Category Archives: Privacy

Digital Identity Tour Part-4: Austin–Munich–Toronto

Posted on by
4

This post is a fourth in a series on personal digital identity. Part-1 “The unpolished diamond was published here in August 2010 and Part-2 ‘The Digital Identity Tuner” was published here in September 2010. Part-3 “Personal Data Something” was published here in December 2010.

The journey continues. Now we move into Austin for TEDxAustin and SXSW Interactive.

You can follow the livestream here. It’s a fascinating way to spend your week-end and get inspired.

image

Gary from CLOUD is on stage today 19 Feb 2011 at 4pm Austin time.

Some time ago, I teamed up with the folks of CLOUD, Inc. (www.cloudinc.org), a non-profit technology standard consortia founded in March 2009 and based in Austin, Texas. “CLOUD” stands for Consortium for Local Ownership of Use of Data. I am on their Strategic Advisory Board, together with Charlie Hoffman, Director of Innovation, UBMatrix, a leading provider of XBRL software, Anthony J. Barrett, Senior Vice President, Integration, Walgreens, and Dan Walker, former Chief Talent Officer for Apple and GAP.

image

The power of people. Connected.

If you have read my previous post on team dynamics, then you may have noticed a pattern developing in my thinking. With kudos to co-thinkers Verna Allee from Valuenetworks.com and Mela from the SWIFT Innovation Team. We had a great synchronicity chat in London, and what emerged was a model for organizing our thinking for Innotribe at Sibos 2011 along the theme of the Connected Economy.

album_large_3991397

Suddenly, it all made sense. One could zoom into the Connected Economy into different facets such as:

  • our connected companies: this is where we could talk about company culture and new organizational models that do away with the silo construction of most companies
  • our connected teams: how we create healthy team dynamics, how we collaborate, how we realize full potential with social cognition
  • our connected self: acting from our authentic strong self, this is more about personal and corporate values for the next decades. This is also about our Digital Identity/Footprint. The power of people. Connected. What CLOUD is all about.
  • our connected value: new thinking about capitalism, social currencies, financial inclusion, P2P networking, money vs. value, the accounting for intangibles

What we want to do at Sibos and our Innotribe Events is to create ongoing conversations, with the rigor around these conversations, focused around sense-making. But let the future emerge.

 

The art of the half finished

 

Where the event is the middle of a process, not the end-point. Leaving enough room for others to fill in, for ideas having sex. Where humans can get inspired by something else than logic.

CLOUD has been featured as a keynote speaker at SWIFT’s annual Sibos conference in October 2010 in Amsterdam and will be speaking at TEDxAustin on February 19, SXSW Interactive on March 14 and leading a panel at XBRL22 in Brussels the week following the European Identity Conference.

image

For the Munich KuppingerCole conference, Gary submitted a speaking slot by CLOUD and Co, and we just got the news that the proposal was accepted. I let you enjoy what Gary put together:

In March of 2010, SWIFT’s Innotribe hosted last year’s European eID Interoperability Conference. Peter Vander Auwera, Innovation Leader at SWIFT, and former colleague of Kim Cameron has said this about CLOUD, Inc. in his post on Identity Rights 3.0: "I repeat myself by saying that this CLOUD vision goes way beyond the web of pages, goes way beyond the early thinking on Semantic Web. It is in essence proposing an identity architecture for the Internet. Because the internet is broken. It was never designed with identity in mind."

CLOUD sees the issue of identity as one that goes far beyond log-ins and enterprise management. The issues of identity, privacy, security, data portability and governance are not separate issues but simply separate axes of the same problem.

CLOUD sees the answer to these issues coming from a new language for the Internet, so as to extend the revolution started by TCP/IP and accelerated by HTML. CLOUD’s CTML (contextual markup language) is a language for people. however and not another language for web pages, like HTML.

CLOUD also sees the answer going beyond current approaches like OpenID, which assumes the web paradigm in its log-in approach. Even with the same log-in, my ‘identity’ could change over time.

CLOUD also believes that a multi-dimensional approach is vital. WHO I Am™, WHAT I Am™, WHEN I Am™ and WHERE I Am™ are all axes of my identity and vital to a new language for people and "the identity architecture for the Internet" as Peter said about CLOUD.

Our goal is not to replace other standards nor displace for-profit initiatives but to instead put a new foundation in place for the Internet that makes the approaches to privacy, security, data and identity consistent and architecturally-driven.

We would see our thought leadership keynote (and/or panel) outlining what this paradigm would mean to the future of the Internet and how this new language would not only change the approach to identity but will transform industries from banking to health to education. Our recent post on the WHO I Am™ dimension would provide the foundation for our comments and panel: http://cloudinc.org/?/ecosystems/article/cloud-dimensions-who-i-am.

Suggested Panelists:

  • Gary Thompson, CEO CLOUD
  • Peter Vander Auwera, Innovation Leader, SWIFT
  • Kaliya Hamlin (@Identitywoman), Founder Internet Identity Workshops
  • Kim Cameron, Microsoft Distinguished Engineer and Chief Architect Identity 
  • Vint Cerf or Bob Kahn, Founders of TCP/IP

Some people say we try to boil the ocean. I don’t think so. Why would we limit ourselves to a narrowly defined vision of identity being a federated authentication issue ? Identity and Digital Footprint are much more than that and so important for our being as human beings in a permanent digital reality.

n06_freddy-cerdeira

That’s why I am so proud that this advanced vision now get exposure at TEDx Austin, at SWSX Austin, at the European Identity conference, at XBRL, at the KuppingerCole conference in Munich. And we will bring it back to Innotribe at Sibos 2011 as part of the connected self. As part of some new work we just kicked off last week in London.

Some folks give me pushback. They are warned: I am at my best when constrained. My innovation juices then flow at full debit. Then I want to think and work out-of-the-box, no – even better – I want to burn the box.

 

the optimist in me

 

The times of being mister nice guy are over. Of being a mediocre optimist, or pessimist, or realist.

We can’t live

with mediocrity

anymore

 

Who is going to stop us ? The better question is: who is a believer and wants to support us? Are you ? Then join is on this digital identity journey and

 

be your digital self !

Enhanced by Zemanta

Digital Identity Tour Part-2: Digital Identity Tuner 7.0

Posted on by
4

This blog post is Part-2 of a series that started as the ongoing thinking after our Digital Identity Tour in June 2010. In Part-1, I developed the idea of the Unpolished Diamond.

Today, I will entertain you on the concept of a Digital Identity Tuner, which in its own is also a further evolution of the Identity Rights System 3.0 post of March 2010.

It all started coming together when – during the tour – we visited PayPal.

This visit was at the end of the tour. We were welcomed by Eve Maler, Distinguished Engineer, Identity Services at PayPal, and Andrew Nash, Senior Director Identity Services at PayPal

Eve MalerAndrew Nash

These folks of PayPal basically told us to forget what we had seen earlier in the week. These are probably some of the smartest identity folks around, so you pay attention.

Indeed, I was amazed how much further ahead they were, not only in their conceptual thinking, but also in the pace at which they define and rapidly test new protocol standards.

The eye-opener for me was that there is no business in identity, but there is some significant potential when flipping the discussion to sharing and managing of user data.

 

It is not that much about identity,

but more about digital footprint.

 

Happens that a couple of weeks later I read Tony Fish’s book My Digital Footprint, where the author explains razor sharp that there is a difference between digital identity and digital footprint.

At about the same time, I saw appearing on the internet all sorts of semantically tagged enabled viewers, like this one from Recorded Future.

 

Recorded Future lets you search and find for events, based on the WHAT, the WHO/WHERE and the WHEN.

 

What if we could do this

for a person’s digital footprint ?

 

Here is where my Digital Identity Tuner comes into the picture:

phil0501

Remember those old radios ? You could “tune” into a radio channel, and there was a big button, and if you turned that button an arrow would move over a “map” of pre-defined radio stations.

What if we could do the same on your digital footprint ?

Petervan Digital Persona AUG 2010

The spectrum above is my “Digital Persona” as generated recently by MIT’s Digital Personas project. Personas shows you how the internet sees you.

Every color in the spectrum is about a certain dimension of your digital footprint: books you read, education, political preferences, musical preferences, professional attributes, etc, etc…

What if you could make that spectrum “clickable” ? Not only via a browser, but also via API’s. What if you could zoom in/out that spectrum or certain aspects of it ?

So far, we have “tuned” in two dimensions:

  • On the horizontal axis, hovering over the different color dimensions
  • On the “depth” axis, zooming in/out to get more or less detail

Let me add the third dimension of Time.

m01_16895561

I could tune into the past, but I could also tune into the future, as my digital footprint does not only contain past behavior, but also contains real-time data (such as devices that I may wear to beam my heartbeat-data to the Microsoft or Google or Wallgreens or whoevers Healthvault when running a couple of miles on my cloud enabled Nike shoes.

PolarS625Ximage

It also contains data about my future, as I keep my calendar in Google Calendar, for example. Or the event for which I bought tickets. Or even on-line streaming events for which I subscribed.

 

image

 

UPDATE-2: or check out this TED Video, on the Quantified Self, with Gary Wolf’s intriguing new pastime: using mobile apps and always-on gadgets to track and analyze your body, mood, diet, spending — just about everything in daily life you can measure — in gloriously geeky detail.

image

So, the third dimension is time.

 

What if I would have a sort of

“Remote Control”

 

that could let me navigate through my digital footprint on those three dimensions. It’s like steering a helicopter via remote control.

 

 

Or maybe more dimensions. You would end-up with something that navigates you through a fractal or so…

Of course, we don’t live alone on this planet.

 

We are part of tribes

of swarms

with leaders and followers

 

I love the metaphor of “SWARM”

 

Imagine that we have a similar digital tuner for navigating the swarm. For seeing links between the WHO’s in the swarm.

UPDATE: just a couple of hours after my initial posting of this blog entry, I came across this great post by Greg on Digital Tonto about “The Story of Networks”. At the end he refers to a great TED talk by Nicholas Christakis “How social networks predict epidemics” 

 

In essence, it shows the “swarm” of communities, leaders and followers and their relationships. And how germs, ideas, memes, etc spread in a community based on the same S-curves as innovations happen. Nicholas A. Christakis, MD, PhD, MPH, is an internist and social scientist at Harvard University who conducts research on social factors that affect health, health care, and longevity.

So far, we looked at “navigating”. But the system would also allow me to define and manage who gets access to what parts of my digital footprint in what specific contexts or constraints. Not only “access”, but also “usage”.

For all that to happen, we need to fundamentally rethink how we deal with digital footprint.

 

We have to navigate away from identity systems that mimic our brick-and-mortar world, that are still based on the metaphor of identity cards, or passports, or electronic equivalents based on PKI systems and certificates.

 

No, we almost need a new semantic tagging language. Not to “tag” pages or servers, but to tag my digital footprint.

And not only “tag” it but allocate and manage “usage” rights to it. And I should be the owner of those data, whether they sit on my computer, in Facebook, or distributed open source models like Diaspora.

 

image

 

So that I end up with a collection of different “where’s” where data about me is kept. It may lead to some new form of DNS, but then a DNS of people. Not pages or servers.

Maybe all this is a bit of futuristic/iconoclastic thinking. Maybe. But when reading the book “Iconoclast: A Neuroscientist Reveals How to Think Differently” by Dr. George Berns, I came across the following two sentences and took them a little bit out of … context.

But they are so relevant to our identity context:

There are two paths in spectrum: one for identity/categorization and the other for digital footprint / Trail / history/future (time dimension, recording, in the future,…)

The high road is concerned with extracting where objects are located and throws away the elements related to their identity. The low road, on the other hand, is concerned with identification and categorization, and less so with objects’ spatial locations

As Tony Fish so well articulated in his book: we have to separate identity an footprint.

The discussion

about internet identity

has moved from identity to footprint

how we are going to manage that

with a privacy ethic

that is adapted

to our hyper-connected world

 

Privacy is not dead. It needs to be redefined.

Recorded Future

Posted on by
Reply

Check out this interesting company Recorded Future.

This is very relevant to my upcoming post on Digital Identity Tuner 7.0

Start thinking of this metaphor when looking at your digital footprint.

Digital Identity Tour: the unpolished diamond part-1

Posted on by
9

Summer is coming to an end.

I had some good times off, disconnected with lots of reading, biking, and hanging around. Also the best way to let new ideas emerge.

g10_24056801

Lately, i have been immersed in digital identity. First, I attended the EEMA European e-Identity Management Conference in London . The week after, I was the “tour guide” for a study week on the subject with 4 other colleagues.

We discovered a rich subject – in full (r)evolution – and we met really very smart people who were extremely knowledgeable about the subject.

Since then, I have been reading and thinking a lot about the subject.

This blog post – in different parts – is a detailed report of those conversations, reflections, interpreted in a very personal way. In other words, this is my very personal consolidation and internalization on the subject.

The subtitle of the blog is “the unpolished diamond”. Indeed, what I will present here is a multifaceted subject. It’s like a rough diamond, which still needs to be polished into a beautiful multifaceted shiny precious diamond.

The different facets of the diamond are organized in “chapters”. I feel like this can become the basis of a more in-depth whitepaper, or – time and ambition permitting – a book at some day. Please let me know and/or encourage me if you want me to go ahead with this crazy idea of a book.

I will come up with some other metaphores in subsequent posts. The one on “Digital Identity Tuner 7.0” is in the making, where I will really push the identity envelope.

Anyway, my identity story starts in 2001 or so. That’s when I got infected by the identity-virus: I was working for Microsoft (2001-2005) on the Belgian e-Identity Card (eID) project.

image13

This was a once-in-a-life project, sponsored by Bill Gates himself, who saw the advent of 8 million eID citizen cards being distributed in a mandatory way to the Belgian citizens over a period of 5 years as a ideal test/pilot market. (BTW: Belgium is already renewing the first cards that were issued at the time; this means this has to be looked at as an infrastructure thing, that needs to be maintained for several generations)

We wanted to discover how citizens reacted to such eID card, assess what sort of applications were being build that consume this eID card, and what would be needed to support this sort of card in Microsoft products. This was far reaching, as we looked across the board at Windows OS, Microsoft Office, MSN (Safe chat for children), workflow, audit and regulatory requirements, and last but not least privacy.

My role was one of Business Development Manager, not so much in a sales mode, but rather in a research and discovery mode.

It was during this time that I met Kim Cameron (Microsoft’s Chief Architect Identity), just at a moment when Kim had published his seminal whitepapers “Laws of Identity” and “Towards an e-identity meta-system”.

Kim has become a friend since then, and I highly recommend his blog www.identityblog.com.

I was permeated with the early concepts of claims based identities, and ever since, I felt a natural attraction towards anything that was related to identity, not only e-identity but also identity in it’s philosophical and existential sense “who am I really ?”

Already at that time (2001),

I felt that the eID card

(a smart card with certificates issued

by the Belgian government)

was an anachronism.

 

We seemed to use

concepts of a physical world,

and tried to use them

in an on-line world

fundamentally different because

hyper-distributed and

highly interconnected

 

In addition one can question today whether the government (or a bank, or another “trusted” party should be the originator of the identity).

It’s like maintaining a 2D view on a world that has since long moved to 3D. It’s like looking at the sunset in 2D: what you see is a circle that gets smaller and smaller until it’s a dot and then finally disappears.

But in this 2D view, one has lost the 3D dimension of our planetary system, and the highly dynamic and interdependent set of moving parts.

This view is shared by David Birch, who runs a very interest Digital Identity Blog when he says:

The analog-digital comparison does not work when thinking about 21st century e-identity

There are indeed some novel views that

 

instead of having “an e-identity

issued by the government

to offer value to the citizens”,

it would not be better to have “an e-identity

issued and managed by the citizens

to offer value to the government”

 

This view is highly related to a tectonic shift of power back to the owner of the data, or more in general the revolution from “Push to Pull” business models that are so well described in John Hagel’s seminal book “The Power of Pull”, in my opinion THE business book of 2010 (although not shortlisted in FT’s 2010 best business books –> FT is wrong 😉

In the next editions of the “unpolished digital identity series”, I will tackle following “chapters”:

  • Digital identity in Cloud computing
  • Digital Identity Tuner 7.0
  • Privacy
  • Business case/model
  • Architectural perspectives
  • The role of a registration authority (if any)
  • Claims based identity: more than PKI
  • Personal data sharing
  • The “pile” of standards
  • Vendor readiness
  • User comfort
  • Mental reference framework for SWIFT
  • Trust Frameworks
  • Form factors
  • Liability
  • Developer perspective
  • Digital identity and Digital footprint
  • Social currency
  • Semantic tagging of the WHO

Hmmm… it starts indeed looking like a book. Any input and suggestions welcome.

The Value of Your Social Graph

Posted on by
4

image

If you have the time, please watch this presentation" How not to be seen” by futurist Mark Pesce. I mentioned it already yesterday in my post “The DJ with the Brainwave Helmet”, but now I took the time to watch the +/- 1 hour presentation.

 

Do it

 

It profoundly explains what’s going on in our ever more connected world.

It makes so clear that your social graph is your most important possession”

No need to further quote, as the full transcript is here.

This guy is super-smart. Follow him on twitter and on his blogs.

Social Graph is also about Sibos 2009 winning project “eMe”, but then on steroids.

Completely revised. Definitely in the vision of Mark Pesce.

With privacy and user control seen in a distributed internet world. NOT one single digital vault, or even several digital vaults. Whether they are “owned” and “controlled” by Governments, Banks, FaceBooks, Googles and alike.

Completely revising the “business model”. Where the value flows to the users, the owners of their social graph. Not to banks. Not to governments. Not to some controlling party in the middle.

The is no “where”, no “middle” on the internet. That’s where we got eMe wrong.

No, we have to revisit the whole concept of eMe along the open Plexus lines that Marc Pesce is describing in his “How not to be seen” presentation.

I will talk to Peter Hinssen, when he’s back from down under. So that we have something to say about eMe at Innotribe at Sibos 2010 in Amsterdam.

Oh, and if you like this sort of stuff, here is another presentation “Dense and Thick” by Mark Pesce at Webstock2010.  As a matter of fact, this presentation is even better, as Mark does a fabulous job in giving us a perspective of the current state of the web, how we got here and where this might lead us. Not just by throwing boring statistical data at us, but with deep insights and with a speaker’s passion that is difficult to match.

Without really mentioning (ok, only once), Mark Pesce is describing a vision of the semantic web that is not push-oriented like Tim Berners Lee, but truly “pulling” us – human beings – in this super-exciting world where meaning becomes explicit and exploitable and can be manipulated (hopefully in the positive sense of the word).

The summary of his talk goes like this:

It may be hard to believe, but we’re only just at the very beginnings of the web revolution. In the first fifteen years (1994-2009), the human world of culture and civilization was sucked into the black hole of cyberspace. Now the real world is poised to follow. Augmented Reality (AR) shows that when we peer through a portal, and look upon the world, it’s almost embarrassingly empty of our annotations. That data is there – the world is the database of itself – but it can’t be brought immediately to hand with a search or a gesture. That’s the next place we will go: we will build a virtual body for the real world, a dense database of everything, both natural and artificial. In fifteen years’ time, we’ll wonder how we got along without it.

This means that the clock has been reset. Everything we thought we knew about how the Web works, what the Web does for us, and who controls the Web is up for grabs, once again. We will see bright shining stars – and sudden, brief supernovas – just as we did in the Web’s early years. The opportunities are breathtaking, the innovations will be flying fast and thick. All of this is now within our grasp.

This guy is a real discovery for me, and hopefully to you as well.

I will ping Mark to check whether he is interested in the eMe update and hopefully lively ensuing debate at Innotribe at Sibos2010 in October.

Might be a challenge, as his intellect humbles me deeply, and maybe he is just not interested in such a mundane conference.

Social Currency: My Personal Identity

Posted on by
1

Recently came across this great site by Dan Robles.

image

One of his latest posts Will Social Capitalism Replace Market Capitalism? (Parts 1&2) included great video material on how social currency can change industries.

image

His forecasting example is the airline industry. And it’s even not so far fetched. What if you could “Time-Share” seats in private jets ?

It’s easy to think how this social currency model would apply to any other business and radically innovate by creative destruction.

It’s a very novel way to show how a number of trends come together:

  • The influence of gaming theories and practices in new business models
  • The value and tradability of my personal information
  • The power shift from Push to Pull that is so well described in John Hagel’s latest book “The Power of Pull” (I repeat it, in my opinion THE business book of 2010)

By the way, we recently had a face to face meeting with John exploring the possibility to have him with us at Innotribe at Sibos in Amsterdam, 25-29 October 2010.

image

We have asked John to consider a talk in our Innotribe Opening Keynotes, and to be part of our special Innotribe Lab on The long now in Financial Services.

To come back to the subject of the power of identity, I’d like to spend a bit more time on the tradability of my personal information.

The essence of the story is that some parts of my personal data have value and can be traded under the user’s control to get a better service.

It opens questions to:

  • How tradable is my personal identity ?
  • How tradable is my digital footprint ?
  • How tradable are my on and off-line relationships ?

I have been immersed in “personal digital identity” the last couple of weeks. Recently i attended the EEMA’s The European e-Identity Management Conference in London.

The week after i was the “tour guide” for a "Digital Identity Tour” we organized with some colleagues on the West-Coast”. I am preparing a set of blog posts on these conferences and 1-1 conversations with thought leaders in e-Identity space.

In this blog i will just simplify my summary thoughts with the statement that e-identity is much, much more that a certificate on a smart-card, or for sake of the argument any other form factor.

We are witnessing a power-shift:

In stead of the government (or the bank, or any other service offering entity) creating digital identities to give more value to the citizen, we see the emergence of  identities created by the user to give greater value to the government (or the bank, or any other service offering entity)

We have to carefully think this through, as identity – and relations between and with persons – is really a complex animal.

Have a look at this fantastic 210+ slides presentation “The Real Life Social Network V2” by a Google analyst @Padday aka Paul Adams, working for the UX team at Google. The essence of his story is that there is nothing such as a generic “Friends”. You have all sorts of friends and different depths in relations. Whether those relations are between people-people or people-companies.

It’s a great story, and all slides are annotated. As a teaser, here are his 3 summarizing slides:

image

image

image

It’s interesting how the words identity, privacy, care, relationships, collaboration, strong/week ties, Klout, etc are now all coming together. As a matter of fact, these are all attributes that make us truly human.

As a sherry on today’s cake, i’d like to link you once more to Venassa Miemis site “Emergent by Design” and the great recent blog post on Guidelines for Group Collaboration and Emergence, that is building on both her previous work on “Strenghts Based Society”, “”Skills for a 21st century connected world”, and her work on the open source collaborative tool “Junto”.

 

 

image

As we are preparing Innotribe at Sibos, i had the pleasure to talk to Venassa during a Skype session. We are discussing her participation at several levels of our Innotribe Program.

It is great to see how these novel ideas become “totally” relevant when you start thinking about their value for a “community” like SWIFT and an innitiative like Innotribe where “Enabling Collaborative Innovation” is our “Leifmotto”.

From the conversation with Venassa, i can tell you she “totally” got it, and she is preparing some material and levels of interactivity for Sibos that you even never dreamed of.

We are now 16 weeks from Sibos. The idea is to begin hosting a junto every week, invite different thinkers to discuss the future of money, record all conversations and develop a presentation based on them, but also make the videos available for the attendees of the conference to be able to watch whenever they want to see what those conversations were like.

If we think about the Long Now, will there still be currency as we know it? Or will social currency become central to our trade? And what impact does that have on banks ? Should be have personal data stores where we deposit our digital footprint and open personal accounts and do payments for services from there?

Feel free to jump in.

Identity Rights System 3.0

Posted on by
7

Next week, SWIFT Innotribe will be hosting the European eID Interoperability Conference 2010.

It’s a great agenda with presentations by European experts on eID, and also some of the smartest SWIFT folks on identity. For example, we’ll have Jacques Hagelstein, our Chief Architect, and we’ll also run an Innotribe Lab on day-2. Check out and download the PDF agenda here.

Hosting this sort of events is an interesting win-win model, where we at SWIFT can share our great meeting and auditorium facilities and at the same time dove-tail with important topics that are relevant in our industry.

Acting like this beyond our traditional boundaries nicely fits The Medici Effect that i described in my previous post, although i am not sure we at SWIFT apply this principle always with full consciousness and intent. It does not matter, the key thing is that it just happens, and i feel confident that on this intersection of worlds some new ideas will emerge naturally.

Thinking through how we deal with company and personal identities in an on-line world, and being able to deliver this on a world-wide, predictable, resilient and secure way is one of the key value propositions of SWIFT in the financial services eco-system. SWIFT has the advantage – it’s a deliberate choice – that we are a community based venture, and a lot of services we offer adhere to standards and rulebooks that have been subscribed to by our membership. Even then, delivering this is not a sinecure.

But in this post, i’d like to take you on a journey beyond SWIFT’s ecosystem and edges, and look at what is happening in terms of identity and privacy outside our safe community walls.

My first contacts with privacy related matters date back to my Microsoft period, where I was quite involved in the Belgian eID project.

image

Microsoft saw Belgium as a good test ground to see what happens when a country rolls-out in a mandatory way 8 million electronic identity cards to its citizens, what applications get developed, and what needed to be done at the level of Windows, Office, MSN Chat, etc to support an identity card issued by a third party, in this case a government. At that time, I experienced the Belgian Privacy Commission more as a pain in the neck, limiting us in doing ‘”real cool things” with on-line identity. But they surely planted in my head the first seeds of some “culture” of privacy. It’s only now that i start to fully appreciate the importance of privacy, and the role of Privacy commissions and alike.

Now the Belgian eID cards are rolled out, we even look at a second and third generation, but the number of applications that are really leveraging the eID on a day-to-day basis are disappointingly low.

Already when the first eID cards got rolled out, it appeared to me that the card was already a dated old-fashioned way of dealing with identities. It does not make a difference whether we talk here about a smart-card, a USB token, or whatever other hardware device.

The point i am trying to make is that

the model of an identity “card”

does not match anymore

the online realities of today

The “card” is an artifact of the physical world, and we try – in vain – to squeeze all sort of on-line concepts into an off-line model.

The next occasion where I felt something was wrong with our model, was when i saw the demo of Intelius Date Checker. See also my post on “privacy is dead” for more details on this application. I was shocked that nobody in the audience made any reflection on the huge privacy issues at stake here. It must have been American culture ?

Then a couple of months ago, there was the famous debate launched by Mark Zuckerberg of Facebook, where he basically suggested to change the paradigm with 180°: in stead of considering "private” as the default setting of personal data and letting the user decide what data he releases to whom, he suggested “public” as the default setting, forcing to “un-public” data the user did not want to make public and keep private. See also ReadWriteWeb coverage here. Unfortunately for Zuckerberg, there was around the same period an article about a Facebook employee revealing how much privacy data they have access to by for example super-admin passwords and alike.

And even ex-colleague Paul Shetler took the pain to scream out his frustration on why public as a default really does not make sense.

It all makes me feel very uncomfortable how much i have to believe from Mark Zucherberg or Eric Schmidt when they are behaving like the white-knights of privacy.

It looks to me that

privacy is out-of-control

 

and that they would like to officialise the dead of privacy by declaring “public” as the new norm. It looks to me as privacy has become

 

too complex to fix it

 

Via Facebook, Google Buzz, Twitter, etc, etc, there is already too much data out there. Fixing this taking into account regional and country laws and regulations must be a real nightmare for the Facebooks and alike.

It’s an interesting debate what should be the default: privacy or publicy. And Stowe Boyd rightly adds the dimension of “sociality”. Because you release some info about yourself consciously (when participating on social media, your really want people to know about yourself and your preferences) or passively (by accepting blindly the privacy notices on Facebook and alike. Some related info on sociality here.

This aspect of passive privacy is really well explained by David Birch. He recently wrote a whitepaper: “who do you want to be today ?” and “Kissing Phones”. Check-out here. And just a couple of weeks ago, David wrote this fantastic post about Moving to Privacy 3.0

And the big boys are feeling the pressure. A couple of years ago the audience at the Gartner IT Symposium in Cannes was still having fun with “The Great Google Hack” scenario. This session was part of an “Unconventional Thinking” set of sessions with following disclaimer from Gartner: “This research doesn’t have the full Gartner seal of approval (we call them Mavericks internally).” Today this is not just a scenario but getting very real. I am just picking one of the thousands of articles that have been written on the Google China hack described as the privacy breach of the year.

Let’s throw in some additional dimensions, so that you as novice reader on this subject really start feeling the pain.

  • What have you browsed ? Interesting reflections by Microsoft’s Chief Architect Identity on “browser fingerprints”. Btw, Kim is confirmed speaker at the eID Interoperability Conference next week.
  • Where have you been, and how your iPhone becomes a spy-phone here and here
  • What have you bought recently ? How you can let a service like Blippy stream your purchases online.
  • Who have you slept with ? Given some’s willingness to post all their data online, and the rising casual nature of some behavior, this isn’t so far out of reach to be completely ridiculous.
  • Add to this things like Facesence MIT, about mind-reading
  • Bodyscanners about being “sniffed-out” by chemical noses.
  • Did you take your pil and when. In essence about “body-surfing” and RFID like tracking inside your body.
  • Please rob me, in essence about real-time location tracking

Some suggested solutions for all this go into the direction of

 

“gatekeepers”

 

Trusted entities that are the safe-harbor for keeping these personal data. Or even distributed models of “gatekeepers” certification.

image

The recent announcement at the March 2010 RSA Conference of the Open Identity Exchange (OIX) goes in this direction. Please note that this initiative is backed by industry leaders Google, PayPal,Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton.

However, I don’t think it will work, and i am not alone, although from a different perspective (see below on PETs). I think it won’t work, because in the open online world, it will not be acceptable that somebody or some company sits in the middle of all this identity hocus-pocus, and controls our world. The internet has just become way too distributed to accept this sort of models. Maybe this works in a closed community (vertical or other) where users subscribe to a common set of standards and rules), but not on the open internet.

One possible route are PETs (privacy enhancing technologies).  For example, Stephan Engberg, one of the speakers at the European Commission’s December 2009 workshop talks about security (and privacy) “in context” and seems to be a big advocate of PETs. Check-out an interesting debate here.

The word “context” is very important here.

To come back to the beginning of this blog post, i believe we have to change the old eID model to a model where we acknowledge that the personal data are highly distributed on the net today and are dealt with “in context”.

Personal data sits everywhere, and you really can start imagining “data weavers” or “identity weavers” that combine these individual sets of personal data into new sets of relevant information, based on the context of usage.

The concept of data-weavers was already introduced in my guest blog “Digital Identity Weavers” by Gary Thompson from CLOUD, Inc.

image

I repeat myself by saying that this CLOUD vision goes way beyond the web of pages, goes way beyond the early thinking on Semantic Web. It is in essence proposing an identity architecture for the Internet. Because the internet is broken. It was never designed with identity in mind.

Its about user control of personal data.

It’s about context awareness.

It’s about who i am, how i am, and

what i do and intend to do in an on-line world.

But we all have problems in imagining how such standard and supporting system might work.

How it would look like ?

 

And then suddenly last night the pieces seemed to fall together. What if we start thinking about this in a way similar to “Information Right Management” (probably called something else today), something that Microsoft built as a feature in Microsoft Office, and basically put the user in control of what somebody could do with his documents. Mind you, this is about “USAGE” rights, not access-rights.

In Microsoft Office this was visualized by the “do not pass” sign.

By clicking on that icon, you – as the user – can control whether somebody can cut-and-paste from your document, whether they can print it, forward it, etc.

We need a standard that makes it possible to control/manage the usage-rights of the different pieces of our personal data that are distributed over the internet. And then we need to let play the competition on how this standard gets implemented in our day-to-day tools. Maybe by a clickable icon, maybe something else. Would be great to let Heads of User Experiences have a go at this.

But maybe it is too late. Maybe there is already so much data out there, that there is no way to 1) find where they are and 2) give back the control to the user/owner of the data. The breach already happened.

To conclude, get inspired by this NYT article “Redrawing the Route to Online Privacy”

So if the current model is broken, how can it be fixed? There are two broad answers: rules and tools.

“Getting this balance right is critical to the future of the Web, to foster innovation and economic growth,” Mr. Weitzner said.

Whatever the future of regulation, better digital tools are needed. Enhancing online privacy is a daunting research challenge that involves not only computing, but also human behavior and perception. So researchers nationwide are tackling the issue in new ways.

At Carnegie Mellon University, a group is working on what it calls “privacy nudges.” This approach taps computer science techniques like machine learning, natural language processing and text analysis, as well as disciplines like behavioral economics.

How would all this be relevant for our financial services industry ? One example would be to apply semantic web technologies to Corporate Actions. For folks at SWIFT it’s pretty obvious that we can apply our semantic knowledge to the data in the “messages” that are exchanged between parties of Corporate Actions.

What seems less obvious is to apply the same semantic tagging techniques to the personal data and attributes of the persons who participate in a Corporate Action transaction.

In essence this is about applying the CLOUD concepts. It’s about setting new standards and rules in this space. And are standards not one of the cornerstones of SWIFT.

It would be great to build an innovation prototype to educate our community on the power of semantic web.

I call this the “Identity Rights System 3.0”

UPDATE: apparently the subject is red-hot at SXSW in Austin this week. Check out Danah Boyd at SXSW “Privacy is not dead”

Digital Identity Weavers

Posted on by
1

I have a job where i regularly meet fascinating people.

I recently had the opportunity to chat with Gary Thompson from CLOUD, Inc.

image

CLOUD Inc. is the Consortium for Local Ownership and Use of Data, a non-profit organization that has filed for 501(c)(6) status with the IRS and is open to people, companies, and other organizations. CLOUD has been formed to create standards to give people property rights in their personal information on the Web and in the cloud, including the right to decide how and when others might use personal information and whether others might be allowed to connect personal information with identifying information.

So all this is about your personal digital identity, and giving back control of these data to the user. Kim Cameron (Chief Architect Identity at Microsoft and the man behind www.identityblog.com will love this – and i am not cynical 😉

A couple of weeks ago, i had a fascinating chat on identity. How identity is all about context. Where you are, what you do, etc. During that conversation, Gary suddenly used a metaphor of what i would call “identity weavers”.

I found this metaphor really powerful. And i suggested Gary he should blog about it, and that i would offer him a guest post 😉

So, here is Gary with his post on Reweaving the Fabric of the Internet on his personal blog The End of Linearity. Peter Hinssen will love this story, as so closely related to the Explore the Limits story.

I just have cut&pasted some strong one-liners. For the full story, check out Gary’s blog.

From health to education to finance and beyond, the ability to bring together people, concepts, and ideas (threads) in new ways is an invigorating journey.  Our “weavers” of the future can design beautiful new fabrics from cures to cancer to dynamic global learning communities to rapidly evolving financial models.  When thread and fabric are unleashed, when weaver and woven can dynamically change places, when loom and head are released from the bonds of the physical, the Internet can take a vital step forward.  By applying an end of linearity to how we think about the Internet, we can see the true beauty of Vint Cerf and Bob Kahn’s creation. It is a connector of people, not of web pages, and it is at the heart of a new future, a rewoven future.

This compelling vision goes way beyond the web of pages, goes way beyond the early thinking on Semantic Web. It is in essence proposing an identity architecture for the Internet. Because the internet is broken. It was never designed with identity in mind.

By now, you will notice that Digital Identity is much more than distributing hardware tokens, or putting an PKI infrastructure in place.

Its about user control of personal data. It’s about context awareness. It’s about who i am, how i am, and what i do and intend to do in an on-line world.

Privacy is dead

Posted on by
5

This blog post is triggered by a start-up demonstration i saw at DEMOFall2009 some weeks ago.

The demo was about an iPhone application called “datecheck” aka “creepfinder”

You can find the video here.

Not that i am interested in on-line or real-life dating – i am happily married – but in essence the application allows me to do a check on my date. It basically crawls the internet, twitter, facebook, and  – in the US – public data such as your real-estate tax income and even criminal records.

The end-result is that i find data about criminal records about my future fiancée, full real-estate data about what house he/she lives in, family composition, real-estate tax-income etc

The US government also is getting quite open and transparent on its own data. Have a look at www.data.gov

image

And these days all these data are accessible via API’s to take data OUT of these systems. Some API’s like twitter, facebook etc also allow you to INPUT data via for example Tweetdeck, Seismic, and many others. I would love to have something that not only allows me to INPUT my Tweets, but also something that allows me to input and maintain my personal profile data, across services. See also at the end of this post.

For the US government data, you see start appearing end-consumer apps that let you search through this massive amount of for example government contractor’s data with quite advanced intelligence tools in the hand of the citizen.

In stead of FBI (Federal) it’s becoming

CBI (Citizen’s Bureau of Investigation).

It says “analysis for the people, by the people”. I would add “"about the people”

image

All this is sold as “transparency” and “democracy”, and those are of course very important values.

But – and I don’t know about you – I start more and more FEELING quite uncomfortable about all this. Not that i have to hide anything, or that i have a criminal record (at least not that I am aware of ;-), but I do FEEL all this is quite intrusive.

As most of you know, in my previous life i was quite close to the Belgian eID project (electronic identity card). The card also allows you to access the on-line government database, where I can look at my OWN data and check who in the government has accessed those data.

But i believe we should make a big plea for the appliance of Law #1 of Kim Cameron’s Laws of Identity:

image

That’s easy said, but how do you enforce that. I took the pain to look at the privacy policy of Twitter (see http://twitter.com/privacy). In essence – as a user – i have nothing to say. I have 2 choices: to use twitter and accept the privacy policy, or not use it. But how many of the many million Twitter users have ever read the privacy policy ? How many know what sort of deep intelligence engines are crawling all these data that i released to the net WITH A DIFFERENT PURPOSE ?

This is not Twitter specific. It applies to Facebook, Friendfeed, or any other form of social network or service.

In my opinion, i would like to have something where i can control what data about myself i want to release to what service and in what context. I update my information there once, and have also guarantee that my profile information is consistent across Twitter, Facebook or even event/conference sites that these days more and more use their own social media piece of technology.

Of course you would need a highly trusted party to deal with these data. I think i would even be prepared to pay a price for my privacy.

This concept of a central digital vault comes pretty close to eMe, the winner of the Innotribe idea-contest at Sibos 2009 some weeks ago. But they started from “mydata” and information and documents related to financial services. If you start thinking privacy and putting control of data back into the user’s hands, you get a much more powerful proposition.

I would like to hear the opinion of a number of identity and privacy experts that are following this blog

UPDATE: Can’t help it, but just at the same time as i published this post, Guy Kawasaki tweeted the following URL:

 http://holykaw.alltop.com/why-you-should-think-before-you-tweet