OpenID: A great thing… going amok?

On Aug.19, 2007, Tara says: I’ve interupted this conversation until I get my personal blog running, which I think will a more appropriate platform for it. Comments are still open though.

I recently came across Carsten Pötter’s post OpenID for all Estonians wherein he writes about a nationwide implementation of OpenID in Estonia. Citizens and foreign residents alike will all have a national OpenID, tied to their national identity card and health care system.

Mark Wilcox over at Oracle did a good job of listing off some potential security problems.

But Carsten mentions another concern, almost as a side note, that grabbed my attention: Privacy.

More than anything else, privacy and free will would be my biggest concerns.

I’m a US citizen living in Italy. I remember the odd feeling I got when the Italians first handed my my National ID card. On one hand I was thrilled (years of paperwork have finally paid off – I’m IN!). On the other hand, it was just … ick.

That was just a piece of paper, without even a bar code attached, signed by a real government official with – holy cow – a PEN. Just think what kind of chill up the spine an all-encompassing-online-offline-single-identity-smart-card could produce. Brrrrr…

So what’s the problem?

Now, before folks get their feathers ruffled – I like OpenID. I use it. I play around on Jyte. It’s fun. What I don’t like is being assigned an OpenID (or anything else for that matter).

What’s fabulous about OpenID, is the choice to have and use one.

Personally, I was a bit peeved when WordPress turned this blog into an OpenID without ever asking me. Am I saying I don’t want OpenID? No, I’m saying I want to exercise free will and choose my own provider.

AOL is also guilty of imposing OpenID on all it’s users. Now, even my mum back in NY has an OpenID. The problem is, she doesn’t know what OpenID is, how to use it, how to protect it or even why should would need to protect it. Compound that with recent exposure of AOL’s bad password habits, and … well, it just can’t be good.

I can easily see AOL OpenIDs becoming a hotbed for posers and spammers – it’s an easy target… not to mention big and hard to miss too.

Now, let’s take that to another level: an entire nation requiring citizens to use OpenID. The thought sets butterflies on a wild ride through my belly.

I hope there will at least be a program to inform citizens about the power, and risks of power, they’ll soon hold between their fingers in the form of a National ID smart card tying their real lives to their virtual ones.

Would an official from Estonia please, please, please reassure me on this point?

UPDATE: Thanks to Martin for assuring me that OpenIDs will NOT be issued forcebly to the Estonian people. Great news! Here’s the link.

Whatever happened to free will?

If OpenID is “user centric”, it shouldn’t be imposed on people.

The problem here isn’t with the technology, it’s with the implementation of that technology.

So, while I find eID fascinating, I’m also sure that I would never want to live in Estonia. I’m also pretty sure that I’ll continue to request that WordPress deactivate the use of my blog as an OpenID (in all fairness, I only asked once, but I’ll give it another go).

It’s about choice. It’s about free will. It’s about a right to privacy.

Technorati Tags: PassPack, freewill, privacy, security, openid, aol, wordpress, estonia