Bruce Schnider is brilliant!!!!

I saw Bruce Schnier twice at RSA and missed the third time he was on stage for a debate on Real ID. If you don’t read his blog you should. I was excited to see him at RSA and he surpassed my expectations. He is a very clear communicator and full of common sense. He handed out Individual-I stickers and his book of San Jose Restaurant Reviews.

Individual-i stands for:

* Freedom from surveillance
* Personal privacy
* Anonymity
* Equal protection
* Due process
* Freedom to read, write, think, speak, associate, and travel
* The right to make your own choices about sex, reproduction, marriage, and death
* The right to dissent

The next few posts are what I transcribed as best I could while he talked.

NY Times sues DoD over NSA spying…woohoo

This is a bright light on the horizon.

The Times wants a list of documents including all internal memos and e-mails about the program of monitoring phone calls without court approval. It also seeks the names of the people or groups identified by it.

The Times in December broke the story that the NSA had begun intercepting domestic communications believed linked to al Qaeda following the September 11 attacks. That provoked renewed criticism of the way U.S.
President George W. Bush is handling his declared war on terrorism.

Bush called the disclosure of the program to the Times a “shameful act” and the U.S. Justice Department has launched an investigation into who leaked it.

The Times had requested the documents in December under the Freedom of Information Act but sued upon being unsatisfied with the
Pentagon’s response that the request was “being processed as quickly as possible,” according to the six-page suit filed at federal court in New York.

The Times will subscribe itself into irrelevance

I have been running into a lot of NY Times ‘premium’ content this week.
How on earth are they going to be relevant in this age of connectivity if you can’t see their site? They would make so much money of they eyeballs that did show up if they didn’t try to reduce it by 20x at least the number of people who actually look at these pages.

Young people – who are hyper connected will not pay for NY Times content it is like going to make it self totally irrelevant to the next generation. Sad but true unless they get a clue.

Higgins opens up

Big News in Identity Today

Project Higgins – which is being managed by the Eclipse open source foundation — is developing software for “user-centric” identity management, an emerging trend in security software. It enables individuals to actively manage and control their online personal information, such as bank account, telephone and credit card numbers, or medical and employment records — rather than institutions managing that information as they do today. People will decide what information they want shared with trusted online websites that use the software.

This is the first user-centric identity management effort to follow the open source software model, where hundreds of thousands of developers contribute — and continually drive improvements through collaborative innovation. Being an open source effort, Higgins will support any computer running Linux*, Windows* or any operating system, and will support any identity management system.

“To move online security to the next level, there has to be fundamental resolve among consumers, government and business to quickly adopt a system where the individual has more control over how information about them is managed and shared,” said John Clippinger, Senior Fellow for The Berkman Center. “Our aim is to construct an open and widely accessible software framework that puts the individual at the center of the identity management universe. With this framework in place, it will be easier for society to begin the migration to more secure online environments, where trusted networks can not only be easily formed, but effectively enforced. For in the end, security is not just technological, but social.”

Higgins will make it simple and secure for someone to change an address across all their online accounts with a single keystroke; delegate who can see what elements of their medical records; or change a password across online banking and brokerage accounts. For example, a person can grant their insurance company broad access to their personal information and medical records, while at the same time limiting the amount of data made available to their cable company. In turn, businesses can create new channels of communication with customers – enabling information to be shared securely across networks to deliver targeted, relevant products and services.

Datamining article in NYTimes

Data mining is already being used in a diverse array of commercial applications — whether by credit card companies detecting and stopping fraud as it happens, or by insurance companies that predict health risks. As a result, millions of Americans have become enmeshed in a vast and growing data web that is constantly being examined by a legion of Internet-era software snoops.

Although Congress abruptly canceled the program in October 2003, the legislation provided a specific exemption for “processing, analysis and collaboration tools for counterterrorism foreign intelligence.”

“The theory is that the automated tool that is conducting the search is not violating the law,” said Mark D. Rasch, the former head of computer-crime investigations for the Justice Department and now the senior vice president of Solutionary, a computer security company. But “anytime a tool or a human is looking at the content of your communication, it invades your privacy.”

Much of the recent work on data mining has been aimed at even more sophisticated applications. The National Security Agency has invested billions in computerized tools for monitoring phone calls around the world — not only logging them, but also determining content — and more recently in trying to design digital vacuum cleaners to sweep up information from the Internet.
[Read more…]

My conversation on passive authentication overheard last week.

Eric took the liberty of blogging this.

Kaliya: I don’t like Art Coviello’s thing about passive authentication. I don’t want them watching me. I want control.

Eric: ok – but passive authentication is already happening all the time – and its *preventing* identity fraud.

Kaliya: yea – but that’s not the way it should be done.

Eric: I agree, but would you have them turn it off immediately and watch fraud go up?

Kaliya: No, I’d have them change the way they do it.

Eric: I agree, but that can’t happen overnight – so in the meantime, would you have them turn it off and have fraud go up?

Kaliya: ugh.

Freeky Identity Stuff in Slashdot this week..

From the would-be-funnier-if-it-wasn’t-true dept: Camera’s in homes

An anonymous reader writes “In one of the most blatant and frightening statements made on privacy, the Associated Press reports that Houston’s police chief wants surveillance cameras in apartment buildings and even private homes. Chief Harold Hurtt wants building permits to require cameras in shopping malls and large apartment complexes. He also wants them in private homes if the homeowner has called the police repeatedly. So, if you’re in Houston, don’t call the cops too much, or they might install a camera the next time they show up. And what does Hurtt have to say about privacy concerns? ‘I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?'”

From the welcome-to-the-brave-new-world dept: Policing Porn Isn’t Part of The Job

Rick Zeman wrote to mention a Washington Post article about an incident at a Bethesda library. Two uniformed men from a Homeland Security detachment made an announcement stating that pornography was not acceptable viewing at the library. They then questioned a patron’s choice of reading material. From the article: “A librarian intervened, and the two men went into the library’s work area to discuss the matter. A police officer arrived. In the end, no one had to step outside except the uniformed men. They were officers of the security division of Montgomery County’s Homeland Security Department, an unarmed force that patrols about 300 county buildings — but is not responsible for enforcing obscenity laws.”

From the tricky-part-is-finding-the-right-medium dept: Creating a Backboneless Internet?

Peter Trepan asks: “The Internet is the best thing to happen to the free exchange of ideas since… well… maybe ever. But it can also be used as a tool for media control and universal surveillance, perhaps turning that benefit into a liability. Imagine, for instance, if Senator McCarthy had been able to steam open every letter in the United States. In the age of ubiquitous e-mail and filtering software, budding McCarthys are able and willing to do so. I Am Not A Network Professional, but it seems like all this potential for abuse depends upon bottlenecks at the level of ISPs and backbone providers. Is it possible to create an internet that relies instead on peer-to-peer connectivity? How would the hardware work? How would the information be passed? What would be the incentive for average people to buy into it if it meant they’d have to host someone else’s packets on their hard drive? In short, what would have to be done to ensure that at least one internet remains completely free, anonymous, and democratized?”

Nancy’s ‘very human’ Presenation at MooseCamp

Nancy White gave a great presentation about people and the interaction with the blogosphere at Moose Camp. Here are the notes that I took.

Roles in Network:
Community builders

Skills for learning with others:
Listen, Fliter (search, Tag, bookmark) annotate, blog
Be unkonwing

Facilitation for:

Facilitation skills:
the Classics
Informed by ICT
Space Holding
Creatively Abrasive (Leonard)

Shouting doesn’t work online the way it does face to face

Convening Conversations:
Name the Question
Design for local choice

Art of the Invitation critical compencay:

Intercultural antennae
Broadly defined
“default” culture
Heart variations
Biggest Challenge?

Intercultural skills:
Fala! (speak)

Tolerance for Ambiguity:
OK with ‘not in control’, not knowing
Move forward without certainty.

Ability to switch contexts:
Multi-membership mavens
multiple perspectives

The struggle is the solution:
See the reality in the current situation
Grieve the cost for what exists now
Treat the conversation as action.

There are two ways of spreading the light:
To be the candle or the mirror that reflects it.

My Olympic “identity”

So I am picking up from popular culture that the Olympics are happening now. Some of you may not know that I spent many years of my life dreaming about playing in the Olymics and actually training with an eye towards oventual competition there. I made it to the Pan-American Games (the regional version of the Olympics for countries in North and South America the year before the summer games and run by the Olympic Associations of the various countries.)

I have two articles that talk about my journey towards and then away from the games. Why I’m Skipping the Olympics covers this

Like all other hopefuls, I gave up a great deal to make the Olympic team. I moved away from friends and family, lived well below the poverty line for years and put my education on hold in order to hone my athletic skills. I made these sacrifices because I loved playing water polo and because I wanted to compete with the best.

and Resisting the McOlympics covers some other elements of my critique.

The Olympic Movement sets high aims in its charter. To me, “Respecting the dignity of the human race” does not mean licensing the symbol of Olympic ideals to the world’s leading producers of junk food. I eventually resigned my position on the Canadian Team, in part at least because I couldn’t stomach the idea that my finest performance, made at the peak of my athletic career, would be used by the “supreme authority of the Olympic Movement,” the IOC, in a deeply flawed co-branding venture. Today the universal and permanent symbol of the five rings is co-branded with McDonald’s and Coke.

In 2002 I flew out to Salt Lake City for the Games there and a Conference called Global Justice in the Shadow of the Olympics. A reporter from the Salt Lake weekly covered my appearance there.

In 1999, a journalist found [Kaliya] Young’s name on a list of athletes who would participate in the Olympics. The reporter asked her what she, as an athlete, thought about the scandal that would eventually put an ugly blemish on the Olympic organizers in Salt Lake City and the International Olympic Committee.

When the reporter sent those questions, Young said she found herself thinking about a lot more than just the Salt Lake scandal. “I began to think about the deeper meaning of the Olympics and how I was involved in that larger system,” she said. “My competitive performance would not be just a part of a world community gathering to compete in the spirit of fair play, good will and global unity, but rather it would be sold to the highest corporate bidder for their own commercial gain.”

Reform is needed, she said. But she doesn’t know what that means. Without corporate sponsors, where would the Olympics be? “I don’t have the answers. I just think there needs to be some deeper questions asked about the Olympic Games. And, most importantly, those questions need to be answered by a wider range of people. The IOC is unelected, self-appointing and it doesn’t answer to anybody.”

….she said she still has tremendous respect for the athletes who compete at such an intense level.

“I admire the athletes and I don’t think anyone should walk out or abandon the Games. I just had a lot of questions. The answers I found helped lead me to a decision to step out of the Olympic movement. And nothing I’ve learned since then has done anything but validate that decision,” she said.

Today I am quite distressed to hear that the olympics have made it a rule that Olympians can not blog HELLO have you heard of freedom of speech.

A service I use got bought by Google…mmmm…

So I started using MeasureMap several months ago the first week it was live . I LOVE it…but it just got bought by Google. I am not a big fan of Google these days…now they have all the traffic and links on my blog. Are they going to start charging me for this service? How do they monazite this service? I have no problem with them making money but as a user of the service I would like to know exactly how they plan do it and plan it.

Valentines Day at RSA

I had a great day yesterday here at RSA. I awoke at 5am to make the train down to the valley. Arriving at 7:30 at the wrong convention center (Santa Clara instead of San Jose) I managed to take a taxi and make it in time to see Bill on stage and the Demo of InfoCards. Talking with a blogger over at ComputerWorld – his impression is that it is the “son of passport” unfortunate given how involved Kim has been in the community and how it seems that it is a good innovation that will be open to adoption by others. In that discussion it occurred to me that it might be wise to have a ‘search champ’ like event for the role out of this identity stuff. So that marketing doesn’t just walk and talk like it always has. If it is really different then it needs to be different. Maybe Liz can help out :)

I went on to the show floor and ran into Jeff ubois.
I interviewed the HP guys on their identity management solutions. Particularly the customer facing ones. I got “provisioned” (they asked me for all my real information – I assume for later marketing purposes – isn’t that ironic you go to a security show and they are harvesting you data like crazy.) I was Identity Woman ‘agent’ at the MK-6 and I went and logged into the CKA (central knowledge agency). in the process i checkboxed what information I wanted them to have. [I have pictures of all this but lost the camera battery so will have to wait on finding that to get them uploaded]

‘they get it’ the differentiation is not in “security” or the protocols – SAML they all do that. It is in user experience and supporting end users being in control of the flow of their information. We talked about two

I found the guys at Biopasswords – they two factor authentication by creating a algorithm of how you type. This way you type your password and it has to be write along with your pattern of typing it.

I went to the ping party and ‘formally’ met Andre Durand and talked to Eric Norlan.

The evening was concluded with a lovely dinner with Pam and Janelle from Nulius Secundus and Bob. We figured out that if added up how long the three of us had been married in total less then 1/2 as long as Bob has married.

Then we had a ‘women of identity’ slumber party.

RSA Wireless “so ‘secure’ you can’t get on the net” .

Here at RSA the wireless is so secure that you can’t get on it.
I did what I was told and picked up my “personal” login key before the event and then while plugged in to either net downloaded the help document – It is only written for Windows users, so that was no help.
There are long lines at the help desk.

It makes the case for usable security.

Last week – Identity Talks reach 60 folks :)

I had the opportunity to share about identity twice this week. We had an 2 hour + session at the OpenCMS Summit and then at MooseCamp. There is a lot going on in the community and a bunch of resources. Folks who have not heard about this space before they feel a bit fire hosed by it all.

Here are the links.
Who is Kaliya?
I got into all this tech stuff to server my community and still work on that at Integrative Activism

I learned about technology at Planetwork and today serve as the Network Director there

I started working in identity as the evangelist for Identity Commons about a year ago I became Identity Woman

Wikipedia entry on Digital Identity

Identity Gang home of the Identity Lexicon
(join the list..contribute to the wiki)

Internet Identity Workshop
(come to the next one in early May)

Microsoft InfoCards…
What are they?…

Kim’s the high integrity guy from Microsoft helping this whole space forward.
(I forgot to mention it but the laws of identity are there)

Identity and the enterprise
Liberty Alliance

Stand alone URL based Identifiers (sxip 2.0 forth coming soon)

Cooperating on YADIS

1) Open ID invented by Live Journal Founder Brad Fitzpatrick.

2) Lightweight Identity

3) XRI / I-names

Sharing Information:
XRI Data Interchange

Here is a link to the PDF of my slides for those of you who asked.

Eve Maler – XMLGrrl has a great post about the panel she and I were on Thursday – The long Identity Tail.

I am at RSA today…

I am at RSA for the next few days. Checking out the ‘security scene’. If you are around and want to be interviewed for the Story of Digital Identity feel free to ping me with via IM (I now have my Yahoo! IM on/off on the side of my blog) or with my i-name.

This morning I saw the head of RSA speak – FREAKY is all I have to say. They wan to have pervasive passive authentication – checking all user behavior against our prior behavior as stored in our browser (this is our attention data) and their uberdatabses on us. They are talking about really having us loosing our privacy. I would never give access to the uber security network system they are talking about plugging us all into. This will have constant surveillance of our transaction patterns “normalcy” according to their algorithms. Yuck! Yuck! Yuck!

MarcCanter: Giants must open or die

Marc Canter has had a glimps into the future of microsoft

For sure – each of these giants will make their own decisions, in their own due time, but at the end of the day – if they don’t open up – they’ll eventually lose their customer.

At least we have a way to connect these giant worlds together (and take us small little fry along for the ride at the same time.) That’s a huge breakthough and is the foundation of us building the distributed web infrastructure. What I’ve been chanting about is our own Open Source Infrastructure and the other kinds of open standards we need….. is an attempt to keep all the various formats of microcontent compatible. Our upcoming PeopleAggregator APIs will provide basic social networking capabilities – to all – and a way of inter-connecting disparate social networks into one giant distrbuted mesh.

The world of media needs standards like Media RSS and one could imagine burgeoning new standards around Tags, Reputation, Events and Musical tastes and preferences.

It is nice to see the itags included in the list of open source infrastructure. Thanks Mark.

Julian Bond was in the audience and immediately complained “they’ll never be a LAMP version of Infocards” – but what I wanted to explain to Julian was that Microsoft is in the business of taking care of themselves, just as Yahoo, Google and AOL are – as well. So don’t expect a Linux version of anything from Microsoft, but you CAN expect meta-identity compatible ID systems for LAMP – that’s for dam sure.


Julian don’t be so sure about this statement.

We “don’t really like the format”…then don’t use it

So, I am here today at OpenCMS. Boris opens a session that he is leading on GeoMapping. He says flat out…”you know I really don’t like this format where we are at the front of the room and you are out there but we all have ideas to contribute”. It is very frustrating for me to hear this because I advocated that the organizers of this conference including Boris use Open Space as the format as soon as I learned about the conference at the end of November (when it was announced). Both myself and Eugene offered to do the facilitation…a month out they had no sessions outlined and would have to do a tone of work to lay out the program.

Now we all sit in rooms 1/2 here, 1/2 doing e-mail – and there would be SO MUCH good stuff happening if the organizers had chosen the Open Space path. As it is things are so-so. Hopefully next time process can be more open and allow for in the moment.

XML GRRL to meet Identity Woman at OpenCMS Summit

Blogs are fun….I just learned that I will be on a panel with XMLGrrl author of Pushing String on Thursday at the OpenCMS Summit. I have been reading her blog for a long time.

I just got here this afternoon already I am longing for open space process (believe me we tried to convince them to use it). I lived through one terribly facilitated session. As a few of us who were in that session settled into the next one I mentioned that I was considering putting in a proposal for this years OSCON to do a session on meeting/group facilitation skills. Several folks were very supportive of the idea so I am am going to do it.

‘what is your name’ – when I order coffee it is “Lu”

I went into a coffee shop here in Portland and ordered a raspberry latte. They asked me what my name was – really what they want to know is what ‘identifier’ they can call out to let me know my coffee is ready. If you have an easy name like Kate or John or Kathy – you just use that. I have ‘Kaliya’ and really don’t want to explain how to say it or spell it just to get my coffee. So I use my default “Lu”. This was the nick name I picked up while playing water polo at CAL (UC Berkeley) and believe it or not it was a derivative of Kaliya…
(I had this suite with a giant orchid like flower on it (the whole front)
LuLu follow shortly

Queer Identities and discrimination online

So there is a big hubub going on around World of Warcraft

[the new “golf” in case you haven’t heard yet – I can’t wait until we have WoW day pre DIDW instead of real golf…what do you think Vince ;)].

around discrimination towards the queer community. Dana Boyd’s latest post was brought my attention to this issue and in an update highlighted why this relates to identity in particular.

As has been noted over and over again, queerness is an identity not just a set of sexual practices. By silencing people’s identities and not allowing people to have bigot-free spaces, Blizzard is upholding a level of discrimination that far outweighs the _potential_ sexual harassment that might occur if people’s sexualities were known.

More about the situation from Dana…

I’ve already heard on numerous occasions that there is intense homophobia within the chatrooms on WoW and this had already made me quite uncomfortable. But Blizzard’s response is just disgusting. How can they call a queer-friendly guild sexual harassment given that this is an attempt by the queer community to create space? Furthermore, there’s so much sexism in the chats (aside from the creatures) that no one from Blizzard can actually argue that they are preventing sexual harassment. I can’t help but wonder about the state of other forms of discrimination and prejudice within the system (particularly since “race” is critical to the narrative of WoW). That said, i don’t care enough to find out – i can’t justify spending personal money on a company with these values.

Identity and privacy …. falling google stock price

From Slashdot.
While the company says it isn’t worried about the stock price correction, there are other issues at hand.” From the article: “Google is under mounting pressure from many traditional industries: telecommunications companies do not like its plan for free internet phone calls, book publishers and newspapers have filed a lawsuit to try to prevent it from digitising library materials, governments are worried about its satellite-imaging service Google Earth and privacy advocates have a growing list of concerns about everything from its e-mail service to its desktop search function, both of which may make it easier for hackers or government agencies to gather information about individuals without their consent.”

my identity precedes me at Recent Changes Camp

I flew up to portland for recent changes camp that is just beginning this morning. I have had quite a few experience that go like this…

Hi i’m (Mike, Bill, John….)

I’m Kaliya

Oh…your THE Identity Woman.

So this has been interesting. Eugene Kim (he drove up from Eugene with Tom Atlee) is here too so hopefully we will co-lead a session on identity for the wiki and other folks gathered here.

Identity theft…continued

So apparently to some in the identity community believe having someone use your debit/credit card number is not “really” identity theft.

This is how I see it. The Bank ‘issues’ me an identifier – or an identity.
It is the card that i get from them – when I present it and enter in my pin they know I am me. This is my identity in relationship to them. (every time I go see a teller I must swipe my card and enter my PIN).

So when someone takes that identity given to me by my bank (and uses it fraudulently) THIS IS IDENTITY THEFT.

It turns out the bank had me fill out the wrong forms and today I had to fill out different ones (another 30 min later). Apparently with debit card fraud I will get a response within 10 days about the situation.

I am off to Portland tomorrow for recent changes camp with a giant wad of travelers cheques to get by sans card that works in machine.

Identity theft…continued

So apparently to some in the identity community having someone use your debit/credit card number is not “really” identity theft.

This is how I see it. The Bank ‘issues’ me an identifier – or an identity.
It is the card that i get from them – when I present it and enter in my pin they know I am me. This is my identity in relationship to them. (every time I go see a teller I must swipe my card and enter my PIN).

So when someone takes that identity given to me by my bank (and uses it fraudulently) THIS IS IDENTITY THEFT.

It turns out the bank had me fill out the wrong forms and today I had to fill out different ones (another 30 min later). Apparently with debit card fraud I will get a response within 10 days about the situation.

I am off to Portland tomorrow for recent changes camp with a giant wad of travelers cheques to get by sans card that works in machine.