Wednesday, March 21, 2012

The Value of “Me” (Part V of the series)

 

Choice

Well in the last post I promised that I would make the jump to a solution that increases the value of Internet, and gives me a choice in how and what I share on the Internet. So lets get straight to it.

First a recap. the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

  1. It will be privacy enhancing and voluntary
  2. It will be cost effective and easy to use
  3. It will be secure and resilient
  4. It will be unambiguous
  5. It will be interoperable
  6. It will be transparent

We’ve decided that we’re going to use a Web based solution and add something to the HTTP protocol that increases the opportunity for greater choice, trust and respect. So why not add an Identity wallet to the browser. (that wasn’t so bad was it). Ok, so what would be in this identity wallet. “Stuff”… (just kidding). It would be very like the wallet you carry on you. It could include personal information, device information (whether you’re on a Mobile phone or not) and it could have location information.

Nothing that is not doable with off the shelf technologies. Simply create a secure database, allow the user to customize it with data, allow it to “talk to the operating system” and collect device information and then protect it all. So far it’s meeting features 2 – 6 above (because I have control over the database). But what about #1? How do we make it privacy enhancing – well by sharing that data. You see unlike DNT which doesn’t allow me to add anything to the Web conversation I now have my real identity that I can add to the transaction. All I have to do is figure out a way to get the data to the content provider.

Well fortunately the current HTTP spec shows us exactly how we can do that. We simply add the data as a “Header” to the request going to the Web server. Returning to my analogy of the train leaving the station with just a flag set (indicating that I don’t want to be tracked) this time I’m attaching additional information that I’m prepared to share “as long as you respect my privacy”.

Now lets re-examine item 1. The solution has to be privacy enhancing. To me this implies that you actually have to share something over and above what you would normally be sharing. DNT has no effect on the browser or what gets sent to the server (other than the single header). There’s no way other than conventional means (filling out a form) for me to communicate additional information which can be used to “increase the value of the transaction”.

And that’s the crux of the argument. The goal here is to increase the value of the transaction, the level of trust, and the level of privacy. Remember I still have NO control over what happens when my data arrives at the Web server. So both methods (DNT and this) are in the same boat here. The difference is that by offering more information to the content provider maybe he can deliver more value to me without the need to compromise my privacy.

Think of this secure database as a “Context Manager”. I add and subtract information, I can choose who I want to share it with, and everything is convenient, easy to use and efficient. While in transit the data is secure and if I feel that the content provider is misusing my information then I can stop him seeing my data by simply unchecking a box.

This Context Manager in essence becomes the “over drive gear” for the Internet. It allows for the following:

  • Additional privacy protections for individuals who can use it to gauge if their personal data is being handled fairly and transparently
  • Convenience for individuals who can use this Identity “Contextual Manager” (aka wallet) to manage fewer passwords
  • Efficiency for content providers – they get to unlock additional value in the transaction by knowing more about me in return for a greater respect of my privacy
  • Ease of use by automating the deliver of the contextual data over an approved and accepted standard
  • Security by not only securing the data on the device but also in transit even over an unencrypted HTTP session
  • Confidence that my digital identity’s are adequately protected
  • Innovation, by lowering the risk associated with sensitive services and by enabling providers to plugin in their own wallets for your use with their services.

And finally the biggest feature of all…Choice, as service providers offer individuals different – yet interoperable – relevant media services.

 

 

No comments: