Is building an Identity Ecosystem a “Wicked Problem”?

 

 

First what is a wicked problem? (link)

It’s used to “describe a problem that is difficult or impossible to solve because of incomplete, contradictory, and changing requirements that are often difficult to recognize. Moreover, because of complex interdependencies, the effort to solve one aspect of a wicked problem may reveal or create other problems.”

So when you start talking about an Identity Ecosystem you can see why it appears on the surface to be a “Wicked Problem”. Can you imagine all the stakeholders sitting around a table arguing for their own agenda’s, their own way of supporting Me and my Identity. Alignment on the issues is not the first thing that comes to mind.

And yet one wonders if there is a “simple solution” to the problem. Well I think there is. However first we must dig a little further.

What is Identity?

Wikipedia has a good description – link

The sociological notion of identity, by contrast, has to do with a person's self-conception, social presentation, and more generally, the aspects of a person that make them unique, or qualitatively different from others (e.g. cultural identity, gender identity, national Identity, online identity and processes of identity formation.

So is identity defined by the individual or the social/geographic context that the individual finds themselves in? Well it’s both. So how do we align these two items?

Well if you think about it a single word comes to mind – Context.

Identity is context about Me. And as per the definition what you need is a Context Manager that collates all of my “Me” data. That would be defined as data about Me, my geo-location, and what device I’m using to connect with.

So if you’re going to solve the Identity Ecosystem problem you have to start with a context manager. Think of it as a secure database that follows me around from device to device. The database adapts in real time to my social/geo context. It’s completely under my control, it’s secure and it can talk to other databases that I might add to increase my “Context”.

So far so good. Now comes the hard part – data portability. And the only reason this is difficult is because we’re not looking at a common protocol (communications format). The stakeholders all want to keep their existing protocols (formats) and therein lies the problem.

But that was then – and now we have the HTTP protocol – literally one protocol that binds billions of devices and people on the planet. So “If” the stakeholders were to adapt their systems to communicate via HTTP would that solve the problem. And the answer is “Yes”.Think of it in these terms – One Ring Binds them all

• One Interface – the Browser
• One Platform – the Internet
• Multiple data sets – the Context

So all you need now is a way to transmit my real time context (Identity) over HTTP securely. And that’s pretty straightforward – simply add the encrypted data to the request that goes to the web server. From there the data can be shared with any backend system.

So in my opinion building an Identity Ecosystem is NOT “Wicked Problem”, as long as the stakeholders cannot agree on a common protocol that joins everyone. And there's plenty of good reasons to support HTTP (like billions of reasons)

The key to solving this wicked problem is real time “Context”, that is under my control, and a common communications protocol. Oh yes, one more thing - don't forget to give the user a "Choice" in not only what they share but to whom they share it with.

FTC issues new Privacy Framework - It all boils down to 3 things

Privacy Report

 

And what are those 3 things?

1. Privacy By Design: Build in Privacy at every stage of product development
2. Simplified Choice for Businesses and Consumers: Give consumers the ability to make decisions about their data at a relevant time and context, including through a Do Not Track mechanism, while reducing the burden on businesses of providing unnecessary choices
3. Greater Transparency: Make information collection and use practices transparent

Summary:

• From the first line of code to the shipping product think about the Privacy of your customers/users
• Give users a Choice - integrate context, and make it easier for businesses to provide the relevant content
• Transparency - let the user/consumer really know how you're using his data

There's no going back now. The Privacy genie is out of the bottle so to speak. Next comes legislation to enforce these recommendations. What will be fascinating is to see how the EU reacts.

 

 

The Third Party Privacy Problem

 

 

In my last post How your privacy leaks out on the Internet I discussed the third party problem. It's really a difficult problem to solve - especially when you're not sure who the 3rd parties are. In this example above lets assume for arguments sake that the content provider is ONLY using those companies shown as icons above, as 3rd party advertisers. There are still issues to deal with - but it's bracketed.

The next situation is more complex. What if there are other 3rd parties on that Web page, or one of the above icons refers to yet another party who in return shares your information. That's really a tough problem to solve.

Interesting enough there's a post about this problem up on the Public Do Not Track Mailing list - the title is "tracking-ISSUE-129: Site-specific Exceptions a) Blanket Exceptions (mysite, any-third party) [refining ISSUE-111] [Tracking Preference Expression (DNT)]

Quite a mouthful for sure… however this is a really important topic so lets dig in. Here's the scenario/use case

SCENARIO/use case:

• User visits a site with DNT;1; by default, third parties fall under the constraints for third parties
• Site needs certain (maybe unknown) list of its third parties to function properly
• Site asks user to provide a site-specific exception to allow all (aka "*") used third parties to be exempted from the constraints for third parties

So let's break it down:

• You're using your standard browser and have set the preference so that you are not to be tracked - as far as you're concerned that's it.

Now we switch to the content providers site. They've been operating for years and have integrated calls to send data to 3rd parties. Without those calls either their Web site doesn't work or they don't get paid. So what happens now? They get a request from a browser that indicates that the user does not want to be tracked - however the Web site cannot return a response to them without tracking them.

So they need an "exemption" - they have to message the user that in order to see this Web site they have to be tracked and need them to agree to it. Well basically there's only ONE way to solve this problem - you have to send down a page with some JavaScript in it which pops up a dialog box with this request in. The user then has to agree - but now comes the next thorny issue - how long do they agree for? And exactly what are they agreeing to? Does the content provider have to list all the third parties (some of which are unknown to them). What data are you exactly sharing with these unknown 3rd parties. Are those cookies going to remain on my device for others to see and use?

In a previous blog post: Me – The intersection of Privacy, Security and Identity on the Web – Part II I used the following graphic to illustrate the issues with DNT.

 

 

The issue we're discussing in this post "Site-specific Exceptions a) Blanket Exceptions (mysite, any-third party)" hits right in the "Innovation" category.

In an attempt to make Privacy binary (0,1, Null) we've made it very easy for a user to send his Privacy status. What we haven't done is make it easy for the content providers to comply. Think about the above issue for a moment. Think of it in man hours, lines of code, regression testing, and most importantly "expectation setting".

There's simply a ton of work to do to make this right. The user has a very clear expectation - anything that changes that expectation must be transparently and unambiguously conveyed to the user. This is NOT trivial - because you have to get it right immediately, and it must be right all the time. DNT is not cost effective for sites that have "unknown 3rd parties who they share data with.

Of course fixing that will affect your revenue numbers.

 

 

How your privacy leaks out on the Internet

 

 

Sometimes all you need is a simple picture. I went to the Huffington Post and picked an article at random. At the bottom of the article was the above graphic - simply click on your favorite social network to share you data.

It all seems so innocuous - but it's not, and here's why.

Social networks have an incredible amount of data on your - because you filled out a profile on yourself. Now when you visit somewhere else on the Web there has to be a way to connect that profile data with what your reading and finding interesting. Almost like "search".

So the second I click on either the Tweet icon above or maybe the Facebook icon you've just tied your entire profile to that article. That tells advertisers a lot. Why because Facebook et al share that data with advertisers and in return pay a referrer fee to the Huffington Post. It's called Advertising Financial Engineering - and it works because you inadvertently just allowed everyone to know your profile.

So here's where things get interesting. The new Do Not Track Standard (work in progress) is trying to figure out how to stop this. It's the "first party vs. 3rd party issue". The Huffington Post is the first party, Twitter, FaceBook et al are the 3rd party. The core issue is what happens to the status when I click on one of those "like buttons". Can they still use my data?

My guess is "Yes". Because if not then Facebook's, Twitters, Pinterest etc revenue models start collapsing - the big winners will the the content aggregation houses that don't depended that much on being a 3rd Party. And they would be Google, Microsoft, Yahoo, AOL.

Welcome to the Privacy jungle - it feels like we're completely naked and that's because we are.

 

 

My Identity Wallet

 

These days everyone is talking about my “Online Identity” and lots of big companies are trying to be the first to deliver their vision of an Identity Wallet.

So I thought about what I would want in such a wallet. My starting point is my current real life “Identity Wallet”. I’ve included a picture of it above. It’s pretty cool – it fits in my pocket, has a “transparent” protector on one side so that I can show people my drivers license, and then it has “convenient” holders for credit cards and business cards. Best of all it comes in a color of my Choice.

Notice how I used three key words:

1. Transparent
2. Convenient
3. Choice

These attributes are really important to me. I want a simple convenient, adaptable solution that I can customize based on what I want to carry with me on any given day.

And that is what is going to be required of any Online Identity solution. It must be simple, convenient, easy to use and Privacy enhancing. It should work seamlessly with the other item I carry in my pocket, (my smartphone) and I should be able to add anything I want to it. Then when I interact with Web sites online I should easily be able to send that data to them (securely).

Anything less than the above is not innovation and I doubt will lead to adoption. By the way the electronic equivalent of my regular wallet is a customizable secure database. It just needs to be integrated into the browser for easy online use.

Simple and it "Just Works".

 

 

The Value of “Me” (Part V of the series)

 

Well in the last post I promised that I would make the jump to a solution that increases the value of Internet, and gives me a choice in how and what I share on the Internet. So lets get straight to it.

First a recap. the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

1. It will be privacy enhancing and voluntary
2. It will be cost effective and easy to use
3. It will be secure and resilient
4. It will be unambiguous
5. It will be interoperable
6. It will be transparent

We’ve decided that we’re going to use a Web based solution and add something to the HTTP protocol that increases the opportunity for greater choice, trust and respect. So why not add an Identity wallet to the browser. (that wasn’t so bad was it). Ok, so what would be in this identity wallet. “Stuff”… (just kidding). It would be very like the wallet you carry on you. It could include personal information, device information (whether you’re on a Mobile phone or not) and it could have location information.

Nothing that is not doable with off the shelf technologies. Simply create a secure database, allow the user to customize it with data, allow it to “talk to the operating system” and collect device information and then protect it all. So far it’s meeting features 2 – 6 above (because I have control over the database). But what about #1? How do we make it privacy enhancing – well by sharing that data. You see unlike DNT which doesn’t allow me to add anything to the Web conversation I now have my real identity that I can add to the transaction. All I have to do is figure out a way to get the data to the content provider.

Well fortunately the current HTTP spec shows us exactly how we can do that. We simply add the data as a “Header” to the request going to the Web server. Returning to my analogy of the train leaving the station with just a flag set (indicating that I don’t want to be tracked) this time I’m attaching additional information that I’m prepared to share “as long as you respect my privacy”.

Now lets re-examine item 1. The solution has to be privacy enhancing. To me this implies that you actually have to share something over and above what you would normally be sharing. DNT has no effect on the browser or what gets sent to the server (other than the single header). There’s no way other than conventional means (filling out a form) for me to communicate additional information which can be used to “increase the value of the transaction”.

And that’s the crux of the argument. The goal here is to increase the value of the transaction, the level of trust, and the level of privacy. Remember I still have NO control over what happens when my data arrives at the Web server. So both methods (DNT and this) are in the same boat here. The difference is that by offering more information to the content provider maybe he can deliver more value to me without the need to compromise my privacy.

Think of this secure database as a “Context Manager”. I add and subtract information, I can choose who I want to share it with, and everything is convenient, easy to use and efficient. While in transit the data is secure and if I feel that the content provider is misusing my information then I can stop him seeing my data by simply unchecking a box.

This Context Manager in essence becomes the “over drive gear” for the Internet. It allows for the following:

• Additional privacy protections for individuals who can use it to gauge if their personal data is being handled fairly and transparently
• Convenience for individuals who can use this Identity “Contextual Manager” (aka wallet) to manage fewer passwords
• Efficiency for content providers – they get to unlock additional value in the transaction by knowing more about me in return for a greater respect of my privacy
• Ease of use by automating the deliver of the contextual data over an approved and accepted standard
• Security by not only securing the data on the device but also in transit even over an unencrypted HTTP session
• Confidence that my digital identity’s are adequately protected
• Innovation, by lowering the risk associated with sensitive services and by enabling providers to plugin in their own wallets for your use with their services.

And finally the biggest feature of all…Choice, as service providers offer individuals different – yet interoperable – relevant media services.

 

 

Me, My Privacy, Security and Identity on the Web - Part IV

 

 

In this blog post we’re going to make the transitional jump from the current Internet, to one that offers more of a choice when it comes to privacy. However before we make the leap it’s important to note – there’s no solution to privacy without trust. The second you share something with somebody else then trust has to be involved. The goal of any solution should be to offer increased levels of privacy based on increased levels of trust. And if the trust is abused, then provide a way for the user to restrict what they share.

Before we make the jump let’s revisit the issues with the current DNT standard. The goal is admirable – provide increased levels of privacy. As we will have to do with any “client – server” solution, we’ll have to rely on the trust worthiness of the content provider, be it a consumer Web site or an Enterprise portal. So by checking the box marked DNT in the browser we’re sending a message to the content provider that we do not wish to be tracked and that we trust that you’ll respect our wishes.

That’s all we’re doing – we have no control over any other aspect of the data that leaves the browser. Think of it like a train pulling out of the station – everything is the same except there’s a little flag hanging off the last coach that says to the next stop please don’t track me. We have to “hope” that the content provider will do the right thing. But what if they don’t? What’s our recourse – can we change anything about the data that was sent to them – to decrease the value of it? Nope. We can’t do a thing. We have no control and we lack a choice in how we want our browser data (fingerprints and cookies) to be respected.

If DNT was to stand a real chance of winning in the marketplace as a standard then the second we turned it on it would disable ALL third party cookies that come down to the device. That would be a huge step in the right direction because it starts to give us a choice in what goes on. So you have to ask yourself why isn’t this being done?

And in those immortal words “Follow the Money” you find the answer. The Internet is a business and in return for providing services for “free” there must be a way to re-coup the expenses. If DNT was to instantly block those 3rd party cookies there would be mayhem – companies have been built on access to customers data and disabling those cookies will collapse their businesses. So the DNT standard has been “engineered” so that this can be handled by the content provider and not the user. And as the Bard said – therein lies the trust, choice and privacy issue.

Without the ability for transparency then I have no way of verifying that there’s compliance. Try opening up your browser and figuring out which is a 3rd party cookie? You have no idea. And there’s absolutely no incentive to let you figure that out. On the contrary there’s a great incentive to “game the system” and not respect your privacy.

Think about it for a moment – if you had to spend thousands or millions of dollars to re-write how you Web server supported this new standard, and by doing so you stood to loose a lot of money, how fast do you think it would get done. (Especially if all it was, was a recommended spec).

At the root of the DNT standard is good old fashioned “Money”. I understand and respect that. After all you’re giving me something for free and in return I should give you something – right? Well yes, but wouldn’t be better if we could actually make the whole experience better? Sort of like adding an overdrive gear to the Internet. I’ll increase the value of what I share with you, if you increase the value of what you share with me and in doing so give me a better experience.

That seems like a far better use of my Privacy than the current approach.

Well I’ve run out of time on this post so in the next blog we’ll make the jump to offering something new for the Internet, something that allows you a choice and allows both you, and the content provider, to share in the value created by increased levels of trust.

Me, My Privacy, Security and Identity on the Web – Part IV

In this blog post we’re going to make the transitional jump from the current Internet, to one that offers more of a choice when it comes to privacy. However before we make the leap it’s important to note – there’s no solution to privacy without trust. The second you share something with somebody else then trust has to be involved. The goal of any solution should be to offer increased levels of privacy based on increased levels of trust. And if the trust is abused, then provide a way for the user to restrict what they share.

Before we make the jump let’s revisit the issues with the current DNT standard. The goal is admirable – provide increased levels of privacy. As we will have to do with any “client – server” solution, we’ll have to rely on the trust worthiness of the content provider, be it a consumer Web site or an Enterprise portal. So by checking the box marked DNT in the browser we’re sending a message to the content provider that we do not wish to be tracked and that we trust that you’ll respect our wishes.

That’s all we’re doing – we have no control over any other aspect of the data that leaves the browser. Think of it like a train pulling out of the station – everything is the same except there’s a little flag hanging off the last coach that says to the next stop please don’t track me. We have to “hope” that the content provider will do the right thing. But what if they don’t? What’s our recourse – can we change anything about the data that was sent to them – to decrease the value of it? Nope. We can’t do a thing. We have no control and we lack a choice in how we want our browser data (fingerprints and cookies) to be respected.

If DNT was to stand a real chance of winning in the marketplace as a standard then the second we turned it on it would disable ALL third party cookies that come down to the device. That would be a huge step in the right direction because it starts to give us a choice in what goes on. So you have to ask yourself why isn’t this being done?

And in those immortal words “Follow the Money” you find the answer. The Internet is a business and in return for providing services for “free” there must be a way to re-coup the expenses. If DNT was to instantly block those 3rd party cookies there would be mayhem – companies have been built on access to customers data and disabling those cookies will collapse their businesses. So the DNT standard has been “engineered” so that this can be handled by the content provider and not the user. And as the Bard said – therein lies the trust, choice and privacy issue.

Without the ability for transparency then I have no way of verifying that there’s compliance. Try opening up your browser and figuring out which is a 3rd party cookie? You have no idea. And there’s absolutely no incentive to let you figure that out. On the contrary there’s a great incentive to “game the system” and not respect your privacy.

Think about it for a moment – if you had to spend thousands or millions of dollars to re-write how you Web server supported this new standard, and by doing so you stood to loose a lot of money, how fast do you think it would get done. (Especially if all it was, was a recommended spec).

At the root of the DNT standard is good old fashioned “Money”. I understand and respect that. After all you’re giving me something for free and in return I should give you something – right? Well yes, but wouldn’t be better if we could actually make the whole experience better? Sort of like adding an overdrive gear to the Internet. I’ll increase the value of what I share with you, if you increase the value of what you share with me and in doing so give me a better experience.

That seems like a far better use of my Privacy than the current approach.

Well I’ve run out of time on this post so in the next blog we’ll make the jump to offering something new for the Internet, something that allows you a choice and allows both you, and the content provider, to share in the value created by increased levels of trust.

Me – The intersection of Privacy, Security and Identity on the Web – Part II

 

 

In this post we’ll take a look at how the current Do Not Track standard compares to the viable solution list from the last post.

To recap. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features. Please note that I added two more, unambiguous and transparent.

1. It will be privacy enhancing and voluntary
2. It will be cost effective and easy to use
3. It will be secure and resilient
4. It will be unambiguous
5. It will be interoperable
6. It will be transparent

So lets go down the list:

 

Wow, that’s pretty bad. So what if I’m wrong (I can imagine the DNT advocates are shouting at me now). Well how wrong can I be?

• Confidence
  • For something to have value you have to believe that it works. If you read the “proposed standard” you’ll see that it has been “engineered” to allow for the status quo to continue. There’s no enforcement – it’s just a recommended practice. Think of it in terms of going through Airport Security – that’s mandatory vs… recommended
• Privacy
  • Show me in the spec where it protects my data. In essence it shares all of my data with the content provider and then I have to trust they don’t share that with a 3rd party. So my data is still out there and I cannot verify that it hasn't been shared
• Choice
  • The default is ??? well I’m not sure because they haven’t decided yet. It should be "On" so that it benefits the consumer, but what are the financial incentives for that to happen. The best bet would be “No Preference” which means in the USA – tracking is allowed and in the EU – tracking is not allowed. Of course you just have to figure out where the Mobile user is so you can make the appropriate response. But that's tracking right?
• Innovation
  • Nothing here. I cannot change anything in the browser. In fact I “may” have to make a lot of changes to all my server scripts. That’s expensive and time consuming. Remember every script or Web page "should" be modified to exclude 3rd party cookies and content if the header is set
• Privacy enhancing
  • Again it hasn’t enhanced my privacy, it has enhanced my ability to not have my data shared. For large content aggregators this means nothing as they never share the data anyway with a 3rd party (just themselves)
• Voluntary
  • This gets a tick box but is actually a fail. Again this is a recommended practice not a mandatory practice. If it was a lot of content providers would go out of business because the ONLY way they can make money is to scrape Web sites looking for personal data that can be shared with 3rd party vendors
• Cost effective
  • Only for sites with good data privacy policies. However because there’s no legal compliance here there’s no need to rush to support a recommended practice. For those sites that do have to change the costs can be enormous. Every script has to be updated to support new information arriving at the server
• Easy to use
  • Only for the consumer. For the content provider there’s a big cost involved in programming time, server loads, and increased bandwidth
• Secure
  • There is no security involved in this standard
• Resilient
  • I think of this as adaptable or extensible. As I can’t innovate around it I don’t see it surviving. How would I differentiate my Web service by improving this standard. You can’t.
• Interoperable
  • Well for this one I give it full marks - but not for awhile because every browser will have to be updated to support this spec. Currently no browser is capable of sending the required data (e.g. 1, 0 "Null")

For something to be worthwhile, the general rule of thumb is that you must give more value than you extract. As long as consumers believe that DNT offers more value than it extracts then they’ll be willing to go along with it. However the second they discover that selecting the check box offers no value, then the standard collapses.

DNT is not about privacy – that’s just the magicians illusion – it’s really about Do Not Share my data with 3rd parties - unless I give my permission (which in its self opens up another huge can of worms. Think about the User Interface issues). And that’s something completely different.

So it also fails the tests of being unambiguous and transparent. The good news is that it opens up the chance for new innovation to succeed because believe it or not people really care about their privacy and they want a choice in that process and we'll talk about that in the next post.

 

 

Me – The intersection of Privacy, Security and Identity on the Web

 

 

As I read more and more about online privacy, security, and identity it seems to me that people are missing the larger picture here. So in this blog post I’ll attempt to join the dots.

There are three main challenges on the Web today:

1. A lack of confidence that people, organization and businesses are who they say they are
2. The lack of an adequate authentication mechanism burdening consumers with the need to juggle multiple  passwords and usernames
3. A growing list of privacy violations that disclose sensitive information that undermines consumer trust in the Internet

So what’s the solution? Is there even a viable solution?

Well I think there is. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

1. It will be privacy enhancing and voluntary
2. It will be cost effective and easy to use
3. It will be secure and resilient
4. It will be interoperable

It’s pretty simple really

1. I have to have a way to enhance my privacy without disrupting any of the current business practices. Think of this as an overdrive gear on your car. The car runs fine with all the current gears, but if you need something extra (fuel savings for instance) another gear is at hand. This is what the Web needs – another gear that offers something better, but does not disrupt what is currently there
2. It has to be cost effective and easy to use. In a nutshell it must be standards based. Again using the car as a example – I should be able to upgrade to a better quality of gasoline without changing my engine. And the reason I pay more is because I get something from it (a longer lasting engine). In essence the solution has value
3. It will be secure and resilient – it must be flexible, adaptable, sustainable, and the user must have confidence in it’s security
4. It’s got to work everywhere and it has to scale from transactions that range from anonymous to fully-authenticated and from low to high value

In my next blog post we’ll use the attribute and feature set to see how Do Not Track stacks up.

 

 

Me – The intersection of Privacy, Security and Identity on the Web

 

 

As I read more and more about online privacy, security, and identity it seems to me that people are missing the larger picture here. So in this blog post I’ll attempt to join the dots.

There are three main challenges on the Web today:

1. A lack of confidence that people, organization and businesses are who they say they are
2. The lack of an adequate authentication mechanism burdening consumers with the need to juggle multiple  passwords and usernames
3. A growing list of privacy violations that disclose sensitive information that undermines consumer trust in the Internet

So what’s the solution? Is there even a viable solution?

Well I think there is. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

1. It will privacy enhancing and voluntary
2. It will be cost effective and easy to use
3. It will be secure and resilient
4. It will be interoperable

It’s pretty simple really

1. I have to have a way to enhance my privacy without disrupting any of the current business practices. Think of this as an overdrive gear on your car. The car runs fine with all the current gears, but if you need something extra (fuel savings for instance) another gear is at hand. This is what the Web needs – another gear that offers something better, but does not disrupt what is currently there
2. It has to be cost effective and easy to use. In a nutshell it must be standards based. Again using the car as a example – I should be able to upgrade to a better quality of gasoline without changing my engine. And the reason I pay more is because I get something from it (a longer lasting engine). In essence the solution has value
3. It will be secure and resilient – it must be flexible, adaptable, sustainable, and the user must have confidence in it’s security
4. It’s got to work everywhere and it has to scale from transactions that range from anonymous to fully-authenticated and from low to high value

In my next blog post we’ll use the attribute and feature set to see how Do Not Track stacks up.

 

 

Privacy: Is No Not Track really about Customers having a Choice - or is it something else?

 

There's an interesting article in POLITICO (What exactly does ‘do not track’ mean?) asking the question everyone is becoming more concerned with. And the answer is "maybe what you think" or "it could be what you think" or "we'll just have to wait and see".

Awhile ago I wrote a blog Privacy on the Internet is NOT “binary” my premise was that without offering the user a Choice you weren't offering any real form of privacy.

As I read the Politico article i'm reminded again how a binary approach to privacy is bordering on the un-feasible. Here's why - I open up my browser and change the Do Not Track privacy setting to 1. This (in my mind) lets every Web server know that I do not want to be tracked. You cannot store my data, you cannot resell my data, in essence I want you to respect my privacy.

That's what the "1" means to me. But according to the article and the proposed standard it doesn't actually mean that at all. It merely means that the various content providers should interpret what I mean by "trying to following" the current guidelines. As the Politico article points out everyone has an opinion on what the standard means.

In essence the DNT=1 setting gives the content providers/advertisers a Choice - and removes my Choice. And that's why the devil is really in the details on this standard. If there isn't consistency, then there will not be compliance. Without compliance there is no real enforceability (because it was open to interpretation).

I often wonder what part of "No" didn't you understand.

Also you have to remember that this is a global standard which means other countries are going to have to comply with it (or not). Already they're running into issues as it relates to regional privacy laws. You have to know where I am at all times to know how to resolve the local privacy laws. (That means you have to track me).

Privacy is a really big issue - on the one hand you have the user who wants and is entitled to his/her privacy. On the other hand you have the content providers who in return for a "free Web" sell access to your data. (Think of if as financial engineering). Now how do you balance the two without disrupting the entire value chain.

Well the answer is in delivering a real Choice™ - one where BOTH consumers and content providers participate equally. Until that happens you're going have something that looks like this. (Hint - you're the guy at the top)

 

 

9 lines of HTML code–2 minutes to create

 

 

And the same code runs exactly the same on iPhone

Patents

 

I've been following along at the outrage over Yahoo suing Facebook for patent infringement. It amazes me - no one blinks an eye that Microsoft collects ½ a billion a year in patent royalties and yet Yahoo is entitled to nothing according to the critics.

Remember - Patents are more about strategy than anything else. It's just another tool in the tool chest that a company can use. It would be ludicrous for Yahoo NOT to sue Facebook if indeed they have infringed on their patents. Can you imagine the Yahoo shareholders calling the new CEO and saying - what's going on, why aren't you protecting our rights?

Patents are here to stay - there will always be critics, until one day those critics fill for a patent and then seek to defend it. I say get over it - remember IBM? Well they have a patent on the flashing cursor - and you know who pays them a royalty for their patents?

Microsoft.

The Innovators Dilemma - Improving the Internet so I have a choice in how it recognizes me

 

In my last blog - Privacy: My Expectations vs.. My Reality I started with a famous quote from Wernher von Braun - you can recover from a production flaw but never from a design flaw.

The design flaw that I hinted at was the Internet's (HTTP) reliance on Cookies to add "state" to a users browser. This is almost in direct conflict with Privacy. And I know the purists are shouting at me now, but think about it, if I don't want to be tracked then I should simply be able to turn off anything and everything that could possible use my data, and that includes no more cookies. (Of course the Internet would collapse without Cookies).

So how do we change the current design of the Internet to solve this dilemma?

Before we try and answer that problem, let's revisit another blog post (Privacy: Do Not Track & the real Elephant in the room) where I quoted two Norwegians and their definition of Privacy.

Selmer and Blekeli in 1977: Privacy is the legitimate interest of a person to control the collection and use of information that relates to him/herself. (Source: "Data og personvern" p. 21, Universitetsforlaget, Oslo)

So now we have the underpinnings of the problem we need to solve:

How do you improve the Internet so that I can control the collection and use of information that relates to "Me" - and do so while co-existing with the current Internet.

Now let's double check with the current White Houses Administrations proposal to ensure that we're still all in agreement. Here's the paper you need to read "National Strategy For Trusted Identities in CyberSpace" Page 2 is the critical page. And here it is:

Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

The realization of this vision is the user-centric “Identity Ecosystem” described in this Strategy It is an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices The Identity Ecosystem is designed to securely support transactions that range from anonymous to fully-authenticated and from low- to high-value The Identity Ecosystem, as envisioned here, will increase the following:

• Privacy protections for individuals, who will be able trust that their personal data is handled fairly and transparently;
• Convenience for individuals, who may choose to manage fewer passwords or accounts than they do today;
• Efficiency for organizations, which will benefit from a reduction in paper-based and account management processes;
• Ease-of-use, by automating identity solutions whenever possible and basing them on technol- ogy that is simple to operate;
• Security, by making it more difficult for criminals to compromise online transactions;
• Confidence that digital identities are adequately protected, thereby promoting the use ofonline services;
• Innovation, by lowering the risk associated with sensitive services and by enabling service providers to develop or expand their online presence;
• Choice, as service providers offer individuals different—yet interoperable—identity credentials and media

So lets summarize the problem...

The innovators dilemma is to figure out how to extend the current HTTP protocol so that it can offer Me: Privacy, Convenience, Efficiency, Confidence, Control and a Choice in how my information is collected and used.

 

Well here's the good news - fortunately we only have a production flaw NOT a design flaw to deal with. Let's head over to read the document that tells us how the Internet works and see if there's anything there that can help solve the problem using a little teamwork e.g. the browser manufacturers, the W3, Web servers and Content providers all working together to give me a Choice.

The document is RFC 2616 and here's the important part that points to the answer:

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers. A feature of HTTP is the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred.

 

I've highlighted the answer to the Innovators Dilemma.

HTTP is an "extensible" protocol which means that we can extend it to support new ways of doing things. And the way to do that is with something called an X header. In technical parlance this "is a standards based method to extend the protocol with non-standard based data". The non standard data in this case is secure, encrypted information about me that I chose to allow the browser to share with a trusted Web site or 3rd party provider.

Now how do we integrate all of this? Well we start with the two Norwegians definition of Privacy and use that to determine the control method. If I have to be in control then there's only one place to add the controls - the Browser. We add a secure database that holds my information - we then allow the user to control every aspect of that database. In essence you can chose to share whatever you want, with who ever you want.

Now lets go to the second part of the problem - the content providers/web servers. Well there's good news here to. If I trust them, then I can elect to share my data, if they abuse that privilege then I can turn off sharing - I always have control over the process.

So how do they get my data?

They read the incoming X headers (the approved way to transmit non standard data over a standard protocol). Now again I can hear the purists shouting - "that's going to put a big load on the servers". And to that I say nonsense - servers are incredibly fast these days and the burden of reading an extra 100 bytes of data on every request even if it is encrypted is insignificant. And if it is - then buy a bigger server. Those bytes are the least of your problems.

So there you have it - the answer to the Innovators dilemma on how to improve the Internet - add your identity to the browser, do it in a way that allows you to control that identity, and then share it using current standards with any Web server. It meets all the White House guidelines, it works with every Web server, firewall, filter and router. It requires zero changes to the current infrastructure other than to ship a new browser with essentially a wallet built in.

In essence this will transform the Internet in to something it should have been in the first place - a "contextually aware data communications platform". Only this time I will finally have a Choice in the collection and use of that information that relates to "Me".