Half-life of personal information

In November I coined the term “Identity Chernobyl” for Britain's HMRC fiasco (at least it seems that way when I look at Google).

Cory Doctorow elaborates on this in a nice Guardian piece:

When HM Revenue & Customs haemorrhaged the personal and financial information of 25 million British families in November, wags dubbed it the “Privacy Chernobyl”, a meltdown of global, epic proportions [Hey, Cory, are you calling me a wag? – Kim].

The metaphor is apt: the data collected by corporations and governmental agencies is positively radioactive in its tenacity and longevity. Nuclear accidents leave us wondering just how we're going to warn our descendants away from the resulting wasteland for the next 750,000 years while the radioisotopes decay away. Privacy meltdowns raise a similarly long-lived spectre: will the leaked HMRC data ever actually vanish?

The financial data in question came on two CDs. If you're into downloading movies, this is about the same size as the last couple of Bond movies. That's an incredibly small amount of data – my new phone holds 10 times as much. My camera (six months older than the phone) can only fit four copies of the nation's financial data.

Our capacity to store, copy and distribute information is ascending a curve that is screaming skyward, headed straight into infinity. This fact has not escaped the notice of the entertainment industry, where it has been greeted with savage apoplexy.

Wet Kleenex

But it seems to have entirely escaped the attention of those who regulate the gathering of personal information. The world's toughest privacy measures are as a wet Kleenex against the merciless onslaught of data acquisition. Data is acquired at all times, everywhere.

For example, you now must buy an Oyster Card if you wish to buy a monthly travelcard for London Underground, and you are required to complete a form giving your name, home address, phone number, email and so on in order to do so. This means that Transport for London is amassing a radioactive mountain of data plutonium, personal information whose limited value is far outstripped by the potential risks from retaining it.

Hidden in that toxic pile are a million seams waiting to burst: a woman secretly visits a fertility clinic, a man secretly visits an HIV support group, a boy passes through the turnstiles every day at the same time as a girl whom his parents have forbidden him to see; all that and more.

All these people could potentially be identified, located and contacted through the LU data. We may say we've nothing to hide, but all of us have private details we'd prefer not to see on the cover of tomorrow's paper.

How long does this information need to be kept private? A century is probably a good start, though if it's the kind of information that our immediate descendants would prefer to be kept secret, 150 years is more like it. Call it two centuries, just to be on the safe side.

If we are going to contain every heap of data plutonium for 200 years, that means that every single person who will ever be in a position to see, copy, handle, store, or manipulate that data will have to be vetted and trained every bit as carefully as the folks in the rubber suits down at the local fast-breeder reactor.

Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop's CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month's worth of travelcard data, there will be no containing it.

And what's worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government's personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.

The best answer is to make businesses and governments responsible for the total cost of their data collection. Today, the PC you buy comes with a surcharge meant to cover the disposal of the e-waste it will become. Tomorrow, perhaps the £200 CCTV you buy will have an added £75 surcharge to pay for the cost of regulating what you do with the footage you take of the public.

We have to do something. A country where every snoop has a plutonium refinery in his garden shed is a country in serious trouble.

The notion of information half-life is a great one.  Let's adopt it.

The tendency for “information to merge” is one of the defining transformations of our time.  When it comes to understanding what this means, few think forward, or even realize that there “is a forward”.

The “contextual separation” in our lives has been central to our personalities and social structures for many centuries.   

Call me conservative, but we need to  retain this separation. 

The mobility and clonability of digital information, in combination with commercial interest and naivite, lead us toward a vast sea of personal information intermixed with our most intimate and tentative thoughts. 

The essence of free-thinking is to be able to think things you don't believe as part of the process of grasping the truth.  If the mind melts into the computer, and the computer melts into a rigid warehouse of indelible data, how easy is it for us to change, and what is left of the mind that is “transcendental” (or even just unfettered…)?

The ramifications of this boggle the mind.  The alienation it would cause, and the undermining of institutions it would bring about, concern me as much as any other threat to our civilization.


Yahoo! announcement on OpenID

Yahoo! has launched the public beta of its OpenID Provider service.  Congratulations to the Yahoo! identity team!  Here's part of the announcement

Today, we are launching the public beta of the much-anticipated Yahoo! OpenID Provider service. This means that users with a Yahoo! account – all 248 million of them – will be able to sign in to any website that supports OpenID 2.0, the latest version of the OpenID specification.

In case you are curious, here are the key features of this release:

Usability – Users will not have to understand the technical details of OpenID simply to use the technology. Thanks to features introduced in the OpenID 2.0 specification, users will not have to type their OpenID URL while signing in to websites. They can simply type yahoo.com in the OpenID textbox or, if the Relying Party website provides it, click a button that takes them to Yahoo!. By not requiring users to understand the meaning of an OpenID URL, we hope that more users will be able to overcome the initial hurdles of using this new echnology. For those of you who want to set up a custom URL, we will provide a way to do so, including the ability to use your Flickr photos page as your OpenID URL.  [Interesting – Kim]. 

User education – We have spent a great deal of time thinking about educating users on the proper use of OpenID and you will see some of these thoughts implemented throughout our service – whether it's an explanation of the benefits of OpenID, our OpenID tour, or messaging on the safe use of OpenID at various locations.

Anti-phishing measures – We suggest that users of the Yahoo! OpenID service set up and look for their Sign-in Seal to confirm that they are entering their password on a genuine Yahoo! page. A Sign-in Seal is a user-created image or a message that will only appear on genuine Yahoo! pages. We hope to continue working with the OpenID community to combat phishing and provide more secure experiences to users.

We are also actively working on non-US English versions of the service. It is already available for 17 countries and we expect to roll out even more international support in the very near future.

If you'd like to use the Yahoo! OpenID service, feel free to start at Plaxo, Jyte, Pibb, or any other OpenID 2.0-compliant website (this list is growing everyday). Alternatively, visit http://openid.yahoo.com to set up your account for OpenID access. We would love to hear your feedback!

We'd like to take this opportunity to thank the OpenID community for educating us over the past 1 year and helping us make this happen. In particular, we'd like to say “Thank you” to Bill Washburn, Brian Ellin, David Recordon, Dick Hardt, Johannes Ernst, Johnny Bufu, Joseph Smarr, Josh Hoyt, Kaliya Hamlin, Kevin Turner, Larry Drebes, Mike Graves, Scott Kveton, and Simon Willison.

(More here…) 

The Epic Battle: Sun goes after Ping Identians

I was awakened from my vacation from the blogosphere today by the braying of Sun’s new YouTube video “comedy”.   It features a droll engineer with a great sense of deadpan, but when all is said and done, it is bully comedy, with all the subtlety of a bully beating up his smart little brother.

The premise seems to be that big strong Sun has 35,000 technical support engineers ready to descend in buses on customers who deploy one of Sun’s IDM solutions (could their products require a whole lot of support???), whereas the customers of “little Ping Identity” are left on their own to cope with mere off-the-shelf products.

Ping has been a real innovator and thought leader in digital identity.  Why attack it?  I can only see one explanation:  the Ping folks must be making a significant dent in Sun’s marketplace.  Even so, it is hard to imagine such a low-road response.  The word “unseemly” comes to mind.

FYI, while I have no firsthand experience with Ping, various customers have told me good things about their products, attitude and responsiveness.  To me that’s the litmus test.

Cyberspace needs a whole range of players innovating around digital identity.  We’re lucky to have Ping in the equation.

One of the significant questions being posed is whether you need to hire a busload of engineers to deploy federation and identity management.  Sun’s video takes it as a given that this is the case, but if I were a customer I would head for the hills when I saw the big Sun bus coming for me.

Sun't attack ad

A meaningful identity metasystem, something capable of providing an identity layer for the internet, must be based on commercial off the shelf products that can be deployed by any system administrator.  Ping Identity is pushing the envelope in this area, as are a number of us.  Our goal is achieving ubiquity, not the renting out of consultants.

Beyond the technical issues, we need to work as an industry towards “federation boilerplates” and a legal framework that drives the cost of creating virtual organizations to zero.

Since identity requires all of us to interoperate, I think people should hold off on attack ads and concentrate on expanding the market. 

I don’t normally criticize any of the identity players for their strategy, but I sure would like to see Sun go after the 99.9% of organizations with no federation framework rather than turning on Ping and its successes.

This having been said, Ping doesn’t need me to come to its defense.  Its fearless leader, Andre Durand, responded with a hilarious video called The Epic Battle: 72 VS 35,000, that blows the original Sun video right out of the water.  Don’t miss it.