Digital ID Coach

Copy HTML:

If you like this then please subscribe to the RSS Feed.

Rating: 0.0/5 (0 votes cast)

future, history, records, tools car buying, car dealers, Chris Carfi, Digital ID Coach, future, Management, operating system, Personal identification, PII, San Francisco, scenario planning, scenarios

On Data and Disclosure

December 15th, 2009

No comments

I like to think about ways to customize my world, and the digital world writ large, in ways that support and help us explore our unique selves. It is in our very diversity that individual strengths can play out to become our personal best, to help each other grow, and create fertile new worlds.

However, under the guise of “increased security,” we are increasingly surrounded by tools and technologies that minimize and standardize us, including video surveillance and data storage and analysis. About that last link to Google, CEO Eric Schmidt recently said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

This indiscriminate personal data hoarding is both an individual and a societal problem. Schmidt’s argument that we shouldn’t have anything to hide is specious (not to mention a double standard: it doesn’t apply to Schmidt). In a 2007 paper called ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy, George Washington University Law School’s Daniel J. Solove convincingly critiques that argument. Indeed we have many things to hide, like our passwords and credit card numbers, certain personal habits and preferences, things that contribute to human dignity and respect. As noted security expert Bruce Schneier writes in his essay The Eternal Value of Privacy, “Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control.”

Ironically, Gary Wolf and Kevin Kelly host a blog called The Quantified Self where they report about people exploring ways to keep track of themselves. It’s a significant difference between curiosity, personal need, and voluntary disclosure that’s driving data sets, and corporate ventures like Facebook (nod to jerking you around again with recent privacy policy changes), Google (Schneier’s response to Schmidt’s quote above), and damned near every corporate site you make an account with and that tracks your every move these days.

I’m looking for examples of sites that encourage liberty and demonstrate some respect for its users/clients. I will be reporting on what I find. If you have suggestions, I welcome them.

Coaching moment: Here’s a little thought exercise. Think about a typical day in your life.

What kind of things do you do in private? These might be taking a shower, brushing your teeth, thinking about the day. Some things might be really private as in just you by yourself, and other things may be private in some context, like thinking about your day out loud with your spouse or partner. Once you get a good list, which of those things would make you uncomfortable if they were made public in some way?

Now think of the kind of things you do in public, like driving to work or the store, walking around, having a conversation over lunch. Think about stories that might be told about you from the perspective of not knowing what you were really doing. You might take clues from signs that you walk by, or maybe other people (posture, groupings, facial expressions). Can you think of any stories that are not only wrong but might hurt you?

Finally, think about your online tools. Have you actually looked at the Terms of Service or Privacy Policies that you’re agreeing to? If you knew they were disrespectful to you or even abusive of your personal self and liberty, would you stop using them? Since the answer is “probably not,” what would you suggest these companies change?

Close Bookmark and Share This Page

Copy HTML:

If you like this then please subscribe to the RSS Feed.

Rating: 0.0/5 (0 votes cast)

friends/family, future, history, records, tools Access control, Bruce Schneier, control, Daniel J. Solove, Eric Schmidt, Facebook, Gary Wolf, Google, Human rights, identity management, Kevin Kelly, law, password, privacy, self-determination, Social Issues, surveillance, Technology/Internet

The Five A’s of Security

September 7th, 2009

No comments

Personal and online security is a desirable state and a complex idea. This guide offers a general overview of the main idea that, when used together, help us establish a level of security that makes us comfortable using our computer in an online world.

Awareness

The first subject in talking about security is awareness. We need to be aware, for example, that we are not always safe in the world (online and offline). When we are online, most people are aware that there are certain dangers such as viruses, phishing, and spam that threaten our safety (personal, financial, or data). Once we know that problems exist, we are more likely to learn about and take steps to avoid danger and keep ourselves safe and secure.

Authentication

Authentication is the process of verifying that you are the real you. Your friend may authenticate you to other friends by saying something like “this is my friend Chris” (or whatever your name is). You may prove that you’re who you are to a business entity by answering questions that only you would know the answer to. You are usually being authentic when you speak honestly, from your perspective, to someone you love.

Authorization

When you are authorized, you have access to a computer system. Verifying users of your computer, or your work’s computer, or any storage systems or online accounts, can help you track the activity in files and resources. An unauthorized user can be prevented from gaining access to your information. Authorization is the process of assigning permission to use certain files and resources.

Access Control

Setting permissions on files, directories, accounts, or computers can establish limits to these resources. You may wish to be the only person that read and update your personal finances, for example. This is referred to as individual read-write access (only the owner of the file can read or update). At work, your group may have access to read and maybe edit a collaborative document. Most of the web pages offer global read-only access. Individual, group, or global access can be set to allow reading, editing, and/or other permissions.

Auditing

As individual computer users, we don’t often think about the clues that we can use to track where we’ve been and what we’ve been doing. However, whenever we visit a web site, the site’s server automatically keeps a record of things like our domain name or IP #, the time and date of our request, the page or file requested, a code indicating success or error, the number of bytes transferred, and more. As the visitor, we don’t have such tracking tools (and in many cases, don’t need them). However, as our habits and travels on the Internet are increasingly scrutinized by the sites we visit, we have a stronger case for understanding what is being compiled about us.

Coaching moment: In reality, these five A’s are somewhat intertwined. For example, it doesn’t make sense to have Authentication without Authorization. Access control doesn’t happen without Authentication and Authorization, and none of these make sense without Awareness.

What does this have to do with digital identity? These are the pieces that make up our digital records, including who we are and what we’re allowed to do. Sometimes we have control over these decisions, and sometimes control is in the hands of others. It depends on the context of where we are and what we need.

Close Bookmark and Share This Page

Copy HTML:

If you like this then please subscribe to the RSS Feed.

Rating: 1.0/5 (1 vote cast)

history, records, tools Access control, authentication, Authorization, Computer security, File system permissions, Human Interest, Information security, online accounts, online world, Personal and online security, phishing, security, storage systems, Technology/Internet

What Data Can Show

September 4th, 2009

No comments

This video is an interesting romp through time, illustrating special effects and what can be shown visually. What does this have to do with digital identity? Several things:

The world is not always as it appears
Some people want you to see the world in a particular (non-real) way
You can show the world who you are in a particular (real or non-real) way
A personal identity is an interpretive dance between the person offering and the person accepting or using some information
Not all information (like details of how the effects were created) needs to be revealed

Coaching moment: You are, at some points in time and in certain circumstances, the director, designer, and special effects creator of your own life. You can choose what to show, what to withhold, and what parts of you become the picture that others see. For example, you may not choose to talk about last night’s bar crawl when you’re at work, being a model employee. You may choose to reveal more information about your activities to your doctor, in order to assist an appropriate diagnosis. You may choose to portray indifference and anonymity to an annoying panhandler on the street.

What happens when someone else follows you around, blowing your cover? That’s what many companies are doing now when they collect and trade your data. These companies are saying, in effect, “we know who you are, you can not hide from us.” However, what they “know” may not be true or accurate. See, for example, What the Internet Knows About You – a site that says you’ve “visited” URLs that may have only shown up on your visited pages as advertising or invisible pixels. Or take a look at your annual credit card summary to see that your favorite local hardware store is categorized as a “specialty foods” (or some other clearly erroneous) category.

Why might you care about this? Many of these companies and related trading partners are making decisions about you based on this information. They are not asking you to verify–nor are you given the opportunity to refute–inaccurate or incorrect information. Is this the kind of decision making that you want to be steering your life? (I don’t.) This is a version of making decisions about your finances based on identity theft, or about your insurability based on someone else’s records.

What can you do about it? First: be aware of this practice. Choose to work with businesses that are collaborative and will help you verify your data. There aren’t many of them yet. As they show up in the marketplace, they will need your support. Second: order a credit report from any (each) of the big three data companies. Correct what’s wrong. Know what they say. Third: Talk with your friends about this. You may be interested to learn who cares and who does not. Ultimately this is your priority, not someone else’s.

Close Bookmark and Share This Page

Copy HTML:

If you like this then please subscribe to the RSS Feed.

Rating: 0.0/5 (0 votes cast)

history, records, tools Anonymity, choice, credit, Credit history, director designer, Human Interest, Internet Knows About You, movies, Personal finance, Phenomenology, Philosophy of mind, reality, Religion/Belief, self-determination, special effects, Technology/Internet

Getting to know you

August 20th, 2009

1 comment

National ID cards and programs are problematic at best, and an ongoing nightmare for citizens and visitors alike when the programs are poorly designed. The U.S. government has made earlier attempts at developing such a program, which have failed. However, the dream lives on in the minds of certain government officials and representatives.

The Electronic Frontier Foundation (EFF) has been following these efforts for years. EFF’s Richard Esguerra has a post, PASS ID: REAL ID Reanimated that offers an informed look at the latest effort to create the next version of a national identity card.

The PASS ID Act (S. 1261) seeks to make many of the same ineffectual, dangerous changes the REAL ID Act attempted to impose. Fundamentally, PASS ID operates on the same flawed premise of REAL ID — that requiring various “identity documents” (and storing that information in databases for later access) will magically make state drivers’ licenses more legitimate, which will in turn improve national security.

An ID card is only a small part of the picture. The government program that supports the card is where the devils live. I recommend to you Bruce Schneier’s testimony to the Senate on why this whole idea is seriously flawed.

Coaching moment: Have you ever filled out a form for a new service, at a web site or store, where the form asked for information that they might not have needed for the transaction you were seeking? Long forms that ask a lot of questions about you, your preferences, your income, and other personal information, are unnecessary. If you’re just buying something, why might the vendor need your income, your birthdate, or any information about other family members?

The fact is that they often don’t need it. They’re collecting information about you because they can, and because you might volunteer it. Even when certain information is marked as “required,” it might be in your best interest to think twice about doing business with companies that would be so invasive and demanding.

Treat your personal information on a “need to know” basis. What that means is don’t give out more information about yourself than you think the companies need to know in order to carry out the transaction. If the company or form require more information than you’re comfortable giving, think hard about your future well-being as a trade-off for today’s discount. Your mindfulness is a low-cost insurance on your future.

Close Bookmark and Share This Page

Copy HTML:

If you like this then please subscribe to the RSS Feed.