E77 - Hitoshi Kokumai - Mnemonic Identity Solutions Limited
40:04
SUMMARY KEYWORDS
passwords, episodic memory, people, identity, memory, privacy, quantum computing, accounts, images, pictures, credential, authenticated, years, password manager, solution, protect, democracy, business, volition, authentication
SPEAKERS
Debbie Reynolds, Hitoshi Kokumai
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations.
Hello, my name is Debbie Reynolds; they call me "The Data Diva". This is "The Data Diva Talks” Privacy podcast, where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. I have a special guest on the show all the way from Japan, Hitoshi Kokumai, who is the founder and Chief Architect of Mnemonic Identity Solutions Ltd. Welcome to the show.
Hitoshi Kokumai 00:48
Thank you very much for giving me a chance to talk with you about the defense of privacy by our solution. That is the identity assurance by our own volition and the memory. I would like to emphasize the power and the value of having our servers authenticated by our position and the memory, not by what we possess or not by what we look like.
Debbie Reynolds 01:31
Right? Well, before we start on that, I’d love for people to get to know you and what your interest has been in privacy, and why you decided to start pneumonic, Mnemonic Identity Solutions Limited.
Hitoshi Kokumai 01:45
When we started this business, our aim was to provide the solutions of identity assurance, which is fully compatible and promote, enhance and advance the values of democracy. It's the most important factor in our business. We need to make money in order to sustain the business. But we are not doing business to make money. We need the money to do the business for progressing the value of democracy in view of the identity assurance or identity authentication or digital identity. And the value of democracy could be quickly eroded. If we rely on the authentication methods, which doesn't involve our position and the memory. Imagine what would happen if your identity is authenticated while you are unconscious? Or while you are asleep? Or you while you were away? Your civil rights respected? Or were your identity authenticated against your will? Could you believe that you live in a democratic society? The principle is that identity must be authenticated while our volition is involved. It's a very basic principle of democracy. And unfortunately, we are witnessing that today this principle is being eroded by many people who promote the authentication method that can be achieved without having our position and memory confirmed. We are now in a very perilous situation and where our identity is authenticated while we are unconscious. Do you believe that our privacy can ever be protected? It can never happen where privacy must be protected. Our identity must be authenticated. Involved in our position and the memory, this is the first message I would like to convey to our viewers.
Debbie Reynolds 05:11
You and I have been connected on LinkedIn for a number of years. I know a bit about some of the things you told me; I would love for you to tell your story about how you work with the Ministry of Defense in Japan, correct? Yes, about password solutions and talk about that story. And that success story with you.
Hitoshi Kokumai 05:40
In order to get to that story, I would like to talk about how we got there. We didn't jump to the military use just after thinking about the value of democracy. It was a long history. Yeah, I invented this solution that expanded the passage of the system at the beginning of 2000, the year 2000. So it's I have been working on this project for 21 years. In this ever, quickly changing world of information technology. Someone who has been pursuing the same aim for 20 years may now look like a fossil that the trend in identity Information and Technology is changing every couple of years, new ideas come up and disappear. In a couple of years. Now, I've been working on this for 21 years. So many of my friends call me just crazy. You don't have something else to do? They asked me, and I answered that this is my vocation. This is my calling all my life, and it was training and research for this particular project; I now believe that I was born to do this project. Well, back in 2001, I was talking with a patent attorney about the possible use of a two-dimensional code, something like a QR code. And that was the beginning of our journey going into military use. Other times I was thinking about putting a long password into code and into two-dimensional code. And many people are still pursuing that idea, and but I threw it away within a few days because what is put into a 2d code in the printing on something or stored or something could be lost. And then that's the end of the story. And after trial and error in my brain, in my thought experiments, I arrived at the idea of making use of pictures and images of our own episodic memory. Now, if we listen to logic, once we agree to the principle that identity must be, our identity must be authenticated. While we are conscious, and the while our volition and the memory are involved. We will come to agree that secret credential is indispensable. Textual passwords have been the secret credentials for many decades. And it worked well when we had only one or two accounts to protect. But nowadays, we have dozens of accounts to protect for business and many more dozens of accounts to protect in our private life. Textual passwords no longer help us as now, we have two propositions secret to creating passwords that are indispensable. While text the passwords are insufficient, then we can naturally get the lead to assume that we should look at non-text credentials. Non text credentials you could imagine you could think of using images. And that images you now struggle to remember can evaporate quickly if we use the pictures for dozens of different accounts. Well, about one year after I started to think about this conundrum, one of my friends who was who learned the psychology suggested to me that I should look at today the power and the value of our autobiographical memory, especially episodic memory, that they had been acquired years ago and decades ago and solidly inscribed the inner brain such memory will not evaporate over a couple of years. If we use episodic image memory as the secret credential for identity assurance, we should be able to make a Quantum leap to solve the conundrum that we need the secret equipment credential, and yet textual passwords are not sufficient. And we started to promote this concept to raise the money in Japan, and they came up with a software product, and they made some commercial implementation. One of them was our military, who was interested in our solution in view of the nature of our image memory, especially if setting the memory that will enable us to come up with the authentication that can stand the very stressful the situation on the battleground, feet on the battlefield, you say that on the battleground people are under various stressful situation or panic association. The stronger password that you managed to remember could easily evaporate or get confused, particularly when so just have to manage multiple passwords. Our solutions solve this conundrum. People who are under stress or frustration can easily identify or recognize the images of their role in episodic memory. For instance, the pictures of toys and dolls and the dogs and the cats that you or your children used to love for many years would jump into your eye even when you are in a panic or even when you are heavily drunk is the same or even worse. Any, we get aged, and our recognition capability is weak. Those pictures, images of our episodic memory, jump into our eyes; we don't have to look for them; they would jump into our eyes because of the strong emotion those images carry. By making use of our own episodic image memory, we are able to have our identity authenticated very reliably under any circumstances, even when we have many numbers, many, many accounts to protect. Because when we allocate different sets of images to different accounts, each account has a different set of images for authentication. When we look at those different sets of images, those images tell us what pictures are registered as our passwords. So, we cannot get too lost or we cannot get confused. Because I have two different difficulties. One is that passwords themselves are hard to remember. But somehow, some brighter people can remember very hard to remember passwords. But even those people have difficulty remembering the correspondence between the accounts and the passwords. You remember, five, six, stronger passwords. But are you sure which passwords are for which accounts? So even those people who are bright enough to remember very strong passwords have to rely on a memo in many cases, and nowadays, if we need to make access outside our homes and offices, it means we have to carry around a memo outdoors in many cases, very vulnerable to physical stealth. And our solution will relieve us from not only the burden of remembering how to remember passwords but also the burden of remembering the correspondence between the accounts and passwords. And those factors are behind why our solutions were picked up by our military in 2013. And it has been used for eight years now, now going into its ninth year, and the number of licenses has increased tenfold from the year 2013 till now. So I am confident today that they are not unhappy with their solution.
Debbie Reynolds 19:01
How do the images get into the system for the episodic memory to work?
Hitoshi Kokumai 19:09
When I first thought of using images for identity authentication 21, 22 years ago, many people laughed at me because it takes time. It cost a lot because, in those days, memory was expensive. Communications were slow, bandwidth narrow, but very, fortunately, from 2000 to 2001 or 2002, some Japanese firms and manufacturers came up with a good idea of embedding a small digital camera on the mobile phone. Then it boomed. Communications companies tried to make the bandwidth wider to accommodate the flow of pictures. And the situation changed very quickly. Nowadays, everybody has a digital camera with them as a mobile phone. And as soon as they take pictures, they upload the picture onto the cloud or the SMS.
Now, people who are older than I have no difficulty in handling images and exchanging them with their grandchildren and friends, and now, naturally, computers and phones are capable of handling a huge volume of pictures instantly. And the problem we had 20 years ago is gone altogether. And at the same time that the understanding of our psychology the, brain science has advanced dramatically over the last two decades. And it is strongly endorsed in doses of our understanding of how our memory, what we assumed was true 20 years ago, is now confirmed more clearly in essays about how to combine the technology and psychology or brain science was wrong. It was the the the last 10 years that I have proven that our approach was correct. Our choice was correct. And now we can communicate with I'm talking with you in real-time even though you are across the globe. This means that the bad guys can attack my accounts 24 hours a day from every corner of the globe. So accounts need protection. And every citizen is now connected to the global network means every citizen can be attacked by bad guys. And recently, the tech guys have proven that our privacy, so nowadays, nobody can escape from the guys who are trying to have an access to our privacy. So we need the universal global method of protecting privacy by way of reliable identity authentication. Reliable means identity authentication by our volition and the memory without involving our position and the memory. It cannot be called reliable. We can have our episodic image memory. In addition to our ability of recalling text passwords, we don't have to throw away anything. We don't think of this or not this or that; we think of this and that we should be able to use everything that is available to us.
Debbie Reynolds 25:30
That's great. Wow, that's really interesting. I saw that you had posted an article or post on LinkedIn; we're talking about Quantum computing and passwords. So a lot of people are concerned about Quantum computing when it comes about and how that will impact passwords. So what are your thoughts about that?
Hitoshi Kokumai 25:59
Here by password, I mean secret credential, symbolizing our volition and the memory. And so here I don't just mean that the text password by password, I mean our volition and the memory as a whole by the word password. And like many other people, I'm very concerned about the possible negative, disruptive effects of artificial intelligence and Quantum computing. And that is certainly why it can help us, and it can hurt us, or it can even kill us. And if we want artificial intelligence and Quantum computing to help us, not hurt us, we should place them under our control. We should not deceive them or place us under their control. And we need the identity assurance of our own volition, and the memory is the minimum necessary condition to see it happen. If we give up the identity assurance of our own volition, the memory machines will soon be able to place us under their control of our memory, particularly our own autobiographic memory and episodic memory, which is just unique to me, and you. Nobody else sharesmy episodic memory; even my wife, my daughter, and even my colleagues don't share my episodic memory. It's my own; it's unique to me; machines don't have an access to it. Artificial Intelligence and Quantum computing are the likes of them. However clever they may become, they will never be able to have an access to our memory, particularly our episodic memory, and our position that is driven by our emotion-enhanced episodic memory. So is the point of my article on passwords, Quantum computing, and password authentication. Without the author without the identity assurance involved in our volition, the memory, we would probably be unable to keep artificial intelligence, and Quantum computing and something coming up in those categories will place us under their control. It's a nightmare. I think many people share with me.
Debbie Reynolds 29:53
Oh, yeah, I do. I think maybe it's because of movies that people think that machines are smarter than humans. And I don't think that's true. Also, I think that we can't abdicate our responsibility as humans to computers and AI. So we have to make the final call and the final judgment, and we can't defer those decisions to computers and computing. So tell me what right now or what in the future is concerning you about privacy when the machine place is under control and when machines can authenticate us, authenticators. While we are asleep or unconscious, can there be privacy? Not in such a situation, there would be no such thing as our privacy. So if people want to defend their privacy, as I love, as I want to defend my privacy, our identity authentication must involve our volition and the memory. We believe we are able to provide the solution to the global citizens with our record of some successfully successful implementation in Japan. What I am talking about is not the hypothesis; it was actually implemented and helped the people in a very demanding environment for a very demanding use case. Right. So a lot of innovations that we're seeing in modern life now have been tested by the military. So it's really cool to see that your solution has stood up to that rigor and is a way of thinking differently, and also taking advantage of things that are unique to individuals and not pretending that people aren’t different than they are. So an example. And this is one that I'm sure that you share, and I touched on a bit; it's hard to remember, like very complex passwords, right? So it is hard; it's hard for most people to remember that. So then why give someone a complex password they can't remember when you can find something else that, like you said, instead of trying to recall, they're just remembering, right?
Hitoshi Kokumai 32:57
I don't think we can sell our products to the people who boost their ability to remember very strong passwords for many different accounts without the help of memos; I would be happy if the people who are not certain about their such ability hid themselves with our software. And by the way, we are now on the way to coming up with a new breed of Password Manager powered by our episodic memory. And we are thinking of coming up with three different versions, consumer versions, business versions, and professional versions. The professional means the people who have the key and are under their control for a nuclear bomb or atomic plans or, anyway, whose passwords cannot be lost. And for business people, I mean, they're all most of the people in the office or at the plants and the consumers—everybody who needs to protect their personal accounts. And we are going to offer the consumer version free of charge so that everybody on the globe can protect themselves with a password manager that can be used in multiple ways. A big problem with our password management is creating a single point of failure. It's like putting all the eggs in a single basket; if a password manager is compromised, it’s the end of the world for the person. Or even when we use a password manager, I wish to be able to use multiple numbers of password managers. So that in order not to create a single point of failure, say, this password management the module for this category of accounts that the password manager for that category of accounts. And because by using external memory, we can manage as many numbers of accounts, we can manage as many numbers of accounts as we'd like. That means, assume that you will have 100 accounts and passwords to protect; you can separate them into 10 categories. And 10 categories will be defended by 10 different password managers with 10 different, strong, and easy to recognize passwords; then, we can make a good balance between the security and the convenience. We always look at the issues from the end point of view, right? We can use this, that not this, or not that, right? Oh, we should make use of all the resources we have. And they have.
Debbie Reynolds 33:09
Very good, very good well, so everywhere your wish, Hitoshi, for privacy, what will be your wish for privacy anywhere in the world, whether it be technology, law, anything?
Hitoshi Kokumai 37:32
My knowledge is not good enough to talk about something very definitively, but I'm looking to the future of decentralized identity. Some people call it a self-sovereign identity. From that viewpoint, I'm interested in the future development of blockchain and the likes of blockchain that don't consume too much electricity. Right. So blockchain that is much more eco-friendly. That's what I am anxiously anxious to see happen.
Debbie Reynolds 38:33
That's cool. I don't think I've ever heard anyone say that before. Sustainable decentralized identity systems. Right.
Hitoshi Kokumai 38:44
So the central management is convenient. But in view of confidentiality, it's always vulnerable. It's put all the eggs in a single basket.
Debbie Reynolds 39:03
I agree. Oh, my goodness. Well, this is so great. I'm so glad we were able to meet finally. We have been talking for a couple of years on LinkedIn. And thank you for putting out really great content and for being able to share your knowledge. This is fascinating. Oh, thank you so much. I really appreciate it.
Hitoshi Kokumai 39:22
Thank you very much for having me. I really enjoyed it. Enjoyed the conversation with you. Thank you very much.