New paper on Wi-Fi positioning systems

Regular readers will have come across (or participated in shaping) some of my work over the last year as I looked at the different ways that device identity and personal identity collide in mobile location technology.

In the early days following Google's Street View WiFi snooping escapades, I became increasingly frustrated that public and official attention centered on Google's apparently accidental collection of unencrypted network traffic when there was a much worse problem staring us in the face.

Unfortunately the deeper problem was also immensely harder to grasp since it required both a technical knowledge of networked devices and a willingness to consider totally unpredicted ways of using (or misusing) information.

As became clear from a number of the conversations with other bloggers, even many highly technical people didn't understand some pretty basic things – like the fact that personal device identifiers travel in the clear on encrypted WiFi networks… Nor was it natural for many in our community to think things through from the perspective of privacy threat analysis.

This got me to look at the issues even more closely, and I summarized my thinking at PII 2010 in Seattle.

A few months ago I ran into Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, who was working on the same issues.  We decided to collaborate on a very in-depth look at both the technology and policy implications, aiming to produce a document that could be understood by those in the policy community and still serve as a call to the technical community to deal appropriately with the identity issues, seeking what Ann calls “win-win” solutions that favor both privacy and innovation.

Ann's team deserves all the credit for the thorough literature research and clear exposition.  Ann expertly describes the policy issues and urges us as technologists to adopt Privacy By Design principles for our work. I appreciate having had the opportunity to collaborate with such an innovative group.  Their efforts give me confidence that even difficult technical issues with social implications can be debated and decided by the people they affect.

Please read WiFi Positioning Systems: Beware of Unintended Consequences and let us know what you think – I invite you to comment (or tweet or email me) on the technical, policy and privacy-by-design aspects of the paper.

Change of status

My work status has gone through “some changes” recently.

A number of readers have written to me about Mary Jo Foley's report on a ”goodbye party” thrown at Microsoft a few weeks ago when I officially gave up my role as Chief Architect of Identity.  Others saw Vittorio Bertocci‘s kind recollection of the progress we made over the years.

When Tim Cole interviewed me about my plans a few days later at the European Identity Conference, I hadn't made the slightest progress in terms of thinking about my future…  I did say, though, that I hoped to keep my hand in the identity and social computing space to the extent that people found my input useful.

One way to do this was to look for opportunities to participate in interesting efforts on a per-project basis.  It turns out that within a few days I was asked to do this with Microsoft over the summer.  Not exactly a complete change (!) but it still feels liberating and different.

Don't worry – I won't bore you with reports on my gigs going forward, but thought in the interests of full disclosure, you should know how this particular situation is evolving :)

Takeaway:  Life is good, and even more than ever, this blog represents my own views, which can't be blamed on anyone else even when I wish they could.