Field Guide to Internet Trust Models: Introduction

This is the first in a series of posts that cover the Field Guide to Internet Trust Models Paper. The paper was presented at the University of Texas at Austin ID360 Conference in 2013.

This paper was collaboration between myself and Steve Greenberg. I had an outline of all the Trust Models and worked with Steve Greenberg for several months to shape it into the paper.

The full papers is downloadable [Field-Guide-Internet-TrustID] (see the bottom of this post for a link to a post on each of the models).

The decreasing cost of computation and communication has made it easier than ever before to be a service provider, and has also made those services available to a broader range of consumers. New services are being created faster than anyone can manage or even track, and new devices are being connected at a blistering rate.

In order to manage the complexity, we need to be able to delegate the decisions to trustable systems. We need specialists to write the rules for their own areas and auditors to verify that the rules are being followed.

This paper describes some of the common patterns in internet trust and discuss some of the ways that they point to an interoperable future where people are in greater control of their data. Each model offers a distinct set of advantages and disadvantages, and choosing the appropriate one will help you manage risk while providing the most services.

For each, we use a few, broad questions to focus the discussion:

  • How easy is it for new participants to join? (Internet Scale)
  • What mechanisms does this system use to manage risk? (Security)
  • How much information the participants require from one another how strongly verified?

(Level of Assurance -not what I think assurance is…but we can talk – it often also refers to the strength of security like number of factors of authentication )

Using the “T” Word
Like “privacy”, “security”, or “love”, the words “trust” and “identity”, and “scale” carry so much meaning that any useful discussion has to begin with a note about how we’re using the words.
This lets each link the others to past behavior and, hopefully, predict future actions. The very notion of trust acknowledges that there is some risk in any transaction (if there’s no risk, I don’t need to trust you) and we define trust roughly as:
The willingness to allow someone else to make decisions on your behalf, based on the belief that your interests will not be harmed.
The requester trusts that the service provider will fulfill their request. The service provider trusts that the user won’t abuse their privileges, or will pay some agreed amount for the service. Given this limited definition, identity allows the actors to place one another into context.

Trust is contextual. Doctors routinely decide on behalf of their patients that the benefits of some medication outweigh the potential side effects, or even that some part of their body should be removed. These activities could be extremely risky for the patient, and require confidence in the decisions of both the individual doctor and the overall system of medicine and science. That trust doesn’t cross contexts to other risky activities. Permission to prescribe medication doesn’t also grant doctors the ability to fly a passenger airplane or operate a nuclear reactor.

Trust is directional. Each party’s trust decisions are independent, and are grounded in the identities that they provide to one another.

Trust is not symmetric. For example, a patient who allows a doctor to remove part of their body should not expect to be able to remove parts of the doctor’s body in return. To the contrary, a patient who attempts to act in this way would likely face legal sanction.

Internet Scale

Services and APIs change faster than anyone can manage or even track. Dealing with this pace of change requires a new set of strategies and tools.

The general use of the term “Internet Scale” means the ability to process a high volume of transactions. This is an important consideration, but we believe that there is another aspect to consider. The global, distributed nature of the internet means that scale must also include the ease with which the system can absorb new participants. Can a participant join by clicking “Accept”, or must they negotiate a custom agreement?

In order to make this new world of user controlled data possible, we must move from a model broad, monolithic agreements to smaller, specialized agreements that integrate with one another and can be updated independently.

A Tour of the Trust Models

The most straightforward identity model, the sole source, is best suited for environments where the data is very valuable or it is technically difficult for service providers to communicate with one another. In this situation, a service provider issues identity credentials to everyone it interacts with and does not recognize identities issued by anyone else. Enterprises employing employees, financial institutions, medical providers, and professional certifying organizations are commonly sole sources. Because this is the most straightforward model to implement, it is also the most common.

Two sole sources might decide that it’s worthwhile to allow their users to exchange information with one another. In order to do so, they negotiate a specific agreement that covers only the two of them. This is called a Pairwise Agreement and, while it allows the two parties to access confidential resources, the need for a custom agreement makes it difficult to scale the number of participants. This is also a kind of federated identity model, which simply means that a service accepts an identity that is managed someplace else.

As communication technology became more broadly available, the number of institutions who wanted to communicate with one another also increased. Groups of similar organizations still wanted to issue their own identities, but wanted their users to be able to interact freely with one another. The prospect of each service having to negotiate a custom agreement with every other service was daunting, so similarly chartered institutions came up with standard contracts that allow any two members to interact. These groups are called Federations, and there are several different kinds. Federation agreements and membership are managed by a Contract Hub.

When the federation agreement limits itself to policy, governance, and common roles, but leaves technical decisions to the individual members, it’s referred to as a Mesh Federations. Individual members communicate form a mesh, and can communicate directly with one another using whatever technology they prefer.

Alternatively, a Technical Federation defines communication methods and protocols, but leaves specific governance and policy agreements to the members. In some cases, the technical federation may also route messages between the members.

As the number of services has increased, so has the problem of managing all of those usernames and passwords. Users might decide to reuse an existing identity rather than creating a new one. In recent years, some organizations have made identities that they issue available to other services. Service providers accept these identities because it lowers the cost of user acquisition. When the same entity provides identities for both the requester and the service provider, it is referred to as a Three Party Model.

If the requester and the service provider have provider have separate but compatible identity providers, it is called a Four Party model. This is present in highly dynamic models, such as credit card processing,

Peer-to-peer networks are for independent entities who want to identity assurance, but who lack a central service that can issue identities to everyone. To get around this, the participants vouch for one another’s identities.

Individual contract wrappers are an innovation to enable complex connections between services where the terms and conditions of using the data are linked to the data.

Common Internet Trust Models

Sole source: A service provider only trusts identities that it has issued.

Pairwise Federation: Two organizations negotiate a specific agreement to trust identities issued by one another.

Peer-to-Peer: In the absence of any broader agreement, individuals authenticate and trust one another.

Three-Party Model: A common third party provides identities to both the requester and the service provider so that they can trust one another.

“Bring your Own” Portable Identity: In the absence of any institutional agreement, service providers accept individual, user-asserted identities.

“Winner Take All” Three Party Model: Service provider wants to allow the requester to use an existing identity, but only accepts authentication from a single or very limited set of providers.

Federations: A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.

Mesh Federations: These share a common legal agreement at the contract that creates permissible interoperability.

Technical Federations:  These share a common technical hub responsible for making the interoperability happen.

Inter-Federation Federations: This is what happens when one federation actually inter-operates with another federation.

Four-Party Model: An interlocking, comprehensive set of contracts allows different types of entity to trust one another for particular types of transaction.

Centralized Token Issuance, Distributed Enrollment: A shared, central authority issues a high-trust communication token. Each service provider independently verifies and authorizes the identity, but trusts the token to authenticate messages.

Individual Contract Wrappers: Manage how personal data is used rather than trying to control collection. Information is paired contract terms that governs how it can be used. Compliance is held accountable using contract law.

Open Trust Framework Listing: An open marketplace for listing diverse trust frameworks and approved assessors.


FastCo Post on Governemnt Experiments with Identity Technologies

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of IDAnonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenIDTypically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

Directed IdentityWhen you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.

How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21”. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

The Relationship Paper

Bob’s Relationship Paper is now available. If you haven’t read it yet – you should. It articulates a key point about the challenge regarding the current frame of social networks – relationships are just lines on a graph rather then being nodes that hold information about the nature and parameters of the relationship.

Newspapers Dying – but we told you so…

Someone sent me this link from SF Gate this morning:

In the wake of the hugely depressing shutdown of the Rocky and the Seattle P.I., and with recent death threats to the SF Chronicle and what looks to be a savage year indeed for print newspapers everywhere, these big guns have all stepped away from their normal discussions of deep tech arcania and turned their attention to a 500-year-old technology undergoing its first epic, bloody revolution.

I know people who have been working and building the emerging web who have been trying to dialogue with those in the news industry for the last 9 years about what was happening and coming.

The grand upshot? They don’t really have any idea. But they have some curious, slippery, hopeful, but ultimately disappointing theories. Theories that, to my mind, consistently miss the mark, in at least one or two vital ways.

The dismissiveness tone of the article just sort of proves thew whole issue.

From Clay’s Shirky’s blogs Newspapers Think the Unthinkable:

The problem newspapers face isn’t that they didn’t see the internet coming. They not only saw it miles off, they figured out early on that they needed a plan to deal with it, and during the early 90s they came up with not just one plan but several. One was to partner with companies like America Online, a fast-growing subscription service that was less chaotic than the open internet. Another plan was to educate the public about the behaviors required of them by copyright law. New payment models such as micropayments were proposed. Alternatively, they could pursue the profit margins enjoyed by radio and TV, if they became purely ad-supported. Still another plan was to convince tech firms to make their hardware and software less capable of sharing, or to partner with the businesses running data networks to achieve the same goal. Then there was the nuclear option: sue copyright infringers directly, making an example of them.

It is as if when the web people say “i told you so” and “we tried to help” they plug their ears and continue to make noise so they just can’t “hear”.

continued from Clay’s essay…. The curious thing about the various plans hatched in the ’90s is that they were, at base, all the same plan: “Here’s how we’re going to preserve the old forms of organization in a world of cheap perfect copies!”

No technologists who are on the cutting edge of technology don’t know what is next – there are things people are working on in different corners – we are working on identity over here…Sem Web folks are working on their things. WE STILL DON’T KNOW but we do know it will arise out of the communities we are participating in and the emergent effect of the tools we use. The Newspaper people didn’t really roll up their sleeves and dive in to learn about the web and how to do what they do but in more interesting web ways (like linking in their articles that are online). Clay sites Craigs List as an example – of “we didn’t know” twitter is another more recent one.

Last year I worked with folks bringing the Journalism that Matters conference to Silicon Valley. I was hired specifically for my expertise in facilitating unconferences in geeky communities. They didn’t really want to hear what I had to say about what was needed in the event design to attract geeks (not that many came even though it was at Yahoo!). A month before the event happened they decided to just go ahead without further help/advice from me. I learned from this experience

  • They don’t understand web architecture (the first thing I told them was to get their online digital presence in order. – they had a different blog for each event, a bad late ’90’s site, they didn’t get how to organize a wiki).
  • Journalists work alone generally (making collaboartion with co-organizers on the conference a challenge).
  • There is a higher normative level of conflict in the tech world compared to the journalism world.
  • They are not experts in facilitating time/space for large groups of people (some how the agenda development was driven by the journalist’s need to “let certain people speak”)
  • They are in deep morning and loss for the way of their profession and were unable to engage/look at the future – they would need a lot of “emotional clearing” before they could think in new ways about the future.

There is one asset that was developed that I am quite proud of it is a value network map of the newsroom and the new news ecology.

Old News StoryEmerging News Ecology V1.0
I think these says a lot about what is going on and how to think about things in new ways. One of the reasons these got developed is they kept talking about “the news room” and I challenged the assumption that eveyone would know what that was.

on Women talking at technology conferences

Chris Messina has a good post up about women and the Future of Web applications (the conference and the tools).

As far as I’m concerned, one of the greatest opportunities to seize the future of web apps is to cement the necessity of diversity in our processes and in our thinking, not for the sake of diversity alone (deserving though it is) but because the technology that we produce is better for it, being more robust, more versatile and flexible, and ultimately, more humane.

The future of web apps — and the conferences that tell their stories — should not be gender-neutral or gender-blind — but gender-balanced. Today, as it was two years ago, we suffer from a severe imbalance. It is my hope that, in raising the specter of consequences of the lack of women in technology, we begin to make as much progress in stitching diversity into the fabric of our society as we are making in producing source code.

I actually invited participants at Gnomedex 2006 when I was the “MVP” (that is – i didn’t have a schedulled speaking slot but the audience “voted” me on stage to fill a 15 min void for the MVP audience member) to think about these things.

I said that the app builders in the audience should get out of their boxes and start thinking about apps that socar mom’s, and churches and other realms of social civic engagement that could really use some good apps. Places that are not brimming with white guys under the age of 30 (in San Francisco). The audience wasn’t so sure about this idea.

I personally have been asked to speak at one conference this season – Community 2.0 in May. I am working with my speach coach on the talk and very much looking forward to redeeming myself. I worked with her on the last talk I gave at Net Squared in June that went ‘ok’ and I was thankful for that.

I think my story might be helpful in addressing this issue – which is why I am sharing it.

I was tapped by O’Reilly folks to speak at eTel and Web 2.0 in 2006. I didn’t do that great at eTel – I had never given a 10 min speech. I didn’t get any outside voice to help me and I should have but it didn’t even occur to me that one might hire someone to help one in such a situation. I thought I had to do it all on my own.

After the talk they suggested I talk to a speech coach for my upcoming talk at Web 2.0 Expo that they had tapped me to do (that is I didn’t go through the submission process they just asked me) that some of their own hosts of conferences had used – I figured this was a good recommendation. I listened to his advice but it actually failed me – he was not available to help (health issues) but was not clear about how limited his ability to help would be until to late. O’Reilly conferences were not clear with me what the composition of the audience would be (it was a CMP audience not an O’Reilly audience) so I gave the wrong kind of talk.

I was very nervous about the speech – didn’t prep well for (speech coach sort of 1/2 helping (when if I had just been on my own it would have been better) he also encouraged me to push beyond what I had originally said I would cover in the talk – I didn’t sleep that much the night before. I was visionary but that didn’t match what was in the program. 1/2 the audience walked out and I was shaken to the core – basically had stage fright for a year. (here is my blog post following it). There was no talk with O’Reilly folks about what had gone wrong, what could have been better – just silence and never an invite back.

I was “on my own” it was “my responsibility” but I was also in a vacuum. YES it is up to women to take responsibility but if the whole industry is serious about changing who is “always on stage” it also takes a village of – encouragement, good advice, and support.

Women don’t self-promote like the alpha dog’s in the industry do. Sorry it is just true. Ask women in leadership hiring in the software industry. Men over promote their skill set by double when seeking employment (generally) and Women under promote their skill set by 1/2.

I am am getting much better as a speaker. I certainly know what I am talking about in the realm of user-centric digital identity having facilitated over 15 events in the field in the past 3.5 years, doing technical and non-technical evangelism and working on the subject matter for 5 years now. I don’t run around telling conference organizers that I should be speaking at their conferences either. I did apply to RSA to be a Peer-to-peer discussion leader and was chosen to do so for the second year in a row. I also was tapped to facilitate a panel on OpenID, Oauth and the enterprise at SXSW. That is all the speaking I am doing so far this season.

I organized She’s Geeky as a way to address the challenges that we face – both being small minorities at conferences and not many of the faces on stage. She’s Geeky is the most diverse technology conference I have ever been to – it has the most non-white faces I have ever seen at a technology event. Please don’t get me wrong like the woman on stage at FOWA – I love dudes. I don’t think you last long in this industry if you don’t like men, enjoy working with them and can get along in their culture. I also wish there was more women and have decided once in a while to have a women’s only space to geek out in would be a fun thing to support.

I think it is also important to mention something else. As a woman putting yourself out there is risky. I watched what happened to Kathy Sierra – it was kinda freaky. I talked to a friend of mine – another prominent women in tech that week saying how deepy what happened to Kathy had shaken me. She said – well that is what happens if you become prominent enough – you get hate speech and death threats – basically this is what you signed up for if you chose this career path. It is another reason just go about doing my business – working on facilitating the identity community rather then “raising my profile” so conference organizers might tap me. I have had a mild case of a stalker around my work as identity woman a few years ago and I really don’t want another one. Not something guys think about really when they do their day jobs in technology. The latent misogyny is apparently REAL in some corners of this community. We need to know that we have the support of community behind us and won’t be attacked for speaking out against hate speech.

The issues are complex. I hope that as an industry we can continue to address them.

Data Pollution and our age

Bruce writes an interesting essay about our lack of understanding about the potential toxic effects of data. Making the analogy that like our for fathers who polluted the air without understanding the long term implications we are creating data pollution and not understanding what is unfolding. This analogy is most interesting to consider.

Data is the pollution of the information age. It’s a natural byproduct of every computer-mediated interaction. It stays around forever, unless it’s disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic.

And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we’re ignoring data in our rush to build the Information Age.

He highlights RFID’s, Camera’s face recognition tools for Identification, life logging recorders,

He makes an important point

Society works precisely because conversation is ephemeral; because people forget, and because people don’t have to justify every word they utter.

Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a BlackBerry, are not official correspondence. A data pattern indicating “terrorist tendencies” is no substitute for a real investigation. Being constantly scrutinized undermines our social norms; furthermore, it’s creepy. Privacy isn’t just about having something to hide; it’s a basic right that has enormous value to democracy, liberty, and our humanity.

Digital Tatoo’s

One of the women coming to She’s Geeky pointed me to this article that she wrote about Digital Tatoo’s. I think it is a good metaphor for all the stuff we put out there online particularly when we are younger. Interestingly although I was “on” the internet from 1995 when I started college I never had any web presence until 2001 when I did my first ever public talk that ended up on the web. By then I was ready for my web identity to be formed but up until then I was quite conscious of not talking in any public forums or posting things online.

It is a good read and highlights where her thinking went after reading Clay Shriky’s Gin, Television and Social Surplus (I haven’t read it I heard him talk about it on a podcast).

On a more serious note, the generation coming up now is the first one to have the ability to publicly record whatever they feel like recording. While this is wonderful, it also gives me pause. This upcoming generation will be the first to cut it’s teeth on this issue and frankly I don’t envy them. There are a few things (aw come on, we all have ‘em) that I might have written about, or been passionate about at 18 that I might not want publicly available at 35, or 50. Much of our growth as people and thinkers comes from trying out new ideas and making some mistakes. For most of us, this growth is preserved only in the memories of those close to us, or in letters, and diaries boxed up in the garage. What we publish digitally though is again like a tattoo, it sticks around, publicly, forever. There is a reason most of us are discouraged from getting tattoos until we reach adulthood. The tattoo of our favorite cartoon character might have been awesome at 19, but not so awesome later.

I hope that the web encourages a plethora of public thought and expression. It also behooves us to have an awareness of the public nature and longevity of what we put out there lest we are left with the digital equivalent of that tattoo we thought we wanted, but didn’t.

Online Eviction – a new challenge in this recession?

This post was on slashdot today

Protection From Online Eviction?
from the our-data-our-selves dept.

AOL has been shutting down its free Web services, in some cases with little or no notice to users, and they are not the only ones. This blog post on the coming “datapocalypse” makes the case that those who host Web content should be required to provide notice and access to data for a year, and be held strictly accountable the way landlords are before they can evict a tenant. Some commenters on the post argue that you get what you pay for with free Web services, and that users should be backing up their data anyway. What do you think, should there be required notice and access before online hosts take user data offline for good?

Here are some interesting comments from it.

On Gaza

I don’t write about politics on my blog that much but have spoken up about some of my travels in the world and what I have seen.

I thought with all the twitter blips going by about “the ground invasion in gaza beginning I wanted to share what I wrote about in the summer of 2006 my own personal visit to Gaza in the summer of 2000.

This is the last 1/2 of a post a post called “Security theater and the “real” threats – inhuman conditions“.

Speaking of ‘they’ – who are they? I just watched a film from Netflicks – Death in Gaza. It was of two documentary film makers one of whom died while shooting the film. I spent the summer of 2000 in Jerusalem for 10 weeks I lived and worked there and did what I call “NGO tourism”. I worked at one of the worlds foremost human rights organizations – BTselem the Israeli Information Center for Human Rights in the Occupied Territories and then also worked at the PCATI the Public Committee Against Torture in Israel (while there I got my education in what torture is going on and how it affects people – really awful).

My fellow international interns and I would spend our weekends traveling about going through the Westbank and up to Nazareth, and Haifa over to Televiv down to Hebron. [[you can read what I wrote about Hebron here]]

One time we got to go to Gaza for 2 days. One of the interviewers for B’Tselem was traveling there so the two of us got to go with him. We got hooked up with two guys who worked in an NGO in Gaza and went on a tour for a day… from one end to the other … inside the camps and everything. It was amazingly powerful. Just like in the movie I saw the little kids the ones who are 5 and 6 happily playing away not really knowing there life circumstances yet. Then the older boys would glare glints of anger in there eyes. They are 10-13 years old knowing what they don’t have. The get that it is not normal to have open sewers in the streets. It is not normal to have 10 people living in one room. It is not normal to be growing bunnies up stairs that you kill to have food or a donkey living in your living room. Why do they know this…there are satalite dishes…basically everyone has a TV and can see what life is like in Isreal, and America and the rest of the normal arab world. When you think about that maybe some of this makes a bit more sense. It is not normal to feel like going to school you could get killed (as they young girl in Death in Gaza talks about). It is not normal to have your school playmates killed by gunfire (like the little boys have happen to them in the movie). Or bulldozers coming to plow your house down in the middle of the night (like threatens to happen in the movie ) How can you feel peaceful in this kind of environment?

I know after witnessing what I did that day I was shaken. I really felt my soul had been shaken up like my body was still and it was moving. It was eerily like the feeling I had after exiting the memorial museum at Hiroshima. The thing was…what I had witnessed that day was happening to real people ‘now’ not a historical event from 60 years ago. The depth of suffering is quite intense and the failure to connect with people as people and to really resolve the conflict continues to cause suffering. More bombs and planes and threats of nuclear weapons going off doesn’t make the situation better. It makes it worse. Send in armies of compassionate empathetic listeners. Make public peoples family stories and histories. Find some way through. There are some amazing stories of reconciliation that have happened in Israel/Palestine. They prove it is possible. I do have hope but not if everyone just sees an enemy instead of people, families and societies with real human and community needs.

I was sorting through my stuff over the weekend and found something from B’Tselem. They still send me the reports the write. It was a 11×17 fold over about the wall situation in Jerusalem. Just really disruptive to normal peoples lives. The whole of the Westbank is oriented around the trade flows through main cities. The most main one being East Jerusalem. The fact that they want to cut the Palestinians off from their main economic hub is just mean. People don’t like people who do mean things. Why is this so hard to understand!

It makes me very sad to hear there is a war happening. There has been a war on the Palestinian people for a long time.

Some elements that are not obvious to people is the depth of connection to land and history that is present along with the really bad living conditions.
* In the refugee camps villagers who fled their villages together – still live together 50 years later – they have a sense of identity as people of a place (a place that only the oldest people alive still remember) but that the young people feel they belong to too.
* The number of people and the conditions of living are very hard to imagine – they have the density of New York – but all in cement block houses that have tiny rooms 9×9. 1200 people a km.
* They don’t have electricity in the winter because the wiring is so ad-hoc that it is to dangerous to run in the winter.
* They don’t have sewage systems – other then the ones that run in the street.
* When the Israelis had a presence in Gaza they had their own roads – the good ones – that Palestinians could not drive on. (I was driving around with palestinians so we were on the “bad” roads).
* They have families of 10 living in one room houses.
* They have families that have a donkey’s living with them in their one room too.

These are extreme living conditions and the reason they voted for Hamas has to do with the fact that the islamic organization the religious arm of the political organization actually helps poor (as they are called to by their religious texts) impoverished people by feeding them. If you lived in these kinds of conditions wouldn’t you vote for the group that on the ground in practical reality actually helped you a bit.

There are some other interesting things to know about the Palestinian people… How do I know all this – yes I visited the territories but I wrote my senior thesis 40 pages on “The Lost Opportunity for Sustainable Development in Palestine” – 10 of them specifically about demography.

* They have HIGH levels of basic education Palestinians have the highest levels literacy in the arab world.

* They have a lot of higher educational institutions.

* They have the highest level of educational attainment of women in the arab world (normally educated women cut back on the number of children they have).

* Even though the women are relatively very educated – they are very committed to having children and lots of them

Women living in Palestine have a total fertility rate (TFR) of 5.6 children—significantly higher than women in other countries that have similar levels of education and access to health services. (Women in Gaza have 6.6 births, on average, while women in the West Bank (including East Jerusalem) have an average of 5.2 births.) they are clear they are fighting a long term demographic “race” with Israel. More palestinians means more votes and more bodies to resist the injustice they have suffered.

* They have a very young population (in 2005 – 18% was below the age of 5, 45% was below the age of 15) this means that is lots of young men of marriageable age and seeking work.

So you put all this together
1. a population that watches TV from around the world on satellite dishes,
2. that lives in abject poverty
3. That is highly educated and mostly in the arts (political science, economics, english, comparative literature etc…)
4. Young men without an economic opportunities compounded by the fact that without this they can’t marry and thus can’t have sex. THEY ARE FRUSTRATED.

They know – they see every day on TV what they don’t have. We live in a globalized world and it is not just about ‘us’ those in North America and Europe knowing about the rest of the world – the rest of the world has the same tools too. They see the gap – with their own eyes and it makes them angry.

I don’t want to be all down on this post. This went by on twitter a few days ago It is about a contributor/admin on WikiHow (the wiki for how too manuals) and it made me cry – it is why I love the internet and the power it has to connect people and give people meaningful ways to contribute and help one another.

Many of you know that the dedicated wikiHowian and new admin, VC, lives in Gaza. (Actually VC is only a new admin on the English wikiHow. He has been an admin on Arabic wikiHow for a while.) And everyone knows that there is currently a war in Gaza right now. Even before the recent fighting started, VC suffered from sporadic internet access caused by electrical outages. So I felt lucky to get this email reply when I asked how he was surviving the war:

It is terrible indeed, however, it is kind people like yourself and other wikiHow editors that keep me going on, sane and to some extent even happy that I have friends who really care about me without even really ever seeing me. Thank you very much for asking and checking on me. I’m safe and sound and so is my family and my friends. The circumstances however are hard on the children, but with some tenderness, love and patience, they’ll get through it (or so I hope). The area where I live in Gaza is considered relatively safe as it is the center of the city.

It is in rough and extremely hazardous situations like these that we usually need something to hold on to … to believe in. wikiHow and its community has been that and more to me. It was and still is what I turn to so as to find comfort and peace of mind. The wikiHow community members are so supportive and kind. When I set at the computer and start doing anything related to wikiHow, it is currently my only escape outlet where I can, for some sweet moments, forget about the war, the harsh circumstances and the suffering all around me. And when I see a message by one of the editors, whether discussing some wikiHow related matter or simply saying “hi, how are you”, it makes me feel … alive, not cutoff of the world outside … having what I call a “universal family” that cares and comforts me.

For all of that Jack, I’d like to thank you for founding this wonderful family, making it possible for me and many others to feel at home no matter what.

Obama – Geek or Nerd Adjunct?

This article is fun. I found it on the blog I regularly watch that has the best of the Colbert Report and the Daily Show (usually about 5 min a day for each- they are both currently off the air so there are no clips on the home page)

Obama: Full-on geek or just ‘nerd-adjacent?’: Some experts contend President-elect too cool, too athletic, too normal

Obama is good at “repressing his inner geek, but you can tell it’s there,” especially when he goes into nuanced explanations of technical matters, said Benjamin Nugent, author of the book “American Nerd: The Story of My People.

[[I am reading this book right now – it is great]]

“One imagines a terrifying rally of ‘Star Trek’ people shouting, ‘One of us!'” Nugent said, in an interview conducted by e-mail, of course.

Others see only some geek qualities, qualifying the president-elect as merely “nerd-adjacent.” After all, he’s an athlete and kind of cool, some experts demur. Still, there’s enough there for geeks to celebrate.

Psychology professor Larry Welkowitz of Keene State College in New Hampshire hopefully speculated that there’s a shift in what’s cool and that “smart can be in. Maybe that started with the computer programmers of the ’90s. The Bill Gateses of the world are OK.”

Other negative Cybermobs: Live Suicide

This story does not have a happy ending
From Times Online:

A 19-year-old man in Florida committed suicide live on the internet as hundreds of web surfers watched – taunting him and offering encouragement.

Abraham K. Biggs, from Broward County, Florida, announced his intention on an online forum, posted a suicide note on another and then took an overdose of pills in front of his webcam, broadcasting his final moments on

Mr Biggs lay on his bed motionless for several hours before members of the website became alarmed. With the video still streaming, viewers eventually called the local police, who broke down the door, found the body and switched off the camera. Up to 1,500 people were viewing, according to one report.

A video clip posted on the net shows a police officer entering the room, his handgun drawn, as he checks for any sign of life. Mr Biggs was a member of under the name CandyJunkie and was also known under the alias of Feels Like Ecstasy on Justin. tv. He had apparently threatened to commit suicide before.

The last post was about cybermobs emerging in the political fallout of proposition 8. This one at a personal level.

It makes me wonder how we can love and value life through the anonymity that the web gives us.

One of the major things that kids needed to be protected from articulated at the Kids Online conference last week was “themselves” this is a good example of this need.

Web Mobs and Proposition 8

I am Canadian so you can probably guess how I would have voted if I could have on Proposition 8 (the California constitutional amendment to define marriage as only between a man and a woman).
My views are not the point of this post. I am very concerned about what is playing out – online and in real life between the two sides of this issues following the passage of the amendment.

First of all we live in a democracy – the people of California voted for it – albeit by a small percentage but that was the will of the people.

When I look at this I think well the way the NO side wins is by doing all the work the YES side did last time – only better. They go and put an amendment to the constitution on the ballot and then build support for it.

The NO campaign assumed it couldn’t loose, was badly organized, didn’t have a comprehensive strategy for building support for its side across diverse communities throughout California. (The YES campaign was on the ground engaging with the black church community for example – they never saw anyone from the NO side come to their communities to engage them on the issue).

As the vote approach the NO side in a final very flawed move started attacking in television adds those who funded the YES side of the proposition and in particular the Mormon Church.

It was this turn of events that has lead into quite disturbing actions and behaviors by the NO campaign post election.

The blacklisting and subsequent public harassment and targeting of specific people and specific religious groups for their beliefs and support of YES on prop 8 is wrong.

I take this personally, I have and do work with people who are Mormon – (When I played water polo in university and in the Identity field). I respect the LDS church and the people in it – they have good values. Their religion is a very American one too (like Christian Science its origins are on this continent). Watch the Frontline/American Experience 4 hour documentary on the history of the church and their experience as a people/religious group.

A close personal family member I know also voted YES and for all I know could have donated.

When mobs start appearing at places of residence of YES contributors and their businesses. It makes me worried.

I thought about this issue earlier in the campaign when I wrote this post There are a lot of donkey’s in my neighborhood (and I know who they are)

From The Hive:

because she did about 60 gay ‘activists’ went to her restaurant and strong armed her in a scene reminiscent to Nazi Germany. They went down a list of people who gave as little as 100 dollars to boycott, harrass and attack them. They went there to ‘confront’ her for giving a measley hundred bucks based on her personal faith that she has had since childhood. They argued with her and it was reported by local news reporters was a “heated” confrontation.

So is this the America we want? Where if a private citizen wants to participate in the governmental process that they be harrassed and acosted. Their freedom of speech chilled by thugs.

From the NY Times:

The artistic director, Scott Eckern, came under fire recently after it became known that he contributed $1,000 to support Proposition 8…
In a statement issued on Wednesday morning, Mr. Eckern said that his donation stemmed from his religious beliefs — he is a Mormon — and that he was “deeply saddened that my personal beliefs and convictions have offended others.”

From the SF Chronicle:

Phillip Fletcher, a Palo Alto dentist who donated $1,000 to the campaign, is featured prominently on a Web site listing donors targeted for boycott. He said two of his patients already have left over the donation.

This is the site of the Anti Gay Blacklist Then there is a blog called Stop the Mormons.

The night Obama won and there was a party in the main street 6 blocks from my house – I had a moment of insight into the future. This was a happy celebratory Mob – it was basically safe. People were texting their friends and telling them where it was inviting them to join. I Tweeted about it so 900 people knew about it and where it was. I also knew that this new technology of texting and presence based real time information creates an increased capacity for mob formation. It made me wonder about the cultural skills and capacities we need to develop to interrupt mob behavior turning bad.

I think what is going on with the blacklists – that are directly targeting people in their private life is wrong. I think targeting specific religious institutions for protest is wrong.

These people and these religious institutions are not propagating HATE they are just not agreeing that marriage can be between a man and a man or a woman and a woman. This is a cultural difference of opinion.

I “get” where many of the gay activists are coming from – but it is not a place that will get them what they want. Many “fled” to the Bay Area to find a community and place where they could be who they were (gay, lesbian, queer, transgender etc). They were raised in conservative churches in other parts of the country that may have been explicitly anti-gay. They likely have strong feelings against these institutions and similar ones. It does not make it OK to the hate these people and act out against them. (If they want to proactively work on cultural change within these communities – Soul Force is doing a good job using nonviolence to work on change.)

We in the identity community need to understand what has unfolded here. The No on Prop 8 groups are using publicly available information. However this used to be information you could get if you went and asked for the paper versions from the court house. So it was public but with high friction to get the information. The web lowers the cost of getting this information (close) to zero – Daniel Solove writes about the change in publicly available information in the Digital Person.

I wonder about how we can balance the need to know who has contributed to political campaigns and propositions while at the same time prevent harassment and the emergence of negative physical and cyber mobs.

Nov 13th Kids Online: Balancing Safety and Fun – (un)confernece about the issues and best practices

I am working with Joi Podgorny and Denise Tayloe on this day following the Internet Identity Workshop Nov 10-12 in Mountain View, CA. You can register here on Event Brite. We are bringing together a range of practitioners and experts to work collaboratively for a day together.

Our goal is to leave the day with greater clarity around some core best practices and have next steps as an industry to help kids being safer online.

All of the attendees will make up the agenda together at the event itself. We do welcome ideas and suggestions for topics you hope get discussed the day of the event.

This is a day to dive in and work collaboratively on these kinds issues around kids online:

  • Who and what are we trying to protect digital kids from?
  • Are there standards and norms in practice that we can leverage to formalize best practices for industry?
  • Kids fake their ages to gain access to online content, do we as an industry care? If so, then?
  • How do we create best practices that are flexible based on age range, content and willingness for parental involvement by industry or the child?
  • How can we create cyber spaces that balance interesting and fun with safety?
  • What is the role of government in either defining or supporting best practices?

Who this (un) conference is for:

  • Online Community/Virtual World Managers
  • Policy officers and Security Officers at large companies
  • Consultants in the kids online space
  • Identity technologists
  • State Attorney Generals
  • Legislative Staffers
  • Parents and Kids
  • Academics in the field
  • Bloggers

Adult attendees of the conference are welcome to bring their children ages 10-25 to particiapte in the conversations. There will not be child care, this is about talking about the issues with the constituents we are talking about present.

(Kid’s Online is an Identity Commons Action Group)

This week the Internet Safety Task Force had a meeting this past week. dana boyd has a post about it happening here.

Here are some reports from the blogosphere worth reading:

Harry Lewis – More on Internet Safety
I was pretty shaken by the end of the first day of the Internet Safety Technical Task Force yesterday. I had a meeting right afterwards, which I entered by yelping a primal scream.

Benlog – Children vs. Anonymity
The day started with a few words from Connecticut Attorney General Richard Blumenthal….I think the only statement I agree with is that parents should be empowered.

Surveill@nce St@te – State AGs Push Online Child Safety Snake Oil
Won’t someone think of the children?
Given the intense political pressure to do something about child safety online, and a complete lack of proven, peer-reviewed, and abuse-resistant technologies available on the market, a number of private companies have stepped in to fill the void…

Braden Cox – The Safety Chase
Discussions focused mostly on what technical solutions exist for addressing the perceived lack of online safety on social networking websites. But overall there’s still a need to connect the most important dot—do proposed solutions actually make children safer?

Jim Kertetter – Help line in the works for cyberbullying victims
Perhaps the biggest reason for that is students’ behavior: A recent survey of high school students done by the Teenangels found 70 percent of the kids surveyed share passwords with other people. The reasons are often innocuous, such as asking someone to check their e-mail for them, or to find a homework assignment for them. Often, teens in relationships will share passwords to assure one another they’re being faithful.

Chris & Chris on Data Portability

Chris Mesina has a great post up about data portability.

1) It dives into the semantic meaning of the phrase and issues it raises about the actual nature of what needs to be built – is it data a physical thing that is ported around? or is it a digital thing that can be copied and moved and is present in the cloud. The nature of the metaphor makes a difference

2) He articulates the relationship between OpenID along with OAuth and other open standards listed on DP’s home page as proposed standards in the “social stack” – (there is none officially)

3) The Risks associated with Data Portability are clearly articulated
* Who does DP speak for and how is that different from the perception of who it speaks for
* Privacy – is it being addressed well? can it be addressed well with the current approach? what are the risks to the technologies if it is not addressed well.

4) What is Good about Data Portability.
* The phrase has created a conversation that can be useful in teasing out the more gnarly issues involved in developing social applications. He is cautionary about this though if the phrase is misunderstood and people have bad experiences with it – does that mean the technologies will be perceived as failures and there is a retreat back to walled gardens.

He closes with this

I think the next evolution of the social web is going to be one where we take certain things, like identity, like portable contact lists, like better and more consistent permissioning systems as givens, and as a result, will lead to much more interesting, more compelling, and, perhaps even more lucrative, uses of the open social web.

This whole posts gets to the heart of the question we will be opening up the Data Sharing Summit with an “unpanel” on Thursday.

Data Sharing: What Could Go Wrong?
Bob Blakely from the Burton Group will open the conversation

What data is shared?
Who’s data is it?
Who should be able to move it? and under what conditions should they be able to do so?

Other Conversant are:
* Daniela Barbosa, (day job at Dow Jones)
* Marc Canter, Broadband Mechanics
* Jospeh Smarr, Plaxo
* Ken Kovash, Mozilla

Should be very interesting getting to the heart of these matters.

If you care to read it Chris Saad has a response to Factory Joe’s post here.

The Venn of Identity is published

This is a great article and I have been talking about it for several months when presenting about digital identity. It was written by Drummond Reed and Eve Maler and I read it in December.(I am doing this more and more now). It has finally been published here is the abstract but it actually costs $19 – uggg.

Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity’s components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.

Are VRM ideas gaining traction?

This is from Zallas Technologies:

“Conventional wisdom has focused on customer identification as the foundation for one-to-one marketing campaigns,” says Adam Sarner, principal analyst at Gartner. “The reality of Generation V creating anonymous online personas, and the sheer power of their growing influence in an online environment, mean companies must change their methods of acquisition and relationship building.” He believes that CRM-focused companies and particularly their marketing departments must take notice of this change and engage with these “online personas” rather than with the actual customers who stand behind them.

“Going forward, customers’ true identities will have less importance, and instead companies will need to understand the role or persona that customers are playing at any given time and treat them accordingly,” says Sarner, who further believes that providers of third-party customer data, business intelligence, and analytic tools will shift toward consumer applications and eventually arm companies with automated, artificial intelligence and self-learning “persona bots” to seek customers’ needs and desires.

there are 6 things they list CRM focused companies need to do – this is one of them

Develop a mutually beneficial relationship. Use the information that you gather from your customer base (through data collection and communication) to create a two-way flow of information between your “persona” customers and your company. Use that input to hone your offerings to match various “persona” wants.

Geeks and Social Algorythms

There is lots of coverage of the inventor of Dungeons and Dragon Mr. Gygax. I have spent a few days working with material about reputation and the difference between human knowing reputation and computational reputation. I have been thinking about how geeks and those coding social software and how for me as a community organizer it so often misses the mark. This excerpt made me chuckle cause it reminded me of part of the reason why. From the NYTimes:

Geeks like algorithms. We like sets of rules that guide future behavior. But people, normal people, consistently act outside rule sets. People are messy and unpredictable, until you have something like the Dungeons & Dragons character sheet. Once you’ve broken down the elements of an invented personality into numbers generated from dice, paper and pencil, you can do the same for your real self.

For us, the character sheet and the rules for adventuring in an imaginary world became a manual for how people are put together. Life could be lived as a kind of vast, always-on role-playing campaign.

Don’t give me that look. I know I’m not a paladin, and I know I don’t live in the Matrix. But the realization that everyone else was engaged in role-playing all the time gave my universe rules and order.

We geeks might not be able to intuit the subtext of a facial expression or a casual phrase, but give us a behavioral algorithm and human interactions become a data stream. We can process what’s going on in the heads of the people around us. Through careful observation of body language and awkward silences, we can even learn to detect when we are bringing the party down with our analysis of how loop quantum gravity helps explain the time travel in that new “Terminator” TV show. I mean, so I hear.

Social Network Stack proposed by Phil

My friend Phil Wolff over at Skype Journal has been thinking about Social Network Stack – He had a great diagram there and describes it this way:

We need a new stack to sort out social media’s plumbing.

Introducing the Social Stack’s Six Zones of Interoperability.

* ID (Account lifecycles, Login)
* Sync (Profile, Contacts, Objects)
* Permission (Policy, Licensing)
* Find (People Search, Discovery, Gatekeepers)
* Action (Group Actions, Relationship Actions)
* Now (Alerting, Presence)

Community providers like Skype stand to gain as their architectures first recognize/design, then adopt and apply the Social Stack’s standards. As with the first stack, the Social Stack will attract:

* Engineers amazed and delighted at how convenient it is to build solutions or integrate existing systems by using well documented patterns and protocols.
* Entrepreneurs hungry for the chance to build unique value atop commodity plumbing
* Capital seeking to unleash new markets
* Consumers flying to seamless onlife experiences

Lessig on the FCC and Internet

Lessig is on to corruption this is quoted from a recent interview he gave on the subject:

One of the biggest targets of reform that we should be thinking about is how to blow up the FCC. The FCC was set up to protect business and to protect the dominant industries of communication at the time, and its history has been a history of protectionism — protecting the dominant industry against new forms of competition — and it continues to have that effect today. It becomes a sort of short circuit for lobbyists; you only have to convince a small number of commissioners, as opposed to convincing all of Congress. So I think there are a lot of places we have to think about radically changing the scope and footprint of government.

Most interesting to me was when I was doing research very early on about this, and I talked to someone who was in the Clinton administration. They were talking about Al Gore’s original proposal for Title VII of the Communications Act. Title II deals with telecom and Title VI deals with cable and Title VII was going to be an Internet title. And Title VII was going to basically say, no regulation except for minimal interconnect requirements — so it would be taking away both DSL and cable and putting them under one regulatory structure that minimized regulation of both. When this idea was floated on the Hill, it was shot down. The answer came back was, “We can’t do this! How are we going to raise money from these people if we’ve deregulated all of this?”

So I completely agree. I think we’ve got to recognize that the way the system has functioned is to insinuate regulation in all sorts of places that aren’t necessary in order to fuel this political machine of fundraising. There’s this great speech of Ronald Reagan’s in 1965 where he talks about how every democracy fails, because once people realize they can vote themselves premiums, that’s what they’re going to do, and they’ll bankrupt the nation. Well, he had it half right, in the sense there’s a system where people realize they can vote themselves the benefits and destroy the economy. But it’s not the poor who gathered together and created massive force in Washington to distribute income to them. It’s this weird cabal of politicians and special-interest insiders that have achieved this effect. Basically, they can pervert the economy and growth in ways that protect and benefit certain interests.

UK to start fingerprinting ALL passengers on domestic flights

This was on Slashdot today…and in the Telegraph:

For the first time at any airport, the biometric checks will apply to all domestic passengers leaving the terminal, which will handle all British Airways flights to and from Heathrow.

The controversial security measure is also set to be introduced at Gatwick, Manchester and Heathrow’s Terminal 1, and many airline industry insiders believe fingerprinting could become universal at all UK airports within a few years.

All four million domestic passengers who will pass through Terminal 5 annually after it opens on March 27 will have four fingerprints taken, as well as being photographed, when they check in.

To ensure the passenger boarding the aircraft is the same person, the fingerprinting process will be repeated just before they board the aircraft and the photograph will be compared with their face.

BAA, the company which owns Heathrow, insists the biometric information will be destroyed after 24 hours and will not be passed on to the police.

It says the move is necessary to prevent criminals, terrorists and illegal immigrants trying to bypass border controls.

The company said the move had been necessitated by the design of Terminal 5, where international and domestic passengers share the same lounges and public areas after they have checked in.

Without the biometric checks, the company says, potential criminals and illegal immigrants arriving on international flights or in transit to another country could bypass border controls by swapping boarding passes with a domestic passenger who has already checked in.

Keen attacks the “identity dog’s” right to exist.

In my home town paper the headline was Disconnect 1st Amendment from Internet hatemongers. The LA times version was Douse the Online Flamers: Faceless Internet sadists who ruin reputations don’t deserve full free-speech protection. Written by Andrew Keen the Cult of the Amateur guy – who wrote the book to get attention and blogs himself .

It begins with our little friend the “identity dog“.

THE CARTOON isn’t as amusing as it once was. “On the Internet, nobody knows you’re a dog,” one Web-surfing canine barked to another in that 1993 classic from the New Yorker. Back then, of course, at the innocent dawn of the Internet Age, the idea that we might all be anonymous on the Web promised infinite intellectual freedom. Unfortunately, however, that promise hasn’t been realized. Today, too many anonymous Internet users are posting hateful content about their neighbors, classmates and co-workers; today, online media is an increasingly shadowy, vertiginous environment in which it is becoming harder and harder to know other people’s real identities.

It goes into depth about several cases where anonymous online speech was harmful to people online.
And ends with him too..

All three of these cases indicate that the U.S. Supreme Court soon might need to rethink the civic value of anonymous speech in the digital age. Today, when cowardly anonymity is souring Internet discourse, it really is hard to understand how anonymous speech is vital to a free society. That New Yorker cartoon remains true: On the Internet, nobody knows you’re a dog. But it is the responsibility of all of us — parents, citizens and lawmakers — to ensure that contemporary Web users don’t behave like antisocial canines. And one way to achieve this is by introducing more legislation to punish anonymous sadists whose online lies are intended to wreck the reputations and mental health of innocent Americans.

I just finished reading Daniel Solove the Future of Reputation.
It goes in to great detail about the different forms that violations of privacy and reputation can happen and what the law has had to say about it.

One of the most important things to remember is that Virtue of Anonymity this is covered on page 139 of the chapter on Free Speech, Anonymity and Accountability (PDF).

The saga ofArticle III Groupie demonstrates how easy it seems to be anonymous on the Internet. A person can readily create a blog under a pseudonym or can post anonymous comments to blogs or online discussion groups. According to a survey, percent ofbloggers use pseudonyms rather than their real identities. Anonymity can be essential to free speech. As the Supreme Court has noted: “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress ofmankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.”60 Anonymous speech has a long history as an important mode of expression.

Between 1789 and 1809, six presidents, fifteen cabinet members, twenty senators, and thirty-four congressmen published anonymous political writings orused pen names. It was common for letters to the editor in local newspapers to be anonymous. Ben Franklin used more than forty pen names during his life. Mark Twain, O. Henry, Voltaire, George Sand, and George Eliot were all pseudonymous authors. Indeed, James Madison, Alexander Hamilton, and John Jay published the Federal Papers under the pseudonym Publius. Their opponents, the Anti-Federalists, also used pseudonyms.62
Anonymity allows people to be more experimental and eccentric without risking damage to their reputations.63Anonymity can be essential to the presentation ofideas, for it can strip away reader biases and prejudices and add mystique to a text. People might desire to be anonymous because they fear social ostracism or being fired from their jobs. Without anonymity, some people might not be willing to express controversial ideas. Anonymity thus can be critical to preserving people’s right to speak freely.

He goes on to talk about the problems that non-accountable anonymous speech can create.

One page 148 he gets to Balancing Anonymity and Accountability. It covers “John Doe” Law suits and the Issues around Section 230 immunity – that ISP’s and other hosters like Yahoo! or even me on my blog are not responsible for what others say in online spaces we provide. The and cases that Keen points to are the result of the failing to find a way to apply Section 230 immunity well.

Solove proposes asks “What Should the Law Do?”

Although existing law lacks nimble ways to resolve disputes about speech and privacy on the Internet, completely immunizing operators of websites works as a sledgehammer. It creates the wrong incentive, providing a broad immunity that can foster irresponsibility. Bloggers should have some responsibilities to others, and Section 230 is telling them that they do not. There are certainly problems with existing tort law. Lawsuits are costly to litigate, and being sued can saddle a blogger with massive expenses. Bloggers often don’t have deep pockets, and therefore it might be difficult for plaintiffs to find lawyers willing to take their cases. Lawsuits can take years to resolve. People seeking to protect their privacy must risk further publicity in bringing suit.

These are certainly serious problems, but the solution shouldn’t be to insulate bloggers from the law. Unfortunately, courts are interpreting Section 230 so broadly as to provide too much immunity, eliminating the incentive to foster a balance between speech and privacy. The way courts are using Section 230 exalts free speech to the detriment ofprivacy and reputation. As a result, a host ofwebsites have arisen that encourage others to post gossip and rumors as well as to engage in online shaming. These websites thrive under Section 230’s broad immunity.

The solution is to create a system for ensuring that people speak responsibly without the law’s cumbersome costs. The task ofdevising such a solution is a difficult one, but giving up on the law is not the answer. Blogging has given amateurs an unprecedented amount ofmedia power, and although we should encourage blogging, we shouldn’t scuttle our privacy and defamation laws in the process.

He concludes

Words can wound. They can destroy a person’s reputation, and in the process distort that person’s very identity. Nevertheless, we staunchly protect expression even when it can cause great damage because free speech is essential to our autonomy and to a democratic society. But protecting privacy and reputation is also necessary for autonomy and democracy. There is no easy solution to how to balance free speech with privacy and reputation. This balance isn’t like the typical balance ofcivil liberties against the need for order and social control. Instead, it is a balance with liberty on both sides ofthe scale—freedom to speak and express oneselfpitted against freedom to ensure that our reputations aren’t destroyed or our privacy isn’t invaded.

As I have tried to demonstrate in this chapter, a delicate balance can be reached, but it is not an easy feat. In many instances, free speech and privacy can both be preserved by shielding the identities ofprivate individuals involved in particular stories. With the Internet, a key issue for the law is who should be responsible for harmful speech when it appears on a website or blog. Much speech online can be posted by anybody who wants to comment to a blog post or speak in an online discussion forum. Commentators can cloak themselves in anonymity and readily spread information on popular blogs and websites. The law currently takes a broadly pro–free speech stance on online expression. As a result, it fails to create any incentive for operators ofwebsites to exercise responsibility with regard to the comments ofvisitors.

Balancing free speech with privacy and reputation is a complicated and delicate task. Too much weight on either side ofthe scale will have detrimental consequences. The law still has a distance to go toward establishing a good balance.

Andrew Keen is an ‘attention seeker’ (I had a ruder phrase in here but thought better then to publish it)- he is writing to be provocative, get attention and called upon to play the role of the ‘other side’ in a community that is experimenting with a range of forms of openness that challenge traditional or entrenched ‘expertise, authority and hierarchy’. Those threatened by emergence of power via new technologies ‘like’ what Andrew has to say. I think it is irresponsible for Andrew to call to the end of the First Amendment’s protection of Anonymous speech online because some small percentage of people are hurt by this – clearly there needs be some evolution in the law and the practices that we have to balance privacy and freedom.

Your ‘dead’ but you are not really dead.

From Slashdot:

According to MSNBC, thousands of U.S. citizens have wrongfully been declared dead, due to an average of 35 data input errors per day by the Social Security Administration (SSA). Many other agencies rely on the data provided by the SSA, such as the IRS. People who have been wrongfully declared dead face many problems, such as rejection of tax returns, cancellation of health insurance, and closure of bank accounts. The article states, ‘Input of an erroneous death entry can lead to benefit termination and result in financial hardship for a beneficiary.’ Apparently it is far easier to declare a person’s death than it is to correct the mistake. It continues, ‘Social Security says an erroneous death record can be removed only when it is presented with proof that the original record was entered in error. The original error must be documented, and the deletion must be approved by a supervisor after “pertinent facts supporting reinstatement” are available in the system.'”


In all, Social Security officials had to “resurrect” 23,366 people from January 2004 to September 2005. In other words, over a period of 21 months, Social Security was presented with irrefutable evidence that it had been “killing” more than 1,100 people a month, or more than 35 a day.

Garbage in, garbage out
The problem begins at the Social Security Administration, keeper of most of the records tabulating deaths in the United States. Like other government agencies, the IRS, with whom Todd has most recently tangled, relies upon Social Security’s database, said Dan Boone, a spokesman for the IRS.

When Social Security determines that an eligible current or future beneficiary has died, it closes the person’s entry in its Case Processing and Management System, or CPMS.

The system is only as good as the data it receives. Sometimes, that isn’t very good.

Todd, for example, was killed when someone in Florida died and her Social Security number was accidentally typed in. Since then, her tax returns have repeatedly been rejected, and her bank closed her credit card account.

“One time when I [was] ruled dead, they canceled my health insurance because it got that far,” she said.

Toni Anderson of Muncie, Ind., expired when someone in the government pushed the wrong button, making the records declare that it was she, not her husband, John, who died Nov. 8.

Social Security even sent this letter: “Dear Mr. Anderson, our condolences on the loss of Mrs. Anderson.”


This is just one of a huge set of issues that arise from massive government databases that are maintained by people (who make mistakes). It a reminder that the ‘massive government database in the sky that determines who is and is not ‘alive’ or ‘dead’ is or is not a person is not going really the answer to identity problems – increasing reliance on them could make things worse.

Daniel Solove makes this point that bureaucracies don’t take care of people’s information well because they are data systems full of abstractions.

Bob Blakley talks about the fact that

Privacy is not about keeping personal information secret. It’s about ensuring that people who handle personal information respect the dignity of the individuals to whom that information refers.

Killing people in government databases before they are dead is not dignified.

Death in first person shooter games

I wonder if this applies to the death of an online persona too?
We shall see….

From Slashdot:

“Brandon Erickson has an interesting post about an experiment on players’ emotional reactions to killing and being killed in a first-person shooters (FPS) with a group of students who played James Bond 007: Nightfire while their facial expressions and physiological activity were tracked and recorded moment-to-moment via electrodes and various other monitoring equipment. The study found that “death of the player’s own character…appear[s] to increase some aspects of positive emotion.” The authors believe this may result from the temporary “relief from engagement” brought about by character death. “Part of this has to do with the intriguing aesthetic question of precisely how the first-person-shooter represents the player after the moment of death,” says Clive Thompson. “This sudden switch in camera angle — from first person to third person — is, in essence, a classic out-of-body experience, of exactly the sort people describe in near-death experiences. And much like real-life near-death experiences, it tends to suffuse me with a curiously zen-like feeling.” An abstract of the original article, “The psychophysiology of James Bond: Phasic emotional responses to violent video game events” is available on the web.” Obnoxiously this alleged scholarly research is not available for free, so we’ll just have to speculate wildly what it says based on the abstract.