The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof....
-
Upload
christian-phelps -
Category
Documents
-
view
212 -
download
0
Transcript of The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof....
![Page 1: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/1.jpg)
The Challenges of Online Identity Assurance
in a Judicial Setting
Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS)LawILAWS
dog judge!
Welcome User 39 …
Who are you today? …
![Page 2: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/2.jpg)
Our life in data…from cradle to grave
• The potential to chronicle individual lives exceeds anything previous in human history
• The ‘datafication’ of our lives involves a large ecosystem of participants, including identity intermediaries
![Page 3: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/3.jpg)
Identity assurance is characterised by identification and authentication processesAuthentication is the process of associating
attributes with a known entity
1-factor authentication
2-factor authentication
3-factor authentication
Self-assertion
Third party verification
Direct verification
Detailed direct verification
The user makes a self-assertion of identity and there are no checks
Verification of identity is direct and detailed (e.g. for passport)
Verification of identity is direct (e.g. background check of clients)
Verification is left to third party (e.g. phone number)
Identification is the process that makes known an entity in a given domain
1) ISO/IEC 24760
Strong Digital Identities are characterised by a process of identification and authentication that is able to ensure the verification of the data provided by the individual and the secure authentication to its user profile
Soft Digital Identities, although sometimes they are used for commercial transactions (i.e. Amazon), do not require identification and authentication processes with high security levels (e.g. Social Networking Sites). These soft identities normally consist of a user name
and a password plus several attributes needed to use the specific services
+
-
Level of trust
The authentication is done through something that you know, or you have (i.e. password)
The authentication is done through something that you know and you have (i.e. token and PIN)
The authentication is done through something that you know, you are and you have (i.e. token, PIN, biometric)
![Page 4: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/4.jpg)
What is the problem for the courts?
![Page 5: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/5.jpg)
Research scope: example – how do the courts authenticate
authorship of a piece of social media text?
Direct evidence
Circumstantial evidence
Court
Individual A? Presented by
Individual B impersonating Individual A?
![Page 6: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/6.jpg)
Technical challenges of authenticating authorship
of online text
How do courts establish who is behind the keyboard?
O Basic traceability issues
• Who is behind an IP address?
• Can you fake ‘metadata’ (machine-generated data about data)?
O The ‘account owner’ gap
• Who uses an account?
• Passwords are poor identifiers
![Page 7: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/7.jpg)
Research value – trending now…“Social media (criminal law, evidence and procedure): The criminal law and
criminal rules of evidence and procedure may not have kept pace with the technological and social developments flowing from the rapid and widespread take-up of social media, such as Twitter and Facebook. …There are evidential challenges, for example in proving authorship and in relation to the technology used to generate and communicate messages through these media.”
Law Commission 2013, consultation for 12th programme of law reform, c. 2016 start?
“In relation to the problem of matching internet protocol addresses [to particular internet users], my Government will bring forward proposals to enable the … investigation of crime in cyberspace.“ (Background briefing note: “…need to know who used a certain IP address at a given point in time”)
Queen’s Speech to Parliament in 2013
![Page 8: The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.](https://reader035.fdocuments.in/reader035/viewer/2022072016/56649ef15503460f94c02a02/html5/thumbnails/8.jpg)
Thank you for listeningComments & Questions?
More information at: http://www.southampton.ac.uk/superidentity/