Usability, User Control, Safety and Privacy – Help is at hand!

| July 8, 2011

We have seen the incredible impact of the iPhone and iPad on the every day lives of so many of us.  Overnight, they completely reset our expectations of benchmark usability.

As a result, many of us are collecting and sharing more information than ever before.  Including personal information.

But what are the safety implications of this new ease and appeal?

Like a new, fast car, are we being seduced into driving too fast?  Do these new devices have sufficient safety features and are we sufficiently well educated and experienced to drive at the new speeds available to us?

It is easy to argue that this is happening.  There are arguments about the security of the information on these new devices and about who does what with the information once collected, such as reported in "Tracking File Found in iPhones", New York Times, 20 April 2011 and "It’s Tracking Your Every Move and You May Not Even Know", New York Times, 26 Mar 2011.

At the very least, it is not clear as to what is going on, as described in "Apple and Google Use Phone Data to Map the World", again in The New York Times.

Websites can be just as seductive.  The largest example in human history of course is Facebook which Mark Zuckerberg recently indicated now had three quarters of a billion regular users, or about 1 in 8 people on the planet.  The website throughout its history has put an intense effort into usability – fast upload, fast download, rich and easy to use options for sharing and connecting and much more.  But it too has not always been clear about all the implications of such activity.

In each case, safer settings for the security and privacy of the information being are available but not obvious or not easy to use.

As such, hardly exemplars for the 7 Principles of Privacy by Design.

So, where’s the help coming from?

It is the User Managed Access or UMA protocol that has just been announced in a Press Release from the Kantara Initiative

Kantara was started in only 2009 and has a most eclectic membership.  Members range from individuals, small business, huge business, government and academia.

UMA is being driven by Eve Maler.  Usability is a passion of hers, among many.  I first saw Eve in action as a speaker on "The Design of Everyday Identity" at the superb Managing Identity in New Zealand conference in New Zealand which I covered in "Identity Management in New Zealand, CeBIT Australia and the Merry Month of May …".

Now with UMA, Eve and the members of the UMA Working Group including Susan Morrow Head of R&D at Avoco Secure, have taken this vision a big step forward.

In more detail and in their own words, UMA is:

a protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data (such as identity attributes), content (such as photos), and services (such as viewing and creating status updates), no matter where all those things live on the web.

UMA allows a user to make demands of the requesting side in order to test their suitability for receiving authorization. These demands can include requests for information (such as “Who are you?” or “Are you over 18?”) and promises (such as “Do you agree to these non-disclosure terms?” or “Can you confirm that your privacy and data portability policies match my requirements?”).

But here is the best bit.  Far too often, we get presented with trade off decisions that present a false dichotomy.  Like the security versus privacy dichotomy trounced years ago by the Information and Privacy Commissioner of Ontario, too often we are presented with the false dichotomy of usability or privacy but not both. 

By contrast, UMA strives to give individuals control – and also convenience.

And read more about it at the UMA Facebook page, too.


Now is the time for a wider readership and wider range of stakeholders to consider the UMA protocol.  It has already contributed the protocol to the Internet Engineering Task Force.

It is time that we made the safe way the easy way.

Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand,