roundtable: SmartKey article
roundtable: SmartKey article
SmartKey article
Andrew R. Mark, STI (andrewm@interport.net)
Sun, 18 Jun 1995 09:54:22 -0400
Date: Sun, 18 Jun 1995 09:54:22 -0400
Message-Id: <199506181354.JAA03704@interport.net>
To: roundtable@cni.org
From: andrewm@interport.net (Andrew R. Mark, STI)
Subject: SmartKey article
The Roundtable might have some interest in SmartKey as it provides a
means to avoid system-based censorship while providing Senator Exon
(and his supporters) with a tangible way of 'having made a difference.'
If you have any comemnts, please send them along!!!
Andrew Mark
June 16, 1995
Cyberlaw... Is it Necessary?
By Andrew Mark
This week provided the first major event in Cyberlaw, but it clearly will
not be the last. The Communications Decency Act, authored by Senator Jim
Exon of Indiana, is the first firm indication that Cyberspace will not be
devoid of the rules that approximate those which we live with 'in the
normal course.' The CDA, which imposes severe penalties for the
distribution of pornography to 'the protected class,' (any individual under
the age I8, minors) is the first of many new laws which may need to be
written to reflect the unique nature of cyberspace: the ability to cloak
one's identity.
Cyberspace has, to date, provided a forum where an individual is not easily
held to be responsible for his/her actions. Senator Exon, the bill's
co-sponsors and supporters were motivated to grapple with the increased
anonymity provided by Cyberspace, starting with issues relating to youth
access to pornography. The Senate voted to imposed penalties on the only
aspect of cyberspace which can't be 'cloaked,' the consumer's gateway onto
the Internet. Officers of organizations such as American On Line and
Prodigy will, if the bill is signed into law, be subject to fines and a jail
term for enabling a child to access pornographic materials.
Most providers see the new rules as providing them with a 'Hobson's choice:'
if they say that they will screen and censor, when they fail to identify an
article, directory or new posting area which is inappropriate for minors,
they may be subject to severe penalties. With millions of new postings being
created every day, one can only question the ability of any group of censors
to effectively screen all of the available material from kids who may be
searching for it. Alternatively, if they make a fundamental decision NOT
to censor material, they risk losing customers who fear that their children
will be exposed to unsuitable materials. Not surprisingly, the gateway
providers are loathe to accept the responsibility of controlling what a
customer accesses while using their system
There is a more realistic and effective alternative which has yet to be
considered: biometric authentication. By requiring that a person be
biometrically authenticated when communicating with or making materials
available to 'protected' children and requiring that adults be authenticated
as to their age status when viewing material not suitable for minors,
cyberspace can simultaneously provide adults with an open, anonymous forum
without risking our children while avoiding global censorship.
Authentication involves the comparison of some aspect of the person being
authenticated (speech, fingerprints, etc.) with earlier records of the
person who the current person is claiming to be. While other
characteristics can be used (e.g. finger prints) a person's speech
characteristics is probably the most convenient. Unlike a keyboard-based
security system, wherein the user types a password-as anyone knowing the
password can do- biometric authentication provides a far less-corruptible
solution to protecting our youth from those materials which Congress deems
to be inappropriate. It enables the establishment of two distinct viewing
areas: an unrestricted area open to all, and 'the adult zone' which only
authenticated adults can access. The adult area would be accessible by
only those age-status had been authenticated as 'adult,' even if the user
had arranged for his/her name to be cloaked with an anonymous 'jacket.'
The protected area, within which children (and any other users not
authenticated as adults) would be limited, would include only those posting
where an authenticated author has indicated that the content of the material
being posted excludes materials which are ineligible for access by children.
As most postings don't contain these characteristics, the imposition on a
posting individual is negligible. If, on the other had, the individual
fails to heed the warning which will arise each time a child-accessible
posting is attempted, and posts inappropriate material, the government would
be enabled to prosecute the individual unhampered by the current lack of a
biometric authentication which ties the posting to the person. As it is
impossible to know the age-status of someone who is not authenticated (and
therefore may be a child), only an authenticated person (child or adult)
would be able to correspond with an unauthenticated person or an
authenticated child.. With these requirements, correspondence aimed at
children would always bear the author's authenticated name after indicating
that the message is free of youth-access-prohibited material, eliminating
the possibility that a stalking pedophile could anonymously communicate with
a child.
Chat rooms provide a forum for the quick flow of concepts. Despite an
innocuous group-name, a group can easily move into child-prohibited subject
areas, making content control difficult, if not impossible, except through
an out-right prohibition of access to minors. Standard, gateway-provided
monitoring is always applied after the fact: after inappropriate language
has been used or after it becomes known that a minor has been reading
inappropriate material for hours, a censor can take appropriate action. To
the extent that monitoring is difficult at best, those where children are
permitted should be limited to those who have been authenticated, thus
making it possible to expel those who can't abide by legal constraints when
a child or unauthenticated adult is present (and, if warranted, prosecuting
those individuals, regardless of age). As authentication can be used to
prohibit entrance by an authenticated child or unauthenticated person,
adults would be able to conduct chat room discussions without concern that
the subject matter may be monitored by children.
Unlike the solutions offered by the various gateways, user/author
authentication doesn't depend on the vigilance of a screening gateway
provider, the national origin of material, or the software within the home
computer (which can and will be defeated by determined hackers). It simply
relies on the user's SmartKey, a little key-fob which has been assigned to
the user at a minimal cost, probably about $10 per year, the voice of the
person who is signing onto the system, and a relatively trivial change in
Internet protocols. In the event that the voice of the person requesting
access is determined to be that of the person to whom the SmartKey was
initially assigned, the person is logged into the system as an authenticated
individual, with an indication as to whether that person is to have adult or
non-adult access and posting rights.
The controlled distribution of SmartKeys is obviously important: It is
expected that firms such as local telephone companies and credit card
issuers will be the point of contact for a family to get a SmartKey. Using
double-blind questions (where the person asking the questions doesn't know
the correct answers), a person holding an account with that firm will be
able to call and request a Primary SmartKey. In the event that the caller
is able to provide the correct answers to the identity questions asked (e.g.
mother's maiden name, last prior address, amount of last bill, last check
number, etc.) the caller is then transferred to a recording center where
he/she records a user-selected password. After determining that the
SmartKey being requested is not a duplicate for that individual, data
related to the user's spoken password is then embedded into a SmartKey and
sent to the person. Once the Primary SmartKey is issued, the company which
provides this initial authentication will be the only conduit through which
the family may order additional SmartKeys.
In the event that another family member wishes to have a SmartKey, the
Primary SmartKey holder can request that one be issued, subject to the
age-restrictions which the Primary SmartKey holder establishes at the time
that the order is placed. Should the authorizing adult misrepresent that a
child is to have adult-status, he/she does do at his peril, accepting
responsibility in the event that the minor receives materials which the law
has established as inappropriate. The person requesting an adult-status
subordinate SmartKey will be told of the risk of misrepresentation prior at
the time of order, and, in the process, replacing the gateway or service
provider as the access enabler of adult materials by the falsely described
child.
Using SmartKey as a means of access onto the Internet (or any other remote
database) is quite simple, and requires only that a standard telephone be
connected to the same telephone line as the modem. When a user wishes to
sign-on to an Internet Service Provider, the user's computer will dial an
access number which, temporarily, connects the computer with a newly
developed SmartKey voice processing center. Upon connection, the caller
will the see a screen message indicating that the phone should be taken
off-hook, and for the user to place the SmartKey at the handset's microphone
so that it can transmit the user's voice information. Each time the
SmartKey sends this information, it encodes the information in a unique,
sequencing manner, eliminating the possibility that a tape recording of a
SmartKey can be used for access. The caller is then instructed to speak the
password which was recorded at the time that the SmartKey was issued. If
there is a suitable voice-match, the call is then transferred to the desired
gateway or database, with the authenticated user's name and age status
(adult/NOT-adult), without the need for additional log-in procedures. Except
in very high security applications, a user's cold will not prevent access;
if a user is improperly prohibited from entry (due to a cold or other
condition), the user can request connection with a system operator who can,
in conjunction with the company through whom the device was originally
ordered, enable access following manual authentication. The authentication
process, which takes less time than a standard keyboard based log-in, easily
detects a tape-recording of the authorized user's voice.
The SmartKey approach for authentication enables two important defaults:
1.if the person accessing a system is not authenticated as an adult, the
only files which will show on the screen or are otherwise retrievable are
those which were posted by an authenticated user who indicated 'there's
nothing in the file that a 'protected' person should not see,' and 2. mail
which is sent to a 'protected' person (a person either authenticated as a
child or a person without any authentication) must be sent by an
authenticated individual, or is 'bounced,' back to the sender. By permitting
only authenticated individuals to send mail to a 'protected' person, one
eliminates the risk of youth-stalking by pedophiles, a growing problem.
Significantly, in this arrangement, there is nothing to preclude anonymous
postings, though all such postings are only available to authenticated adults.
While the technological elements of SmartKey provide an easy, extremely
reliable means of dealing with the problems related to youth access on the
Internet, users will see its value in eliminating the enormous and growing
problem of electronic impersonation (also known as fraud, hacking, etc.)
affecting the calling and credit card industries, medical other private
record access and other applications where we have grown increasingly
vulnerable due to our inability to remotely authenticate that we are who we
claim to be.
The risk of impersonation is drastically reduced because the SmartKey
system requires that ALL of the components usually cited as necessary for
effective security: the user must have something (in this case, a
SmartKey); know something, (e.g. a password); and must do something which is
biometrically measurable (pronounce the password using similar, but not too
similar, frequencies and cadence as the originally recorded password).
Obviously, the likelihood a child (or adult) to posses someone else's
SmartKey, know the rightful user's password, and then create an acceptable
rendition of the authorized SmartKey's pronunciation of his/her password is
much more difficult to accomplish than any existing authentication system.
SmartKey is not the only means to accomplish biometric authentication,
though the combination of a user-held device which generates varying,
never-repeated encryptions of the user's data and its ability to overcome
the major sources of errors in speech processing makes it extremely
attractive. The integration of biometric measurement as a means of remotely
identifying a caller or database logger provides significant advantages
which will simultaneously ensure the continued expansion of electronic
communications, while protecting our privacy and permitting the application
of existing rules governing our "in-person" behaviors to our encounters in
Cyberspace.
Attempting to develop rules to govern Cyberspace, to censor without
utilizing authentication is akin to crossing the country by foot, while
having a airplane ticket in hand. One can do it, but why?
Andrew R. Mark
Smart Tone, Inc. V: 212-721-0332
205 West End Avenue F: 212-595-5835
New York, NY 10023-4804 E: andrewm@interport.net
![[CNI Home Page]](/Images/home.gif)