« The Internet Immune System | Main | Rainbows and Unicorns »

June 06, 2008

Privacy Redux

If you watch enough of the kind of brainstorming sessions that make up the Global Innovation Outlook, you start to realize that over time, each conversation develops its own center of gravity. A single, unifying theme almost always emerges, determined by some combination of the type of people in the room, the local zeitgeist, current events, and other inexplicable forces (Caffeine? Weather? Astrology?)

Yesterday’s Vancouver deep dive on Security and Society was no exception, as the twin issues of privacy and identity dominated the morning’s discussion. The group that was assembled was undoubtedly qualified to take on this thorny debate. We hosted representatives of some of the most successful organizations in North America, including the Royal Bank of Canada, Exxon Mobil, Visa, Best Buy, The Kroger Company, and Sun Life Financial. We had two venture capitalists, academics from The Marshall School of Business (University of Southern California) and John Jay College of Criminal Justice, and a director from the United Nation’s Counter-Terrorism Committee. We even had Phil Zimmermann, the man responsible for the world’s most widely used encryption technology, called PGP.

With a group this varied and knowledgeable, the conversation could have gone in any number of directions. But it was apparent early on that we were coalescing around the idea of privacy, personal data management, and the implications of both on security. This isn’t the first time we’ve had this conversation during this focus area. In fact, it was a major theme in our exploration of Media and Content back in 2007. But we came at it from some new angles this time and challenged some of our basic assumptions.

For example, the group was deep into a discussion of tradeoffs between privacy and security – does giving the government more information make us safer? Is Facebook the end of privacy as we know it? Are surveillance societies inevitable and irresistible? – when someone asked a seemingly innocent question: Does a lack of privacy actually make us less secure?

Though the answer may seem obvious to some, it’s an important question that I don’t think the group managed to answer. For example, there was an assumption among much of the group that divulging more personal information to the world makes us less secure. But does it? Another word for a lack of privacy is transparency, which is generally seen as a good thing when it comes to improving security. Many times during the course of this focus area, we’ve heard participants lament the loss of community-based security, in which a village or neighborhood maintained security simply because everyone knew everything about everyone. There was no anonymity. Nowhere to hide. No way to deceive.

“When I was young, I was a hippie, and we did crazy things,” said Larry Ponemon, Founder and Chairman of the Ponemon Institute, a research consultancy focused on privacy and data protection. “But God forbid there should be a record of that the way there is for kids today on Facebook and MySpace. We did the same things back then, but we didn’t have the data tail.”

An argument could be made that having that digital record, or data tail, actually makes us a more transparent society, and perhaps more secure. Many participants have voiced the need for some kind of online scrubbing tool that would essentially remove your digital tattoos online, give you a fresh start at building a new online persona. But would a tool like that work in favor of the good guys or bad guys?

The idea of a service that could ferret out all the information about an individual and delete it is admittedly farfetched (not to mention technically impossible.) But one idea that emerged which has legs was that of “data tethering” and “digital annotation.” The former is the concept that an individual should have the ability to know where a piece of personal information about them comes from and where it goes throughout its lifetime. The latter is the idea that though you may not be able to remove information about yourself from the ether, you should be able to comment on it, dispute it, or correct it (think Wikipedia.)

We clearly could have dissected the privacy issue all day, but in an effort to move on, we gave the group a challenge in the second half of the day. Throughout these deep dives, we have heard two distinct camps of security philosophy: 1.) The centralized, regulation-oriented, government-dictated camp, and 2.) the distributed, networked, personalized and community-driven security camp. Both are compelling. Both have strengths and weaknesses. And we did some exercises to try to build-out more ideas about how we could employ each in a more directed and strategic way. We split the group in two, and had each group take a side, identify some opportunities and present the findings back to the collective.

The good news is both groups instantly recognized the need for the other. I’ll let Jeff Jonas, an IBM Distinguished Engineer and Chief Scientist for Entity Analytics Solutions, explain the concept:

All in all, a great day. But we really just scratched the surface of what are some very compelling ideas. Next Tuesday we wrap it up in Chicago, and begin the long process of collating all of the insights into a report. So stay tuned.

June 6, 2008 in Security and Society | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8345313a569e200e55302a53a8834

Listed below are links to weblogs that reference Privacy Redux:

Comments

As the Security and Society effort wraps up, it is interesting to conjecture what direction society will go, specifically with regards to the internet. My opinion is that the single greatest change we will see over the next 10 or 15 years will be the introduction of genuine topography to the web. The mechanism to embed this structure has always existed, but for various reasons, implementing such a structure was never considered to be a high priority.

With the exception of a relatively few restricted URL tags like "dot-gov" (.gov), or qualifiers like "https" as opposed to "http" to denote a secure site, very little has been done with the capacity that exists. Many of the security efforts we see in the -physical- world depend on the man-made and natural topographical structures we are familiar with - Towns, cities, streets, national boundaries, oceans, continents---. There isn't any real analogy to these in cyberspace, where for the most part, beyond the invisible routing, every URL, and every web site exists as a solitary point in a vast universe, equidistant to, and equally accessible from any other point in this space.

This might change over the coming years with the introduction of new, and restricted internet syntax. One could imagine the introduction of URL tags like "dot-juv", (.juv) to denote sites suitable for juveniles. They could be restricted, and getting one might involve a process much like that associated with starting a day care center in the United States. It is going to cost money too!

Financial institutions might be provided with a "dot-fnc" (.fnc) tag, that in return for additional costs and regulatory requirements, allows them increased security and some level of protection in addition to their own firewall. They could be set up within a monitored subspace of cyberspace in which, for example, individuals convicted of financial crimes could be excluded by law as part of their sentencing. This monitoring would not need to, nor would it involve any information about your financial transactions.

These are simply examples, the development of web topography is going to depend on many factors, primarily market forces and public perceptions. Also, there is no reason to believe that it will be analogous to physical topography and the boundaries we associate with the physical world. My perception, however, is that it will probably happen, and within the next few decades.

Tim

Posted by: Tim R | Sep 18, 2008 1:19:31 PM

I do want to qualify a potential misconception. It is not about anticipating a generally restricted cyberspace, dominated by legislation. There will always be dot-coms, and there will always be entirely anonymous sites. The question becomes how future trends and events will influence society's desire for increased security, and the costs and rewards of creating these topographical structures pursuant to this aim.

There will always be dot-com banks, but they may have a very different price structure, and doing business with one might be much like purchasing auto insurance after a DWI (Driving While Intoxicated) conviction.

Posted by: Tim R. | Sep 18, 2008 2:45:35 PM

It is worth noting that there -are-, indeed, restrictions associated with national top level domain tags, like "dot-jp" (.jp), or "dot-de" (.de). These restrictions are currently an inconsistent patchwork with some nations taking a more active viewpoint than others.

This will probably be the first area to see genuine structure, as nations are increasingly held accountable for activity associated with their national top level identifiers. Knowing someone who lives in that country, or making a cursory business arrangement with them, will no longer be sufficient to get the top level domain you wish.

Posted by: Tim R | Sep 19, 2008 7:16:42 AM

[url=http://avatori.ru/category/16/103/b509/]dell[/url] Interesting point of view, I'll try to remember filkrostrina

Posted by: dell | Mar 22, 2009 8:12:15 AM

[url=http://hi5.com/friend/group/4113379--Martial+Arts+1--front-html]Martial Arts[/url] [url=http://hi5.com/friend/group/4113382--Hurricanes+and+Martial+Arts+Tr--front-html]Hurricanes and Martial Arts Tr[/url] [url=http://hi5.com/friend/group/4113393--Architecture+Schools--front-html]Architecture Schools[/url] [url=http://hi5.com/friend/group/4113395--Architecture+1--front-html]2009 Architecture[/url] werwhelve

Posted by: werwhelve | Mar 24, 2009 5:16:25 AM

[url=http://cameras-catalog.com/kodak/easyshare_cd33/1810/]Kodak CD33[/url] Interesting point of view cos of very plausible arguments vozingrangder

Posted by: vozingrangder | Mar 26, 2009 11:08:23 PM

[url=http://yourphone.com.ua/nokia/n81/225/]купить nokia n81[/url] Convincing yourself doesn't win an argument. anderstolik

Posted by: anderstolik | Mar 28, 2009 4:39:56 AM

[url=http://cameras-catalog.com/kodak/easyshare_c913/1864/]Kodak C913[/url] Don't take the wrong side of an argument just because your opponent has taken the right side. foghisont

Posted by: foghisont | Mar 28, 2009 11:47:22 AM

[url=http://yourphone.com.ua/brand/pantech-curitel/37/]телефоны Pantech Curitel[/url] Poeple are not so innocent as they seem to be. gilliancentis

Posted by: gilliancentis | Mar 28, 2009 3:18:00 PM

[url=http://avatori.ru/category/16/103/b632/]ноутбуки IBM[/url] In argument similes are like songs in love; they describe much, but prove nothing. kilardinas

Posted by: kilardinas | Mar 28, 2009 6:51:02 PM

[url=http://leloo.com.ua/theme/item-232/]Отдых[/url] Science... never solves a problem without creating ten more. lakirjosda

Posted by: lakirjosda | Mar 28, 2009 10:21:32 PM

[url=http://cameras-catalog.com/kodak/easyshare_cx4200/876/]Kodak CX4200[/url] The formula of the argument is simple and familiar: to dispose of a problem all that is necessary is to deny that it exists liderspondik

Posted by: liderspondik | Mar 29, 2009 1:54:49 AM

[url=http://seeerch.com/search/benicia_homes]Benicia homes for sale[/url] An Argument needs no reason minakrytnab

Posted by: minakrytnab | Mar 29, 2009 5:29:32 AM

[url=http://ava.com.ua/category/17/117/]кондиционеры[/url] The most incomprehensible thing about the world is that it is at all comprehensible. mintratyha

Posted by: mintratyha | Mar 29, 2009 9:06:44 AM

[url=http://loyd.com.ua/theme/item-236/]Авто[/url] If being sane is thinking there's something wrong with being different....I'd rather be completely mental. vidiktrasi

Posted by: vidiktrasi | Mar 29, 2009 12:47:50 PM

The comments to this entry are closed.