In this cogent article, the New York Times’ Denise Caruso distinguishes herself with a compelling treatment of complex identity and privacy issues. For instance, her characterization of Mint.com is enough to turn the Flying Nun into a paranoid:
“In exchange for customers uploading their account information and allowing sponsors to offer them specialized services, Mint will connect nightly to their credit-card providers, banks and credit unions. Then it automatically updates transactions and accounts, balances their checkbooks, categorizes their transactions, compares cash with debt and, based on their personal spending habits, shops for better rates on new accounts and credit cards.”
I sure would like to know more about how mint.com protects itself, who oversees it, how it protects me, and most important, what it does and doesn't and will never do with the massively detailed personal information it collects. Today, not even my accountant or my wife scrutinizes my credit card spending.
To the rescue
Just as the reader is losing all hope, in rides – are you ready? – Mike Neuenschwander from the Burton Group. He puts forward the ideas all of us in the community are working on, but with a twist that is very novel – and perhaps even “American”:
â€œWeâ€™re in a situation where business holds all the cards… â€œBusinesses put the deal in front of the consumer, they control the playing field and the consumer doesnâ€™t have any say in how the deal plays out.â€
ONE way to change this, he said, is to make people more like organizations.
To this end, Mr. Neuenschwander and his colleagues have floated the intriguing concept of the L.L.P.: the Limited Liability Persona. This persona would be a legally recognized virtual person in which users could â€œinvestâ€ the financial or identity resources of their choosing.
Once their individual personas are created, consumers would be able to use them as their legal â€œalter ego,â€ even in financial transactions. â€œMy L.L.P. would have its own mailing address, its own tax ID number, and thatâ€™s the information Iâ€™d give when Iâ€™m online,â€ Mr. Neuenschwander said. Other benefits include the ability for â€œpersonasâ€ to limit their financial exposure in ways that individuals cannot.
â€œWhen you enter into a relationship with a company and give them your personal information, youâ€™re at tremendous risk â€” and they arenâ€™t,â€ he said.
â€œIn the U.S., certain kinds of personal information arenâ€™t treated like property at all. Itâ€™s very difficult to sue someone for misuse of personal information. And even if you do, they can never give you back your mailing address, your Social Security number or your DNA, for that matter.â€
But if a company loses or tampers with an L.L.Pâ€™s data, â€œthe law allows me to sue them because itâ€™s corporate information,â€ Mr. Neuenschwander said. â€œItâ€™s digital-rights management,â€ he added, referring to the access control technologies used by publishers and other copyright holders to limit use of digital media, â€œonly youâ€™re acting on behalf of your own organization.â€
Bob Blakley blogs here in more depth, pointing out that
Melissa Lafsky, the Timesâ€™ Freakonomics blogger, has added Denise Carusoâ€™s article to her â€œFREAK-estâ€ links list under the title â€œIdentity data: the newest hot commodity for businessesâ€.
Way to go, Burton Group! Good to see you talking mainstream.
Bob provides links to more resources, including one on Identity Oracles - his sexy name for the claims transformer generating “minimal disclosure tokens”. Good Names mean a lot. Let's start using it.
Bob also links to a description of what he calls the Relational Continuity Sockets Layer (RCSL) – which I haven't yet been able to read yet. [While I don't intend this as an excuse, the name makes it sound like scientists are still gluing body parts together in the basement.)
My takeaway is that L.L.P seems both novel and easy to implement at a technical level in the identity metasystem, again showing us the advantages of a palette of identities from which users can conveniently choose. I've already written extensively on the idea that “derived claims” of the kind made by an Identity Oracle were one of the underlying goals of the claims beased architecture in the identity metasystem. In other words, both L.L.P. and Identity Oracle are technically practical today.
It's now a matter of business people understanding the opportunities and stepping forward. The Burton Group seems to be starting to play a more important role in reaching out to Mainstreet – and we'll all benefit.