Here’s another example of the natural progression of Moore’s law and privacy invading systems; where in the powerless (shipping containers, pets, cattle, prisoners, solders, women and children, shoppers, etc) pay the start up costs. In this case we are tracking high school students. I think I may need to touch up my model a bit. Clearly the police states are also a fertile source of funding for innovation.
Lauren Weinstein posts about being accused of being unhelpful.
But a message from another privacy personality was as polite as it was disturbing.
The sender noted pretty much essential agreement with my arguments regarding the lawsuit, but strongly asserted that my post was “most unhelpful” by “undermining” efforts to bring Google into advocacy group consultations.
Solidarity has it’s function, and for many groups it is their most substantive source of power. When opposing such groups divide and conquer can be a particularly effective strategy.
Lauren counters with a few of the standard counter points.
For example he labeling the shunning as “ad hominem attacks.” One of the puzzles of group dynamics is how solidarity is maintained. How does the group signals to a participant that he’s out of bounds? How does it even negotiate the consensus about it? There are always boundary keepers that will volunteer to do this function, and it seems they often over shoot. The phrase party disciplinarian comes to mind. No doubt the most vitriolic of the reactions he got were offensive attacks on his person rather than the topic under discussion. When the full bore shunning takes place, the triggering issues fall by the way side.
My point here isn’t to dig into the issue. My interest is in the group dynamics.
In the internet identity design space the group dynamics is what interests me most. The ebb and flow of each group’s positions. One of these groups is the loose collective of folks who I think self identify as Privacy Advocates. Lauren is a founder of that group. That he has triggered their immune system makes this an interesting case study.
Lauren points out the Google, the other party in this particular dispute, is a group too; like Soylent Green it’s made up of people. Of course Google is not a group of people in anything like the sense that the Privacy Advocates are. While there some weak status and hence hierarchy in the PA community it is primarilly an open system from the get go. They are a loose collective of reasonably like minded folks. No doubt that movement could use a bit more organizational muscle, but as rebels against power it’s a tough sell.
Google, on the other hand, is a corporation - the entire design pattern of corporation runs contrary to open systems. Presumably it struggles against that tendency, but the defaults are what they are. Just to take one particularly small example, Google Apps reveals the email of any user who signs up for an application to the application vendor - it’s a choice, and they had to make a choice. Their scale (their power) means that choice point is highly leveraged.
Scale, as usual for me, is the interesting part. The Internet Identity standards battle is one of the few standards wars that deserves the nearly full blown military metaphor. Armies, some of these groups are best treated as armies. The landscape under dispute is extremely valuable and some groups on the field are entirely focused on winning an owning that real estate.
That’s a polarizing framing, eh? Groups, like the privacy advocates, who’s power, solidarity, is grounded in being rebels against these powerful, often mindless, armies are likely to view chatting with the enemy as traitorous. It’s ironic though. Lauren in making the argument that the other guys are made up of people is in fact appealing to a core value of the privacy advocates, e.g. that the individuals trump the group when making any design choice in this space.
One of the puzzles in this standards space is how hard it is to negotiate with any of these groups. Most of them are not able to cough up a representative with whom you can negotiate. The privacy advocates are the worst case of that. There are dozens of people in that group with stature; but if you expend a few man months of effort negotiating with one of the his agreement doesn’t buy you the assent of the larger collective. The privacy advocates aren’t organized in a manner that delivers a throat through which they can speak. While I think that’s a good thing it makes the standards bodies prefer to ignore them.
But the other groups are just as awful. Some of these are rent seeking. Some of fear for their existence. Some of them are playing property rights games. Some of them send diplomats to the negotiation with false authority, since their senior management is uninterested in this standard’s battle.
To me it is a key point that the negotiations, and the battle, is between these groups. Oh sure, there is an dialog between individuals that is critically important - since that’s were the design that actually works will be discovered. Understanding the nature, culture, and motivations of these groups is the key. In each of these groups there are a few people who are coming to see that they must work on the problem at this level.
For those people the hardest part is negotiating with their own people.
Managing the selective revealing of fine grain private information marks one border in the Fantasy land of Internet identity design. My preferred use case: Authorizing your barber to reveal your hair color to your bespoke tailor. Far on the other end of the imaginary continent are systems that distill statistics from the incidental revealing. Those are much easier to pull off, Amazon’s been doing it for years. I think this may now be my favorite use case:
“Female CIOs spend 32% more time tracking federated identity transactions through pink-themed monitoring applications.” — Paul Madson commenting on Wakoopa
The trick with the incidental revealing schemes it getting access to a large flux to eyeball. Amazon and Google can do that by contemplating their own traffic logs. Double click does it by negotiating their way into the click stream. Sites like Delicious, Flickr, and Stylefeeder do it by getting users to reveal their preferences in exchange for helping them manage and share their collections.
Wakoopa provides self monitoring. It records what applications your using. Interesting how the intent of that can be framed in three ways: revealing your private data (as above), consumer empowerment (met other users), or as a self control tool.
Which ties this into the Breakdown of Will thread. Tools that help with self monitoring here for example are hardly different than what Wakoopa is doing. Naturally they accumulate private data. Naturally they involve the introduction of another party, since that party can enforce the control.
Many many years ago now I spent a while working on the Internet Identity management problem. In fact I have a whole category with postings I did during that period. Boy, talk about a tough problem!
Back in day one of the problems we worried about a lot went under the name “account linking.” This problem comes up in lots of guises. One most people are familiar with is the problem of removing duplicates from a mailing list. Another is using social security numbers to link together account information. Account linking is one of the corner stones of the privacy problem. Account records are journals of somebodies’ behavior, but if you can’t link that record to them then the privacy question is muted.
As a result of that period I tend to be fastidious, some would say obsessive, about keeping some accounts hard to link. I have a primary user name I use when I don’t care; but otherwise I have distinct user names, passwords, email addresses. I justify this as a hobby, ongoing research in privacy and identity. It’s a pain, but I seem to enjoy that exercise - whatever.
So it was with some amusement that I received an email from some valley startup that has offers a service for your inner stalker. Of course they advertise it as a way to follow your friends, yeah right. What they appear to have built is a scheme for doing account linking that is based on both the usual heuristic’s approaches (such as those seen in mailing list de-duping) and a modicum of social engineering. The later part is clever, if vile, they get your “friends” to link your accounts.
The email I got told me that they and my “friends” had figured out four different accounts I have; flicker, digg, pandora, and stumbleupon. Only one of these was interesting. The account they had uncovered for me at digg was one of the ones where I thought I had made it resistant to casual linking.
Their email went on to say; and I love this in a eye-rolling way: “you would like to make these accounts private, please change the privacy settings on the original network and Spokeo will update its search results to reflect your changes.”
So I head off to Digg to see if I can see what I missed. Digg has a complex page of privacy settings, it’s one of dozens of pages in their account management UI. At the bottom of that page is a toggle for advanced settings. Inside that is a toggle to disable finding me using my email address. I hadn’t set that. So I’d guess is that the stalker service is polling every email address they harvest to discover digg accounts. Digg and I slipped up, but at least we were trying.
Did I mention that this problem is hard? I’ve grown increasingly doubtful we can solve this one. But yeah, what choice do we have but to try?
Unsurprisingly all the driver’s licenses in the US, which are nominally issued by the states, are actually coordinated through a centralized hub. We know because it broke. I love puzzling out where these hubs are. For example there is another one for medical information, that I gather is here in Boston.
I’d be very interested to know how much these hubs talk to each other. I.e. how much the driver’s license data pool mixes with say the credit rating data pool.
It’s hypothetical, but seems like a safe bet that the breakdown was associated with the new year and probably an big risky upgrade required by the Real ID boondoggle.