3PHealth Blog

Me – The intersection of Privacy, Security and Identity on the Web

Tuesday, March 20th, 2012

Choice

As I read more and more about online privacy, security, and identity it seems to me that people are missing the larger picture here. So in this blog post I’ll attempt to join the dots.

There are three main challenges on the Web today:

A lack of confidence that people, organization and businesses are who they say they are
The lack of an adequate authentication mechanism burdening consumers with the need to juggle multiple passwords and usernames
A growing list of privacy violations that disclose sensitive information that undermines consumer trust in the Internet

So what’s the solution? Is there even a viable solution?

Well I think there is. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

It will be privacy enhancing and voluntary
It will be cost effective and easy to use
It will be secure and resilient
It will be interoperable

It’s pretty simple really

I have to have a way to enhance my privacy without disrupting any of the current business practices. Think of this as an overdrive gear on your car. The car runs fine with all the current gears, but if you need something extra (fuel savings for instance) another gear is at hand. This is what the Web needs – another gear that offers something better, but does not disrupt what is currently there
It has to be cost effective and easy to use. In a nutshell it must be standards based. Again using the car as a example – I should be able to upgrade to a better quality of gasoline without changing my engine. And the reason I pay more is because I get something from it (a longer lasting engine). In essence the solution has value
It will be secure and resilient – it must be flexible, adaptable, sustainable, and the user must have confidence in it’s security
It’s got to work everywhere and it has to scale from transactions that range from anonymous to fully-authenticated and from low to high value

In my next blog post we’ll use the attribute and feature set to see how Do Not Track stacks up.

Some Animals Are More Equal When it Comes to Digital Privacy

Monday, March 19th, 2012

In a recent conversation with a colleague, it suddenly struck me that while I see lots of products and services (and budget dollars) supporting IT security, there are almost no products or services supporting privacy. Why is that?

Security is about protecting corporate data. But let’s look at the other side of security – privacy. Privacy is about protecting the use of personal data. Is my personal data any less important than a company’s confidential data? It shouldn’t be. According the U.S. Supreme Court we’re both “persons”. I’m feeling an Orwellian paranoia swelling up. Not the 1984 kind, but the Animal Farm kind.

“ALL ANIMALS ARE EQUAL, BUT SOME ARE MORE EQUAL THAN OTHERS”

In a private company, anything marked confidential is confidential. On the Web, things are much less clear. Is my phone number confidential or public information? What if I have an unlisted number? Is my location confidential? What about my name or email address? Sales people get sued over taking customer lists when they leave a company, so why would anyone or any company in their right mind think taking my address book is okay. And to add insult to injury, they profit from it. Really?!

Most people get that Web content is not free. It is implied that the price of free content is ad presentation. Most people are fine with this, as study after study shows. But the reality is that most people have no idea with whom their data is shared. And the way the Web works, most websites use other people to serve their ads or track analytics – a “3rd Party”. The “First Party” uses your data to deliver a relevant service, per their Privacy Policy, but they loose control over it once the 3rd Party touches it. The Do Not Track initiative’s intent is to put the days of hiding behind first and 3rd parties to an end.

While commendable in it’s intent, DNT is proving near impossible in its implementation. The cost to countless businesses to change their infrastructure and business models may prove too much for a multi-stakeholder initiative – many of whom are the people who either profit from cross-site tracking or have the greatest expense to adapt to the new standard. Organizations such as the ACLU and the Stanford Center for Internet and Society, are working hard to keep the task force on point, but once you throw in the legal and cultural differences from country to country and the task seems daunting.

The fundamental problem with digital privacy policy today is that I DON’T GET TO CHOOSE what is confidential to me. The choices are being made for me. They are being made by corporate persons who carry more political and legal influence than us lesser human animals. The definition of what is private to me versus you is simply not considered. For most people, the privacy outrage is not based upon hiding something bad or wanting to be paid for our data, it’s is simply about having a choice. We want and expect our rights to be respected, represented and protected.

Until each Web user has a clear choice over what data is shared, with whom, corporate persons will be more equal than you and me.

Privacy: Is No Not Track really about Customers having a Choice – or is it something else?

Monday, March 19th, 2012

There’s an interesting article in POLITICO (What exactly does ‘do not track’ mean?) asking the question everyone is becoming more concerned with. And the answer is “maybe what you think” or “it could be what you think” or “we’ll just have to wait and see”.

Awhile ago I wrote a blog Privacy on the Internet is NOT “binary” my premise was that without offering the user a Choice you weren’t offering any real form of privacy.

As I read the Politico article i’m reminded again how a binary approach to privacy is bordering on the un-feasible. Here’s why – I open up my browser and change the Do Not Track privacy setting to 1. This (in my mind) lets every Web server know that I do not want to be tracked. You cannot store my data, you cannot resell my data, in essence I want you to respect my privacy.

That’s what the “1” means to me. But according to the article and the proposed standard it doesn’t actually mean that at all. It merely means that the various content providers should interpret what I mean by “trying to following” the current guidelines. As the Politico article points out everyone has an opinion on what the standard means.

In essence the DNT=1 setting gives the content providers/advertisers a Choice – and removes my Choice. And that’s why the devil is really in the details on this standard. If there isn’t consistency, then there will not be compliance. Without compliance there is no real enforceability (because it was open to interpretation).

I often wonder what part of “No” didn’t you understand.

Also you have to remember that this is a global standard which means other countries are going to have to comply with it (or not). Already they’re running into issues as it relates to regional privacy laws. You have to know where I am at all times to know how to resolve the local privacy laws. (That means you have to track me).

Privacy is a really big issue – on the one hand you have the user who wants and is entitled to his/her privacy. On the other hand you have the content providers who in return for a “free Web” sell access to your data. (Think of if as financial engineering). Now how do you balance the two without disrupting the entire value chain.

Well the answer is in delivering a real Choice™ – one where BOTH consumers and content providers participate equally. Until that happens you’re going have something that looks like this. (Hint – you’re the guy at the top)

Seesaw

The Power of Contextual Menus on a Mobile Device

Friday, March 16th, 2012

This was an interesting exercise. I went to Google Docs in my desktop browser and looked at the contextual menus in the page.. They were File, Edit, View, Insert, Format, Tools, Table, Help. I wanted to see how long it would take to recreate those exact same menus in a Web page that work on both Android and iPhone (Google Docs requires a Mobile app to do this).

Here’s the result: 9 lines of HTML code, and about 2 minutes to create. Now the really cool thing is that I can change these menus in real time based on someone switching to another service or even another Web site. You could even pre-load from a cache on the device.

And the same code runs exactly the same on iPhone

The Innovators Dilemma – Improving the Internet so I have a choice in how it recognizes Me

Monday, March 5th, 2012

In my last blog – Privacy: My Expectations vs.. My Reality I started with a famous quote from Wernher von Braun – you can recover from a production flaw but never from a design flaw.

The design flaw that I hinted at was the Internet’s (HTTP) reliance on Cookies to add “state” to a users browser. This is almost in direct conflict with Privacy. And I know the purists are shouting at me now, but think about it, if I don’t want to be tracked then I should simply be able to turn off anything and everything that could possible use my data, and that includes no more cookies. (Of course the Internet would collapse without Cookies).

So how do we change the current design of the Internet to solve this dilemma?

Before we try and answer that problem, let’s revisit another blog post (Privacy: Do Not Track & the real Elephant in the room) where I quoted two Norwegians and their definition of Privacy.

Selmer and Blekeli in 1977: Privacy is the legitimate interest of a person to control the collection and use of information that relates to him/herself. (Source: “Data og personvern” p. 21, Universitetsforlaget, Oslo)

So now we have the underpinnings of the problem we need to solve:

How do you improve the Internet so that I can control the collection and use of information that relates to “Me” – and do so while co-existing with the current Internet.

Now let’s double check with the current White Houses Administrations proposal to ensure that we’re still all in agreement. Here’s the paper you need to read “National Strategy For Trusted Identities in CyberSpace” Page 2 is the critical page. And here it is:

Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

The realization of this vision is the user-centric “Identity Ecosystem” described in this Strategy It is an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices The Identity Ecosystem is designed to securely support transactions that range from anonymous to fully-authenticated and from low- to high-value The Identity Ecosystem, as envisioned here, will increase the following:

Privacy protections for individuals, who will be able trust that their personal data is handled fairly and transparently;

Convenience for individuals, who may choose to manage fewer passwords or accounts than they do today;

Efficiency for organizations, which will benefit from a reduction in paper-based and account management processes;

Ease-of-use, by automating identity solutions whenever possible and basing them on technol- ogy that is simple to operate;

Security, by making it more difficult for criminals to compromise online transactions;

Confidence that digital identities are adequately protected, thereby promoting the use ofonline services;

Innovation, by lowering the risk associated with sensitive services and by enabling service providers to develop or expand their online presence;

Choice, as service providers offer individuals different—yet interoperable—identity credentials and media

So lets summarize the problem…

The innovators dilemma is to figure out how to extend the current HTTP protocol so that it can offer Me: Privacy, Convenience, Efficiency, Confidence, Control and a Choice in how my information is collected and used.

Teamwork

Well here’s the good news – fortunately we only have a production flaw NOT a design flaw to deal with. Let’s head over to read the document that tells us how the Internet works and see if there’s anything there that can help solve the problem using a little teamwork e.g. the browser manufacturers, the W3, Web servers and Content providers all working together to give me a Choice.

The document is RFC 2616 and here’s the important part that points to the answer:

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers. A feature of HTTP is the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred.

I’ve highlighted the answer to the Innovators Dilemma.

HTTP is an “extensible” protocol which means that we can extend it to support new ways of doing things. And the way to do that is with something called an X header. In technical parlance this “is a standards based method to extend the protocol with non-standard based data”. The non standard data in this case is secure, encrypted information about me that I chose to allow the browser to share with a trusted Web site or 3rd party provider.

Now how do we integrate all of this? Well we start with the two Norwegians definition of Privacy and use that to determine the control method. If I have to be in control then there’s only one place to add the controls – the Browser. We add a secure database that holds my information – we then allow the user to control every aspect of that database. In essence you can chose to share whatever you want, with who ever you want.

Now lets go to the second part of the problem – the content providers/web servers. Well there’s good news here to. If I trust them, then I can elect to share my data, if they abuse that privilege then I can turn off sharing – I always have control over the process.

So how do they get my data?

They read the incoming X headers (the approved way to transmit non standard data over a standard protocol). Now again I can hear the purists shouting – “that’s going to put a big load on the servers”. And to that I say nonsense – servers are incredibly fast these days and the burden of reading an extra 100 bytes of data on every request even if it is encrypted is insignificant. And if it is – then buy a bigger server. Those bytes are the least of your problems.

So there you have it – the answer to the Innovators dilemma on how to improve the Internet – add your identity to the browser, do it in a way that allows you to control that identity, and then share it using current standards with any Web server. It meets all the White House guidelines, it works with every Web server, firewall, filter and router. It requires zero changes to the current infrastructure other than to ship a new browser with essentially a wallet built in.

In essence this will transform the Internet in to something it should have been in the first place – a “contextually aware data communications platform”. Only this time I will finally have a Choice in the collection and use of that information that relates to “Me”.