Another Bill of Rights

I did a collection called the Bill o’ Rights o Rama. 

Here is a new proposed one a Gamers Bill of Rights  based on another gamers bill of rights (this one looks beautiful)

Preamble
Gamers are customers who pay publishers, developers, and retailers in exchange for software.

They have the right to expect that the software they purchase will be functional and remain accessible to them in perpetuity.

They have the right to be treated like customers and not potential criminals.

They have the right to all methods of addressing grievances accessible by other consumer.

They have the right to the game they paid for, with no strings attached beyond the game and nothing missing from the game.

Gamers’ Bill of Rights
I. Gamers shall receive a full and complete game for their purchase, with no major omissions in its features or scope.

II. Gamers shall retain the ability to use any software they purchase in perpetuity unless the license specifically and explicitly determines a finite length of time for use.

III. Any efforts to prevent unauthorized distribution of software shall be noninvasive, nonpersistent, and limited to that specific software.

IV. No company may search the contents of a user’s local storage without specific, limited, explicit, and game-justified purpose.

V. No company shall limit the number of instances a customer may install and use software on any compatible hardware they own.

VI. Online and multiplayer features shall be optional except in genre-specific situtations where the game’s fundamental structure requires multiplayer functionality due to the necessary presence of an active opponent of similar abilities and limitations to the player.

VII. All software not requiring a subscription fee shall remain available to gamers who purchase it in perpetuity. If software has an online component and requires a server connection, a company shall provide server software to gamers at no additional cost if it ceases to support those servers.

VIII. All gamers have the right to a full refund if the software they purchased is unsatisfactory due to hardware requirements, connectivity requirements, feature set, or general quality.

IX. No paid downloadable content shall be required to experience a game’s story to completion of the narrative presented by the game itself.

X. No paid downloadable content shall affect multiplayer balance unless equivalent options are available to gamers who purchased only the game.

Real Names vs Nyms at Quora & Unconferences

I am again in a #nymwar [wikipedia & Botgirl's Scoop.it] situation that I actually care about. I have been denied full participation in Quora for a long long time now because my last name was listed as IdentityWoman (ironically my answer to why having control over your identity and personal data online matters did go through but then was put into suspension when they insisted on changing my name to a WASPonym).

Now there is a thread all about an unconfernece for women of Quora and they have mentioned both Unconference.net my business and She’s Geeky that I founded in the threads. I for this one important conversation bow to the “feudal lord”  of Quora as their humble “content producing servent” share my so-called real name…and help them have a good unconference and raise the issues of real name requirements within the context of real human beings who engage with the site all the time and hopefully staff as well.  Until we have the freedom to choose our names for public interactions on the web – to define our own identities based on our context and how we wish to appear where – we do not live in a free society.

 

Before they “banned” me for having the wrong color skin name. I got to write an eloquent to this question (posted below since it isn’t on their site).

Why does owning one’s own online identity and personal data matter?

and was voted to the top (with 5 votes) by others…but now that answer isn’t there cause I didn’t use my real name.

So now you can’t see it…this is akin to not letting me sit somewhere in a public space because the color of my skin is the wrong one OR I happen to sit in a wheel chair to get around and there isn’t room in our restaurant and they are in violation of American’s with Disabilities Act.

The women of Quora are talking about organizing an unconfernece and found two of my organizations/sites and are enthusiastic about them. I am totally unable to talk to them about their ideas or my sites unless I pass their “real names” test….you know like a pole tax … that Bob and I talked about in our Cloud Identity Summit closing Keynote about Identification and Social Justice (slides and videos will be online soon).

My answer to:

Why does owning one’s own online identity and personal data matter?

We own our own bodies – we have freedom and autonomy to move around the physical world.  We have rights and freedoms; If our physical lives are terminated there are consequences.

In the digital world many people are not the primary “owner” of their own identity (in digital space the equivalent of a physical body is a persistent identifier like an e-mail address or a URL or phone number).  Most people’s identity on the web is “under” terms and conditions of a private company and they can terminate people’s accounts, their identities, without recourse.

Many companies with which people have their identities “under” choose to in exchange for providing identity provisioning services and things like e-mail. They also track and aggregate user’s activities on their services and across the web via cookies and other beacons.  This profile of activity has real value and is being used by the companies to profile them and then sell abstract versions of the profile information on ad exchanges.

Some have said we live in an age of digital feudalism, where we are serfs on the lords’ manors (the large web portals).

Having the freedom and autonomy to choose who we are online and how we express ourselves is important to ensuring a free society  with rights and liberty.

Adding some more: About one’s social graph… The links in your social graph in the current architecture of the web exist within particular contexts – you have friends in Facebook or Followers on Twitter or Professional Contacts on LinkedIN. Those links, those connections in a “social graph” are ulitmately owned by the company within which you made those links. If you choose to leave any one of those networks – all your links to those people are terminated.

This is an architecture of control. You are locked into those systems if you don’t want to loose the links to others in them. To own your own identity would be to have an identity that would give you the freedom to not loose the links to your contacts, they would be peer to peer autonomous of any particular service.

The next time there is a major social revolution like in Egypt governments are not going to try and turn of the internet or mobile phone system it is likely they will simply call facebook ans ask them to terminate the accounts of dissidents.

 

 

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more...]

Google+ says your name is “Toby” NOT “Kunta Kinte”

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more...]

Lets try going with the Mononym for Google+

Seeing that Google+ is approving mononyms for some (Original Sai, on the construction of names Additional Post) but not for others (Original Stilgherrian Post Update post ).

I decided to go in and change my profile basically back to what it was before all this started.  I put a  ( . ) dot in the last name field.  In my original version of my google proflile my last name was a * and when they said that was not acceptable I put my last name as my online handle “Identity Woman”.

[Read more...]

Cybersecurity report covers Identity

Lucy Lynch posted this “The CSIS Commission on Cybersecurity for the 44th Presidency ” to the ID-Legal e-mail list.

We are actually going to discuss it on our upcoming call along with figuring out our steward to Identity Commons. Lucy and I will be spending 2 days at the end of December face to face in Eugene planning strategy/execution/deliverables around having at least event in DC this winter/spring before the next IIW.

The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commissions three major findings are:

1. Cybersecurity is now one of the major national security problems facing the United States;

2. Decisions and actions must respect American values related to privacy and civil liberties; and

3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.”

There is a section on: Identity Management for CyberSecurity (page 67) that folks will want to read. CSIS is a Washington think tank, so this
is only advisory, but interesting to see some old models coming around again.

“CSIS was launched at the height of the Cold War, dedicated to the simple but urgent goal of finding ways for America to survive as a nation and prosper as a people. During the following four decades, CSIS has grown to become one of the nations and the worlds preeminent public policy institutions on U.S. and international security.”

Saving Kids from Predators – parents blog their e-mail addresses

NYTimes:

From Connecticut’s attorney general, Richard Blumenthal: “If for nothing else, this set of principles is a landmark and milestone because it involves an acknowledgment of the importance of age and identity authentication and a commitment to explore and develop those means,” he said. “If we can put a man on the moon we can do age and identity authentication. Today we form a partnership that will protect children , purge predators and expunge inappropriate content including pornography.”

I could highlight my usual point when it comes to sexual predators online….kids are far more vulnerable to being sexually abused AT HOME by people the know including family members. This fetish with predators online is a mass projection to avoid looking at this real fact.

Scientists must give up privacy rights

I just found this in SlashDot - quite disturbing…

“Wired is reporting that all NASA JPL scientists must ‘voluntarily’ (or be fired) sign a document giving the government the right to investigate their personal lives and history ‘without limit’. According to the Union of Concerned Scientists this includes snooping into sexual orientation, mental & physical health as well as credit history and ‘personality conflict’. 28 senior NASA scientists and engineers, including Mars Rover team members, refused to sign by the deadline and are now subject to being fired despite a decade or more of exemplary service. None of them even work on anything classified or defense related. They are suing the government and documenting their fight for their jobs and right to personal privacy.”

Will Netizen rights be protected?

From Slashdot:

“The NSA has a new assignment. No longer merely responsible for signals intelligence, the NSA now has the task of defending against cyber attacks on government and private networks. ‘The plan calls for the NSA to work with the Department of Homeland Security and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the ‘Cyber Initiative.’ Details of the project are highly classified. Director of National Intelligence Mike McConnell, a former NSA chief, is coordinating the initiative. It will be run by the Department of Homeland Security, which has primary responsibility for protecting domestic infrastructure, including the Internet, current and former officials said. At the outset, up to 2,000 people — from the Department of Homeland Security, the NSA and other agencies — could be assigned to the initiative, said a senior intelligence official who spoke on condition of anonymity.'”

Yeah! for the Fourth Amendment

I have been worried about this for a while (see this post from Dec 2006 and way back when in August 2005 when I first was alerted to this issue) Just when things were looking really grim on the online privacy front this ruling came in…..from Wired Blogs:

The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upheld a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using “Smiling Bob” ads that have gained some notoriety.

The case boiled down to a Fourth Amendment argument, in which Warshak contended that the government overstepped its constitutional reach when it demanded e-mail records from his internet service providers. Under the 1986 federal Stored Communications Act (SCA), the government has regularly obtained e-mail from third parties without getting warrants and without letting targets of an investigation know (ergo, no opportunity to contest).

It is sort of odd that it is about penis spam but hey – freedom is freedom is freedom.

To reach its decision, the court relied on two amici curiae that presented compelling arguments for shoring up current privacy law with respect to e-mail. The article is worth reading in full.

Age and Idetntity in Second life

I just found this from someone linking to my WoW piece. It seems that Linden Lab will be doing age verification – from their blog:

We will shortly begin beta testing an age and identity verification system, which will allow Residents to provide a one-time proof of identity (such as a driver’s license, passport or ID card) and have that identity verified in a matter of moments.

Second Life has always been restricted to those over 18. All Residents personally assert their age on registration. When we receive reports of underage Residents in Second Life, we close their account until they provide us with proof of age. This system works well, but as the community grows and the attractions of Second Life become more widely known, we’ve decided to add an additional layer of protection.

Once the age verification system is in place, only those Residents with verified age will be able to access adult content in Mature areas. Any Resident wishing to access adult content will have to prove they are over 18 in real life….

Landowners are morally and legally responsible for the content displayed and the behavior taking place on their land. The identity verification system gives them new tools to ensure any adult content is only available to adults over 18 because unverified avatars will not have access to land flagged as containing adult content…..

The verification system will be run by a third party specializing in age and identity authentication. No personally identifying information will be stored by them or by Linden Lab, including date of birth, unless the Resident chooses to do so. Those who wish to be verified, but remain anonymous, are free to do so.

There is an extensive FAQ in the blog post. It seems that online life is going to get more complex. I wonder what vendor they are going to use for this. I wonder how it will work internationally.

The other thing I wonder about is how necessary is this. I kids are exposed to so much already. I am currently reading GenerationMe: Why Today’s Young American’s are more Confident, Assertive, Entitled – and More Miserable Than Ever Before by Jean M. Twenge. Some of the book talks about the current attitudes about sex and the sexual practices of young people. The Monica Lewinsky was all happening when they were in elementary school. They know what sex is and many many of them are doing it – lots are having oral sex (mostly the girls giving it to the guys) in middle school and by highschool many are sleeping around with a lot of partners ‘hooking up’ without really being in boyfriend girlfriend relationships. Yes they are doing it with their peers and not other adults but it is not like it is news to them. I am not condoning this trend of hyper sexually active young people. The number and range of these surveys means it is real not imaginary. I also don’t think they should have access to adult areas of Second Life. The issue is serious and I think there is a social dialogue about sex, its meaning would be a good thing to foster. It is a disconcerting to learn how casual it is being taken by youth however as the author points out imitating the way it is portrayed in the media. So what is the big deal with Avatars in a virtual world I wonder. I hope this question is not to much to ask and that I will not be harshly judged for having asked if we should ask this question.

Personally I gave up on SL 9 months ago for other reasons. I was fed up with downloading a new massive client to wander around an aimless 3D space. Then to top it all off the were hacked and you had to call them to get a new password. I also was annoyed the first thing you had to do was pick your name with some strange last name from a list they determined. Once you picked your name you couldn’t change it….it was the one thing persistent about you. I think online 3D has potential but I am convinced there will be worlds that leapfrog SL.

Here are some of the comments about the proposal on their site

I do not wish to have my personal information – my SSN or anything else, in the hands of a 3rd party organization – or even in the hands of SL. I am very cautious about what info I put out there – and considering how easily sites can be hacked, this is a security issue. Some of us have RL clearances and do not want more info out there – and as such – we will now be unable to access adult content? Let’s face it that’s why many of us put up a credit card for premium membership – to prove our age. Further proof is a burden on the players that we should not have to bear.

First, you should be aware it is illegal to require an individual to provide his/her social security number as a means of identification to anyone but the Federal Government. Second, if driver’s license and or SSN is provided to you or your agent you may become legally liable for the misuse, loss, or theft of that information for the purposes of fraud or identity theft. Good Luck.

A third party that LL trusts and isn’t giving us who this third party is, I’m taking issue with. The moment I give them my driver’s license, they will now own my name, address, license number, AND because I live in a state that puts the Social Security number on the driver’s license, they will have that as well. I’m not impressed with this action nor do I trust LL’s belief in this third party that they will not keep this data. Prove it!

“Driver’s license, passport or ID card” are you joking?

I think you need to come to grips with a few things. Half the residents in SL do not live in Puritanical America. Your ‘immature’ attitude toward sex and alcohol are not shared by the majority of people on Earth. There is no drinking age in most of Europe and Asia and most people look upon sex as a normal human activity.

What about those of us without passports, drivers’ licences or any form of national ID? You falsely assume that all adults have one of these things – not all of us drive, go abroad or live in countries with Big Brother-style ID card schemes.

The best bit IMO is we’re now expected to pay for the privilege of being treated like adults. Are we not mature enough to be given the responsibility of ignoring things we don’t want to see? The way I see it this system is good in theory but completely flawed in practice.

Once again, Linden Labs adopts a US-sentric attitude. US players only have to provide the last 4 digits of their Social Security numbers, while non-US residents have to provide a full National ID Number (whatever that is, and whatever countires use them) or a full passport number! What about people who have no National ID, or passport? What are they to do?

This sounds very heavy handed. It sounds like a roomful of lawyers, FBI Agents, and other law enforcement put the fear of Gawd in to Linden to have them take the extreme step of seeking partial social security numbers, and age verification via key documents. I believe the point has been raised the credit card verification is typically enough to meet age requirement guidelines.

As a UK resident, I do not feel comfortable about giving personal details to an as yet unamed data collection company, which I assume is US based.

With the current climate in the US as regards to Bush’s evesdropping on data communications to aid the War on Terror(tm), I do not want to end up on some US government database as belonging to a virtual porn-ridden community run by a bunch of subversive godless burnt-out californian commie hippies (Ann Coulter is hawt!!).

Flickr SUCKS

They are forcing us to merge our identities. I thought they decided not to do this. They let us keep our old way of logging in.
I joined FLICKR not YAHOO.
I really don’t care that they got bought. I do care that my login is being merged.
Does anyone know a good alternative to Flickr/Yahoo that uses openID?

2. On March 20th, 2007 we’ll be discontinuing the old email-based Flickr sign in system. From that point on, everyone will have to use a Yahoo! ID to sign in to Flickr.

We’re making this change now to simplify the sign in process in advance of several large projects launching this year, but some Flickr features and tools already require Yahoo! IDs for sign in — like the mobile site at m.flickr.com or the new Yahoo! Go program for mobiles, available at http://go.yahoo.com.

If you still sign in using the email-based Flickr system (here), you can make the switch at any time in the next few months, from today till the 15th. (After that day, you’ll be required to merge before you continue using your account.) To switch, start at this page: http://flickr.com/account/associate/

Complete details and answers to most common questions are available here: http://flickr.com/help/signin/

If you have questions or comments about signing in with a Yahoo! ID, speak up!

Credit Checks by the Government ‘legal’

More privacy invasion by the Executive Branch:

Vice President Dick Cheney said Sunday the Pentagon and CIA are not violating people’s rights by examining the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage in the United States.

Rep. Silvestre Reyes, D-Texas, the new chairman of the House Intelligence Committee, said his panel will be the judge of that.

National security letters permit the executive branch to seek records about people in terrorism and spy investigations without a judge’s approval or grand jury subpoena.

Corporations plan to contribute Open Source OpenID

This was a great to see from James McGovern:

In terms of my own planned 2007 contributions to open source, I will be commiting to contributing to the authorization specification as part of the OpenID community. The funny thing is that I will be going against my better judgement in that enterprises tend to desire to contribute to things that are measurable like implemented software as we really can’t do anything with ideas alone. Ideas need to be turned into software. What I fear the most is folks from Sun such as Pat Patterson, Sara Gates,Simon Phipps, Robin Wilton, Don Bowen and folks from Microsoft such as Kim Cameron and Jason Matusow openly supporting initiatives such as OpenID but not taking deliberate steps within their respective employers to actually implement the OpenID specification and any resulting authorization enhancements. I too am somewhat constrained in that the perception of anything that isn’t implemented will be perceived as an academic exercise that was a waste of time that will put the ability to contribute to open source projects in the future at risk…

Tracking content online

Attributor Corp is launching a product that combs the entire web for ‘unauthorized uses.’ From the WSJ:

They claim to have cracked the thorny computer-science problem of scouring the entire Web by using undisclosed technology to efficiently process and comb through chunks of content. The company says it will have over 10 billion Web pages in its index before the end of this month.

Attributor analyzes the content of clients, who could range from individuals to big media companies, using a technique known as “digital fingerprinting,” which determines unique and identifying characteristics of content. It uses these digital fingerprints to search its index of the Web for the content. The company claims to be able to spot a customer’s content based on the appearance of as little as a few sentences of text or a few seconds of audio or video. It will provide customers with alerts and a dashboard of identified uses of their content on the Web and the context in which it is used.

(if the link to the WSJ goes ‘unfree’ follow the ‘read more’ at the bottom of this post to read the full text)
[Read more...]

Just what I was afraid of.

From Slashdot: Federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer.
We’re looking at a future in which almost all of our private papers are in the hands of third parties and not protected by the Fourth Amendment,” said Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation
I hope the EFF, ACLU, EPIC and everyone else who can possibly pile on to this one.

From the Star Tribue:

The government needs a search warrant if it wants to read the U.S. mail that arrives at your home. But federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer.

That would include all of the Big Four e-mail providers — Yahoo, AOL, Hotmail and Google — that together hold e-mail accounts for 135 million Americans.

Twenty years ago, when only a relative handful of scientists and scholars had e-mail, Congress passed a law giving state and federal officials broad access to messages stored on the computers of e-mail providers.

Now that law, the Stored Communications Act of 1986, is being challenged in federal court in Ohio by Steven Warshak, a seller of “natural male enhancement” products who was indicted for mail fraud and money laundering after federal investigators sifted through thousands of his e-mails.

I would like the language in the i-broker agreements for XDI.org to have language that basically says they will treat personal data held as if it were in someone’s house and therefore protected under the 4th amendment.

Concerning acts of legislation

I just read a link to this on Slashdot. I am quite concerned about what it says.

In a stealth maneuver, President Bush has signed into law a provision which, according to Senator Patrick Leahy (D-Vermont), will actually encourage the President to declare federal martial law (1). It does so by revising the Insurrection Act, a set of laws that limits the President’s ability to deploy troops within the United States. The Insurrection Act (10 U.S.C.331 -335) has historically, along with the Posse Comitatus Act (18 U.S.C.1385), helped to enforce strict prohibitions on military involvement in domestic law enforcement. With one cloaked swipe of his pen, Bush is seeking to undo those prohibitions.

Public Law 109-364, or the “John Warner Defense Authorization Act of 2007″ (H.R.5122) (2), which was signed by the commander in chief on October 17th, 2006, in a private Oval Office ceremony, allows the President to declare a “public emergency” and station troops anywhere in America and take control of state-based National Guard units without the consent of the governor or local authorities, in order to “suppress public disorder.”

President Bush seized this unprecedented power on the very same day that he signed the equally odious Military Commissions Act of 2006. In a sense, the two laws complement one another. One allows for torture and detention abroad, while the other seeks to enforce acquiescence at home, preparing to order the military onto the streets of America. Remember, the term for putting an area under military law enforcement control is precise; the term is “martial law.”

Section 1076 of the massive Authorization Act, which grants the Pentagon another $500-plus-billion for its ill-advised adventures, is entitled, “Use of the Armed Forces in Major Public Emergencies.” Section 333, “Major public emergencies; interference with State and Federal law” states that “the President may employ the armed forces, including the National Guard in Federal service, to restore public order and enforce the laws of the United States when, as a result of a natural disaster, epidemic, or other serious public health emergency, terrorist attack or incident, or other condition in any State or possession of the United States, the President determines that domestic violence has occurred to such an extent that the constituted authorities of the State or possession are incapable of (“refuse” or “fail” in) maintaining public order, “in order to suppress, in any State, any insurrection, domestic violence, unlawful combination, or conspiracy.”

For the current President, “enforcement of the laws to restore public order” means to commandeer guardsmen from any state, over the objections of local governmental, military and local police entities; ship them off to another state; conscript them in a law enforcement mode; and set them loose against “disorderly” citizenry – protesters, possibly, or those who object to forced vaccinations and quarantines in the event of a bio-terror event.

The law also facilitates militarized police round-ups and detention of protesters, so called “illegal aliens,” “potential terrorists” and other “undesirables” for detention in facilities already contracted for and under construction by Halliburton. That’s right. Under the cover of a trumped-up “immigration emergency” and the frenzied militarization of the southern border, detention camps are being constructed right under our noses, camps designed for anyone who resists the foreign and domestic agenda of the Bush administration.

Momentum has a section on Digital ID

My friend Allison Fine finally got her book published – Momentum: Igniting Social Change in the Connected Age. On her blog she writes about engaging with the digital world. Her perspective is great because she is relatively normal. Living outside New York with her husband and three sons. She understands the power of the web to transform things but also isn’t technical enough to deal with all the usable stuff that some how we here in the Valley think is usable.

I got to talk with her while she was writing her book and she included a section on Digital Identity along with giving me the closing quote of the book.

Here is the Digital Identity section:
I must preface this by saying that when I was talking to her about 9 months ago it was not clear that OpenID was coalescing the way it has. I am going to work with Allison to see if we can get an update on her blog saying that YADIS is really receded into the background and OpenID is where it is at.

The Internet has grown up in such a topsy-turvy manner that there have not been any standards for protecting the identity of users. Even though we may try to opt out of potential spam, almost every Internet user has made the mistake and logged into the wrong site, one that didn’t care about privacy. The result was a flood of e-mails opening up an astonishing world of genitalia enlargements and enhancements. You may have devised your own pass codes but the companies you logged into own them, and by logging into their systems you have given them the right to use that information for their own purposes even if they do not sell it to others.
According to a paper released in 2005 by Microsoft, “Online identity theft, fraud, and privacy concerns are on the rise, stemming from increasingly sophisticated practices such as ‘phishing.’ The multiplicity of accounts and passwords that users must keep track of and the variety of methods of authenticating to sites result not only in user-frustration, known as “password fatigue,” but also insecure practices such as reusing the same account names and passwords at many sites.” (the term phishing refers to the practice by scam artists of sending out official-looking messages in an attempt to trick people into giving them their pass codes and other digital-identity information.)

My digital identity is the information that others know about me through my online interactions. I keep a folder on my computer that contains the different pass codes and registrations I have online. It is an ever-growing list that includes news sites, travel services such as Amtrak and airlines, memberships for activist groups and products and services such as recipes and Amazon.com. All these sites have at least my e-mail address. And these are the logins and information that I know about. Who knows what permissions I have given to companies by clicking on various end-user licensing agreements for various software and websites! Susan Crawford , an expert on digital law and privacy, has written, “Some part of identity is controlled by the individual, but most of the identity is crated by the world in which that individual operates. We can think of identity as a streaming picture of a life within a particular context. Each of us has multiple identities. The sites we click on, whether a link on an e-mail or a page on a website, are carefully registered, analyzed, and sometimes even sold by companies trying to capitalize on and profit from where our eyes have gone.

Attention Trust, an activist organization in San Francisco Bay Area was created to counter this trend. Attention Trust advocates that any site we, as customers and citizens are looking at is our ‘attention,’ and that this attention is both valuable and private. The organization is pressing for increased disclosure by trackers of data they are collecting and how they are using these data. Attention Trust wants to shift the ownership of our attention away from companies towards individuals.

Worrying about spam and feeling the need to constantly invent and reinvent pass codes and new online identities are taxing our imaginations and patience. In the absence of face-to-face contact, you cannot know who you are interacting with online and what their intentions are. A push back on digital identity has begun. For instance, decoupling cell-phone numbers from cell phones was a victory for individual users over the telephone companies.

But, what would happen if we flipped the digital identity equation and required service providers to ask permission to user our identity only in certain preferred ways? This is where Identity Commons, YADIS (Yet Another Digital Identity System), and similar efforts come in. Digital Identity efforts, sometimes called user-centric efforts, are building rules, tools and frameworks for open, trusting online networks. The internet has developed in stages. The first stage, when the internet was still a project of the Defense Department, established an open electronic network relaying information quickly and safely between scientists. The second stage when the World Wide Web was introduced in the early 1990’s opened the Internet up to users who were not techies – both individuals and businesses, both legitimate and nefarious.

The next stage of Internet development is combining the best of the first two stages: the open trusting connections formed in the first stage and the usability and scale of the second. Digital identity is a critical aspect of this third stage of development. The responsibility for creating new identities to access information or sites now resides entirely with the user or customer. But now efforts are being made to develop software tools, including new universally unique identifiers (UUIDs) that can be used instead of e-mail addresses. UUIDs are like Social Security numbers; users can choose whether to share them with others. These new systems allow you, the owner of the identity, to create a profile of yourself once, and allow to use parts of it on request. So, for example, I might give the New York Times permission to use my e-mail address but for one year and for updates only. I might also choose to give the Red Cross my e-mail and home address and my telephone number so that they can alert me to emergency situations and let me know how I can help locally.

The next generation of digital-identity systems returns control of information to individuals and away from companies and spamers. New digital-identity systems represent a gigantic shift from the way the internet currently works. It reverses the polarity from crating numerous identities that go into sites never to be seen again (And potentially sold or shared unwittingly with others) to sites’ coming to you and asking permission to use parts of your identity that you control. The new way is back to the future, back to the way the original architects of cyberspace envisioned relationships being formed and information being shared online.

The Book Closing:

As long as we have social problems to solve, we need to keep searching for a better way. This need has been urgent for some time, and with each passing day of government inaction it becomes more so. As we have seen in Momentum, such broad, positive and sustainable change is possible in the Connected Age.

Kaliya Hamlin, an activist, advocate and blogger perhaps put it best when she said, “Social change is happening. People are exchanging ideas, learning from one another and learning to trust one another in new and different ways, particularly….strangers. This process will lead to new and different ways of tackling existing problems — we don’t have to come up with solutions, we just have to get out of the way of passionate people and good ideas will emerge.’

Paul how does SAML help exactly?

I thought you could clarify how you think SAML will help with this.

While multiple screen names can be tracked at home, the company is working on a tool to associate different screen names across school and home to notify parents.

Isn’t the whole point of the Laws of Identity that people should not have there identifiers aggregated across contexts without their knowledge.

Yet Another Conference with a Digital Identity Track

We have the Forthcoming ACM conference with a special day on November 3 on Digital Identity. I just found this annoucement from the Future of Identity in the Information Society (FIDIS) about a special track at the 22nd IFIP International Information Security Conference. The overall conference theme is new approaches for security, privacy and trust in complex environments. It is May 14-16 in South Africa.

Topics may include:

* Identity management
* Profiling and customer relation management
* Global management of identities
* Advanced identity documents
* RFID and other, tracking technologies
* Biometrics
* Surveillance
* ID related crime
* IT law for preventing Misuse
* Computer Forensics
* Privacy, anonymity and pseudonymity
* Multilateral Security
* Adequacy and Inadequacy of the Law
* Social, legal and ethical aspects of IT security

Identity in the Arab World pt1

Two stories that I have read in the print the last two weeks about Identity issues in the Arab world that are worth surfacing.

First of all this story in Newsweek Iraq:A Deadly Name Game

By law, all Iraqis carry jinsiyas, or national ID cards. But in a country where your ethnicity can make you a target, a jinsiya can become a death warrant. If your name is Omar you’re likely a Sunni Muslim, named after a seventh-century imam despised by Shiites. If you’re Amar or Aamer, pronounced almost the same, you could be from either sect. If you’re Ali, you’re probably Shiite. As a result, many Iraqis have started carrying two jinsiyas—a real one, and a fake one linking them to the rival sect. The demand for false ID cards has spiked as bodies pile up in the Baghdad morgue at the rate of 35 to 50 a day, frequently bound and blindfolded, a jinsiya in their shirt pocket.

It seems that we often think of identity in the context of western liberal democracy this situation in Iraq makes me wonder about what it means to make ‘really secure’ documents and identifying papers for people.

Net Nuetrality to-Regulate or Not-to-Regulate

This NYTimes piece hightlights an interesting perspective about why regulating the Internet may not be a good idea to protect Net Nuetrality.

It’s tempting to believe that government regulation of the Internet would be more consumer-friendly; history and economics suggest otherwise. The reason is simple: a regulated industry has a far larger stake in regulatory decisions than any other group in society. As a result, regulated companies spend lavishly on lobbyists and lawyers and, over time, turn the regulatory process to their advantage.

Economists have dubbed this process “regulatory capture,” and they can point to plenty of examples. The airline industry was a cozy cartel before being deregulated in the 1970’s. Today, government regulation of cable television is the primary obstacle to competition.

Of course, incumbent broadband providers do have some limited monopoly powers, and there is cause for concern that they might abuse them. Last fall, the chief executive of AT&T, Ed Whitacre, argued that Internet giants like Google and Microsoft should begin paying for access to his “pipes”— never mind that consumers already pay AT&T for the bandwidth they use to gain access to these services. If broadband providers like AT&T were to begin blocking or degrading the content and services of companies that didn’t pay up, both consumers and the Internet would suffer.

The unexpected posterchild of HollyHock

This was a very interesting expereicne – I go to HollyHock’s website to see when the Leadership Workshop starts on August 18th. Then I see this –

The picture was taken buy Kris Krug (an amazing photographer and bryght guy) and fellow Web of Changer – The conference we were at last year at Holly Hock.

I am happy to be one of their poster children because I tell folks all the time to go there – it is a heavenly retreat center. Not to posh, not to rustic – just right to relax and be. The view is amazing, hot tub over looking the ocean. Some amazing teachers choose to lead workshops there. My workshop this August is with Robert Gass.

I am posting this to wonder publicly about the deeper identity issues it raises for me in the digital age of flickr, creative commons and norms of usage.

They never asked me or even told me they were using the photo. What if I didn’t want to be there poster child? Is this really a non-comercial use? (the photo is licensed CC) and if it is not should they be paying Kris and/or me. I am not complaining at all and I really don’t want anything from HollyHock at all – I love them and want to help so lending them my photo for the season seems like a great way to contribute. I wonder about this more for beyond this situation.

Emerging Identity Standards

I am deeply conflicted – Standards for users is happening at BloggerCon the same tim as Who Owns You at SuperNova.

So for both “”panels”” I though I would share that this week there were three major developments within the identity sector towards convergence around standards.

i-names global services launched

OpenID 2.0 clarified

and OSIS was formed A Giant Step to Reduce Uncertainty in the Digital Identity Marketplace

Technorati Tags: , , ,