.Nat Zone

Digital Identity et al.

Economic Growth and NSTIC

      2011/12/15

Like it or not, we now spend substantial portion of our life in Cyberspace. Think of the time you spend emailing, facebooking, tweeting, shopping – we spend good slice of a day there.

This space also happen to be the fastest growing economic region. It is a frontier. And like it was so in the wild-wild-west, each individuals are armed to protect themselves, and those who do not gets victimized.

If we can institute a mechanism that grants better safety, it would further increase the economic growth of the region and will help the economy as a whole. I think this is one of the fundamental motif behind the National Strategy for Trusted Identities in Cyberspace (NSTIC).

The four guiding principles of NSTIC are as follows[*1]:

  • Cost Effective and Easy to use
  • Secure and Resilient
  • Interoperable
  • Privacy Enhancing and Voluntary

Indeed these seem to be quite well geared towards what was stated above. Today, I will share my idea of why it is on the first three bullets, using some help from Economics Theory. I will discuss the fourth in a subsequent article.

Cost Effective and Easy to Use

There is a good reason why I am bringing this up front. In fact, the two following in the above list actually happens to be a requirement to achieve this.

“Cost Effective” in Economics term is often referred to as “Efficient”. This is one of the most important goal for the economic policy to achieve because if the economy is in a inefficient state, we can improve in such a way that everybody gets better off.

In this world where each individuals, corporations, etc. have diverse “preferences”, we know of only one way of achieving the efficient state: Perfect Market. Unfortunately, that is a holy grail that we will never attain, but we can strive to get closer by removing as much reason for the imperfection. There are bunch of such reasons, but here, I would like to high light the following three:

  • Non-Transparency
  • Friction Cost caused by in-secure environment
  • Market fragmentation and lack of choice

Non-Transparency

In economics term, it is referred to as the Asymmetric Information among the market participants. Just google “Market of Lemmons” and you will find what it is. It is one of the major reason for the market failure, and it is where the government should intervene. To improve it, we need to have some mechanism to make the information about what is being offered more transparent. One such mechanism is a certification based on audit, and publication of the audit result. SEC fillings and FDA approvals are one such mechanism implemented in our society right now.

In the cyberspace, we have the same problem. When we buy something online, we really do not know if that is what is being claimed by the merchant. Similarly, when someone claims “I am John Doe”, the receiving end has significantly smaller information than the claimer: claimer knows whether he is lying or not but the receiver does not.

Thus, we need some mechanism to ease the situation. Audit + Certification offered by OIX, Kantara Initiative, etc. for the digital identities are one such thing. There could be other mechanisms like reputation sharing. They constitute a vital component of what is often referred to as Trust Framework. This is one of the solution to cope with this information asymmetry problem.

Friction Cost caused by insecure environment

I think this is quite intuitive. In the old days, it was a big problem in the land and sea as well. Whether you were carrying porcelain and silk from China to Europe through the Silk road, or carrying spice through Indian Ocean, you had to worry about bandits and pirates. You had to arm to protect yourselves. It added significant transaction cost.

In a modern “land, sea, sky” society, this has become non-issue. The street lights, law enforcement infrastructure etc. has granted the secure and resilient environment in which we can transact. It lowered the transaction cost significantly and accelerated the economic growth.

Unfortunately, the fourth space, cyberspace, does not enjoy this property. Bandits are at  loose there. What can we do there? One obvious measure is to improve the information transparency so that you will be able to know the person approaching you better before you engage in a transaction. This was discussed in the previous section. Another measure is to minimize the weakest ring, passwords. Also, stopping such an irrational practice like using SSN to verify the person’s identity is an important step.

Besides the tool side of it, governance side of it is also important. There has to be a recourse against a mis-behaving party, and that has to be enforceable.

What we talk as Trust Framework in fact are embodiment of those factors:

  • Technical and Operational Standard that parties has to adhere to.
  • Transparency through audit, certification and result publishing.
  • Law enforcement mechanism (mainly using contracts as “private law” and linking it to the existing law enforcement mechanisms.)
  • Arbitration Mechanism.

Market fragmentation and lack of choice

For the perfect market to work, competition is the key ingredient. Market fragmentation by non-interoperable technologies works against it. So, keeping interoperability to a certain level is important.

At the same time, it is important to keep the variety in the supply of the good. What makes an apple an apple in our case is the interoperability. But there should be many variety of apples available in the market to cater diverse preference of the consumers (individuals, corporations, governments, etc.) This is often overlooked. Many people seem to mistakingly think that consolidating solutions will improve efficiency. Well, that is true for you as an individual but as a collection of individuals and other parties, it is not true. The efficiency by consolidation is only true when there is no diversity in preference. This actually is the pitfall that totalitarian state owned economy fell into, which eventually lead to the fall of such regime. We have to acknowledge that people are diverse. So the supply has to be diverse to grant the freedom of choice as well.

To achieve it, free entry has to be granted. Also, the requirement MUST NOT be too prescriptive so that it will not kill the varieties.

NSTIC principles translated

Thus, NSTIC four guiding principles actually turns into the following requirements:

  • Free entry to the market to improve the variety of supply
  • Freedom of Choise
  • Interoperabile, but not too prescriptive requirements to avoid market fragmentation as well as foster innovation
  • Trust Frameworks
    • Technical and Operational Standard that parties has to adhere to.
    • Transparency through audit, certification and result publishing.
    • Law enforcement mechanism (mainly using contracts as “private law” and linking it to the existing law enforcement mechanisms.)
    • Arbitration Mechanism.

These seem to be a very reasonable requirments to achieve faster economic growth.

The other requirement actually is complementary and integral part as well.

However, I will save the discussion here and defer it to a later date.

[*1] I changed the order found in http://www.nist.gov/nstic/presentations/grant-introduction.pdf to make it easier to discuss in this article.

(from Keystone, CO)

 - identity