{"id":375,"date":"2006-02-19T14:18:58","date_gmt":"2006-02-19T22:18:58","guid":{"rendered":"\/?p=375"},"modified":"2006-02-19T15:09:27","modified_gmt":"2006-02-19T23:09:27","slug":"interview-on-openness-and-privacy","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=375","title":{"rendered":"INTERVIEW ON OPENNESS AND PRIVACY"},"content":{"rendered":"<p>A number of people have confided that they worry the committment to privacy and openness I make in my work can&#39;t &#8220;possibly&#8221; reflect the ideas of the &#8220;official Microsoft juggernaut&#8221;.  So I hope this <a href=\"http:\/\/news.ft.com\/cms\/s\/3855568e-9ddc-11da-b1c6-0000779e2340,dwp_uuid=d4f2ab60-c98e-11d7-81c6-0820abe49a01.html\" class=\"broken_link\">interview <\/a>by Financial Times writer Richard Waters will help people see the Bill Gates I know, and how deeply he understands the need for privacy and the possibilities inherent in the virtual world.  You&#39;ll also see he fully supports an identity metasystem which is open and reaches across platforms.<\/p>\n<blockquote><p>\nFT: You have talked about building a \u201ctrust ecosystem\u201d on the internet in which users\u2019 identity information can be shared between websites. Would this be a closed system, or an open one?<\/p>\n<p>BG: It\u2019s totally standards-based and totally open. It runs on all platforms. It\u2019s a series of standards that we\u2019ve worked on \u2013 in fact, IBM has been one of the key participants in these standards. It\u2019s got to work across all systems or it\u2019s not worthwhile. It\u2019s a great industry standard, just liked we\u2019ve helped to extend HMTL for everybody to use, and TCP-IP for everybody to use.<\/p>\n<p>We have an implementation of it that will compete on the implementation. But the whole notion of the protocols, how it\u2019s done, that\u2019s all in these WS-Trust standards. Believe me, we know a lot about this. When we did Hailstorm, four or five years ago \u2013 it wasn\u2019t a plot to be the central root of trust or anything like that, but it was perceived as such. Our guys who work in this area have made it so clear that this is open, that everybody connects up to this. We are so clear on this.<\/p>\n<p>FT: Is this the Hailstorm vision under a different name?<\/p>\n<p><img src=\"\/wp-content\/images\/2006\/02\/bill_privacy.jpg\" alt=\"\" align=\"right\" \/>BG: No, no, it\u2019s not even worth going back to that. We partly didn\u2019t know what it was, and certainly what the press said it was wasn\u2019t what we thought it was, but even what we thought it was we didn\u2019t end up doing all of that. That\u2019s old history. <\/p>\n<p>This is very simple. There are statements like, \u201cI, the employer of this person, have given them a secret\u201d \u2013 either a password or even better a big number, a key. So I, Intel, say if they present this secret back to me, I, Intel vouch that they are an employee. Then we at Microsoft collaborate with Intel, and we decide do we accept statements of that type to decide who can get into various collaborative websites for joint projects.<\/p>\n<p>That\u2019s called federation, where we take their trust statement and we accept it, within a certain scope. So they don\u2019t have to get another user account password. There\u2019s no central node in this thing at all, there never can be. Banks are a key part of it, governments can be part of it. The US, probably not as much. <\/p>\n<p>In a lot of countries, statements like \u201cthis person is over 18\u201d, \u201cthis person is a citizen\u201d, the governments will sign those statements. When you go into a chat room, for example, in Belgium, they\u2019ll insist that you present not necessarily the thing that says who you are, but the thing that says the government says I\u2019m over 18. This trust ecosystem has so much good designed for privacy. This thing is amazing, where you can prove who you are to a third party and then, in the actual usage, they don\u2019t know who you are. A lot of the previous designs had the idea that if you authenticated, then you gave up privacy. There are lots of cases where you want to be authentic but not give up your privacy \u2013 or not give up your privacy except in extreme cases. <\/p>\n<p>So all these things that exist in the real world about trust have to mirrored in these digital systems &#8211; and the real world is very complex in these respects. When you hear somebody on the phone, that\u2019s enough evidence that you\u2019re willing to tell them some things. The basic architectural framework lets us mirror a lot of these real world things. But these real world things, they take no set-up time. <\/p>\n<p>Your brain is just so good at recognizing somebody\u2019s voice, or somebody\u2019s face, or somebody\u2019s handwriting. It\u2019s all just so implicit. When you leave your office, it would be strange for somebody nobody knows to come into your office and sit there at your computer \u2013 you didn\u2019t write a memo to everybody nearby, it\u2019s so implicit: give me a break, you guys just let that guy walk in there and walk away with my computer! In the digital world, there\u2019s far less that\u2019s implicit like this. <\/p>\n<p>Describing these things is hard. Now in some ways, the digital world is superior. The ability to have anonymity is actually better when you want it. There\u2019s no such thing as going to a soapbox and saying the government\u2019s corrupt and not having the intelligence service see your face. In the digital world, that can be done.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;There are lots of cases where you want to be authentic but not give up your privacy \u2013 or not give up your privacy except in extreme cases.&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/375"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=375"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/375\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}