, ,

Computers need Security; People need Privacy

I have been meaning to write this piece for a while after some sessions with various teams working on how Government can make better use of technology to deliver their services to citizens. However the same principle comes up pretty rapidly in similar conversations in a lot of different industries as we try to come to terms with our new ‘open’ online society. Mention doing things online, moving elements of your business online, etc and within the first few sentences up comes the topic of security.

Now that’s hardly surprising given that one of the key duties of an enterprise, which it passes on to its CIO and IT department is to keep certain data secure. The twist the other way round is that the press is full of stories about how individuals have been caught out in one way or another online. So ‘Security’ is clearly a must, and we need to work accordingly, so bang goes a load of ‘open’ principles. Worse it may well spell the end of the idea to take something online in the hope that it will make life easier for citizens, or customers.

But I think we are making a mistake by confusing everything as needing IT style ‘Security’, after all we are in the midst of a shift towards a different generation and use of technology built around people, not on computers. Do we want to make people ‘secure’, or is it their personal computational devices that we need to secure? If we shift the topic to people, and their behaviour, a more appropriate term is ‘Privacy’. However if you are reading this post then its probable that your interest is actually in producing ‘Solutions’ that allow people to achieve what they want or need.

I believe that as the diagram below shows we have in reality three very different requirements that together make up the end to end online interaction. The key is to define the requirements of each as an essential part of the overall solution and embed within each the necessary elements to provide ‘Jericho’ style protection. http://en.wikipedia.org/wiki/Jericho_Forum

The secure enterprise seems pretty obvious and in one sense it is, but increasingly surely we will see REST based solutions where the data file is not exposed instead purely a representation. This not only has the obvious affect on security it also brings some answers to how to combine the ‘data’ in different systems owned by different departments to allow a MashUp style reuse that suits the citizen or customer by providing a interaction built around their wishes. (This is something that Microsoft Azure looks to be able to perform in a very interesting way)

The definition of the relationship of the Enterprise, or in case of Government the departments to a ‘Market’ is relatively simple to define in terms of the interactions that has to be supported. The definition of a Market is more complex as by definition a market contains enough buyers and sellers to offer choice to all, and from that choice enable optimisation of the individual possibilities. The key elements of a ‘Trade’ are again definable, but that’s not the real challenge, instead its how to make a market a trustworthy place where both the buyers and sellers feel ‘Safe’ to conduct their business.

To make the market work requires more than ‘trust’, another word that I encounter frequently, instead it requires ‘transparency’. The ability to allow buyers and sellers to engage fairly and honestly in the eyes of all parties and in so doing to build a reputation so that those who have no direct experience of doing business with them or their products can feel safely able to include them as possible partners. The reference must be impartial and contextually relevant for it to be meaningful, and that’s where design comes in. The ability to design the environment of the market in such a way that the trades, or services, that have occurred automatically build a picture of the successful operation of the overall market as well as the satisfaction of the individual interactions. The aim is to build the ‘Reputation’ of the market overall, not just those of the sellers and buyers.

eBay has had enough cases on its buyer / seller comments to suggest that an individual posted opinion is not necessary always carried out for the right reasons. Amazon in its books business adds an extra marking process that allows prospective buyers to indicate whether the reviews (opinions) were helpful (accurate) to them in making their decision. Overall this does much to reassure the buyers (and the sellers in the form of the Authors) that the market is ‘fair’. This is closer to ‘a wisdom of the crowds’ http://en.wikipedia.org/wiki/The_Wisdom_of_Crowds approach with less chance for individual bias, though conversely it should be noted that WiKipedia has been struggling to maintain objectivity in its edits recently.

This throws up the last point; Privacy, or perhaps I will restate this as the role of the ‘private’ individual. Go back to the eBay and WiKipedia issues and its possible to make at least some level of correlation objectivity being lost when ‘professionalism’ or ‘commercial’ interest entered the market and added a bias in favour of a their interest.

We, or at least most of us, want our privacy respected, a point often made in respect of dealing with Government where the fear of the consolidation of data on a citizen is at least equal to the benefit of improved services. But is this true? Not in Denmark or in Norway where at least some part of the Government data is in fact transparent, i.e. everyone knows the fact so knowledge by a small group ceases to provide them with power over the individual in question. That’s an important point, Transparency has a lot to do with the removal of unfair advantage, and the decision as to what is unfair is a personal one. Or is it?

It increasingly seems to be defined by culture as a new ‘online’ generation seems to have a different perception of what they will make public on a social site, and in posting comments that they will openly allow to be attributed to them. Sometimes this backfires as the law, or expectations of the older generations including employers, take exception to this change, but its happening. So if we want to do business with the online generation we have two options, notice and build in the opportunity to use their willingness to be more open and frank to increase transparency of the environments we are trying to design leading to more and better interactions. Or continue to think in terms of transactions and securing the computers and data.

As this is, as with all things that involve people, is highly subjective, I look forward to some interesting views being posted that I hope will aid all of us in coming to grips with this topic. Oh and btw if this topic really interests you then I recommend ‘Groundswell’ http://www.forrester.com/Groundswell a book by two Forrester Analysts based on good research over the last few years.

Leave a Comment

Leave a comment

Leave a Reply