in Chapter Three is grounded in physical fieldwork at the site of the fence, particularly with Friends of Friendship Park in San Diego and Tijuana. My combination of archival and participatory research practices allows for a wider view of the border. It also situates my project in numerous academic disciplines and fields, including Comparative Literature, Media Studies, Border Studies, History, Chicana/o Studies, and Indigenous Studies. In developing the comparative framework of the hyperborder, I am making use of the interdisciplinary potential of Comparative Literature, albeit in a way that problematizes the discipline by including what may not be considered “literary” in my comparisons. Although originating in Comparative Literature, my methodology has wandered, through the discipline’s encyclopedic opening, into Media Studies, where I can compare objects like those listed above through concepts like cultural techniques and knowledge systems. I am mainly applying my Media Studies and Comparative Literature approach in order to intervene in the interdisciplinary field of Border Studies. As an academic specialization, Border Studies leans toward political and social sciences, and often leads to bureaucratic professionalization. My project complements and challenges a social sciences-oriented Border Studies with a humanities-based approach that insists on the media specificity of borders. Similarly, my project is engaged with rethinking the paradigmatic borderlands, as conceptualized by historian Herbert Eugene Bolton in the early 20th century. While my dissertation is grounded in borderlands historiography, my sense of History is directed toward a borderlands of media—toward medial differences, and how they determine boundaries in the symbolic and in the real.A major assertion in my project is that cultural differences correlate to media operations. I thus pay critical attention to the disciplinary frameworks of Chicana/o and Latina/o Studies, and to how their disciplinary stances and social frameworks are articulated with those of History and Border Studies. While older center-periphery historiographies relegated Chicana/o cultural production to regional margins, my project marks how Chicana/o texts address these problematics in media-specific ways.Finally, as a white, non-Indigenous scholar who examines how subjects are produced through medial borders in literature, cartography, and infrastructure, I consider it ethically important to foreground Indigenous academic frameworks for evaluating border media. In this project I evaluate Indigenous media using Indigenous intellectual traditions, and I also examine the effects of non-Indigenous theory on Indigenous cultural practice