Some friends of mine have been playing an online diplomacy and military simulation game, in which each player represents an independent country. One of the biggest problems in the game is "multis" -- multiple accounts created by one person. The one person uses the multiple nations to magnify his/her power in the game. The rules prohibit this practice, but it can be hard to detect. Restricting each player to use only one IP address is annoying (as it prevents multiple people from using the same computer), but a start. The underlying problem is how to establish uniqueness of identity: Are you the only person who claims to be you?
Another identity problem is that of verification: Are you the person whom you claim to be? This was a problem faced by Daniel Plainview, the protagonist of the 2008 movie There Will Be Blood. Was the man claiming to be his brother Henry actually that person? Daniel is understandably mistrustful. Ultimately the question is resolved accidentally, by the exchange of a bit of personal information -- an oblique reference to an inside joke. When verifying identity, one has to take care not to give away information when asking for it: for example, if you give a bank your social security number, the bank could then use it to masquerade as you. Some recent security research has addressed the question of how to verify identity without giving away a secret. Daniel Plainview's homegrown solution is just as effective: inside jokes rely not only on objective information, but on a particular emotional response which would be very hard for either a machine or an unrelated human to mimic. In that sense, they are even better than CAPTCHAs: They give away very little information and are very difficult for unauthorized agents to solve.
Uniqueness is an easy problem to solve in person, aside from comedy sketches involving twins. This is because human "duplicates" (genetically identical multiple births) are difficult to "make." In contrast, it's very hard to solve remotely and electronically. If you can fake a verification test, then you can break a uniqueness test. So verification and uniqueness go hand-in-hand.
Oftentimes in math, there's a fruitful tension between existence and uniqueness. When one wishes to prove that "there exists a unique object," one generally proves existence and uniqueness separately. (In this context, "uniqueness" means that if such a thing does exist, it must be unique. So uniqueness by itself doesn't necessarily imply existence, nor does existence by itself necessarily imply uniqueness.) I'm curious whether this tension could be helpful in the field of verifying identity. Answering the question "Am I Jane Doe?" is relatively easy, but the question "If I am really Jane Doe as I claim to be, then there is only one such person" doesn't even seem to be the right question to answer. Furthermore, it shouldn't be necessary to reveal your true identity in order to play an online game. Can uniqueness be solved without verification?
13 May 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment