{"id":1115,"date":"2010-06-06T17:30:42","date_gmt":"2010-06-07T01:30:42","guid":{"rendered":"\/?p=1115"},"modified":"2010-06-19T23:20:35","modified_gmt":"2010-06-20T07:20:35","slug":"there-is-a-fundamental-problem-here","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1115","title":{"rendered":"There is a fundamental problem here"},"content":{"rendered":"<p>Joe Mansfield at Peccavi has done a <a href=\"http:\/\/helvick.blogspot.com\/2010\/06\/kim-cameron-takes-on-googles-streetview.html\">very cogent post <\/a>where, though he agrees with my concerns,\u00a0he criticizes me for picking almost exclusively on Google\u00a0when there are lots of others\u00a0who have\u00a0been doing the same thing.\u00a0 He&#39;s right &#8211; I have\u00a0been\u00a0too narrowly focused.\u00a0<\/p>\n<p>Let me be clear:\u00a0 I have great respect for Google and many of its accomplishments.\u00a0\u00a0 I have a disagreement with a particular Google team.<\/p>\n<p>I\u00a0find the Google Street View team&#39;s\u00a0abuse of identifiers\u00a0especially worrisome because\u00a0they\u00a0have not only been collecting\u00a0info about\u00a0WiFi access points, but\u00a0the MAC addresses of\u00a0peoples&#8217; personal devices (laptops and phones).\u00a0\u00a0<\/p>\n<p>This bothers me because I see it as dangerous.\u00a0 It&#39;s like going over to visit a neighbor and finding out he&#39;s been building a nuclear reactor in his basement.\u00a0<\/p>\n<p>\u00a0I&#39;m not an expert\u00a0on the geolocation industry and\u00a0I have no knowledge of whether this kind of end-user-device-snooping is commonplace.\u00a0 If\u00a0it is, then\u00a0let me know.\u00a0 Everything I have said about Google applies equally to\u00a0any similar\u00a0practitioners.\u00a0<\/p>\n<p>But let&#39;s get to Peccavi which makes the point better than I do:<\/p>\n<p style=\"padding-left: 30px;\">I\u2019ve been following Kim Cameron\u2019s increasingly critical analysis of Google\u2019s StreetView WiFi mapping data privacy debacle with some interest of late.<\/p>\n<p style=\"PADDING-LEFT: 30px\">Some background might be in order for those interested in reading where he\u2019s been coming from \u2013 <a href=\"\/?p=1100\">start here and work forward<\/a>. He\u2019s been quite vocal and directed in his criticism and I have been surprised that his focus has been almost entirely on Google rather than on the underlying technical root cause. My initial view on the issue was that it was a stupid over-reaction to something that everyone has been doing for years, and that at least Google were being open about having logged too much data. I\u2019m still of the opinion that the targeting of Google specifically is off base here, although I think Kim is right that there is a fundamental problem here.<\/p>\n<p style=\"PADDING-LEFT: 30px\">Kim is probably the pre-eminent proponent and defender of strong authentication and privacy on the net at the moment. His <a href=\"\/?p=354\">Laws of Identity<\/a> should be mandatory reading for anyone working with user data in any sort of context but especially for anyone working with online systems. He\u2019s a hugely influential thought leader for doing the right thing and as a key technical leader within Microsoft he\u2019s doing more than almost anyone else to lay the groundwork for a move away from our current reliance on insecure, privacy leaking methods of authentication. Let\u2019s just say that I\u2019m a fan.<\/p>\n<p style=\"PADDING-LEFT: 30px\">For obvious reasons he has spotted the huge privacy problems associated with the practice of gathering WiFi SSID and MAC addresses and using them to create large scale geo-location databases. There are serious privacy issues here and despite my initial cynicism about this perhaps it\u2019s a good thing that there has been a huge furore over what Google were doing.<\/p>\n<p style=\"PADDING-LEFT: 30px\">Note that there were two issues in play here \u2013 the intentional data (the SSID\u2019s, MAC addresses and geo-location info) and the unintentional data (actual user payloads). I\u2019m only going to talk about the intentionally harvested data right now because that is the much trickier problem \u2013 few people would argue that having Google (or anyone) logging actual WiFi traffic from their homes is OK.<\/p>\n<p style=\"PADDING-LEFT: 30px\">The problem that I see with Kim\u2019s general position on this and the focus on Google\u2019s activities alone is that he\u2019s not seeing the wood for the trees. The problem of companies or individuals harvesting this data is minor compared to the problem that enables it. The technical standards that we all use to connect wirelessly with the endless array of devices that we all now have in our homes, use at work and carry on our person every day are promiscuous communicators of identifiers that can be easily and extensively misused. Even if Google are prevented by law from doing it, if the standards aren\u2019t changed then someone else will&#8230;<\/p>\n<p>I agree with almost every point made\u00a0except, &#8220;The problem of companies or individuals harvesting this data is minor compared to the problem that enables it.&#8221;\u00a0 I would put it differently.\u00a0\u00a0I would say, &#8220;There are two problems.\u00a0 Both are bad.&#8221;<\/p>\n<p>We&#39;re technologists so we immediately look to technology to prevent abuse.\u00a0 This is the right instinct for us to have.\u00a0 But\u00a0societly can use disincentives too.\u00a0 I&#39;ve come to believe that technology must belong to society as a whole.\u00a0 And we need a combination of\u00a0 technical solutions and those society can impose.<\/p>\n<p>I actually\u00a0think I see at least some of the woods as well as the trees.\u00a0 That is what the Fourth Law is all about.\u00a0 Of course I want to change the underlying technology\u00a0as fast as we can.\u00a0<\/p>\n<p>But I don&#39;t think that will happen unless there is a MUCH greater understanding of the issues, and I&#39;ve been trying with this set of posts to get them onto the table.\u00a0\u00a0\u00a0\u00a0<\/p>\n<p>[More Peccavi <a href=\"http:\/\/helvick.blogspot.com\/2010\/06\/kim-cameron-takes-on-googles-streetview.html\">here<\/a>.]<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Collection of the MAC addresses of phones and laptops is especially worrisome<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[63,2,3,47,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1115"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1115"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1115\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}