The information sharing industry is pretty opaque to most people. We have no idea what “they” know about us. Moreover, it can be infuriating when certain companies make assumptions about us that are clearly erroneous. It can be absolutely unnerving when total strangers strike a little too close to the bone.
It’s instructive to find out what they know! Several years ago (2006), my friends at Privacy Rights Clearinghouse wrote a post called For the New Year, Resolve to Check Yourself Out that will help you do this. Their list of resources will help you understand who you are from the perspectives of your:
Credit history
Medical Information
Bank account history
Insurance claims
Public records
Search engines
I’d add one point to their last bullet. If you have an account on Google, you can now go into your Google Account Settings (look for the link in the upper right corner to Settings). Under Personal Settings, look for Dashboard: View Data Stored with this Account. It’s a view of what Google knows about you.
Coaching moment: It can be both overwhelming and empowering to know this much about your world. Fortunately, the overwhelming feeling can be countered by putting the story together and taking control of the problems. You’re creating a story, a narrative of who you are. Fix your problems if you can. Imagine a world in which you controlled your own information and others came to you for it. That world might be highly customizable in ways that were unique to you. What would that look and feel like?
It’s that time of year again. The Internet Identity Workshop (IIW X) is coming up in a week. I’m planning to attend, and will keep you informed by video.
Speaking of IIW and videos, I was just reviewing my videos from last year (IIW IX and IIW8). One lesson learned: last year for IIW IX I tried to live stream the sessions but wow, the network at the Computer History Museum is… how shall I say… less than optimal for anything like staying connected. Many of the videos are in pieces, as the streaming failures usually crashed my browser too.
Here’s what I have from IIW-IX. Sorry about the advertising. I can’t turn it off.
Data Portability (real start is about 1:20 minutes in) with Elias Bizannes
Bioinformatics, Identity and the Law (part 1, part 2) with Scott David
Information Sharing (part 1, part 2) with Joe Andrieu
In contrast, I learned a different set of lessons for IIW8 (last spring). Those videos were recorded to disk. I had them all available as .mov files, but have recently updated them all to flash (still apparently the most commonly used format). Thanks to TubeMogul for distributing them to Blip.tv and iTunes. Here’s the post with links to each downloadable session.
If you’re inclined to join us for next week’s event, the logo above will take you to the registration page. Otherwise, stay tuned for selected video from this unconference.
Every day we visit sites, exchange email, post comments or status updates, and otherwise exchange data with lots of servers on the Internet. Much of the time we know and voluntarily offer our information, such as typing search terms to learn something, or offering our name, address and credit card to make a purchase. Our exchanges also transfer information about us that we may not be aware of, such as our IP address, our browser, and the type of operating system we’re using.
Despite our “agreeing” to various sites’ Terms of Service when we sign up for an account, we do not generally “volunteer” to be tracked, our habits quantified, categorized and sold. That raises the question: what if we could control more of what we exchanged? Would we? What would it take?
Obviously stores want to know if we are a serious customer: if we’re looking for the purpose of actually buying, if we can afford the items we’re looking at, and if they should use those items to suggest additional items we might be interested in (or if it was a gift to someone else and we have no personal interest in that item). For example, car dealers would save billions of dollars each year if they could identify serious and qualified buyers without having to create advertisements for television, magazines and newspapers, and billboards everywhere. In fact, it would probably be worth something to us as a serious shopper if we could identify ourselves as such ahead of time and especially during sales negotiations.
Like the car buying story above, scenarios are stories that we tell to help us understand complex environments. Chris Carfi did four nice overview examples in his Social Customer Manifesto’s VRM scenarios. The world of information sharing is complex in many ways: personally (what do I want to share?), politically/regulatorily, in commerce, technologically, and more.
Digital ID Coach is organizing a day-long workshop to look at this subject. We will be engaged in Rapid Scenario Development (a process that usually takes days or weeks). If you’re in the San Francisco bay area on May 16, you’re invited to join us. If not, stay tuned; we’ll be posting notes from that workshop.
Coaching moment: It’s worth thinking about how we use technology, and how it helps us do what we want to do. Technology such as computers, phones, and even programmable devices like thermostats and switches, have obvious benefits like aiding communications or saving energy. Technology also has a cost, like learning to use it or controlling things you don’t want it to do.
In the case of information technology, you’re empowered to connect to friends and resources but you also trade information about your location and other details. Since this will never be a case of only responding to your needs and never exchanging (which technically doesn’t work since the info needs to know where you are to respond to your request), we need to think about that exchange. What would help us the most? What would you be comfortable telling others about?
This is complex because it probably depends on each exchange. However, we can determine policies for general use in categories like “collect but don’t distribute without my express permission,” or “forward at will, this is something I want.” What categories or practices would you suggest?
I like to think about ways to customize my world, and the digital world writ large, in ways that support and help us explore our unique selves. It is in our very diversity that individual strengths can play out to become our personal best, to help each other grow, and create fertile new worlds.
This indiscriminate personal data hoarding is both an individual and a societal problem. Schmidt’s argument that we shouldn’t have anything to hide is specious (not to mention a double standard: it doesn’t apply to Schmidt). In a 2007 paper called ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy, George Washington University Law School’s Daniel J. Solove convincingly critiques that argument. Indeed we have many things to hide, like our passwords and credit card numbers, certain personal habits and preferences, things that contribute to human dignity and respect. As noted security expert Bruce Schneier writes in his essay The Eternal Value of Privacy, “Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control.”
Ironically, Gary Wolf and Kevin Kelly host a blog called The Quantified Self where they report about people exploring ways to keep track of themselves. It’s a significant difference between curiosity, personal need, and voluntary disclosure that’s driving data sets, and corporate ventures like Facebook (nod to jerking you around again with recent privacy policy changes), Google (Schneier’s response to Schmidt’s quote above), and damned near every corporate site you make an account with and that tracks your every move these days.
I’m looking for examples of sites that encourage liberty and demonstrate some respect for its users/clients. I will be reporting on what I find. If you have suggestions, I welcome them.
Coaching moment: Here’s a little thought exercise. Think about a typical day in your life.
What kind of things do you do in private? These might be taking a shower, brushing your teeth, thinking about the day. Some things might be really private as in just you by yourself, and other things may be private in some context, like thinking about your day out loud with your spouse or partner. Once you get a good list, which of those things would make you uncomfortable if they were made public in some way?
Now think of the kind of things you do in public, like driving to work or the store, walking around, having a conversation over lunch. Think about stories that might be told about you from the perspective of not knowing what you were really doing. You might take clues from signs that you walk by, or maybe other people (posture, groupings, facial expressions). Can you think of any stories that are not only wrong but might hurt you?
Finally, think about your online tools. Have you actually looked at the Terms of Service or Privacy Policies that you’re agreeing to? If you knew they were disrespectful to you or even abusive of your personal self and liberty, would you stop using them? Since the answer is “probably not,” what would you suggest these companies change?
Personal and online security is a desirable state and a complex idea. This guide offers a general overview of the main idea that, when used together, help us establish a level of security that makes us comfortable using our computer in an online world.
Awareness
The first subject in talking about security is awareness. We need to be aware, for example, that we are not always safe in the world (online and offline). When we are online, most people are aware that there are certain dangers such as viruses, phishing, and spam that threaten our safety (personal, financial, or data). Once we know that problems exist, we are more likely to learn about and take steps to avoid danger and keep ourselves safe and secure.
Authentication
Authentication is the process of verifying that you are the real you. Your friend may authenticate you to other friends by saying something like “this is my friend Chris” (or whatever your name is). You may prove that you’re who you are to a business entity by answering questions that only you would know the answer to. You are usually being authentic when you speak honestly, from your perspective, to someone you love.
Authorization
When you are authorized, you have access to a computer system. Verifying users of your computer, or your work’s computer, or any storage systems or online accounts, can help you track the activity in files and resources. An unauthorized user can be prevented from gaining access to your information. Authorization is the process of assigning permission to use certain files and resources.
Access Control
Setting permissions on files, directories, accounts, or computers can establish limits to these resources. You may wish to be the only person that read and update your personal finances, for example. This is referred to as individual read-write access (only the owner of the file can read or update). At work, your group may have access to read and maybe edit a collaborative document. Most of the web pages offer global read-only access. Individual, group, or global access can be set to allow reading, editing, and/or other permissions.
Auditing
As individual computer users, we don’t often think about the clues that we can use to track where we’ve been and what we’ve been doing. However, whenever we visit a web site, the site’s server automatically keeps a record of things like our domain name or IP #, the time and date of our request, the page or file requested, a code indicating success or error, the number of bytes transferred, and more. As the visitor, we don’t have such tracking tools (and in many cases, don’t need them). However, as our habits and travels on the Internet are increasingly scrutinized by the sites we visit, we have a stronger case for understanding what is being compiled about us.
Coaching moment: In reality, these five A’s are somewhat intertwined. For example, it doesn’t make sense to have Authentication without Authorization. Access control doesn’t happen without Authentication and Authorization, and none of these make sense without Awareness.
What does this have to do with digital identity? These are the pieces that make up our digital records, including who we are and what we’re allowed to do. Sometimes we have control over these decisions, and sometimes control is in the hands of others. It depends on the context of where we are and what we need.
I’ve learned that people will forget what you said, people will forget what you did, but people will never forget how you made them feel. — Maya Angelou
The information sharing industry is pretty opaque to most people. We have no idea what “they” know about us. Moreover, it can be infuriating when certain companies make assumptions about us that are clearly erroneous. It can be absolutely unnerving when total strangers strike a little too close to the bone.![[del.icio.us]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/delicious.png)
![[Facebook]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/linkedin.png)
![[Ma.gnolia]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/magnolia.png)
![[Technorati]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/technorati.png)
![[Twitter]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/twitter.png)
![[Email]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/email.png)
