1. Mobile identity always has been and will continue to be the biggest game in town. Each year nearly 5 billion smart card technology subscriber identity modules are sold. And as smart phones grow in sophistication and as a result occupy an increasing percentage of user screen time they will become the most important area in the identity marketplace.
2. None of the Facebook, Google, OpenID, triad will actually manage to issue trusted identities in 2011 and consumers will continue to fail to realize they are the product and not the customer for these and many other identity providers.
7. The User Managed Access work of the Kantara Initiative will gain support as it addresses the overarching requirement of the need for user control of personal information in the era of shared infrastructure.
9. Consumers will demand the adoption and benefits of commercial off-the-shelf application software to provide privacy and identity protection of data at rest and in motion via encryption and secure channels in their day to day communications with banks, health care organizations, and other organizations even in those states where it is not mandated.
11. Identity theft and fraud will continue to grow and be subsidized by consumers via premiums, user fees and interest rates without the mandate for strong interoperable identities. And while the National Strategy for Trusted Identities will talk the talk it remains to be seen if it can walk the walk.
Coaching moment: As passive customers of digital services, we are prone to greater influence and manipulation by the system, for the benefits of the system and not for ourselves. If we wish to empower ourselves–and the commercial marketplace generally–with better and more trustworthy practices, we will need to be active and even vocal supporters of the alternatives that lead us in that preferred direction. This isn’t as scary as it might seem. It just means making certain choices more mindfully, more aware of the cost of “free.”
Across the pond in the UK, The Telegraph posted an article back in Aug. 2008, How Big Brother watches your every move, about the level of data collection by the Government, law enforcement agencies and private companies. From the article:
In one week, the average person living in Britain has 3,254 pieces of personal information stored about him or her, most of which is kept in databases for years and in some cases indefinitely.
We know it’s not just Big Brother but is really the 10,000 Little Brothers that are collecting the data. We also know they’re collecting way beyond what’s actually needed to complete any specific transaction. According to Matt Flynn, 89% of data leakage incidents in 2007 went unreported. While there’s a mismatch in years, I don’t think it alters the big picture: corporations treat personal datalike a big slushy resource with no regard for the individuals behind it. Moreover, I don’t think this practice or attitude has changed since this time. Facebook is a prime example of this corporate hubris.
There’s a short and informative post on Information Answers about the Trust Index Outputs that proposes a set of questions to help score trustworthiness on 12 topic areas. The specific questions that lead to the scores on each topic aren’t included, but I like the 12 areas:
Overall Approach
Data Collection
Data Use
Minimum Data Capture
Data Accuracy
Data Retention
Subject Access
Data Security
Data Sharing
Liability
Data Breaches
Adding Value
A set of metrics like this would go a long way toward recognizing and connecting with potential (and currently wasted) value in the information marketplace.
Coaching moment: As a person, I’d love to have some way of measuring the information sharing practices of companies I do business with. I’d love to know that someone was being held accountable for doing things in a measurable, trustworthy manner. As a company, I’d love to have the opportunity to show my value AND ensure cost-saving and efficient ways of keeping the data accurate and appropriate to my specific needs. Such a proposal as this Trust Index helps point to how we can make this happen. If you’re reading this as an individual, would you like to see such a thing? If you’re a company, what are your concerns?
Voluntary personal information sharing comes naturally to most of us. When given an opportunity, a few tools, and a community in which we can share our most intimate details, many people don’t hesitate to document their every movement and mood. We readily identify our friends and our preferences, and even document our vices.
Facebook is the place right now where a great many people share the most detailed information about themselves. Are you on Facebook? If so, you might be interested in a new site called I Shared What?!? that will open a window for you into what Facebook sees–and lets others see.
Coaching moment: Did you know you were sharing this much information? Do you know who has access to it, for how long, and for what purposes? Does this make you uncomfortable? Why?
At this past IIW, I convened a session to ask if and how it might be possible to do a stateless distributed membership for a website. There are two main ideas behind this proposal. First, I don’t really NEED to have a membership database of my own. That is, I don’t need to have another place for you to create an account, user ID and password. We can use OpenID, Information Cards, or other technologies for authenticating and authorizing you. Second, if I want to move toward a world where you control your own data, I don’t need to maintain the database of your comments. I only need to know where your comments are stored so I can properly assemble things as needed. It’s convenient but not technically necessary to own and control all the bits myself.
My proposal for a Stateless Distributed Membership is a mouthful, so I’ll unpack it a bit. There are three parts: a membership, being stateless, and being distributed.
Membership
Let me start with the easy part. You probably understand the idea of membership as a group or association of people contributing to something like a conversation or project. They’re members of a group, or in my case, members of a conversation or project on my site. Nothing unusual about this idea.
Being Stateless
Next is the idea of being stateless. In computer science, the http protocol that you use to call a web page and associated resources is stateless because you call a page from the URL or a link in your browser, the server responds by sending the page, graphics, or whatever, then you see it. Each request is separate; there’s no need to stay connected to the servers. In my case, being “stateless” means that each transaction is independent. Eve Maler talks about a stateless identity in her post Both a data borrower and a data lender be:
This is a kind of data statelessness, in that when you tell various sites they can set, read, and republish your [information from your Personal Data Store], they’re letting go of any pretense of exclusive hosting control so that they can offer you a different kind of value.
Now, in the IdM and VRM worlds, some of us have been talking aboutidentity statelessness for a while, which is similar but looks more like straight data-sharing (reading) rather than arbitrary service access (setting).
For some reason this is a tougher sell — even though CRM systems and user accounts are shot through with pale copies of stale data (and, in the enterprise case, even though syncing directories and replicating databases is brittle and no fun).
Even when one party — say, you yourself — is authoritative for some piece of personal data (like your home address), all the sites insist on making you provision a copy of this data into their profile pages by hand and by value, and insist on thinking they own something truly valuable even after you move and forget to tell them.
The bottom line: if I don’t insist on “owning” your data, we both will realize more value from our trust and flexibility. It’s daring, and in the larger scheme of things, I believe it’s a Good Thing.
Distributed
Finally, the term distributed refers to the fact that all parts of the conversation or projects are stored elsewhere on the net. If you wish to add a comment to a conversation on my server, your comment is added to your personal datastore (wherever it is, and whatever form it might take). When you wish to read the conversation, my server compiles the contributions as needed.
In this model, I do need to maintain a database of where to find your comments and a way to authorize you as the person who granted permission for me to include them in the conversation on my website. But think of it: if you want to revoke permission for me to use your comments, you can. How revolutionary (and potentially messy) is that?
Furthermore, you may choose to log in using an identity that’s different from the last one you used. That works on my server. For example, you might wish to be a regular person contributing to most conversations, but if you’re a professional fundraiser and one of the threads is about raising funds for a non-profit, you may wish to disclose your work and position in that context. Your two identities describe different parts of your life, and you may have good reasons to keep those parts separate.
The IIW Session
In my session, I described this concept and asked what people thought about it. I offered three scenarios where people might interact. One of them: a conversation or forum where blog posts and trackbacks can help create a threaded conversation. The session is an hour-long exploration and discovery of the possibilities. If you have questions or can add a piece to this puzzle, I’d love to hear from you.
My heartfelt thanks go to the people with whom I’ve spoken about this, including =JeffH, Eve, the guy at the end of the video talking with me about trackbacks (I’m sorry I can’t find your name), several others who made great suggestions and shared ideas at my session, and Joe, who spent considerable time exploring underlying frameworks with me.
Coaching moment: You probably have more than one account online, and have likely cursed the problem of forgetting user names and passwords. You may have wished that the picture of you holding a beer wasn’t online for your boss to see. Maybe you’ve been spooked by an advertisement for something that you really didn’t want. If you could do things differently, what would you do? How do you handle your accounts now? Do you feel secure about your online practices? Do you even want to be in control? Not everyone does.
What happens when someone learns you’re a blogger and then offers you something to write about? What if that thing they offer has commercial value? What if they’re offering it to you for free, asking you (express or implied) for a favorable review on your blog? Would you do it? Does that act change you?
The revised Guides specify that while decisions will be reached on a case-by-case basis, the post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement. Thus, bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service. Likewise, if a company refers in an advertisement to the findings of a research organization that conducted research sponsored by the company, the advertisement must disclose the connection between the advertiser and the research organization. And a paid endorsement – like any other advertisement – is deceptive if it makes false or misleading claims.
How does this work (or not) in real life?
There are two people I know who rarely blog or tweet about anything they haven’t benefited by (directly or indirectly). Their disclosures are hidden if included at all. Does that make them sneaky or dishonest? Not necessarily, but probably (according to the FTC statement above).
Compare: Someone who is very good at promotion, and who loves helping people and companies understand how to use different “social media” tools to help with their commercial outreach efforts. This is clear to everyone who meets her. She discloses her connections and endorsements, and is hired by companies wishing to learn how to be more social.
Current communication tools–including those referred to as “social media”–allow us to blur the lines between our opinions and reviews. When someone does something nice for us, we might spontaneously and publicly say thanks (via a wall post on Facebook or a tweet on Twitter). If someone gives us something with a shared expectation that we’ll say something nice about them, that’s covered under FTC guidelines. “Oh, you’re blogging about our restaurant? The manager says the dessert is on the house.” Who will know? Maybe nobody, but it’s more than your reputation that you’re risking.
Coaching moment: Do you become a different person, all bubbly and joy, when someone does something nice for you? I bet; most of us do. What about when someone does something nice but then advises you how much it’s going to cost? (“Nothing is really free,” and all that.) Not so bubbly and joy, this more manipulative and generally undesirable.
So where’s the trade-off? What goods and services would you happily engage in a social conversation about–because you love the company or their stuff, with our without getting anything free in return? What goods, services, or companies would you feel like you’d be selling your soul to promote? How much are you willing to “leave out” of a review because of free stuff? Where is your bottom line?
![[del.icio.us]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/delicious.png)
![[Facebook]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/linkedin.png)
![[Ma.gnolia]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/magnolia.png)
![[Technorati]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/technorati.png)
![[Twitter]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/twitter.png)
![[Email]](http://digitalidcoach.com/wp-content/plugins/bookmarkify/email.png)
