BC Government Innovation in eID + Citizen Engagement.

I wrote an article for Re:ID about the BC Government’s Citizen Engagement process that they did for their eID system.

CoverHere is the PDF: reid_spring_14-BC

BC’S CITIZEN ENGAGEMENT:A MODEL FOR FUTURE PROGRAMS 

Because of my decade long advocacy for the rights and dignity of our digital selves, I have become widely known as “Identity Woman.” The Government of British Columbia invited me to participate as an industry specialist/expert in its citizen consultation regarding the province’s Services Card. I want to share the story of BC’s unique approach, as I hope that more jurisdictions and the effort I am most involved with of late, the U.S. government’s National Strategy for Trusted Identities in Cyberspace, will choose to follow it.

The Canadian Province of British Columbia engaged the public about key issues and questions the BC Services Card raised. The well-designed process included a panel of randomly selected citizens. They met face- to-face, first to learn about the program, then to deliberate key issues and finally make implementation recommendations to government.

[Read more...]

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more...]

Alignment of Stakeholders around the many NSTIC Goals

 

The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more...]

Ecosystems Collaborate using Shared Language – NSTIC

Collaboration is a huge theme in NSTIC. Below is the initial approach to collaboration in the  document:

The National Strategy for Trusted Identities in Cyberspace charts a course for the public and private sectors to collaborate to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions.

Collaboration, as defined by Eugene Kim, a collaboration expert and the first Chief Steward of Identity Commons, occurs when groups of two or more people interact and exchange knowledge in pursuit of a shared, collective, bounded goal

To achieve the challenging goals set out in NSTIC, such as raising trust levels around identities, high performance collaboration is required. Both shared language and shared understanding are prerequisites for high-performance collaboration.

This is a powerful excerpt from Eugene Kim’s blog about two experiences from technical community participants (including Drummond Reed from the user-centric identity community) that paints a clear picture of the importance of time for, and the proactive cultivation of, shared language:

[Read more...]

Ecosystem as the frame for NSTIC

What is an Ecosystem?

The National Strategy for Trusted Identities in Cyberspace paints a broad vision for an Identity Ecosystem. The strategy author’s choice to name the big picture vision an “ecosystem” is an opportunity not to be lost. An Identity Ecosystem construct will inform the choice of processes and structures appropriate to govern it.

An ecosystem is a biological environment consisting of all the organisms living in a particular area, as well as all the nonliving, physical components of the environment with which the organisms interact, such as air, soil, water and sunlight.

This definition reminds us that the context of an Identity Ecosystem is broad and goes beyond just the identities of people and devices but extends to the contexts in which they operate and interact, the network and indeed the wider world. When we discuss a person’s digital identity it should not be forgotten that we are each fundamentally biological beings living in complex social systems composed of groups, organizations and businesses, all socially constructed and embedded in a larger context, the biosphere surrounding the planet earth.

An overall Identity Ecosystem is needed because small islands of identity management online are working, but they have not been successfully woven together in a system that manages the tensions inherent in doing so to ensure long term thrivability of the overall system. [Read more...]

NSTIC Response by Identity Woman

Context for my response to the NSTIC Governance NOI

Table of Contents to Blog Posts of My Response

My Complete Response in PDF form Kaliya-NSTIC-NOI

Introductory Letter of the Response.

Context for my NSTIC NOI response

I surprised myself when writing my response to the NSTIC (National Strategy for Trusted Identities in Cyberspace)  Governance NOI (Notice of Inquiry).  I wasn’t sure exactly what I was going to say because the questions seemed like they were way ahead of where they should be interms of where things were.  I decided to begin by sharing important Context, Frames and Terms that were important before getting to the Questions of Governance and what should be done now.

I began with the word Ecosystem – what it meant and that a system was at the heart of this strategy not something simple or easily actionable.

I touched on the history of the Identity Community and how much conversation and intensive dialogue happened amongst that early community to get to a place where collaboration was natural and “easy”. A huge amount of effort went into developing shared language and understanding then and this is needed once again.  The range of self identified stakeholders for NSTIC is quite large (the range of not self identified stakeholders it could be said is everyone on the planet or at least all those with a digital connection (via phone or interent).

I put forward two different methods/tools/processes that could be used to form shared language and understanding across this stakeholder community Polarity Management and Value Network Mapping.

I suggest that the governance structure proposed a “steering group” actually have a mandate to regularly listen to and act on the recommendations of the system that are generated via 3 different well established dialogic processes (Creative Insight Council, World Cafe and Open Space Technology [What we use at IIW]. I then answer the NOI questions referencing the ideas above.

I am going to be posting the whole of my Response in a series of posts and linking them all from there.

I began with one earlier last week which is focused on “trust” both as an emergent property of the overall system AND as the current name of technology and policy/legal frameworks for identity creation.


Links to NSTIC Response Posts:

[Read more...]

National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.

I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us.  Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator  Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.

I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity.Internet Identity Workshop Logo Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to.  I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”),  support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.

Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.

[Read more...]

Thoughts on the National Strategy for Trusted Identities in Cyberspace

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.

Here is my answer to the NSTIC Governence Notice of Inquiry.

And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.

Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

[Read more...]

Open Identity for Open Government Explained

Today the United States Government with digital identity industry leaders announced the development of a pilot project with NIH and related agencies using two of the open identity technology standards OpenID and Information Cards.

This is, as a friend said to me, a “jump the shark moment” – these technologies are moving out from their technologists technology cave into mainstream adoption by government agencies. We are seeing the convergence of several trends transform the way citizens participate in and communicate with government:

  • Top-down support for open government
  • The proliferation of social media
  • The availability of open identity technologies

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and videocasts.

Today there are over 500 government websites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government websites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

The challenge is that supporting this kind of citizen interaction with government via the web means that identity needs to be solved. On the one hand you can’t just ask citizens to get a new user-name and password for all the websites across dozens of agencies that they log in to. On the other you also can’t have one universal ID that the government issues to you and works across all government sites. Citizens need a way to interact with their government pseudonymously & in the future in verified ways.

So how will these technologies work?

Those already familiar with OpenID know that typically when users login with it they give their own URL – www.openIDprovider.com/username. (see this slideshare of mine if you want to see OpenID 101) There is a little known part of the OpenID protocol called directed identity – that is a user gives the name of their identity provider – Yahoo!, Google, MSN etc – but not their specific identifier. The are re-directed to their IdP and in choosing to create a directed identity they get an identifier that is unique to the site they are logging into. It will be used by them again and again for that site but is not correlatable across different websites / government agencies. The good news is it is like having a different user-name across all these sites but since the user is using the same IdP with different identifiers (unlinked publicly) but connected to the same account they just have to remember one password.

Information Cards are the new kids on the identity block in a way – this is their first major “coming out party” – I am enthusiastic bout their potential. It requires a client-side tool called a selector that stores the user’s “digital cards”. Cards can be created by the end user OR third parties like an employer, financial institution, or school can also issue them.

In essence, this initiative will help transform government websites from basic “brochureware” into interactive resources, saving individuals time and increasing their direct involvement in governmental decision making. OpenID and Information Card technologies make such interactive access simple and safe. For example, in the coming months the NIH intends to use OpenID and Information Cards to support a number of services including customized library searches, access to training resources, registration for conferences, and use of medical research wikis, all with strong privacy protections.

Dr. Jack Jones, NIH CIO and Acting Director, CIT, notes, “As a world leader in science and research, NIH is pleased to participate in this next step for promoting collaboration among Assurance Level 1 applications. Initially, the NIH Single Sign-on service will accept credentials as part of an “Open For Testing” phase, with full production expected within the next several weeks. At that time, OpenID credentials will join those currently in use from InCommon, the higher education identity management federation, as external credentials trusted by NIH.” In digital identity systems, certification programs that enable a site — such as a government agency — to trust the identity, security, and privacy assurances from an identity provider are called trust frameworks. The OIDF and ICF have worked closely with the federal government to meet the security, privacy, and reliability requirements set forth by the ICAM Trust Framework Adoption Process (TFAP), published on the IDManagement.gov website. By adopting OpenID and Information Card technologies, government agencies can cost effectively serve their constituencies in a more personalized and user friendly way.

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon — it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

Under the OIDF and ICF’s open trust frameworks, any organization that meets the technical and operational requirements of the framework will be able to apply for certification as an identity provider (IdP). These IdPs can then supply authentication credentials on behalf of their users. For some activities these credentials will enable the user to be completely anonymous; for others they may require personal information such as name, email address, age, gender, and so on. Open trust frameworks enable citizens to choose the identity technology, identity provider, and credential with which they are most comfortable, while enabling government websites to accept and trust these credentials. This approach leads to better innovation and lower costs for both government and citizens.

The government is looking to leverage industry based credentials that citizens already have to provide a scalable model for identity assurance across a broad range of citizen and business needs – doing this requires a trust framework to assess the trustworthiness of the electronic credentials; see Trust Framework Provider Adoption Process (TFPAP).   A Trust Framework Provider is an organization that defines or adopts an online identity trust model involving one or more identity schemes, has it approved by a government or community such as ICAM, and certifies identity providers as compliant with that model. The OIDF and ICF will jointly serve as a TFP operating an Open Trust Framework as defined in their joint white paper, Open Trust Frameworks for Open Government.

Both the OpenID and Information Card Foundation have been working very hard on this for many months – last night I was fortunate to their boards at a history first ever joint dinner.

There are two women in particular though who have driven this forward: Judith Spencer of the Federal Identity, Credential, and Access Management Committee on the government side and Mary Ruddy of Meristic Inc on the industry side. Both of them will be speaking about the project at the Gov 2.0 Summit on Thursday.

Personally this announcement shows how far things have come since I facilitated the first Internet Identity Workshop in 2005 with 75 idealistic identity technologies talking about big ideas for use-centric identity. I am really looking forward to discussing these developments at the forthcoming 9th Internet Identity Workshop in November.

Identity & Gov and & Open Standards

I am really happy to let you all know about this forth coming OASIS ID-Trust Identity Management 2009 event September 29-30.

The theme of the event will be “Transparent Government: Risk, Rewards, and Repercussions.”

The U.S. National Institute of Standards and Technology (NIST) will be hosting it in Gainthersburg, Maryland.

In the why attend the reference part of a directive by Barack Obama to the National Security Council and Homeland Security Council.

“to defend our information and communications infrastructure, strengthen public/private partnerships, invest in cutting edge research and development and to begin a national campaign to promote cyber-security awareness and digital literacy.” The U.S. federal government aims to accomplish all of this while becoming increasingly open and transparent.

The program is now available – and looks quite good.

There is a discount available until August 31. There are special registration proceedures for non-US citizens.

Great Identity News

Yesterday the Government hosted a workshop in DC: Open Government Identity Management Solutions Privacy Workshop.

The OpenID Foundation and the Information Card Foundation are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

Drummond Reed and Don Tibeau announced their paper Open Trust Frameworks for Open Government.

Quiet and intense work has been going on since just before the last IIW on all this, so it is great to see it begin to see the light of day.

The OpenID Foundation had a wonderful new redesign that Chris Messina announced. This page really made me smile: Get an OpenIDSurprise! You may already have an OpenID.

Axel did a Wordle of it:

SSN’s can be guessed

This just in from slashdot:

“The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003.

This is from the Wired coverage:

By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.

“We didn’t break any secret code or hack into an undisclosed data set,” said privacy expert Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. “We used only publicly available information, and that’s why our result is of value. It shows that you can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”

Basically it means we shouldn’t be honest about our date of birth and home town on Facebook (or any other social network) or we are making ourselves vulnerable to discernment of our SSN’s. I wonder if they can figure out mine? I received my as an adult when I was attending college in California.

I decided to poke around and see what Facebook had up about Identity Theft. I did find a link to this study that created a profile by “Freddi Stauer,” an anagram for “ID Fraudster,”.

Out of the 200 friend requests, Sophos received 82 responses, with 72 percent of those respondents divulging one or more e-mail address; 84 percent listing their full date of birth; 87 percent providing details about education or work; 78 percent listing their current address or location; 23 percent giving their phone number; and 26 percent providing their instant messaging screen name.

Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.

Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One facebook user divulging his mother’s maiden name—the old standard used by many financial and other Web sites to get access to account information.

Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.

According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.

I have tried to search the Facebook blog to see what they have to say about identity theft and apparently they haven’t mentioned it.

On Gaza

I don’t write about politics on my blog that much but have spoken up about some of my travels in the world and what I have seen.

I thought with all the twitter blips going by about “the ground invasion in gaza beginning I wanted to share what I wrote about in the summer of 2006 my own personal visit to Gaza in the summer of 2000.

This is the last 1/2 of a post a post called “Security theater and the “real” threats – inhuman conditions“.

Speaking of ‘they’ – who are they? I just watched a film from Netflicks – Death in Gaza. It was of two documentary film makers one of whom died while shooting the film. I spent the summer of 2000 in Jerusalem for 10 weeks I lived and worked there and did what I call “NGO tourism”. I worked at one of the worlds foremost human rights organizations – BTselem the Israeli Information Center for Human Rights in the Occupied Territories and then also worked at the PCATI the Public Committee Against Torture in Israel (while there I got my education in what torture is going on and how it affects people – really awful).

My fellow international interns and I would spend our weekends traveling about going through the Westbank and up to Nazareth, and Haifa over to Televiv down to Hebron. [[you can read what I wrote about Hebron here]]

One time we got to go to Gaza for 2 days. One of the interviewers for B’Tselem was traveling there so the two of us got to go with him. We got hooked up with two guys who worked in an NGO in Gaza and went on a tour for a day… from one end to the other … inside the camps and everything. It was amazingly powerful. Just like in the movie I saw the little kids the ones who are 5 and 6 happily playing away not really knowing there life circumstances yet. Then the older boys would glare glints of anger in there eyes. They are 10-13 years old knowing what they don’t have. The get that it is not normal to have open sewers in the streets. It is not normal to have 10 people living in one room. It is not normal to be growing bunnies up stairs that you kill to have food or a donkey living in your living room. Why do they know this…there are satalite dishes…basically everyone has a TV and can see what life is like in Isreal, and America and the rest of the normal arab world. When you think about that maybe some of this makes a bit more sense. It is not normal to feel like going to school you could get killed (as they young girl in Death in Gaza talks about). It is not normal to have your school playmates killed by gunfire (like the little boys have happen to them in the movie). Or bulldozers coming to plow your house down in the middle of the night (like threatens to happen in the movie ) How can you feel peaceful in this kind of environment?

I know after witnessing what I did that day I was shaken. I really felt my soul had been shaken up like my body was still and it was moving. It was eerily like the feeling I had after exiting the memorial museum at Hiroshima. The thing was…what I had witnessed that day was happening to real people ‘now’ not a historical event from 60 years ago. The depth of suffering is quite intense and the failure to connect with people as people and to really resolve the conflict continues to cause suffering. More bombs and planes and threats of nuclear weapons going off doesn’t make the situation better. It makes it worse. Send in armies of compassionate empathetic listeners. Make public peoples family stories and histories. Find some way through. There are some amazing stories of reconciliation that have happened in Israel/Palestine. They prove it is possible. I do have hope but not if everyone just sees an enemy instead of people, families and societies with real human and community needs.

I was sorting through my stuff over the weekend and found something from B’Tselem. They still send me the reports the write. It was a 11×17 fold over about the wall situation in Jerusalem. Just really disruptive to normal peoples lives. The whole of the Westbank is oriented around the trade flows through main cities. The most main one being East Jerusalem. The fact that they want to cut the Palestinians off from their main economic hub is just mean. People don’t like people who do mean things. Why is this so hard to understand!

It makes me very sad to hear there is a war happening. There has been a war on the Palestinian people for a long time.

Some elements that are not obvious to people is the depth of connection to land and history that is present along with the really bad living conditions.
* In the refugee camps villagers who fled their villages together – still live together 50 years later – they have a sense of identity as people of a place (a place that only the oldest people alive still remember) but that the young people feel they belong to too.
* The number of people and the conditions of living are very hard to imagine – they have the density of New York – but all in cement block houses that have tiny rooms 9×9. 1200 people a km.
* They don’t have electricity in the winter because the wiring is so ad-hoc that it is to dangerous to run in the winter.
* They don’t have sewage systems – other then the ones that run in the street.
* When the Israelis had a presence in Gaza they had their own roads – the good ones – that Palestinians could not drive on. (I was driving around with palestinians so we were on the “bad” roads).
* They have families of 10 living in one room houses.
* They have families that have a donkey’s living with them in their one room too.

These are extreme living conditions and the reason they voted for Hamas has to do with the fact that the islamic organization the religious arm of the political organization actually helps poor (as they are called to by their religious texts) impoverished people by feeding them. If you lived in these kinds of conditions wouldn’t you vote for the group that on the ground in practical reality actually helped you a bit.

There are some other interesting things to know about the Palestinian people… How do I know all this – yes I visited the territories but I wrote my senior thesis 40 pages on “The Lost Opportunity for Sustainable Development in Palestine” – 10 of them specifically about demography.

* They have HIGH levels of basic education Palestinians have the highest levels literacy in the arab world.

* They have a lot of higher educational institutions.

* They have the highest level of educational attainment of women in the arab world (normally educated women cut back on the number of children they have).

* Even though the women are relatively very educated – they are very committed to having children and lots of them

Women living in Palestine have a total fertility rate (TFR) of 5.6 children—significantly higher than women in other countries that have similar levels of education and access to health services. (Women in Gaza have 6.6 births, on average, while women in the West Bank (including East Jerusalem) have an average of 5.2 births.) they are clear they are fighting a long term demographic “race” with Israel. More palestinians means more votes and more bodies to resist the injustice they have suffered.

* They have a very young population (in 2005 – 18% was below the age of 5, 45% was below the age of 15) this means that is lots of young men of marriageable age and seeking work.

So you put all this together
1. a population that watches TV from around the world on satellite dishes,
2. that lives in abject poverty
3. That is highly educated and mostly in the arts (political science, economics, english, comparative literature etc…)
4. Young men without an economic opportunities compounded by the fact that without this they can’t marry and thus can’t have sex. THEY ARE FRUSTRATED.

They know – they see every day on TV what they don’t have. We live in a globalized world and it is not just about ‘us’ those in North America and Europe knowing about the rest of the world – the rest of the world has the same tools too. They see the gap – with their own eyes and it makes them angry.

I don’t want to be all down on this post. This went by on twitter a few days ago It is about a contributor/admin on WikiHow (the wiki for how too manuals) and it made me cry – it is why I love the internet and the power it has to connect people and give people meaningful ways to contribute and help one another.

Many of you know that the dedicated wikiHowian and new admin, VC, lives in Gaza. (Actually VC is only a new admin on the English wikiHow. He has been an admin on Arabic wikiHow for a while.) And everyone knows that there is currently a war in Gaza right now. Even before the recent fighting started, VC suffered from sporadic internet access caused by electrical outages. So I felt lucky to get this email reply when I asked how he was surviving the war:

Quote:
It is terrible indeed, however, it is kind people like yourself and other wikiHow editors that keep me going on, sane and to some extent even happy that I have friends who really care about me without even really ever seeing me. Thank you very much for asking and checking on me. I’m safe and sound and so is my family and my friends. The circumstances however are hard on the children, but with some tenderness, love and patience, they’ll get through it (or so I hope). The area where I live in Gaza is considered relatively safe as it is the center of the city.

It is in rough and extremely hazardous situations like these that we usually need something to hold on to … to believe in. wikiHow and its community has been that and more to me. It was and still is what I turn to so as to find comfort and peace of mind. The wikiHow community members are so supportive and kind. When I set at the computer and start doing anything related to wikiHow, it is currently my only escape outlet where I can, for some sweet moments, forget about the war, the harsh circumstances and the suffering all around me. And when I see a message by one of the editors, whether discussing some wikiHow related matter or simply saying “hi, how are you”, it makes me feel … alive, not cutoff of the world outside … having what I call a “universal family” that cares and comforts me.

For all of that Jack, I’d like to thank you for founding this wonderful family, making it possible for me and many others to feel at home no matter what.

Web Mobs and Proposition 8

I am Canadian so you can probably guess how I would have voted if I could have on Proposition 8 (the California constitutional amendment to define marriage as only between a man and a woman).
My views are not the point of this post. I am very concerned about what is playing out – online and in real life between the two sides of this issues following the passage of the amendment.

First of all we live in a democracy – the people of California voted for it – albeit by a small percentage but that was the will of the people.

When I look at this I think well the way the NO side wins is by doing all the work the YES side did last time – only better. They go and put an amendment to the constitution on the ballot and then build support for it.

The NO campaign assumed it couldn’t loose, was badly organized, didn’t have a comprehensive strategy for building support for its side across diverse communities throughout California. (The YES campaign was on the ground engaging with the black church community for example – they never saw anyone from the NO side come to their communities to engage them on the issue).

As the vote approach the NO side in a final very flawed move started attacking in television adds those who funded the YES side of the proposition and in particular the Mormon Church.

It was this turn of events that has lead into quite disturbing actions and behaviors by the NO campaign post election.

The blacklisting and subsequent public harassment and targeting of specific people and specific religious groups for their beliefs and support of YES on prop 8 is wrong.

I take this personally, I have and do work with people who are Mormon – (When I played water polo in university and in the Identity field). I respect the LDS church and the people in it – they have good values. Their religion is a very American one too (like Christian Science its origins are on this continent). Watch the Frontline/American Experience 4 hour documentary on the history of the church and their experience as a people/religious group.

A close personal family member I know also voted YES and for all I know could have donated.

When mobs start appearing at places of residence of YES contributors and their businesses. It makes me worried.

I thought about this issue earlier in the campaign when I wrote this post There are a lot of donkey’s in my neighborhood (and I know who they are)

From The Hive:

because she did about 60 gay ‘activists’ went to her restaurant and strong armed her in a scene reminiscent to Nazi Germany. They went down a list of people who gave as little as 100 dollars to boycott, harrass and attack them. They went there to ‘confront’ her for giving a measley hundred bucks based on her personal faith that she has had since childhood. They argued with her and it was reported by local news reporters was a “heated” confrontation.

So is this the America we want? Where if a private citizen wants to participate in the governmental process that they be harrassed and acosted. Their freedom of speech chilled by thugs.

From the NY Times:

The artistic director, Scott Eckern, came under fire recently after it became known that he contributed $1,000 to support Proposition 8…
In a statement issued on Wednesday morning, Mr. Eckern said that his donation stemmed from his religious beliefs — he is a Mormon — and that he was “deeply saddened that my personal beliefs and convictions have offended others.”

From the SF Chronicle:

Phillip Fletcher, a Palo Alto dentist who donated $1,000 to the campaign, is featured prominently on a Web site listing donors targeted for boycott. He said two of his patients already have left over the donation.

This is the site of the Anti Gay Blacklist Then there is a blog called Stop the Mormons.

The night Obama won and there was a party in the main street 6 blocks from my house – I had a moment of insight into the future. This was a happy celebratory Mob – it was basically safe. People were texting their friends and telling them where it was inviting them to join. I Tweeted about it so 900 people knew about it and where it was. I also knew that this new technology of texting and presence based real time information creates an increased capacity for mob formation. It made me wonder about the cultural skills and capacities we need to develop to interrupt mob behavior turning bad.

I think what is going on with the blacklists – that are directly targeting people in their private life is wrong. I think targeting specific religious institutions for protest is wrong.

These people and these religious institutions are not propagating HATE they are just not agreeing that marriage can be between a man and a man or a woman and a woman. This is a cultural difference of opinion.

I “get” where many of the gay activists are coming from – but it is not a place that will get them what they want. Many “fled” to the Bay Area to find a community and place where they could be who they were (gay, lesbian, queer, transgender etc). They were raised in conservative churches in other parts of the country that may have been explicitly anti-gay. They likely have strong feelings against these institutions and similar ones. It does not make it OK to the hate these people and act out against them. (If they want to proactively work on cultural change within these communities – Soul Force is doing a good job using nonviolence to work on change.)

We in the identity community need to understand what has unfolded here. The No on Prop 8 groups are using publicly available information. However this used to be information you could get if you went and asked for the paper versions from the court house. So it was public but with high friction to get the information. The web lowers the cost of getting this information (close) to zero – Daniel Solove writes about the change in publicly available information in the Digital Person.

I wonder about how we can balance the need to know who has contributed to political campaigns and propositions while at the same time prevent harassment and the emergence of negative physical and cyber mobs.

bill to tie financial Aid to ‘anti-piracy measures’

mm…big brother continues to creep into college.

“The MPAA is applauding top Democratic politicians for introducing an anti-piracy bill that threatens the nation’s colleges with the loss of a $100B a year in federal financial aid should they fail to have a technology plan to combat illegal file sharing. The proposal, which is embedded in a 747-page bill, has alarmed university officials. ‘Such an extraordinarily inappropriate and punitive outcome would result in all students on that campus losing their federal financial aid — including Pell grants and student loans that are essential to their ability to attend college, advance their education, and acquire the skills necessary to compete in the 21st-century economy,’ said university officials in a letter to Congress. ‘Lower-income students, those most in need of federal financial aid, would be harmed most under the entertainment industry’s proposal.'”

US collecting detailed data on regular citizens who travel

From the Washington Post:

The U.S. government is collecting electronic records on the travel habits of millions of Americans who fly, drive or take cruises abroad, retaining data on the persons with whom they travel or plan to stay, the personal items they carry during their journeys, and even the books that travelers have carried, according to documents obtained by a group of civil liberties advocates and statements by government officials.

Officials yesterday defended the retention of highly personal data on travelers not involved in or linked to any violations of the law. But civil liberties advocates have alleged that the type of information preserved by the department raises alarms about the government’s ability to intrude into the lives of ordinary people

From Slashdot: Most Scary to Least Scary

FBI datamining for more then just terrorists:
“Computerworld reports that the FBI is using data mining programs to track more than just terrorists. The program’s original focus was to identify potential terrorists, but additional patterns have been developed for identity theft rings, fraudulent housing transactions, Internet pharmacy fraud, automobile insurance fraud, and health-care-related fraud. From the article: ‘In a statement, Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, said the report [on the data mining] was four months late and raised more questions than it answered. The report “demonstrates just how dramatically the Bush administration has expanded the use of [data mining] technology, often in secret, to collect and sift through Americans’ most sensitive personal information,” he said. At the same time, the report provides an “important and all-too-rare ray of sunshine on the department’s data mining activities,” Leahy said. It would give Congress a way to conduct “meaningful oversight” he said.'”

from the just-forward-your-mail-to-homeland-security dept:
“You probably already knew that the FBI was data mining Americans in the “search” for potential terrorists, but did you know that they’re also supposed to be looking for people in the U.S. engaged in criminal activity that is not really supposed to be the province of the federal government? Now the feds are alleged to be data mining for insurance fraudsters, identity thieves, and questionable online pharmacists. That’s what they’re telling us now. What else could they be looking for that they are not telling us about?”

From the is-that-anything-like-the-lime-in-the-coconut dept:
“The kernel meets The Colonel in a just-published Microsoft patent application for an Advertising Services Architecture, which delivers targeted advertising as ‘part of the OS.’ Microsoft, who once teamed with law enforcement to protect consumers from unwanted advertising, goes on to boast that the invention can ‘take steps to verify ad consumption,’ be used to block ads from competitors, and even sneak a peek at ‘user document files, user e-mail files, user music files, downloaded podcasts, computer settings, [and] computer status messages’ to deliver more tightly targeted ads.”

From the how much can you remember department:

The research reveals that the average citizen has to remember five passwords, five pin numbers, two number plates, three security ID numbers and three bank account numbers just to get through day to day life.

Six out of ten people claimed that they suffer from “information overload,” stating that they need to write these numbers down in order to remember them.

However, more than half of the 3000 people surveyed admitted to using the same password across all accounts, leaving them at risk of potentially severe security breaches.

Professor Ian Robertson, a neuropsychology expert based at Trinity College Dublin who carried out the study, said: “People have more to remember these days, and they are relying on technology for their memory.

“But the less you use of your memory, the poorer it becomes. This may be reflected in the survey findings which show that the over 50s who grew up committing more to memory report better performance in many areas than those under 30 who are heavily reliant on technology to act as their day to day aide memoir.”

Who ownes that copy?:

‘Copyfraud is everywhere. False copyright notices appear on modern reprints of Shakespeare’s plays, Beethoven’s piano scores, greeting card versions of Monet’s Water Lilies, and even the US Constitution. Archives claim blanket copyright in everything in their collections. Vendors of microfilmed versions of historical newspapers assert copyright ownership. These false copyright claims, which are often accompanied by threatened litigation for reproducing a work without the owner’s permission, result in users seeking licenses and paying fees to reproduce works that are free for everyone to use…'”

Second Life – the real picture emerges:

The LA Times is running a story today saying that marketers are pulling out of Second Life, primarily because — surprise, surprise — the ‘more than 8 million residents’ figure on the game’s Web site is grossly inflated. Also, as it turns out, the virtual world’s regular visitors — at most 40,000 of them online at any time — are not only disinterested in in-world marketing, but actively hostile to it, staging attacks on corporate presences such as the Reebok and American Apparel stores.

THIS IS FUN:
RunBot Robot Walks:
“The basic walking steps of Runbot, which has been built by scientists co-operating across Europe, are controlled by reflex information received by peripheral sensors on the joints and feet of the robot, as well as an accelerometer which monitors the pitch of the machine. These sensors pass data on to local neural loops – the equivalent of local circuits – which analyse the information and make adjustments to the gait of the robot in real time.”

THIS IS GODO NEWS:
from the free-at-last dept:
“IBM is making it easier to utilize its patented intellectual property to implement nearly 200 standards in the SOA, Web services, security and other spaces. Under a pledge issued by the company Wednesday, IBM is granting universal and perpetual access to intellectual property that might be necessary to implement standards designed to make software interoperable. IBM will not assert any patent rights to its technologies featured in these standards. The company believes its move in this space is the largest of its kind.”

Save Internet Radio

SaveNetRadio.org
I read The Day the Music Dies in the SF Weekly yesterday. I had heard about this issue but didn’t realize it was so pressing. I am a huge Pandora Listener – I love it because I don’t remember music names and stuff…I don’t have a “music brain” but I like music…so I put in a song I like and it plays more like it.

I encourage you if you are in America and have a congress person call them. (I can’t vote so I feel weird engaging in the political process until I can.)

German Data Retention, NSA doesn’t Trust itself & FBI and “spying student” profiles

From Slashdot:

“Google is threatening to shut down the German version of its Gmail service if the German Bundestag passes it’s new Internet surveillance law. Peter Fleischer, Google’s German privacy representative says the new law would be a severe blow against privacy and would go against Google’s practice of also offering anonymous e-mail accounts. If the law is passed then starting 2008, any connection data concerning the internet, phone calls (With position data when cell phones are used), SMS etc. of any German citizen will be saved for 6 months, anonymizing services like Tor will be made illegal.”

Well if the can’t collaborate maybe they can’t spy on us all that well?
Linked to the Baltimore Sun from Slashdot:

NSA employees also do not trust one another, which has left the agency fragmented and in search of a “unity of purpose,” according to a task force report released to employees late last month.”What we need is fundamental change in the way we manage NSA and what we expect of management and ourselves,” concluded the study, which was led by George “Dennis” Bartko, the NSA’s deputy chief of cryptanalysis. The Sun obtained unclassified portions of the report and eight related documents.

From Presssec:

US university students will not be able to work late at the campus, travel abroad, show interest in their colleagues’ work, have friends outside the United States, engage in independent research, or make extra money without the prior consent of the authorities, according to a set of guidelines given to administrators by the FBI.

linked to from Slashdot:

“FBI is offering to brief faculty, students and staff on what it calls ‘espionage indicators’ aimed at identifying foreign agents. Unexplained affluence, failing to report overseas travel, showing unusual interest in information outside the job scope, keeping unusual work hours, unreported contacts with foreign nationals, unreported contact with foreign government, military, or intelligence officials, attempting to gain new accesses without the need to know, and unexplained absences are all considered potential espionage indicators.”

Yeah! for the Fourth Amendment

I have been worried about this for a while (see this post from Dec 2006 and way back when in August 2005 when I first was alerted to this issue) Just when things were looking really grim on the online privacy front this ruling came in…..from Wired Blogs:

The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upheld a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using “Smiling Bob” ads that have gained some notoriety.

The case boiled down to a Fourth Amendment argument, in which Warshak contended that the government overstepped its constitutional reach when it demanded e-mail records from his internet service providers. Under the 1986 federal Stored Communications Act (SCA), the government has regularly obtained e-mail from third parties without getting warrants and without letting targets of an investigation know (ergo, no opportunity to contest).

It is sort of odd that it is about penis spam but hey – freedom is freedom is freedom.

To reach its decision, the court relied on two amici curiae that presented compelling arguments for shoring up current privacy law with respect to e-mail. The article is worth reading in full.

Genetic Non-Descrimination bill in house

From Slashdot….on New Scientist.

Soon it will be illegal to deny US citizens jobs or insurance simply because they have an inherited illness, or a genetic predisposition to a particular disease.

On 25 April, the House of Representatives voted 420 to 3 to pass the Genetic Information Nondiscrimination Act (GINA). The Senate is expected to endorse the act within a few weeks, which is also supported by President Bush. “I am so stunned by the majority,” says Sharon Terry, president of the Genetic Alliance, a charity lobbying for the rights of people with inherited illnesses.

“Clearly the House finally understood the incredible significance this has. The American public can now access genetic tests, feel safe about their genetic information not being misused and participate in research that involves genetic information.”

This is all good news. I also got me wondering about a form of discrimination that I think about regularly and face it is what I call “where I happened to emerge out of my mothers womb.” This fact my place of birth has incredibly little do with who I am the content of my character who I am where I fit in my social context how much I contribute to the society I live in but is regularly requested by institutions.

Credit Checks by the Government ‘legal’

More privacy invasion by the Executive Branch:

Vice President Dick Cheney said Sunday the Pentagon and CIA are not violating people’s rights by examining the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage in the United States.

Rep. Silvestre Reyes, D-Texas, the new chairman of the House Intelligence Committee, said his panel will be the judge of that.

National security letters permit the executive branch to seek records about people in terrorism and spy investigations without a judge’s approval or grand jury subpoena.

Just what I was afraid of.

From Slashdot: Federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer.
We’re looking at a future in which almost all of our private papers are in the hands of third parties and not protected by the Fourth Amendment,” said Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation
I hope the EFF, ACLU, EPIC and everyone else who can possibly pile on to this one.

From the Star Tribue:

The government needs a search warrant if it wants to read the U.S. mail that arrives at your home. But federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer.

That would include all of the Big Four e-mail providers — Yahoo, AOL, Hotmail and Google — that together hold e-mail accounts for 135 million Americans.

Twenty years ago, when only a relative handful of scientists and scholars had e-mail, Congress passed a law giving state and federal officials broad access to messages stored on the computers of e-mail providers.

Now that law, the Stored Communications Act of 1986, is being challenged in federal court in Ohio by Steven Warshak, a seller of “natural male enhancement” products who was indicted for mail fraud and money laundering after federal investigators sifted through thousands of his e-mails.

I would like the language in the i-broker agreements for XDI.org to have language that basically says they will treat personal data held as if it were in someone’s house and therefore protected under the 4th amendment.

CALEA in the news

So my legal namesake CALEA has been a source of interesting eyebrow raising for those who know its name when they are introduced to me.

Today it is in the news again.

Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission’s broadening of a 1994 law–originally intended to cover telephone providers–as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world’s largest Internet backbone providers.

“Our customers are large Fortune 500 companies–not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch’s offices or using their phones in that way,” Kouroupas said at an event here sponsored by the DC Bar Association. “By and large we don’t get wiretap requests, yet we’re faced with the costs to come into compliance,” which he estimated at $1 million.

At issue is an order issued last fall by the Federal Communications Commission that set a deadline of May 14, 2007, by which most broadband and Internet phone providers are required to reengineer their networks for easier snooping by law enforcement. The move expanded the Communications Assistance for Law Enforcement Act, or CALEA, which Congress wrote to impose obligations on telephone companies, but not Internet providers.

Net Nuetrality to-Regulate or Not-to-Regulate

This NYTimes piece hightlights an interesting perspective about why regulating the Internet may not be a good idea to protect Net Nuetrality.

It’s tempting to believe that government regulation of the Internet would be more consumer-friendly; history and economics suggest otherwise. The reason is simple: a regulated industry has a far larger stake in regulatory decisions than any other group in society. As a result, regulated companies spend lavishly on lobbyists and lawyers and, over time, turn the regulatory process to their advantage.

Economists have dubbed this process “regulatory capture,” and they can point to plenty of examples. The airline industry was a cozy cartel before being deregulated in the 1970’s. Today, government regulation of cable television is the primary obstacle to competition.

Of course, incumbent broadband providers do have some limited monopoly powers, and there is cause for concern that they might abuse them. Last fall, the chief executive of AT&T, Ed Whitacre, argued that Internet giants like Google and Microsoft should begin paying for access to his “pipes”— never mind that consumers already pay AT&T for the bandwidth they use to gain access to these services. If broadband providers like AT&T were to begin blocking or degrading the content and services of companies that didn’t pay up, both consumers and the Internet would suffer.