Category Archives: identity

Craig: “Are you a libertarian or something, because I’m not sensing any clear political philosophy behind your position?”

Alec: “No, I’m not a libertarian. I’m from the Internet. I’m here to help.

Haz.

Future Identities: Changing identities in the UK: the next 10 years #bis #internet #identity

Link; I have not yet had time to read it but upon skimming it seems almost a sane reflection of how things actually work.  What therefore worries me is that a politician is therefore going to try to stick a stake in the ground to “leverage” this…

This Report provides an important opportunity for the Government to consider how identities in the UK are changing and the possible implications for policy making over the next 10 years. For the first time, it brings together many areas of research into a single coherent narrative to analyse how drivers of change may affect identities in the UK in the future.

The findings are based on the most recent evidence from a wide range of authoritative sources. Over 100 academics and stakeholders have contributed to the development of this Report and the analysis is supported by 20 published evidence papers. I am particularly grateful to the lead expert group, chaired by Professor Chris Hankin, which has overseen the work.

Foresight has undertaken this research in response to growing evidence that the UK has undergone significant changes which affect how people see themselves and others. The economic downturn, the effects of globalisation, and increasing international migration have all been influential, while the impact of social media and modern communications technology have created a new ‘digital’ UK. In particular, the Report discusses an emerging trend towards ‘hyper-connectivity’, where mobile technology and the ubiquity of the internet enable people to be constantly connected across many different platforms. Hyper-connectivity is already removing any meaningful distinction between online and offline identities, while also blurring ‘public’ and ‘private’ identities. The trend could also act to increase the pace of change, leading to more dynamic and changeable identities and behaviours.

This Report shows that ‘identity’ is not a simple notion. People can have many different overlapping identities which are fundamental to their individuality. Identities can exercise a powerful influence on the health and wellbeing of communities, and the degree to which they can build up social capital. There are important implications for a range of policy issues, such as the collection and use of data by government and the private sector, how individual rights and liberties can be balanced against privacy and security, and how inclusive identities can best be promoted.

ht MarkC and BIS

BBC Media Centre: Belle de Jour’s History Of Anon # Radio4, 31 Dec..4 Jan #privacy #anonymity /ht @bmagnanti @openrightsgroup

Belle de Jour’s History Of Anon

A history of anonymity and why writers have sought it, as told by Brooke Magnanti, the real voice behind one of the 21st century’s most famous anonymous texts, Belle de Jour’s Diary Of A London Call Girl.

Brooke explores motivations for remaining masked and the lengths the anonymous have gone to in order to remain unnamed. She draws on her own experiences to reveal how the concept of anonymity has changed – and how both writers and readers have dealt with it. From life or death to juggling open disclosure with the withholding of vital information, Brooke shows us that while we may not know their names, the anonymous have long shaped our worldview.

Presenter/Brooke Magnanti, Producer/Monise Durrani for the BBC

via BBC – Media Centre – Programme Information – Belle de Jour's History Of Anon.

The privacy of our medical records is being sold off #RossAnderson # At the Guardian and at LightBlueTouchpaper

Extract:

Medical records are difficult, because they often contain publicly known information mixed in with private stuff: think of Gordon Brown’s eye operations. In a famous case, Harvard professor Latanya Sweeney managed to identify the medical record of the governor of Massachusetts from “anonymous” records released by the Veterans’ Administration.

For years, officials did not want to know. The idea that you could stop worrying about privacy if you just delete people’s names is altogether too seductive. John Major’s government built a database of hospital records with names removed, postcode and date of birth still there – so most patients are easy to identify. After the BMA objected, the Caldicott committee was set up to look into the problem and pointed out that more than 60 information flows in the NHS were illegal. The following Labour government at least did not deny the science, but went for legal fixes. The Data Protection Act 1998 was given a huge loophole: database operators can pretend data are anonymous if they can’t re-identify the records – even if others can.


The privacy of our medical records is being sold off | Ross Anderson | Comment is free | The Guardian
.

See also the background at the LBT blog:

The government has been pushing for this since last year, having appointed medical datamining enthusiast Tim Kelsey as its “transparency tsar”. There have been two consultations on how records should be anonymised, and how effective it could be; you can read our responses here and here (see also FIPR blog here). Anonymisation has long been known to be harder than it looks (and the Royal Society recently issued a authoritative report which said so). But getting civil servants to listen to X when the Prime Minister has declared for Not-X is harder still!

Despite promises that the anonymity mechanisms would be open for public scrutiny, CPRD refused a Freedom of Information request to disclose them, apparently fearing that disclosure would damage security. Yet research papers written using CPRD data will surely have to disclose how the data were manipulated. So the security mechanisms will become known, and yet researchers will become careless.

What I think is wrong with #VRM – HT @nzn @glynmoody @windley @dsearls @adriana872

What I think is currently wrong with VRM, so much so that I’ve essentially dropped out of it – sad, since I was there almost since very early on.

Working backwards:

  1. The fundamental requirements for truly personal platforms are not yet with us. Controlling your data unfortunately means being in physical control of it, or at least of the keys which encrypt it. There are no if’s and’s or but’s about this, alas.
  2. Too many people think in terms of data being (say) owned by the supermarket they have bought stuff from; you have the fact of your purchases already, so the data is already also yours – it’s just terribly inconvenient to scan data in from your receipts, so yes it would be better to demand your purchase history from Tesco/Walmart but this may or may not yield fruit because they also own that data.
  3. VRM as a movement has from the outset been usurped by the “if only people would use our new identity technology then this would all be easy” evangelists. Identity is bogus anyway, but this is particularly egregious solution-in-search-of-a-probleming.
  4. VRM as a movement has from the outset been usurped by the “if only people would use my new startup’s technology then this would all be easy” evangelists. Sometimes this is identity-related, but other times this bleeds into Let’s get everyone to give us their search-histories so we can use magic toolbars to offer them value independent of the corporations! But it’s OKAY for us to be middlemen BECAUSE WE ARE THE GOOD GUYS!
  5. VRM as a movement has from the outset been usurped by the “if only people would give us all our data to keep it safe for them! They can trust us” evangelists; this is for when you don’t want to foist a technology upon the masses but instead want all the data, you find some way to be “ethical” about it and do a data grab anyway. See “it’s OKAY for us to be middlemen BECAUSE WE ARE THE GOOD GUYS” again.

I still believe that the only person who ever understood VRM fully was Adriana Lukas because she realised (in the face of my arguments to the contrary) that it was not about storing data passively but instead about people using, mashing-up and sharing data in ways that they already understand – and critically that the definition of “controlling” data is not a techie-geeky DRM/DLP-like one, but instead a new relationship-oriented means of control that is so simple that people rarely understand the power of it.

As I put it frequently at the time: if you break up with someone then there’s no way to expunge all the embarassing things that they know about you; instead the point is that they don’t find out any further embarassing things. The whip hand is over the ongoing relationship and the mutual ability to terminate it, rather than access to previously-shared digital data which can be cached.

This understanding is why I got into Mine development in the first place[1] and why I implemented it twice-over, and why I understand that what has to happen first is the addressing of point (1) – almost all the software technologies exist, none of them require invention, all we need is a good bidirectional communications infrastructure and wide adoption of the ability by some means to selectively and easily unicast data in a direct point-to-point way, to replicate in the truest sense a “relationship” in the digital domain.

What we don’t need is to rely on identity hierarchies, or FOAF, or I-cards, trusted third parties, legal fictions for non-profit do-gooding, or anything else of that sort.


[1] Watch the first video, and the second if you are a geek; they are worth it

Opinion of #SeamlessID at request of @mrchrisadams ; #security #identity & a HT to @blaine

@mrchrisadams wrote:

@alecmuffet, @glynwintle I respect your opinions & I think you’d be interested in SeamlessID. Thoughts?
From Logins to Seamless Identity, a new paradigm for the web

This is hard for me, because I have a really big downer on:

  1. federated identity
  2. single sign-on
  3. People who make glib statements like Is the login paradigm a failure? Yes.

Blaine Cook makes exactly the right observation from a positive, constructive perspective:

This is a wonderful writeup, but why the heck are you proposing yet another standard?!?! Please, go cooperate with the BrowserID folks instead of trying to fracture the already fractured landscape.

…but I don’t even go that far because I can’t be constructive about this shit.

Putting aside the endlessly reinventing the wheel issue, I can’t see how “Seamless Identity” is much different to my setup where I have 1password integrated into every browser and can pull-down independent “identities” to log into different sites, and can cross-authenticate them with OAuth for asynchronous services where I desire; but aside from that point the identities are all unlinked and distinct.

Passwords are the worst form of authentication that we have ever invented, except for all the other ones that have been tried from time to time.

Form-filling, single-input… Everything else is just teh prettys.

“they can’t ask you twice without looking suspicious” – bullshit.