User Centric ID management – Heading for New Zealand

The upcoming identity conference in New Zealand is going to be a high spot for ID management in this part of the world; indeed anywhere.

If it’s public then it’s not private. Really?

Can Metcalf's Law be applied to personal data management?

It is often said that if data about someone is already in the public domain, then that information is no longer private. Sounds reasonable, but I reckon that can become an insidious furphy.

"The data is already public" was the chief debating point advanced by proponents of searchable white pages. They argued that because publicly available paper white pages reveal everyone's phone numbers, surely having a searchable database didn't change anything. But a searchable digital white pages really is different. And not just quantitatively — it makes reversing names from numbers vastly more efficient — but also qualitatively.

For one thing, the very act of searching generates new types of information, much of which is private (and commercially valuable). For instance, whomever owns the searchable white pages also gets to know stuff like who else is interested in my phone number, and why. The owner can synthesise brand new information, none of which is accessible to me, even though nothing other than my 'already public' number has been revealed.

Web 2.0 & rating the Police. A Bruce Schneier perspective

The transparency debate is nuanced & needs a lot more work.

A great day for privacy: genuine privacy respecting, user centric Identity Management has hit the mainstream

The bar for acceptable ID management has just been suddenly raised.

Swallows flying by: the small flock grows

And now Ernst & Young have released their swallow, after the earlier ones seen in Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?, then Another swallow flew by, but who was looking?

The curse of the rule maker. But there’s a lesson in it.

Stephen Wilson made an excellent point in his comment "Privacy movement deja vu" on my blog on "Another swallow flew by, but who was looking?"

Another swallow flew by, but who was looking ?

Since posting "Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?", there has been another swallow of sorts.

But not everybody has been watching or maybe it is typical Spring weather.

Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?

We are in an interesting period of leadership change.  In Australia, we elected a new federal government at the end of 2007.  The UK has a new PM & the USA will have a new president by the end of 2008.

Is the privacy debate changing too, reflecting a new mood?

“Government 2.0” – is it Safe to Play for the citizen?

How can government make it 'Safe to Play' for citizens when they are offered wiki or blog or social networking styles of interaction with government?

Losses of personal information, trust and privacy: This is going to change your life

We are watching a very rapid change in community attitudes on privacy.  One of the strongest contributors is the repeated and significant loss of control of personal information by private and public sector organisations around the world.

Plurality of Identities, and trouble ahead with biometrics

The idea of biometric authentication plays straight into the view that each user has one "true" identity underpinning multiple authorisations.  

 I recently noted in the thread on identities and keys that: [We need] identity frameworks (like the Microsoft developed Identity Metasystem aka Cardspace) that permit as many "identities" as there are contexts in which we assert ourselves.

We are in the midst (I hope!) of a shift to a new paradigm based on a plurality of identities. And I think I'm using the over-wrought "p word" here in its proper context. The current "singular identity" paradigm has had a deep and unhelpful influence over the way we think about all sorts of things, including smartcards, PKI, biometrics, the semantic debate over "authentication" versus "authorisation", and therefore the underlying architecture of many approaches to federation.