Friday 23 January 2015

Digital Identity and Privacy

The timeframe between a privacy mistake and its impact is getting shorter, as access to information becomes more immediate. However, the duration of privacy mistakes are lasting longer, since the Internet archives everything. We are also more comfortable with trading privacy for convenience. These three trends means that we must become much more aware of the impact of our digital lives on our privacy, and our privacy on our future digital lives.

Social networks is a primary example of this tension. Facebook’s Mark Zuckerberg in 2010 said that: “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people."
The power of the network derives from the number of connections and the amount we share; the greater each dimension, the greater the value we derive from it. However, Zuckerberg is conflating the need to communicate, which is fundamental to our psyche, with our need for privacy, which is also fundamental to our digital well-being.

Privacy means different things at different ages. Teens, with no credit card or history to protect, are less concerned with credit card fraud. They are more concerned with their ability to control their own social situation and their position within it - e.g. railing against parents insisting on being friends on Facebook. However, when a cursory search of their Facebook history will reveal their date of birth, Mother’s maiden name, first school - all data points used by financial institutions to supplement your password - there’s a potential future breach being prepared.

Context is therefore important; we communicate in Real Life differently with a bank than our pub friends, so the same true of our online communications. However, context is one of the key difficulties of our online lives - though our RL context changes as time passes, everything we’ve ever shared online can be found in the future. This is unnatural to us, and so we don’t deal with it particularly well. 

We may use different services to distinguish between circles of recipients and keep them separate; potential employers on LinkedIn won’t see my embarrassing photos on Facebook. Studies have found that teens use many more services to finer define circles of friends. Encryption is seldom used; they prefer obfuscation through use of slang, and even steganography (hiding messages within unencrypted messages). But unless the account is deleted immediately afterwards, the communication remains searchable for ever more.

I think the solution is to take complete control of our own Privacy (settings) as its own entity. Every time I post to Facebook, Facebook should communicate with my Avatar to check my most up-do-date privacy settings applicable for that post. My Avatar should be hosted by me, perhaps in an app on my mobile phone, and should only be alterable by me. I should decide if changes should affect historical posts as well as future ones. And it should remain within my gift to change my mind as often as I wish.

Facebook should be encouraging me to post and retain posts, by reminding me of the benefits. If targeted advertising is of benefit, I will choose to continue to receive them. Facebook should be free to make money from its platform, but not from me. A fine, but important distinction.

-----------

An aside: In this post, I’m considering that each of our privacy should be respected - the “happy” scenario. The “unhappy” scenario is when privacy should not be respected for the good of society. Recently, UK Prime Minister David Cameron has received criticism for seeming to ask for a “back door” for security services to review even encrypted communications. According to The Guardian “The changes [to the counter-terrorism bill] would give the Home Secretary new powers to require telecommunications operators to retain data and disclose it to relevant public authorities, so that they can read, copy and analyse it."


There is the immediate difficulty that implementing such a back door in the encryption techniques commonly used in the Internet are impossible, as they are open source, and therefore no single entity can mandate changes. Setting that aside, weakening security for the security services, will inevitably put the tools in nefarious hands, and therefore weaken privacy for all of us, and therefore harm our digital well-being.

Saturday 17 January 2015

The digital family Christmas.

Will it ever be exciting to unwrap digital files from the virtual stocking? blog.mindrocketnow.com

Happy New Year! My inbox is finally tamed, so it’s time to write my first post of the year.  Did everyone have a nice Christmas? It occurs to me that the exchange of presents is the last bastion of the physical over the digital, after all, it’s hard to wrap an e-book. Even though my family has moved away from physical entertainment over the last five years, Christmas day is still dominated by coloured plastic, packaging and a large volume of stuff. We unwrap, play a little, show off a little, and share amongst ourselves. Until recently, those last two are behaviours weren’t possible in the digital world.

Digital media and content protection go hand in hand. Content protection has always relied upon understanding the identity of the consumer in order to grant usage rights. An illustration: I need to enter my Sky ID every time I log into the Now TV app – thankfully it’s pre-populated after the first attempt, otherwise this would be too much of an ordeal to do more than once.

After your identity is established, the second function of content protection kicks in: nobody else is allowed to exercise your usage rights. Another illustration: if you try to read a kindle book that someone else has bought, then it just won’t work. It’s this behaviour of content protection that prevents the sharing round the Christmas tree.

There are a couple of recent notable exceptions that have started to change this inflexibility. I recently set up the concept of a household in Amazon. I get to nominate people and they share some of the benefits that I pay extra for: free shipping with Amazon Prime, and sharing e-books. E-books can be allocated to a household library, and I can assign who can see the various books in that library. For example, the children can only see the age-appropriate books that we’ve bought, and won’t by accident come across DW’s Val McDermid collection.

Previously, to enable exactly this filtering, I bought all the children’s books, and DW bought all the grown-up books. The children’s kindles were then on my account, and my kindle was on DW’s account. Now, we retain our own digital identities, but can share our digital media. The additional benefit this brings is additional functionality based upon identity.

The children’s kindles have a reading club app set up on it. The kindle monitors how many pages are read each day, and tricky words are automatically defined in line with the text. As the designated parent, I receive a report on how much (how many pages) and how well (which words looked up) each child is reading. This is solely on DD’s kindle because it is associated with her sub-account.

I think there are a few interesting innovations illustrated by Amazon’s implementation of the household account. In no particular order:

·      It addresses the major irritation that two people could be in the same address (household), and yet would have to pay twice for exactly the same service – next day delivery to the same address.

·      Books can at last be shared in the household. Books are different from video and music in that people do not crowd around the same kindle in order to read the same book. It’s much easier to watch TV or listen to music with someone else.

·      To share e-books, it is now possible to share the usage rights for the e-books as a digital entity in its own right, with its own usage rules. The usage rule for my e-book reading rights is that I can share my bought e-books only with people already declared to be in my household.

·      Each person still needs a digital avatar, something to which the usage rights can be bound. For Amazon books, this is the kindle itself.

Much of a digital family’s life depends upon sharing. I would like a better way of sharing calendars, and location. In the future, I can see that I will want to share biometric information; I would want to know if my DDs are ill how serious it actually is, and I’d want DW to know if that last cycle to the top of Box Hill requires an ambulance for my return. However, this most intimate information must be secure, as it will form a much more detailed description of identity than previously possible.

There is a rich seam of ideas here – how concepts of digital identity have changed, and the consequence of more extensive digital identities. This year, many of my blog entries are going to focus in this theme. I hope you’ll enjoy them, and share your ideas too.

My final thought takes me back to Christmas. To answer my own question at the top: I don’t think checking email on Christmas Day to see which media files have been received is ever going to replace the excitement of unwrapping the large boxes left under the tree. And Santa is not likely to leave an e-orange in my stocking.

Ho, ho, ho!