Saturday, April 16, 2005

Comments on identity reform

[The rest of this post is a comment that I posted on a post on Chris Ceppi's blog entitled "Identity Reform".]

My best guess is that if there is such intense anxiety and mistrust about something, then there is an excellent chance that the problem statement simply hasn't been done "right". In this case, maybe the discord isn't really about identity per se, but it just happens that identity is the "button" that triggers all the emotions.

Let me ask a simpler question... Why is "digital identity" so important? The superficial answer is that we wish to deliver services that are personalized for the individual. More technically, I would say that the service "depends" of the individual. Is this really "your" data? Have you paid for the service? Are you old enough for the service? Does the service "group" recognize you as being a member? Do law enforcement authorities wish to track access or preclude your access to the service? Where should the service be delivered to? How is billing and payment handled? What service customization options do you want the service to record to facilitate future interactions? etc.

In terms of anxiety, the big question is always "Why do you need to know?" Until we can establish a track record of a few millennia (or at least a few generations) of non-abuse (by government, by business, by criminals, by busybodies, etc.), this abuse-related question will be the keystone of identity-related discourse. Of course the answer is almost always one of a handful of possibilities: 1) to deliver the service you've requested, 2) to deliver better service, 3) because the government requires the information. "Better service" can be a euphemism for exploiting data for purposes not directly related to delivering the contracted service (e.g., selling the data or bartering it for cross-marketing purposes).

If you want to talk about reform in a way that resonates with consumers, how about focusing on virtually eliminating the data that vendors can possess about their customers. Call it "privacy abuse [by businesses] reform".

I've sketched out one idea for trying to balance privacy with legitimate business needs in a concept I call a "Data Union" where businesses can get access to information they need to deliver service without needing their own privacy-violating databases. I'm sure there are other approaches, but if we can't address even "merely pragmatic" issues related to businesses, how are we going to tackle the thornier issues related to government intrusion abuse and national security issues?

See: http://basetechnology.com/data_union.htm

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home