, , ,

Managing Identities – whose responsibility

A lot has been written about the need for security, after all it’s an important and well recognised issue, but I see very little about the topic of people needing privacy. Yet in many ways citizens are having their privacy compromised in ways that I doubt that they even realise. This leads to the very very tough issue of the ‘management’ or ‘policing’ of the Internet, something that most people instinctively feel is wrong, but at the same time increasingly feel is necessary.

May be the answer is not to ‘regulate’ the whole internet, but to create stronger awareness and controls over identities. Perhaps it helps to think of the abuse of identity as an ‘assault’, or may be Cyber- Assault might be a better term, on a citizen, and from that a practical and non contentious area for Government action? But first lets consider some of the most obvious risks that many people are unknowingly running.

At the weekend my son Jonathan was demonstrating some of the many features on his new Android – one of which geographically pinpoints local Twitter activities. We were sat in the sun in a public park in the UK by the river Thames and not surprisingly it was a pretty crowded. There were the inevitable tweets like: ‘great in the sun’; ‘feeding the ducks’, but remember the facility also renders the sources of the tweets geographically and that for some people means they have registered Tweeter to their home address.

If you have done this, how might you feel about the Tweet that said ‘on holiday stuffing everything in the plane locker’ and showed the your home address on the geographical display? Take a look at all the different ways that Tweeter can be linked to locations at this ‘helpful’ site. http://news.cnet.com/8301-17939_109-10300766-2.html?part=rss&tag=feed&subj=Webware

This eye-opener compares with other stories about people giving away similar details on Facebook and coming home to find they’ve been robbed. This is ironic, given the way the insurance industry has been making use of Facebook for some time now as a direct sales tool. . I stopped providing Doppr http://www.dopplr.com/ updates as of last week on learning that my home insurance is invalid if I have done this. It’s a shame, because this effective tool was great for helping meet up with distant friends and colleagues when visiting countries/towns on business.

The global village built around a wealth of links, chats, and other innocent activities is also the world’s biggest database. With the search skills we all now have, it’s an accessible database with which anyone can create a powerful view of any number of issues, questions or tasks. Using Google or Bing and one can find advice on how to use tools to track down sources for even simple emails http://www.kuro5hin.org/story/2005/9/29/31457/0519 . Or consider how a variety of tools allow you to figure out a persons location from their cell phone, http://www.makeuseof.com/tag/how-to-trace-a-mobile-phone-location-with-google-latitude/ or even show you the details of a registered user, even if they are unlisted http://reverse.internet-guider.co.uk/

All of this is before raising the issue of enterprise employment records and most of all government departmental records. We instinctively think of these as being the huge databases that need to be secured, controlled and even in need of legislation on the combining of records, in case the combined data would give too much away. The more I look into this topic, the more I realise that the challenge is changing. We give more information away knowingly, or unknowingly, in response to small individual situations without realising the global village implications. Powerful new tools change the balance of power from a few large databases in the hands of government or enterprises (where risk awareness is generally good) to the myriad of small amounts of data spread across the web, which can be easily connected, but remain largely unregulated. Returning to the example of a service which can advertise your empty home while you celebrate being on holiday: these can clearly pose a risk to users.

So who owns this risk? And what steps should be taken to manage the growing this growing risk? All questions for which I don’t have answers, but am interested to see in the US the Government and Private sector getting together around federated identity management http://www.readwriteweb.com/archives/openid_going_mainstream_us_gov_announces_pilot_pro.php using OpenID, http://en.wikipedia.org/wiki/OpenID which just might be the beginnings of a more serious start to this issue.

Leave a Comment

Leave a comment

Leave a Reply