Thursday, February 3, 2011

Beyond Passwords: A Vision for Personal Information Management

by Sandy Klausner


Bob Schapiro’s previous SENDS blog post asserted that passwords are a security “solution” that’s part of the problem. Unfortunately, managing multiple passwords is just the tip of the iceberg regarding the cyber-security challenges that we collectively face. This post reflects on the current effort to redefine cyber-security and explores what empowering individuals to manage their personal information and cyber-presence might look like. A companion piece that fleshes out more of a required framework will follow next week.

The NSTIC initiative

The National Institute of Standards and Technology's (NIST) website recently described the emphasis of the current administrations effort on identities and privacy. The National Strategy for Trusted Identities in Cyberspace (NSTIC) “is an Obama Administration initiative aimed at establishing identity solutions and privacy-enhancing technologies that will improve the security and convenience of sensitive online transactions through the process of authenticating individuals, institutions, and underlying infrastructure - such as routers and servers.

“The NSTIC envisions a cyber world - the Identity Ecosystem - that improves upon the passwords currently used to login online. The Identity Ecosystem will provide people with a variety of more secure and privacy-enhancing ways to access online services. The Identity Ecosystem enables people to validate their identities securely when they're doing sensitive transactions (like banking) and lets them stay anonymous when they're not (like blogging)…People and institutions could have more trust online because all participating service providers will have agreed to consistent standards for identification, authentication, security, and privacy,” notes the NISTC website.

Universal ID Management

While the NSTIC goal of securing identity is an important first step, the path to enhancing user privacy is a much longer road to travel. The framework for a Universal ID Management infrastructure will need to include the ability to provide users with at least some level of consistency and control over how their private information is accessed and treated.

Today, simple address formats are diverse and make on-line registration efforts much more cumbersome than they should be. Today, if you’re one of the unfortunate individuals applying for work on company job boards, the inconsistency and repetitiveness of the experience can be downright maddening. As we move toward an ever-growing list of on-line information about us, including biometrics and medical records, the need for a consistent if not fully intelligent framework becomes even more apparent.

Managing personal information also branches into the realm of automation.  When we do have a consistent and convenient way to transfer our address where needed, there should also be a simple mechanism to make updates virtually automatic. For example, if I move, I should be able to update my secure profile and have that change ripple to every single user of that information, including utilities, banks, on-line shopping sites I’ve registered with, magazine subscriptions, etc. Clearly, there has to be a robust identification mechanism in place to ensure only I could make such sweeping changes. But, it would be negligent to craft a new Identity Ecosystem that did not enable such basic management features.

Distribution rights

Another aspect of personal information that warrants attention is the user’s ability to track and manage distribution of their personal information. In its simplest form, that means a user should be able to select who gets access to what piece of personal information in a manner as simple as selecting from a list of people, institutions or websites they frequent and whether or not the recipient can post the information in a public format. Exerting this type of control over a person’s biography is a great example.

But, the concept of managing personal data can expand much further. If we consider the stories we tell about ourselves on social media sites to be an element of personal information, we find eroding levels of control. Facebook has been a classic example. Their privacy policy in 2005 read:

“No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”

On April 2010, Facebook’s privacy policy read:

“When you connect with an application or website it will have access to General Information about you.  The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page.  If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.”

Facebook goes beyond the information you post and adds information others post about you to build a more complete corporate profile of you. If someone posts something erroneous about you and it gets added to Facebook’s corporate profile, it’s not clear you would know it. Certainly, anyone can assemble a profile of you from assembling the results from search engines but there should be an ‘official’ profile where the owner can manage the content and control who has access to what, independent to any one website’s evolving policies.

It may also be the right time to address the individual’s rights in the shadowy world of the personal information marketplace. Many people don’t realize that their profile is a common source of profit for companies that collect large databases of members/subscribers/contestants, etc. Today, many companies are sensitive, if not passionate, about protecting their customer’s information, but anytime you’ve been registered for a free magazine subscription or answered a few required questions to access something on a commercial site, there is the potential that the information is used to create distribution lists that are sold for direct mail campaigns, fund raising, surveys, etc.

While this practice has been in place for decades, it is only fair to ask the question if it is reasonable for someone to sell your personal information without permission, or at least provide some form of compensation...especially with the advent of recent web services that offer to provide a wealth of aggregated information about an individual for a fee. It could indeed open an entirely new market dynamic if individuals had the ability to assign a value to the distribution of their personal information and there was sufficient automation in place to award an individual micropayment for each use of a specific information packet for a specific class of organization.

Users who hate unsolicited information could simply raise the price on the right to trade in their information until they get the level of relevant information they desire (this assumes at a sufficiently high price, no one will engage unless there is high certainty of a positive response). On the other side, people who wanted to maximize the monetary return for just being who they are could adjust the price to extract the maximum income from the authorized selling of their personal information to specific classes of solicitors. Clearly, such a scheme could never be foolproof, even if laws were created to support it, since anyone could simply copy your information and sell into a black market. But, as in most circumstances, the vast majority of honest businesses would align and sustain such a concept if the implementation was sufficiently painless.

Independent of monetization, it would be wonderful if you could track instances of your personal information as it was distributed through the Internet. It would potentially make it much easier for individuals to assess their footprint in ways that current search engines could never reveal.

Location-based services

Another area that warrants attention is location based services. A growing list of services delivers valuable information, but exposure of private data can vary significantly per application. Moreover, each service has its own privacy schemes and settings which can change over time. Also, it’s often difficult for the user to know with certainty when their location is being accessed outside of specific requests or if it is being tracked by individual service providers or other members of a mutual service.

While some people are happy to publicly publish every moment of their existence, any new identity framework needs to provide fine-grained control of how location information can be used and who can have access to it down to the individual level. This includes the service provider as well.  The user should be able to control whether the service provider is allowed to accumulate location information or if each record must be deleted after the completion of a transaction.  Most important, the user should be able to declare their preferences and settings in one global profile that drives interactions which each service provider.

The framework should also allow a user with a GPS-enabled cell phone or mobile device to make anonymous transactions. For example, the user’s profile can verify that the phone/device is subscribed to a service without revealing who the user is and, for metered services, track the number of available transactions remaining. By providing the service and geo coordinates, there is no need to pass information that could identify the user such as the cell phone number to a location service provider. Under this scheme, you can check for local restaurants and entertainment, or get whatever relevant ad or promotion information is significant without the service provider being able to track your location or location records. Of course, the wireless provider will always have such records, but containment of such information is always a first step toward better personal security.


Overall, if a framework is put in place to allow these scenarios to be developed and evolved over time, a picture emerges of an internet environment that is much friendlier and allows the individual to tune their cyber-presence in ways that are barely imagined today.

The challenge in driving this vision to reality is the enormous complexity of the framework that would be required to deliver such a vision if it’s built on today’s computing architectures. Fortunately, there is advanced thinking and technology that could make such an interconnected environment practical. That will be the topic of my next post.

Editor’s note: Sandy Klausner is the founder and CEO of CoreTalk Corporation, the designer of the Cubicon executable design language, described at The opinions and concepts proposed by Sandy reflect his thinking about new types of programming languages, and web-based frameworks including Cubicon. SENDS does not endorse any specific product, but seeks to ensure members and guests of the Private-Public partnership of the SENDS Consortium are aware of novel thinking proposed by those associated with the Consortium and its efforts.

No comments:

Post a Comment