Add to Technorati Favorites

User authentication in a world with no free will

I have a little background in user authentication. I wrote my undergrad CS honors thesis on Secrecy and Authentication. If you search Google hard enough you can even find mentions of the Seberry & Jones Scheme for implementing subliminal channels. I held a provisional patent with Sydney University on a biometric user authentication method based on typing style in 1985/6. The method turned out not to be original, has been re-invented multiple times since then, and was even somehow published as new years later in CACM.

I therefore feel eminently qualified to speculate on what user authentication might look like in a world with no free will.

Note that I don’t care whether free will exists or not, and I certainly don’t want to waste my time thinking or talking about it. But if it doesn’t exist, then the following user authentication algorithm does exist. We couldn’t implement it, but it would certainly exist and it’s fun to consider instead of doing real work.

When a computer needs to verify who you are, it tells you to move the mouse around randomly for as long as you like. Or to just bang on the keyboard. The kind of thing you do when you’re generating randomness for the construction of a PGP/GPG key.

But if there’s no free will then it’s not random.

So the algorithm can just look up what you did in a big table to see who you are. As two users could conceivably do the same thing, it probably needs a little more information, like the time of day and your IP address – neither of which you’d have any control over either.

That’s it. No need for anything fancy, just a lookup table. No-one would ever fail to be recognized, no-one would ever be mistaken for someone else, there’d be no identity theft, etc. Even if you just sat there and did nothing for a while the machine would know exactly who you were. You could always log in by just briefly doing nothing at all, and then continuing. The length of time you did nothing for would betray you.

All totally absurd, of course, and thinking about it quickly becomes highly circular. Just like the rest of the debate.

As you were.


You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

6 Responses to “User authentication in a world with no free will”

  1. God’s identity authentication system?

    “Do nothing. I know who you are.”

    Funny post!

  2. God’s identity authentication system?

    “Do nothing. I know who you are.”

    Funny post!

  3. Right. Paul Erdos used to say that God has a book with all mathematical proofs in it. If he has one with algorithms, then the above would be in it.

  4. Right. Paul Erdos used to say that God has a book with all mathematical proofs in it. If he has one with algorithms, then the above would be in it.

  5. You are mixing up absence of free will and determinism. The movement of the mouse could just be random. There’s no free will in quantum particles either.

    Actually your algorithm would work best if there *was* free will, because individuality is the best way to identify people. (not to mention that the need to identify people only exists because of individuality: in a world of ants it doesn’t matter that ant A accessed the system instead of ant B)

  6. You are mixing up absence of free will and determinism. The movement of the mouse could just be random. There’s no free will in quantum particles either.

    Actually your algorithm would work best if there *was* free will, because individuality is the best way to identify people. (not to mention that the need to identify people only exists because of individuality: in a world of ants it doesn’t matter that ant A accessed the system instead of ant B)