Burton Group goes to Mainstreet

In this cogent article, the New York Times’ Denise Caruso distinguishes herself with a compelling treatment of complex identity and privacy issues.  For instance, her characterization of Mint.com is enough to turn the Flying Nun into a paranoid: 

“In exchange for customers uploading their account information and allowing sponsors to offer them specialized services, Mint will connect nightly to their credit-card providers, banks and credit unions. Then it automatically updates transactions and accounts, balances their checkbooks, categorizes their transactions, compares cash with debt and, based on their personal spending habits, shops for better rates on new accounts and credit cards.”

I sure would like to know more about how mint.com protects itself, who oversees it, how it protects me, and most important, what it does and doesn&#39t and will never do with the massively detailed personal information it collects.  Today, not even my accountant or my wife scrutinizes my credit card spending.

To the rescue

Just as the reader is losing all hope, in rides – are you ready? – Mike Neuenschwander from the Burton Group.   He puts forward the ideas all of us in the community are working on, but with a twist that is very novel – and perhaps even “American”:

“We’re in a situation where business holds all the cards…  â€œBusinesses put the deal in front of the consumer, they control the playing field and the consumer doesn’t have any say in how the deal plays out.”

ONE way to change this, he said, is to make people more like organizations.

To this end, Mr. Neuenschwander and his colleagues have floated the intriguing concept of the L.L.P.: the Limited Liability Persona. This persona would be a legally recognized virtual person in which users could “invest” the financial or identity resources of their choosing.

Once their individual personas are created, consumers would be able to use them as their legal “alter ego,” even in financial transactions. “My L.L.P. would have its own mailing address, its own tax ID number, and that’s the information I’d give when I’m online,” Mr. Neuenschwander said. Other benefits include the ability for “personas” to limit their financial exposure in ways that individuals cannot.

“When you enter into a relationship with a company and give them your personal information, you’re at tremendous risk — and they aren’t,” he said.

“In the U.S., certain kinds of personal information aren’t treated like property at all. It’s very difficult to sue someone for misuse of personal information. And even if you do, they can never give you back your mailing address, your Social Security number or your DNA, for that matter.”

But if a company loses or tampers with an L.L.P’s data, “the law allows me to sue them because it’s corporate information,” Mr. Neuenschwander said. “It’s digital-rights management,” he added, referring to the access control technologies used by publishers and other copyright holders to limit use of digital media, “only you’re acting on behalf of your own organization.”

Bob Blakley blogs here in more depth, pointing out that

Melissa Lafsky, the Times’ Freakonomics blogger, has added Denise Caruso’s article to her “FREAK-est” links list under the title “Identity data: the newest hot commodity for businesses”.   

Way to go, Burton Group!  Good to see you talking mainstream.

Bob provides links to more resources, including one on Identity Oracles  – his sexy name for the  claims transformer generating “minimal disclosure tokens”.  Good Names mean a lot.  Let&#39s start using it.  

Bob also links to a description of what he calls the Relational Continuity Sockets Layer (RCSL) – which I haven&#39t yet been able to read yet.  [While I don&#39t intend this as an excuse, the name makes it sound like scientists are still gluing body parts together in the basement.)

My takeaway is that  L.L.P seems both novel and easy to implement at a technical level in the identity metasystem, again showing us the advantages of a palette of identities from which users can conveniently choose.  I&#39ve already written extensively on the idea that “derived claims” of the kind made by an Identity Oracle were one of the underlying goals of the claims beased architecture in the identity metasystem.  In other words, both L.L.P. and Identity Oracle are technically practical today. 

It&#39s now a matter of business people understanding the opportunities and stepping forward.  The Burton Group seems to be starting to play a more important role in reaching out to Mainstreet – and we&#39ll all benefit.

3 thoughts on “Burton Group goes to Mainstreet

  1. Pingback: What then, is the difference? « Identity Blogger

  2. Pingback: My Life Pixelated

  3. Pingback: Identity Oracle & authoritative data sources « Identity and Privacy Blog

Leave a Reply