Archive

Archive for September, 2009

On Being Personally Identifiable

September 15th, 2009
No comments

The Electronic Frontier Foundation has an informative article called What Information is “Personally Identifiable”? I was surprised to learn that if I know your gender, zip code, and birthday, there’s a high likelihood that I know exactly who you are.

Gender, ZIP code, and birth date feel anonymous, but Prof. Sweeney was able to identify Governor Weld through them for two reasons. First, each of these facts about an individual (or other kinds of facts we might not usually think of as identifying) independently narrows down the population, so much so that the combination of (gender, ZIP code, birthdate) was unique for about 87% of the U.S. population. If you live in the United States, there’s an 87% chance that you don’t share all three of these attributes with any other U.S. resident. Second, there may be particular data sources available (Sweeney used a Massachusetts voter registration database) that let people do searches to bootstrap what they know about someone in order to learn more — including traditional identifiers like name and address. In a very concrete sense, “anonymized” or “merely demographic” information about people may be neither.

Coaching moment: Think of how many grocery store, membership applications, and online accounts have your name, zip code, gender and birth date. Many of the contractual terms that we agree to when we apply for these services make reference to how the company plans to use their data. In some cases, they claim to use “aggregated data” which does not identify us by name. However, if we put a few of these databases together (you know this is happening, right?), there’s a lot of data available about us. Specifically.

Think about who is asking for your data, and what need they might have for it. I encourage you to think more critically about your data sharing practices. It might not be safe to think that anonymized data stays that way.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »
VN:F [1.5.7_846]
Rating: 0.0/5 (0 votes cast)

records, tools , , , , ,

The Five A’s of Security

September 7th, 2009
No comments

Personal and online security is a desirable state and a complex idea. This guide offers a general overview of the main idea that, when used together, help us establish a level of security that makes us comfortable using our computer in an online world.

A is for Awareness

Awareness

The first subject in talking about security is awareness. We need to be aware, for example, that we are not always safe in the world (online and offline). When we are online, most people are aware that there are certain dangers such as viruses, phishing, and spam that threaten our safety (personal, financial, or data). Once we know that problems exist, we are more likely to learn about and take steps to avoid danger and keep ourselves safe and secure.

A is for Authentication

Authentication

Authentication is the process of verifying that you are the real you. Your friend may authenticate you to other friends by saying something like “this is my friend Chris” (or whatever your name is). You may prove that you’re who you are to a business entity by answering questions that only you would know the answer to. You are usually being authentic when you speak honestly, from your perspective, to someone you love.

A is for Authorization

Authorization

When you are authorized, you have access to a computer system. Verifying users of your computer, or your work’s computer, or any storage systems or online accounts, can help you track the activity in files and resources. An unauthorized user can be prevented from gaining access to your information. Authorization is the process of assigning permission to use certain files and resources.

A is for Access Control

Access Control

Setting permissions on files, directories, accounts, or computers can establish limits to these resources. You may wish to be the only person that read and update your personal finances, for example. This is referred to as individual read-write access (only the owner of the file can read or update). At work, your group may have access to read and maybe edit a collaborative document. Most of the web pages offer global read-only access. Individual, group, or global access can be set to allow reading, editing, and/or other permissions.

A is for Auditing

Auditing

As individual computer users, we don’t often think about the clues that we can use to track where we’ve been and what we’ve been doing. However, whenever we visit a web site, the site’s server automatically keeps a record of things like our domain name or IP #, the time and date of our request, the page or file requested, a code indicating success or error, the number of bytes transferred, and more. As the visitor, we don’t have such tracking tools (and in many cases, don’t need them). However, as our habits and travels on the Internet are increasingly scrutinized by the sites we visit, we have a stronger case for understanding what is being compiled about us.

Coaching moment: In reality, these five A’s are somewhat intertwined. For example, it doesn’t make sense to have Authentication without Authorization. Access control doesn’t happen without Authentication and Authorization, and none of these make sense without Awareness.

What does this have to do with digital identity? These are the pieces that make up our digital records, including who we are and what we’re allowed to do. Sometimes we have control over these decisions, and sometimes control is in the hands of others. It depends on the context of where we are and what we need.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »
VN:F [1.5.7_846]
Rating: 1.0/5 (1 vote cast)

history, records, tools , , , , , , , , , , , , ,

What Data Can Show

September 4th, 2009
No comments

This video is an interesting romp through time, illustrating special effects and what can be shown visually. What does this have to do with digital identity? Several things:

  • The world is not always as it appears
  • Some people want you to see the world in a particular (non-real) way
  • You can show the world who you are in a particular (real or non-real) way
  • A personal identity is an interpretive dance between the person offering and the person accepting or using some information
  • Not all information (like details of how the effects were created) needs to be revealed

Coaching moment: You are, at some points in time and in certain circumstances, the director, designer, and special effects creator of your own life. You can choose what to show, what to withhold, and what parts of you become the picture that others see. For example, you may not choose to talk about last night’s bar crawl when you’re at work, being a model employee. You may choose to reveal more information about your activities to your doctor, in order to assist an appropriate diagnosis. You may choose to portray indifference and anonymity to an annoying panhandler on the street.

What happens when someone else follows you around, blowing your cover? That’s what many companies are doing now when they collect and trade your data. These companies are saying, in effect, “we know who you are, you can not hide from us.” However, what they “know” may not be true or accurate. See, for example, What the Internet Knows About You – a site that says you’ve “visited” URLs that may have only shown up on your visited pages as advertising or invisible pixels. Or take a look at your annual credit card summary to see that your favorite local hardware store is categorized as a “specialty foods” (or some other clearly erroneous) category.

Why might you care about this? Many of these companies and related trading partners are making decisions about you based on this information. They are not asking you to verify–nor are you given the opportunity to refute–inaccurate or incorrect information. Is this the kind of decision making that you want to be steering your life? (I don’t.) This is a version of making decisions about your finances based on identity theft, or about your insurability based on someone else’s records.

What can you do about it? First: be aware of this practice. Choose to work with businesses that are collaborative and will help you verify your data. There aren’t many of them yet. As they show up in the marketplace, they will need your support. Second: order a credit report from any (each) of the big three data companies. Correct what’s wrong. Know what they say. Third: Talk with your friends about this. You may be interested to learn who cares and who does not. Ultimately this is your priority, not someone else’s.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »
VN:F [1.5.7_846]
Rating: 0.0/5 (0 votes cast)

history, records, tools , , , , , , , , , , , , , , ,