Tuesday, March 20, 2012

Me – The intersection of Privacy, Security and Identity on the Web

 

Choice

 

As I read more and more about online privacy, security, and identity it seems to me that people are missing the larger picture here. So in this blog post I’ll attempt to join the dots.

There are three main challenges on the Web today:

  1. A lack of confidence that people, organization and businesses are who they say they are
  2. The lack of an adequate authentication mechanism burdening consumers with the need to juggle multiple  passwords and usernames
  3. A growing list of privacy violations that disclose sensitive information that undermines consumer trust in the Internet

So what’s the solution? Is there even a viable solution?

Well I think there is. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

  1. It will privacy enhancing and voluntary
  2. It will be cost effective and easy to use
  3. It will be secure and resilient
  4. It will be interoperable

It’s pretty simple really

  1. I have to have a way to enhance my privacy without disrupting any of the current business practices. Think of this as an overdrive gear on your car. The car runs fine with all the current gears, but if you need something extra (fuel savings for instance) another gear is at hand. This is what the Web needs – another gear that offers something better, but does not disrupt what is currently there
  2. It has to be cost effective and easy to use. In a nutshell it must be standards based. Again using the car as a example – I should be able to upgrade to a better quality of gasoline without changing my engine. And the reason I pay more is because I get something from it (a longer lasting engine). In essence the solution has value
  3. It will be secure and resilient – it must be flexible, adaptable, sustainable, and the user must have confidence in it’s security
  4. It’s got to work everywhere and it has to scale from transactions that range from anonymous to fully-authenticated and from low to high value

In my next blog post we’ll use the attribute and feature set to see how Do Not Track stacks up.

 

 

No comments: