Posted 9:11 AM (0) comments

Shame on Google

Ben Adida takes Kim Cameron to task ("Privacy Advocacy Theater") for taking Google to task ("The Laws of Identity smack Google") Ben claims that Cameron is over reacting ("Come on, Kim, this was accidental data collection by code that the Google Street View folks didn’t even realize was running. ") But I'm here to say that Kim was spot on.

As Cameron notes in his reply:

"My argument wasn’t about the payload data that was collected accidentally. It was about the device identification data that was collected on purpose. "

As Kim rightly points out, collecting SSID and MAC addresses (as Google says they did on purpose) is just as heinous - perhaps even more so - then collecting the contents of data packets. MAC addresses persist. The MAC address of the computer I'm using to type this entry is the same one that is used when I get my email, talk to my bank, shop at amazon (and other places) chat on Facebook, etc. That MAC address is an attribute of my identity just as much as my street address is. More so, since I don't need to mention my street address to pay cash at the grocery store.


Kim, as he so often is on issues of identity and privacy, is right on this one. Neither Google, nor anyone else, should be collecting data which can be correlated to a MAC address, or to any other identifier attribute of a person's identity. The only exceptions should be: a) opt-in authorization by the user (i.e., "loyalty cards"); or b) properly executed law enforcement warrants.

Labels: Google, privacy

Posted 10:35 AM (0) comments

EIC 2010: Kim Cameron on Minimal Disclosure

German blogger "mrtopf" has posted an excellent summary of Kim Cameron's keynote, delivered yesterday at the European ID Conference in Munich.

In his talk Kim disclosed his new project, the Federated Directory Project. Using the cloud, claims, minimal disclosure and roping in (one way or another) most of the existing ID protocols and systems.

It was a breath-taking tour-de-force as only Kim can deliver it.

There'll be a lot more to come as Cameron tries to bring as much input as possible to bear on his project. Watch for opportunities to get involved in a community that will (hopefully) coalesce around this.

Stay tuned!

Labels: Active Directory, ADFS, architect, cloud, EIC, federation

Posted 10:34 PM (0) comments

This blog has moved

This blog is now located at http://newvquill.blogspot.com/.
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to
http://newvquill.blogspot.com/feeds/posts/default.

Posted 10:58 AM (0) comments

European Identity Conference 2010

Less than two months to go until the 4th annual European Identity Conference, and registration is now open! Once again, as last year, I'll be delivering an opening keynote as well as hosting two session tracks.

On Tuesday (5/4/10), I'll keynote on "Convergence: Better Control, Lower Cost". Since it's the keynote between a break and Kim Cameron, I should at least get those who want to come early to get a good seat for Kim!

On Wednesday (5/5/10), I'll continue the "convergence" theme with a track called "Value Through Convergence - Consolidate for Better Value, Efficiency and Security".This will feature a conversation with Martin Kuppinger ("5 Quick-Wins to Leverage your Existing Identity Infrastructure through Convergence"), a conversation with Kim Cameron ("Converging User-centric & Enterprise-centric IDs") and two panel discussions: "Converging Data Governance and Access Governance," and "Establishing an Advanced Level of Enterprise Identity Maturity."

Then, on Thursday (5/6/10) I'll tackle "Cloud Platforms & Data Portability". This track will feature an intro talk ("Data Statelessness and the Continuum of Individuals' Data Portability on the Web") by XMLgrrl herself, Eve Maler. We'll follow this up with two great panels: "Social Data Portability," and "Business/Cloud portability."

There'll be other great sessions, also - there always are. Plus, the Deutsches Museum in Munich is a fabulous venue. I hope to see you there.

Labels: cloud, EIC, enterprise

Posted 11:02 PM (0) comments

IIW spring 2010

Time to register for the spring Internet Identity Workshop. Do it now.

Labels: IIW

Posted 9:27 AM (1) comments

Which ox are you goring?

ProjectVRM's Joe Andrieu has a long, but not necessarily rambling, post today buttressing his (and the project's) stand on data sharing.

He makes some great points, such as that many people confuse privacy with secrecy. And that transactional data is owned by all parties to the transaction separately and mutually. He totally misses some points, such as confounding Digital Rights Management with meat space copyrights.

But where he really got me was right near the very end of his screed where he says:

"Because the fact is, we want to share information. We want Google to know what we are searching for. We want Orbitz to know where we want to fly. We want Cars.com to know the kind of car we are looking for.
We just don’t want that information to be abused. We don’t want to be spammed, telemarketed, and adverblasted to death."

But the reality is that we will be "spammed," telemarketed and adverblasted whether or not the party doing the marketing knows what we want or not. Advertising should be about letting me know the possibilities that might interest me. And the only way that can happen is if the advertiser knows my likes and dislikes, wants and needs. Isn't that the premise of VRM, that we (the users) tell the vendors what we want and they then compete to fill our need? How can they do that without telling us of their offers, and isn't that advertising? Targeted advertising, targeted directly at the person(s) who are looking to buy.

Rework the post, Joe. There are too many good points to be spoiled by such a bad ending.

Labels: privacy, sharing, VRM

Posted 12:37 PM (3) comments

Google, OpenID and Chris Messina

Today's announcement that Chris Messina is joining Google is certainly good for Chris, probably good for Google - but what about the openID Foundation?

As of today, Google has 3 members of the Board of Directors, their corporate rep (Eric Sachs), and "community" reps Messina and Joseph Smarr. That's 3 out of the 19 board members.

I should note that Yahoo has two members, a corporate one (Raj Mata) and a community one (Allen Tom), as does Microsoft (Mike Jones and Dick Hardt).

I do think that any corporate member should be prohibited from also having employees hold community seats. Not that I have any indications that messrs. Messina, Smarr, Hardt or Tom would vote against their own principles, but people's principles are influenced by those of the culture in which the perform their daily employment tasks.

Over and above that consideration, though, should be the desire to avoid even the appearance of a conflict of interest.

Maybe it's time the Foundation adopted a rule prohibiting such perceived conflict.

Labels: Google, Microsoft, openid, Yahoo