Practice Cryptography!

The "single ID" is being touted as the solution to all the Web's identity management problems.

http://www.projectliberty.org/ is based around the concept of a "federated identity system". (Basically, a bunch of companies, including AOL, IBM, RSA, Intel, Sun, GM, American Express, Bank of America, Computer Associates, Nokia, NEC, and Verisign, just to name a few) are trying to build a system where your interactions with others within the federation basically act as "introducers" to other places that use the federated identity. This might work for protecting companies against consumer fraud, but how is this going to help protect consumers against corporate fraud? (I have a nice link somewhere about how an otherwise-reputable company issued a digital certificate to a phisher, who used the automatic SSL verification to trick a LOT of consumers into providing a LOT of their information.)

There are entities that do need single identities. These entities are called 'organizations'. (Organizations should be able to delegate the authority to send email and conduct business to actual people within the organization, but that's beside the point...for the moment.)

And there's also a massive repurposing going on for state Departments of Motor Vehicles. This is no small feat, in actuality -- even though the credentials that the DMVs issue are used as identity documents in any case. (It's rather ludicrous, if you think about it -- the state just wants to make sure that the person is legally allowed to drive. Everyone else wants the state to make sure that the identity credentials are accurate. Which makes sense, since the state (and political subdivisions thereof) are the ones who maintain birth records, and the US Department of State checks with the original issuer before issuing a passport.)

I can understand the need for a single legal identity... but there's a rather severe problem with this that I'll get to later on.