Regarding the latter, an old technique from 10 years ago was to mail a photocopy of your driver's license to the system in question. However, that's not really practical on today's scales.
So, using a public/private key pair and a telephone book style directory, one could authenticate a person online. With the online identity would be a profile like age, or who was the parent of whom (in order to allow parental consent), and legal address (in order to serve legal documents).
Since the identities have to be trustable and each person must have an identity and there must only be one identity per person, the government seems ideal for this. They already maintain one-to-one mappings as it stands.
Of course, there are some problems:
It's not necessary to involve the government. It is not even necessary to have a single directory. Authentication could be a service offered by a variety of companies, who could compete on integrity, speed, comprehensiveness or whatever. Not everyone trusts the government.
It may make sense to have different identities for different purposes. For example, when a policeman asks to see my driving licence, he doesn't need to know my medical records as well. If we use different keys, we can make it much harder to cross-reference different kinds of information to discover they all refer to the same person.
One could make a ShadowIdentity for certain transactions, although I doubt any government would approve of that in the near future.
It's not necessary to involve the government.
No, but I suspect it would allay many people's fears. There are two completely opposite camps in the privacy debate. One is the one you'll find on SlashDot; the ultra-libertarian, fear the government, let private citizenry do it all. Private solutions may ultimately end in a CorporateGovernment however. The other camp can't abide by this and prefer the theoretical openness of a public institution. I feel most people are in this camp.
Both camps are afraid of some uncontrollable entity controlling their fate. Another solution is to devolve all power into individual hands, but this is too complex for most people who just want someone else to deal with the mucky details. Paranoid geeks are okay with using PGP, but ask their proverbial mothers (It's so simple, my mother can use it!) and they'll throw up their hands.
In Canada, we have something called the CrownCorporation? which essentially is a publically held private company. There are ex-Crown corporations like BellCanada? and CanadaPost? that are still regulated, but act independently for profit. CanadaPost? is working on something interesting with registered electronic mail. Perhaps the future lies in the hands of companies like these. Indeed, I can easily see the postal companies around the world taking a more active role in the way things play out because they are relatively trustworthy public utilities and sufficiently numerous to compete with each other.
Personally, I think I'd trust my government more than I'd trust a corporation because corporations are legally responsible to maximize their profit (or face DueDiligence? charges). Fiscal focus is not compatible with the public good.
Finally, ultimately, you still need the government at some level because governments are the only organizations in the world that legally can verify identities. They are responsible for accounting for their constituents. So, if private companies take the charge, they will have to accept government approved ID from people anyway. Somehow, the extra level of indirection here seems noisy to me. Prone to error, or cracking. -- SunirShah
See also WebOfTrust. Anyone who has known you for 30 years can verify your identity in ways that matter. With the right technology, this can be used to form a secure authentication system that does not rely on any central authority. (It does, as mentioned, add burden for users.)
Ultimately, any centralized authentication system will not meet CypherPunk concerns for security or privacy. But any system without government authority will lack strong legal standing. Therefore, GovernmentBackedAuthentication is useful for purposes of commerce, contract, and law. For broader use in global communities, it becomes very limited.
In any case, laws don't flow across the networks into other countries. On the Internet, there can be no actual "right to sue." What we really need to do in our online communities is find reliable ways to deal with people in the absence of legal enforcement.
There's no way that even I would trust GovernmentBackedAuthentication in most circumstances; however, I don't really think I'd trust corporations or individuals to provide legally acceptable authentication services because their motivations are orthogonal to the government's. Moreover, the government only accepts government identification when dealing with them. And I wouldn't appreciate a CorporateGovernment gaining power, either. But... governments are dissolving anyway. --ss
I was not writing about trusting the government versus trusting other authenticators. My point was this: legally strong authentication is desirable, but not possible on a global scale. It's not a question of the best way to do it, but whether it can be done at all. Outside of certain contexts, it can't.
Even if it is backed by national governments, authentication will carry no legal weight on the net at large. Past a certain point this is insoluble, and outside the realm of legal matters within our own nations and treaties we cannot rely on the law because there is no law. -- MattBrubeck